Packages changed: Mesa (20.1.3 -> 20.1.4) Mesa-drivers (20.1.3 -> 20.1.4) apparmor branding-openSUSE ffmpeg-4 fftw3 gdk-pixbuf grub2 ima-evm-utils (1.2.1 -> 1.3) kscreenlocker libedit librsvg noto-coloremoji-fonts (20200408 -> 20200722) patterns-base patterns-microos perl-Bootloader (0.929 -> 0.931) python-rpm-macros (20200701.9f5a2f6 -> 20200714.252de1f) python38-core (3.8.3 -> 3.8.4) raspberrypi-firmware-dt read-only-root-fs sudo (1.9.1 -> 1.9.2) sysconfig (0.85.4 -> 0.85.5) xkeyboard-config yast2 (4.3.15 -> 4.3.17) === Details === ==== Mesa ==== Version update (20.1.3 -> 20.1.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.1.4 * fourth bugfix release for the 20.1 branch * just a few fixes here and there, nothing major ==== Mesa-drivers ==== Version update (20.1.3 -> 20.1.4) Subpackages: Mesa-dri Mesa-gallium - update to 20.1.4 * fourth bugfix release for the 20.1 branch * just a few fixes here and there, nothing major ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293) ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE wallpaper-branding-openSUSE - Stop building grub2-branding-openSUSE for Power architectures [boo#1171146] ==== ffmpeg-4 ==== Subpackages: libavcodec58_91 libavformat58_45 libavutil56_51 libswresample3_7 - Apply upstream fix to avoid segfaults in x86/yuv2rgb conversion ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch ==== fftw3 ==== - Add gnu compiler support up to gcc9. - Fix typo which caused issus building openmpi HPC flavors (bsc#1174329). - Add support for openmpi4 (provided by Alin Marin Elena). ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Add gdk-pixbuf-boo1174307-io-gif-overflow.patch: Avoid overflows by checking the memset length argument (boo#1174307). - Raise dependency glib-2.0 version. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - No 95_textmode for PowerPC (boo#1174166) ==== ima-evm-utils ==== Version update (1.2.1 -> 1.3) - Use %autosetup -p1 - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500). - Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed) - Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license ==== kscreenlocker ==== Subpackages: libKScreenLocker5 - Add patch to disable the seccomp sandbox (boo#1174448): * 0001-Disable-the-seccomp-sandbox.patch ==== libedit ==== - autoreconf already runs libtoolize no need to run twice ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0 - Add _constraints for PowerPC avoid "no space left on device" build error ==== noto-coloremoji-fonts ==== Version update (20200408 -> 20200722) - Update to v2020-07-22-unicode13_0 * Unicode 13.0 update. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Move pam_pwquality to Recommends section, as it is not required and user should be able to de-install the full pwquality stack. - Stop trying to install grub2-branding on ppc64/ppc64le [boo#1171146] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Re-add kernel-firmware back to the DVDs [bsc#1174521] ==== perl-Bootloader ==== Version update (0.929 -> 0.931) - merge gh#openSUSE/perl-bootloader#129 - Check tpm.mod in the new grub2 directory (bsc#1174320) - 0.931 - merge gh#openSUSE/perl-bootloader#130 - Throw less warnings about fstab - 0.930 ==== python-rpm-macros ==== Version update (20200701.9f5a2f6 -> 20200714.252de1f) - Update to version 20200714.252de1f: * Add pyunittest and pyunittest_arch macros ==== python38-core ==== Version update (3.8.3 -> 3.8.4) - Minor spec file fixes - Fix minor issues found in the staging. - Update to 3.8.4: - Assignment expressions (PEP-572) - Positional-only parameters (PEP-570) - Parallel filesystem cache for compiled bytecode files (PYTHONPYCACHEPREFIX variable) - Debug build uses the same ABI as release build - f-strings support = for self-documenting expressions and debugging - Python Runtime Audit Hooks (PEP-578) - Python Initialization Configuration (PEP-587) - Vectorcall: a fast calling protocol for CPython (PEP-590) - Pickle protocol 5 with out-of-band data buffers (PEP-574) - Many other smaller bug fixes - Removed OBS_dev-shm.patch: contained in upstream - Removed bpo40784-Fix-sqlite3-deterministic-test.patch: contained in upstream - Changed bpo-31046_ensurepip_honours_prefix.patch: to be compatible with new version - Fix %py3_compile being incorrectly defined - Update pre_checkin.sh and regenerate - Convert few dependencies to their pkgconfig counterparts - Remove release requirement on libpython, it is not really needed to be equal as the abi changes with versions - Add provides python3-bla on all the subpkgs in case we are primary provider of the functionality - Remove unversioned files from devel subpkg too - Remove main python3 files from -base based whether we are primary interpreter or not - Fix idle to be co-installable - Add condition to be primary to provide/obsolete python3-* - Fix doc to build in versioned folder so the pythons can be installed next to each other - Revert the full versioning of calls on the macros. These are generic so they should really just call python3 X - For the doc package we can build with generic flavor, we don't need the our-interpreter based one - Add provides for pytohn3X-typing/etc to allow BR on those still to work when needed - Change macros.python3 to use full versioned 3.8 instead of just 3 for python interpreter ==== raspberrypi-firmware-dt ==== - Add vl805-firware-loader-overlay.dts which registers a reset controller that'll take care of triggering vl805's firmware load. ==== read-only-root-fs ==== - Use file requires, add sed ==== sudo ==== Version update (1.9.1 -> 1.9.2) - Update to 1.9.2: * The configure script now uses pkg-config to find the openssl cflags and libs where possible. * The contents of the log.json I/O log file is now documented in the sudoers manual. * The sudoers plugin now properly exports the sudoers_audit symbol on systems where the compiler lacks symbol visibility controls. This caused a regression in 1.9.1 where a successful sudo command was not logged due to the missing audit plugin. Bug #931. * Fixed a regression introduced in 1.9.1 that can result in crash when there is a syntax error in the sudoers file. Bug #934. - Rebase sudo-sudoers.patch ==== sysconfig ==== Version update (0.85.4 -> 0.85.5) Subpackages: sysconfig-netconfig - version 0.85.5 - spec: Fix Requires, use file requires (https://github.com/openSUSE/sysconfig/pull/25) - ntp: call chrony helper in background (bsc#1173391) ==== xkeyboard-config ==== - U_Fix-symbols-in-syntax-error-spurious-git-conflict-ma.patch * Fix symbols/in syntax error: spurious git conflict marker (boo#1174483) ==== yast2 ==== Version update (4.3.15 -> 4.3.17) - Provide a way to determine which resources (zones, services...) have been modified from the default values (bsc#1171356) - 4.3.17 - update is_wsl function to match wsl1 and wsl2 osrelease spellings (boo#1174183) - Add Layout class to configure a Wizard layout. - Related to jsc#PM-1998. - 4.3.16