Packages changed: Mesa (20.2.2 -> 20.2.3) Mesa-drivers (20.2.2 -> 20.2.3) bcache-tools bluez-firmware c-ares (1.16.1 -> 1.17.0) cifs-utils coreutils cpio cryptsetup dbus-1 distribution-logos-openSUSE (20190414 -> 20201117) dosfstools e2fsprogs evolution-data-server (3.38.1 -> 3.38.2) filesystem fillup findutils flatpak (1.8.2 -> 1.8.3) fuse fuse3 fwupd gcc gcc10 (10.2.1+git872 -> 10.2.1+git958) glibmm2_4 (2.64.2 -> 2.64.4) gnome-calculator (3.38.1 -> 3.38.2) gnome-control-center (3.38.1 -> 3.38.2) gnome-desktop (3.38.1 -> 3.38.2) gnome-settings-daemon gnome-shell gnome-software gnome-user-docs (3.38.1 -> 3.38.2) gpg2 (2.2.23 -> 2.2.25) gpgme (1.14.0 -> 1.15.0) grep (3.5 -> 3.6) gtk3 (3.24.23 -> 3.24.23+118) gzip hwinfo (21.70 -> 21.71) ipset (7.6 -> 7.9) kbd kernel-default-base (5.9.8 -> 5.9.10) kernel-firmware (20201023 -> 20201120) kernel-source (5.9.8 -> 5.9.10) keyutils kglobalaccel libX11 (1.6.12 -> 1.7.0) libfido2 libical libical-glib libksba (1.4.0 -> 1.5.0) libostree (2020.3 -> 2020.8) libqt5-qtbase (5.15.1 -> 5.15.2) libqt5-qtdeclarative (5.15.1 -> 5.15.2) libqt5-qtgraphicaleffects (5.15.1 -> 5.15.2) libqt5-qtlocation (5.15.1 -> 5.15.2) libqt5-qtmultimedia (5.15.1 -> 5.15.2) libqt5-qtquickcontrols (5.15.1 -> 5.15.2) libqt5-qtquickcontrols2 (5.15.1 -> 5.15.2) libqt5-qtscript (5.15.1 -> 5.15.2) libqt5-qtsensors (5.15.1 -> 5.15.2) libqt5-qtspeech (5.15.1 -> 5.15.2) libqt5-qtsvg (5.15.1 -> 5.15.2) libqt5-qttools (5.15.1 -> 5.15.2) libqt5-qtwayland (5.15.1 -> 5.15.2) libqt5-qtwebchannel (5.15.1 -> 5.15.2) libqt5-qtwebengine (5.15.1 -> 5.15.2) libqt5-qtx11extras (5.15.1 -> 5.15.2) librsvg (2.50.1 -> 2.50.2) libselinux libsepol libsigc++2 (2.10.4 -> 2.10.6) libtirpc libxkbcommon (1.0.1 -> 1.0.3) libxml2 libyui (3.12.1 -> 3.12.2) libyui-qt (2.56.2 -> 2.56.3) libzip lz4 (1.9.2 -> 1.9.3) malcontent mozilla-nss (3.57 -> 3.58) nautilus (3.38.1 -> 3.38.2) nvme-cli openssh pam (1.4.0 -> 1.5.0) patterns-microos perl perl-HTTP-Cookies (6.08 -> 6.09) polkit-default-privs (1550+20201103.994a5ed -> 1550+20201119.2c1dce4) python-attrs (20.2.0 -> 20.3.0) python-certifi (2020.6.20 -> 2020.11.8) python38 python38-core qpdf (10.0.3 -> 10.0.4) raspberrypi-firmware-dt samba (4.13.0+git.138.ff2d5480c67 -> 4.13.2+git.176.0a5e55b510c) sudo (1.9.2 -> 1.9.3p1) system-users systemd-default-settings (0.4 -> 0.5) systemd-presets-branding-openSUSE tar toolbox (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) tracker tracker-miners u-boot-rpiarm64 vim (8.2.1975 -> 8.2.2039) webkit2gtk3 (2.30.2 -> 2.30.3) xprop (1.2.4 -> 1.2.5) yast2 (4.3.41 -> 4.3.44) yelp (3.38.1 -> 3.38.2) yelp-xsl (3.38.1 -> 3.38.2) zbar (0.23 -> 0.23.1) zlib === Details === ==== Mesa ==== Version update (20.2.2 -> 20.2.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.2.3 * third bugfix release for the 20.2 branch ==== Mesa-drivers ==== Version update (20.2.2 -> 20.2.3) Subpackages: Mesa-dri Mesa-gallium - update to 20.2.3 * third bugfix release for the 20.2 branch ==== bcache-tools ==== - Makefile: install bcache-status (jsc#SLE-9807, bsc#1178725) 0018-Makefile-install-bcache-status.patch - bcache-tools.spec: add '_sbindir/bcache-status' for the new added bcache-status python script (jsc#SLE-9807, bsc#1178725) ==== bluez-firmware ==== - use %_firmwaredir ==== c-ares ==== Version update (1.16.1 -> 1.17.0) - add BR for pkg-config to get the provides in the devel package - ares_dns.h, missing_header.patch: re-add missing header in last release - Version update to 1.17.0 Security: * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing * Avoid theoretical buffer overflow in RC4 loop comparison * Empty hquery->name could lead to invalid memory access * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in (bsc#1178882, CVE-2020-8277) Changes: * Update help information for adig, acountry, and ahost * Test Suite now uses dynamic system-assigned ports rather than hardcoded ports to prevent failures in containers * Detect remote DNS server does not support EDNS using rules from RFC 6891 * Source tree has been reorganized to use a more modern layout * Allow parsing of CAA Resource Record Bug fixes: * readaddrinfo bad sizeof() * Test cases should honor HAVE_WRITEV flag, not depend on WIN32 * FQDN with trailing period should be queried first * ares_getaddrinfo() was returning members of the struct as garbage values if unset, and was not honoring ai_socktype and ai_protocol hints. * ares_gethostbyname() with AF_UNSPEC and an ip address would fail * Properly document ares_set_local_ip4() uses host byte order For details, see https://c-ares.haxx.se/changelog.html - add missing upstream sources, to be removed for next release - remove unnecessary BuildRequires - fix building on SLE12 systems ==== cifs-utils ==== - prepare usrmerge (boo#1029961) ==== coreutils ==== - prepare usrmerge (boo#1029961) ==== cpio ==== - prepare usrmerge (boo#1029961) ==== cryptsetup ==== Subpackages: libcryptsetup12 - prepare usrmerge (boo#1029961) ==== dbus-1 ==== Subpackages: libdbus-1-3 - prepare usrmerge (boo#1029961) ==== distribution-logos-openSUSE ==== Version update (20190414 -> 20201117) - Add favicon.ico format - Remove obsolete Groups tag (fate#326485) ==== dosfstools ==== - prepare usrmerge (boo#1029961) ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - prepare usrmerge (boo#1029961) ==== evolution-data-server ==== Version update (3.38.1 -> 3.38.2) Subpackages: libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-25 libedataserverui-1_2-2 - Update to version 3.38.2: + Calendar: Fix a possible leak in e_cal_util_parse_ics_string() + ECalCache: Avoid runtime warning from ecc_update_timezones_table() + EReminderWatcher: Default alarm range should be from the day begin + EBufferTagger: Derive link color from the theme + EBook/CalBackend: Correct free function for the pending_operations queue + Bugs fixed: glgo#GNOME/evolution-data-server#81, glgo#GNOME/evolution-data-server#257, glgo#GNOME/evolution-data-server#260, glgo#GNOME/evolution-data-server#269, glgo#GNOME/evolution-data-server#272, glgo#GNOME/evolution-data-server#273, glgo#GNOME/evolution-data-server!46, glgo#GNOME/evolution-data-server!47, glgo#GNOME/evolution-data-server!50. + Updated translations. ==== filesystem ==== - /proc and /sys should be %ghost to allow filesystem package updates in rootless container environments (rh#1548403) ==== fillup ==== - prepare usrmerge (boo#1029961) ==== findutils ==== - prepare usrmerge (boo#1029961) ==== flatpak ==== Version update (1.8.2 -> 1.8.3) Subpackages: libflatpak0 system-user-flatpak typelib-1_0-Flatpak-1_0 - Update to version 1.8.3: + Fixed progress reporting for OCI and extra-data. + The in-memory summary cache is more efficient. + Fixed authentication getting stuck in a loop in some cases. + Fixed authentication error reporting. + We now extract OCI info for runtimes as well as apps. + Fixed crash if anonymous authentication fails and -y is specified. + flatpak info now only looks at the specified installation if one is specified. + Better error reporting for server HTTP errors during download. + Uninstall now removes applications before the runtime it depends on. + Fixed test-suite to pass with the latest OSTree version. + Fixed dbus environment variables in flatpak enter. + Avoid updating metadata from the remote when uninstalling. + Fixed error message handling in various places. + FlatpakTransaction now verifies all passed in refs to avoid. + potential issues with invalid names. + Updated translations. ==== fuse ==== Subpackages: libfuse2 - prepare usrmerge (boo#1029961) ==== fuse3 ==== Subpackages: libfuse3-3 - Drop /sbin links; they do not seem to be used from anywhere. - Package "permission" is required in %post, not %pre. - Update descriptions. ==== fwupd ==== Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Obsoletes and Provides dbxtool since fwupd 1.5.0+ now embeds dbxtool in the dbxtool plugin ==== gcc ==== - BuildRequire packages we build symlinks to. [bsc#1178675] ==== gcc10 ==== Version update (10.2.1+git872 -> 10.2.1+git958) Subpackages: cpp10 libgcc_s1 libgomp1 libstdc++6 - Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload compiler with llvm11. - Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958. * Includes fix for memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fix 32bit libgnat.so link. [bsc#1178675] ==== glibmm2_4 ==== Version update (2.64.2 -> 2.64.4) Subpackages: libgiomm-2_4-1 libglibmm-2_4-1 - Update to version 2.64.4: + Glib: PropertyProxyConnectionNode::connect_changed(): Fix using without property name. + gmmproc: - Add optional decl_prefix parameter to _WRAP_GERROR and _WRAP_ENUM. Used for adding GLIBMM_API or similar for MS Visual C++. - Allow decorating comparison operators (for Visual Studio builds). - _CLASS_BOXEDTYPE, _CLASS_OPAQUE_COPYABLE: Fix move assignment. - Decorate private generated classes with __declspec when building with Visual Studio. - generate_wrap_init.pl.in: Use g_type_ensure(SomeClass::get_type()) to ensure that get_type() is called. + Build: - Use __declspec(dllexport) consistently when building glibmm with Visual Studio. - Meson build: Set default value of the 'warnings' option to 'min'. - Improve NMake support. - Improve Visual Studio support. - docs/reference/: Update for Doxygen >= 1.8.16. - Meson build: Fix versioning on macOS. + Documentation: - Glib::BalancedTree docs: Recommend std::map or std::unordered_map. - Meson build: Add missing Glib::Value and Variant documentation. - Add meson BuildRequires and macros, following upstreams port. - Add doxygen, graphviz-devel and xsltproc BuildRequires: Needed for building documentation. ==== gnome-calculator ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Fixed radians and degrees preference swapped. + Updated translations. ==== gnome-control-center ==== Version update (3.38.1 -> 3.38.2) Subpackages: gnome-control-center-goa - Update to version 3.38.2: + Applications: Fix NULL hash table being unreffed. + Keyboard: Fix gtk_widget_get_can_default assertion error. + Network: Correctly detect when ethernet devices are hotplugged. + Printers: - Make printers panel have a smaller minimum width. - Fix leak of printer name in callbacks. + Sharing: Disable Tracker 3. + Sound: Update libgvc to add support for recent UCM related changes in ALSA and PulseAudio. + Users: Fix free of const string. + Wacom: Fix a critical warning if loading a cursor fails. + Updated translations. ==== gnome-desktop ==== Version update (3.38.1 -> 3.38.2) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.2: + Updated translations. ==== gnome-settings-daemon ==== - No longer pass - -libexecdir=%{_libexecdir}/gnome-settings-daemon-3.0 to meson, but revert back to the default. The generated files contain use libexecdir for own generated files (correct) but also to identify where to find gnome-session-ctl, which for obvious reasons is not in libexecdir/gnome-settings-daemon-3.0. ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Fix crash which can be triggerd with steam or claws mail: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/98234acd5b48a58c2d112b5edb3dddb85e04a643.patch ==== gnome-software ==== Subpackages: libgnomesoftware-3_38_0 - Added gnome-packagekit as recommended dependency: gnome-software-launch-gpk-update-viewer-for-updates.patch needs gnome-packagekit to work (SLE only). ==== gnome-user-docs ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Improvements to docs for Contacts. + Improvements to docs for Files. + Updates to docs for background settings. + Updated translations. ==== gpg2 ==== Version update (2.2.23 -> 2.2.25) - GnuPG 2.2.25: * scd: Fix regression in 2.2.24 requiring gpg --card-status before signing or decrypting * gpgsm: Using Libksba 1.5.0 signatures with a rarely used combination of attributes can now be verified - GnuPG 2.2.24: * gpg: New command --quick-revoke-sig * gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt * gpg: Switch to AES256 for symmetric encryption in de-vs mode * gpg: Silence weak digest warnings with --quiet * gpg: Print new status line CANCELED_BY_USER for a cancel during symmetric encryption * gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. This is in particular needed for keys created from existing smartcard based keys * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys * agent: Keep some permissions of private-keys-v1.d * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and gnutls builds * dirmngr: Fix the pool keyserver case for a single host in the pool * scd: Fix the use case of verify_chv2 by CHECKPIN * scd: Various improvements to the ccid-driver * scd: Minor fixes for Yubikey * gpgconf: New option --show-versions * i18n: Complete overhaul and completion of the Italian translation ==== gpgme ==== Version update (1.14.0 -> 1.15.0) Subpackages: libgpgme11 libgpgmepp6 - gpgme 1.15.0: * New function gpgme_op_setexpire to make changing the expiration easier * New function gpgme_op_revsig to revoke key signatures * Support exporting secret keys * cpp: Support for set expire operations in the C++ bindings * cpp: Support for revoking key signatures in the C++ bindings * qt: Extended ChangeExpiryJob to support changing the expiry of subkeys * qt: Extended QuickJob to support revoking of key signatures * qt: Added QDebug stream operator for GpgME::Error. * Require libgpg-error 1.36 ==== grep ==== Version update (3.5 -> 3.6) - Update to grep 3.6 * The GREP_OPTIONS environment variable no longer affects grep's behavior. * grep's DFA matcher performed an invalid regex transformation that would convert an ERE like a+a+a+ to a+a+, which would make grep a+a+a+ mistakenly match "aa". * grep -P now reports the troublesome input filename upon PCRE execution failure. - werror-return-type.patch: work around gcc bug - prepare usrmerge (boo#1029961) ==== gtk3 ==== Version update (3.24.23 -> 3.24.23+118) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.23+118: + cssnode: Bail out nicely if there is no settings (#2780). + gdk/wayland: Add support for primary-selection-unstable-v1 (#2591). + wayland: Emit dummy configure event when resizing while fixed. + colorchooser: Backport the new color palette. + gdk: Fix parent relative background crash. + Updated translations. ==== gzip ==== - prepare usrmerge (boo#1029961) ==== hwinfo ==== Version update (21.70 -> 21.71) - merge gh#openSUSE/hwinfo#89 - rework network device detection on aarch64 (bsc#1177600, bsc#1177261) - 21.71 ==== ipset ==== Version update (7.6 -> 7.9) Subpackages: libipset13 - Update to release 7.9 * Enable memory accounting for ipset allocations * Expose the initval hash parameter to userspace * Add bucketsize parameter to all hash types * Support the -exist flag with the destroy command ==== kbd ==== Subpackages: kbd-legacy - prepare usrmerge (boo#1029961) ==== kernel-default-base ==== Version update (5.9.8 -> 5.9.10) - Add wireguard (boo#1179225) ==== kernel-firmware ==== Version update (20201023 -> 20201120) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Fix build with older distros due to missing _firmwaredir - Update to version 20201120 (bc9cd0b7b0e9): including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274) * linux-firmware: Update AMD SEV firmware * amdgpu: add sienna cichlid firmware for 20.45 * amdgpu: update vega20 firmware for 20.45 * amdgpu: update vega12 firmware for 20.45 * amdgpu: update vega10 firmware for 20.45 * amdgpu: update renoir firmware for 20.45 * amdgpu: update navi14 firmware for 20.45 * amdgpu: update navi12 firmware for 20.45 * amdgpu: update navi10 firmware for 20.45 * amdgpu: update raven2 firmware for 20.45 * amdgpu: update raven firmware for 20.45 * rtlwifi: v88.2 firmware files for RTL8192CU * rtw88: RTL8822C: Update firmware to v9.9.4 * Revert "rtw88: RTL8822C: Update firmware to v9.9.4" * vpdma: Move firmware to ti directory * amdgpu: update picasso VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * rtw88: RTL8822C: Update firmware to v9.9.4 * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A * QCA: Update Bluetooth firmware for QCA6390 * qcom : updated venus firmware files for v5.4 * QCA : Fixed BT SSR due to command timeout / IO fatal error * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 * ath11k: QCA6390 hw2.0: add board-2.bin * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ8074 hw2.0: add board-2.bin * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ6018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1 - ath11k is split into its own subpackage due to its size - Update topics list and aliases accordingly ==== kernel-source ==== Version update (5.9.8 -> 5.9.10) - rpm/kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - commit b7c3768 - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - commit d9b4c40 - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - commit f42c89a - Linux 5.9.10 (bsc#1012628). - ACPI: GED: fix -Wformat (bsc#1012628). - KVM: x86: clflushopt should be treated as a no-op by emulation (bsc#1012628). - perf/x86/intel/uncore: Fix Add BW copypasta (bsc#1012628). - powerpc/smp: Call rcu_cpu_starting() earlier (bsc#1012628). - selftests/harness: prettify SKIP message whitespace again (bsc#1012628). - can: proc: can_remove_proc(): silence remove_proc_entry warning (bsc#1012628). - mac80211: always wind down STA state (bsc#1012628). - Input: sunkbd - avoid use-after-free in teardown paths (bsc#1012628). - leds: lm3697: Fix out-of-bound access (bsc#1012628). - selftests/powerpc: entry flush test (bsc#1012628). - powerpc: Only include kup-radix.h for 64-bit Book3S (bsc#1012628). - powerpc/64s: flush L1D after user accesses (bsc#1012628). - powerpc/64s: flush L1D on kernel entry (bsc#1012628). - selftests/powerpc: rfi_flush: disable entry flush if present (bsc#1012628). - commit 18ece1c - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - commit 13bd533 - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - commit 21f8205 - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - commit 8099b4b - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (git-fixes). - arm64: kexec_file: Fix sparse warning (git-fixes). - commit f76e598 - Linux 5.9.9 (bsc#1012628). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (bsc#1012628). - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (bsc#1012628). - mm: memcg: link page counters to root if use_hierarchy is false (bsc#1012628). - nbd: don't update block size after device is started (bsc#1012628). - KVM: arm64: Force PTE mapping on fault resulting in a device mapping (bsc#1012628). - xfrm: interface: fix the priorities for ipip and ipv6 tunnels (bsc#1012628). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (bsc#1012628). - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (bsc#1012628). - hv_balloon: disable warning when floor reached (bsc#1012628). - net: xfrm: fix a race condition during allocing spi (bsc#1012628). - ASoC: codecs: wsa881x: add missing stream rates and format (bsc#1012628). - spi: imx: fix runtime pm support for !CONFIG_PM (bsc#1012628). - irqchip/sifive-plic: Fix broken irq_set_affinity() callback (bsc#1012628). - kunit: Fix kunit.py --raw_output option (bsc#1012628). - kunit: Don't fail test suites if one of them is empty (bsc#1012628). - usb: gadget: fsl: fix null pointer checking (bsc#1012628). - selftests: filter kselftest headers from command in lib.mk (bsc#1012628). - ASoC: codecs: wcd934x: Set digital gain range correctly (bsc#1012628). - ASoC: codecs: wcd9335: Set digital gain range correctly (bsc#1012628). - mtd: spi-nor: Fix address width on flash chips > 16MB (bsc#1012628). - xfs: set xefi_discard when creating a deferred agfl free log intent item (bsc#1012628). - mac80211: don't require VHT elements for HE on 2.4 GHz (bsc#1012628). - netfilter: nftables: fix netlink report logic in flowtable and genid (bsc#1012628). - netfilter: use actual socket sk rather than skb sk when routing harder (bsc#1012628). - netfilter: nf_tables: missing validation from the abort path (bsc#1012628). - netfilter: ipset: Update byte and packet counters regardless of whether they match (bsc#1012628). - irqchip/sifive-plic: Fix chip_data access within a hierarchy (bsc#1012628). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1012628). - drm/vc4: bo: Add a managed action to cleanup the cache (bsc#1012628). - IB/srpt: Fix memory leak in srpt_add_one (bsc#1012628). - mm: memcontrol: correct the NR_ANON_THPS counter of hierarchical memcg (bsc#1012628). - drm/panfrost: rename error labels in device_init (bsc#1012628). - drm/panfrost: move devfreq_init()/fini() in device (bsc#1012628). - drm/panfrost: Fix module unload (bsc#1012628). - perf trace: Fix segfault when trying to trace events by cgroup (bsc#1012628). - perf tools: Add missing swap for ino_generation (bsc#1012628). - perf tools: Add missing swap for cgroup events (bsc#1012628). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (bsc#1012628). - iommu/vt-d: Fix sid not set issue in intel_svm_bind_gpasid() (bsc#1012628). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1012628). - afs: Fix warning due to unadvanced marshalling pointer (bsc#1012628). - afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op (bsc#1012628). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1012628). - can: rx-offload: don't call kfree_skb() from IRQ context (bsc#1012628). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (bsc#1012628). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (bsc#1012628). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (bsc#1012628). - can: j1939: swap addr and pgn in the send example (bsc#1012628). - can: j1939: j1939_sk_bind(): return failure if netdev is down (bsc#1012628). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (bsc#1012628). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (bsc#1012628). - can: peak_usb: add range checking in decode operations (bsc#1012628). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (bsc#1012628). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (bsc#1012628). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (bsc#1012628). - can: flexcan: flexcan_remove(): disable wakeup completely (bsc#1012628). - xfs: flush new eof page on truncate to avoid post-eof corruption (bsc#1012628). - xfs: fix missing CoW blocks writeback conversion retry (bsc#1012628). - xfs: fix scrub flagging rtinherit even if there is no rt device (bsc#1012628). - io_uring: ensure consistent view of original task ->mm from SQPOLL (bsc#1012628). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1012628). - PCI: mvebu: Fix duplicate resource requests (bsc#1012628). - ceph: check session state after bumping session->s_seq (bsc#1012628). - selftests: core: use SKIP instead of XFAIL in close_range_test.c (bsc#1012628). - selftests: clone3: use SKIP instead of XFAIL (bsc#1012628). - selftests: binderfs: use SKIP instead of XFAIL (bsc#1012628). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1012628). - kbuild: explicitly specify the build id style (bsc#1012628). - RISC-V: Fix the VDSO symbol generaton for binutils-2.35+ (bsc#1012628). - USB: apple-mfi-fastcharge: fix reference leak in apple_mfi_fc_set_property (bsc#1012628). - tpm: efi: Don't create binary_bios_measurements file for an empty log (bsc#1012628). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED (bsc#1012628). - ath9k_htc: Use appropriate rs_datalen type (bsc#1012628). - scsi: ufs: Fix missing brace warning for old compilers (bsc#1012628). - ASoC: mediatek: mt8183-da7219: fix DAPM paths for rt1015 (bsc#1012628). - ASoC: qcom: sdm845: set driver name correctly (bsc#1012628). - ASoC: cs42l51: manage mclk shutdown delay (bsc#1012628). - ASoC: SOF: loader: handle all SOF_IPC_EXT types (bsc#1012628). - usb: dwc3: pci: add support for the Intel Alder Lake-S (bsc#1012628). - opp: Reduce the size of critical section in _opp_table_kref_release() (bsc#1012628). - usb: gadget: goku_udc: fix potential crashes in probe (bsc#1012628). - usb: raw-gadget: fix memory leak in gadget_setup (bsc#1012628). - selftests/ftrace: check for do_sys_openat2 in user-memory test (bsc#1012628). - selftests: pidfd: fix compilation errors due to wait.h (bsc#1012628). - ALSA: hda: Separate runtime and system suspend (bsc#1012628). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (bsc#1012628). - x86/boot/compressed/64: Introduce sev_status (bsc#1012628). - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (bsc#1012628). - gfs2: Add missing truncate_inode_pages_final for sd_aspace (bsc#1012628). - gfs2: check for live vs. read-only file system in gfs2_fitrim (bsc#1012628). - scsi: hpsa: Fix memory leak in hpsa_init_one() (bsc#1012628). - drm/amdgpu: perform srbm soft reset always on SDMA resume (bsc#1012628). - drm/amd/pm: correct the baco reset sequence for CI ASICs (bsc#1012628). - drm/amd/pm: perform SMC reset on suspend/hibernation (bsc#1012628). - drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running (bsc#1012628). - mac80211: fix use of skb payload instead of header (bsc#1012628). - cfg80211: initialize wdev data earlier (bsc#1012628). - cfg80211: regulatory: Fix inconsistent format argument (bsc#1012628). - wireguard: selftests: check that route_me_harder packets use the right sk (bsc#1012628). - tracing: Fix the checking of stackidx in __ftrace_trace_stack (bsc#1012628). - Revert "nvme-pci: remove last_sq_tail" (bsc#1012628). - ARC: [plat-hsdk] Remap CCMs super early in asm boot trampoline (bsc#1012628). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1012628). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (bsc#1012628). - nvme: introduce nvme_sync_io_queues (bsc#1012628). - nvme-rdma: avoid race between time out and tear down (bsc#1012628). - nvme-tcp: avoid race between time out and tear down (bsc#1012628). - nvme-rdma: avoid repeated request completion (bsc#1012628). - nvme-tcp: avoid repeated request completion (bsc#1012628). - iommu/amd: Increase interrupt remapping table limit to 512 entries (bsc#1012628). - s390/smp: move rcu_cpu_starting() earlier (bsc#1012628). - vfio: platform: fix reference leak in vfio_platform_open (bsc#1012628). - vfio/pci: Bypass IGD init in case of -ENODEV (bsc#1012628). - i2c: mediatek: move dma reset before i2c reset (bsc#1012628). - amd/amdgpu: Disable VCN DPG mode for Picasso (bsc#1012628). - iomap: clean up writeback state logic on writepage error (bsc#1012628). - selftests: proc: fix warning: _GNU_SOURCE redefined (bsc#1012628). - arm64: kexec_file: try more regions if loading segments fails (bsc#1012628). - riscv: Set text_offset correctly for M-Mode (bsc#1012628). - i2c: sh_mobile: implement atomic transfers (bsc#1012628). - i2c: designware: call i2c_dw_read_clear_intrbits_slave() once (bsc#1012628). - i2c: designware: slave should do WRITE_REQUESTED before WRITE_RECEIVED (bsc#1012628). - tpm_tis: Disable interrupts on ThinkPad T490s (bsc#1012628). - mfd: sprd: Add wakeup capability for PMIC IRQ (bsc#1012628). - pinctrl: intel: Fix 2 kOhm bias which is 833 Ohm (bsc#1012628). - pinctrl: intel: Set default bias in case no particular value given (bsc#1012628). - gpio: aspeed: fix ast2600 bank properties (bsc#1012628). - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template (bsc#1012628). - bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1012628). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1012628). - pinctrl: mcp23s08: Use full chunk of memory for regmap configuration (bsc#1012628). - pinctrl: aspeed: Fix GPI only function problem (bsc#1012628). - net/mlx5e: Fix modify header actions memory leak (bsc#1012628). - net/mlx5e: Protect encap route dev from concurrent release (bsc#1012628). - net/mlx5e: Use spin_lock_bh for async_icosq_lock (bsc#1012628). - net/mlx5: Fix deletion of duplicate rules (bsc#1012628). - net/mlx5: E-switch, Avoid extack error log for disabled vport (bsc#1012628). - net/mlx5e: Fix VXLAN synchronization after function reload (bsc#1012628). - net/mlx5e: Fix incorrect access of RCU-protected xdp_prog (bsc#1012628). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (bsc#1012628). - NFSD: Fix use-after-free warning when doing inter-server copy (bsc#1012628). - NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (bsc#1012628). - tools/bpftool: Fix attaching flow dissector (bsc#1012628). - bpf: Zero-fill re-used per-cpu map element (bsc#1012628). - r8169: fix potential skb double free in an error path (bsc#1012628). - r8169: disable hw csum for short packets on all chip versions (bsc#1012628). - pinctrl: qcom: Move clearing pending IRQ to .irq_request_resources callback (bsc#1012628). - pinctrl: qcom: sm8250: Specify PDC map (bsc#1012628). - nbd: fix a block_device refcount leak in nbd_release (bsc#1012628). - selftest: fix flower terse dump tests (bsc#1012628). - i40e: Fix MAC address setting for a VF via Host/VM (bsc#1012628). - igc: Fix returning wrong statistics (bsc#1012628). - lan743x: correctly handle chips with internal PHY (bsc#1012628). - net: phy: realtek: support paged operations on RTL8201CP (bsc#1012628). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (bsc#1012628). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (bsc#1012628). - xfs: fix rmap key and record comparison functions (bsc#1012628). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (bsc#1012628). - lan743x: fix "BUG: invalid wait context" when setting rx mode (bsc#1012628). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (bsc#1012628). - of/address: Fix of_node memory leak in of_dma_is_coherent (bsc#1012628). - ch_ktls: Update cheksum information (bsc#1012628). - ch_ktls: tcb update fails sometimes (bsc#1012628). - cosa: Add missing kfree in error path of cosa_write (bsc#1012628). - hwmon: (applesmc) Re-work SMC comms (bsc#1012628). - NFS: Fix listxattr receive buffer size (bsc#1012628). - vrf: Fix fast path output packet handling with async Netfilter rules (bsc#1012628). - lan743x: fix use of uninitialized variable (bsc#1012628). - arm64/mm: Validate hotplug range before creating linear mapping (bsc#1012628). - kernel/watchdog: fix watchdog_allowed_mask not used warning (bsc#1012628). - mm: memcontrol: fix missing wakeup polling thread (bsc#1012628). - afs: Fix afs_write_end() when called with copied == 0 [ver #3] (bsc#1012628). - perf: Fix get_recursion_context() (bsc#1012628). - nvme: factor out a nvme_configure_metadata helper (bsc#1012628). - nvme: freeze the queue over ->lba_shift updates (bsc#1012628). - nvme: fix incorrect behavior when BLKROSET is called by the user (bsc#1012628). - perf: Simplify group_sched_in() (bsc#1012628). - perf: Fix event multiplexing for exclusive groups (bsc#1012628). - firmware: xilinx: fix out-of-bounds access (bsc#1012628). - erofs: fix setting up pcluster for temporary pages (bsc#1012628). - erofs: derive atime instead of leaving it empty (bsc#1012628). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1012628). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1012628). - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch (bsc#1012628). - btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod (bsc#1012628). - btrfs: fix min reserved size calculation in merge_reloc_root (bsc#1012628). - btrfs: dev-replace: fail mount if we don't have replace item with target device (bsc#1012628). - KVM: arm64: Don't hide ID registers from userspace (bsc#1012628). - speakup: Fix var_id_t values and thus keymap (bsc#1012628). - speakup ttyio: Do not schedule() in ttyio_in_nowait (bsc#1012628). - speakup: Fix clearing selection in safe context (bsc#1012628). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (bsc#1012628). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (bsc#1012628). - uio: Fix use-after-free in uio_unregister_device() (bsc#1012628). - Revert "usb: musb: convert to devm_platform_ioremap_resource_byname" (bsc#1012628). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (bsc#1012628). - usb: typec: ucsi: Report power supply changes (bsc#1012628). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (bsc#1012628). - virtio: virtio_console: fix DMA memory allocation for rproc serial (bsc#1012628). - mei: protect mei_cl_mtu from null dereference (bsc#1012628). - futex: Don't enable IRQs unconditionally in put_pi_state() (bsc#1012628). - jbd2: fix up sparse warnings in checkpoint code (bsc#1012628). - bootconfig: Extend the magic check range to the preceding 3 bytes (bsc#1012628). - mm/compaction: count pages and stop correctly during page isolation (bsc#1012628). - mm/compaction: stop isolation if too many pages are isolated and we have pages to migrate (bsc#1012628). - mm/slub: fix panic in slab_alloc_node() (bsc#1012628). - mm/vmscan: fix NR_ISOLATED_FILE corruption on 64-bit (bsc#1012628). - mm/gup: use unpin_user_pages() in __gup_longterm_locked() (bsc#1012628). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (bsc#1012628). - reboot: fix overflow parsing reboot cpu number (bsc#1012628). - hugetlbfs: fix anon huge page migration race (bsc#1012628). - ocfs2: initialize ip_next_orphan (bsc#1012628). - hwmon: (amd_energy) modify the visibility of the counters (bsc#1012628). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (bsc#1012628). - io_uring: round-up cq size before comparing with rounded sq size (bsc#1012628). - gpio: sifive: Fix SiFive gpio probe (bsc#1012628). - gpio: pcie-idio-24: Fix irq mask when masking (bsc#1012628). - gpio: pcie-idio-24: Fix IRQ Enable Register value (bsc#1012628). - gpio: pcie-idio-24: Enable PEX8311 interrupts (bsc#1012628). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (bsc#1012628). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (bsc#1012628). - don't dump the threads that had been already exiting when zapped (bsc#1012628). - drm/amd/display: Add missing pflip irq (bsc#1012628). - drm/i915: Correctly set SFC capability for video engines (bsc#1012628). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1012628). - NFSv4.2: fix failure to unregister shrinker (bsc#1012628). - pinctrl: amd: use higher precision for 512 RtcClk (bsc#1012628). - pinctrl: amd: fix incorrect way to disable debounce filter (bsc#1012628). - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" (bsc#1012628). - cpufreq: Introduce governor flags (bsc#1012628). - cpufreq: Introduce CPUFREQ_GOV_STRICT_TARGET (bsc#1012628). - cpufreq: Add strict_target to struct cpufreq_policy (bsc#1012628). - cpufreq: intel_pstate: Take CPUFREQ_GOV_STRICT_TARGET into account (bsc#1012628). - ethtool: netlink: add missing netdev_features_change() call (bsc#1012628). - IPv6: Set SIT tunnel hard_header_len to zero (bsc#1012628). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1012628). - net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO (bsc#1012628). - net: udp: fix UDP header access on Fast/frag0 UDP GRO (bsc#1012628). - net: Update window_clamp if SOCK_RCVBUF is set (bsc#1012628). - net/x25: Fix null-ptr-deref in x25_connect (bsc#1012628). - tipc: fix memory leak in tipc_topsrv_start() (bsc#1012628). - devlink: Avoid overwriting port attributes of registered port (bsc#1012628). - mptcp: provide rmem[0] limit (bsc#1012628). - tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies (bsc#1012628). - powerpc/603: Always fault when _PAGE_ACCESSED is not set (bsc#1012628). - null_blk: Fix scheduling in atomic with zoned mode (bsc#1012628). - perf scripting python: Avoid declaring function pointers with a visibility attribute (bsc#1012628). - coresight: etm: perf: Sink selection using sysfs is deprecated (bsc#1012628). - coresight: Fix uninitialised pointer bug in etm_setup_aux() (bsc#1012628). - Convert trailing spaces and periods in path components (bsc#1012628). - commit 21e5163 - PCI: Always enable ACS even if no ACS Capability (bsc#1178211). - commit a40af1e - loop: Fix occasional uevent drop (bsc#1177900). - block: add a return value to set_capacity_revalidate_and_notify (bsc#1177900). - commit 98395e1 - btrfs: qgroup: don't commit transaction when we already hold the handle (bsc#1178634). Update upstream status and take the upstream version. - commit 60a737e ==== keyutils ==== Subpackages: libkeyutils1 - prepare usrmerge (boo#1029961) ==== kglobalaccel ==== Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Add patch to workaround kglobalaccel breaking persistently after unclean logout (kde#429415, boo#1179033) * 0001-Revert-systemd-dbus-activation.patch ==== libX11 ==== Version update (1.6.12 -> 1.7.0) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.7.0 * libX11 version 1.7.0 includes a new API, hence the change from the 1.6 series to 1.7: XSetIOErrorExitHandler which provides a mechanism for applications to recover from I/O error conditions instead of being forced to exit. Thanks to Carlos Garnacho for this. * This release includes a bunch of bug fixes, some which have been pending for over three years: + A bunch of nls cleanups to remove obsolete entries and clean up formatting of the ist. Thanks to Benno Schulenberg for these. + Warning fixes and other cleanups across a huge swath of the library. Thanks to Alan Coopersmith for these. + Memory allocation bugs, including leaks and use after free in the locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio Zecca for these. + Thread safety fixes in the locale code. Thanks to Jacek Caban for these. + poll_for_response race condition fix. Thanks to Frediano Ziglio for the bulk of this effort, and to Peter Hutterer for careful review and improvements. * Version 1.7.0 includes a couple of new locales: ia and ie locales. Thanks to Carmina16 for these. * There are also numerous compose entries added, including: + |^ or ^| for ?, |v or v| for ?, ~~ for ?. Thanks to Antti Savolainen for this. + Allowing use of 'v' for caron, in addition to 'c', so things like vC for ?, vc for ?. Thanks to Benno Schulenberg for this. + Compose sequences LT, lt for '<', and GT, gt for '>' for keyboards where those are difficult to access. Thanks to Jonathan Belsewir for this. - refreshed patches en-locales.diff, p_khmer-compose.diff and p_xlib_skip_ext_env.diff ==== libfido2 ==== Subpackages: libfido2-1 libfido2-udev - Add Conflicts: to supersede version 1.0.0. This is needed for a clean upgrade path on SLE. ==== libical ==== - Add libical-read-v2-v3-data.patch: correctly read slim timezone data (bsc#1178412). ==== libical-glib ==== - Add libical-read-v2-v3-data.patch: correctly read slim timezone data (bsc#1178412). ==== libksba ==== Version update (1.4.0 -> 1.5.0) - libksba 1.5.0: * ksba_cms_identify now identifies OpenPGP keyblock content * Supports TR-03111 plain format ECDSA signature verification * Fixes a CMS signed data parser bug exhibited by a somewhat strange CMS message - remove deprecated texinfo macros and update signing keyring ==== libostree ==== Version update (2020.3 -> 2020.8) Subpackages: libostree-1-1 - Update to version 2020.8: + This release mostly contains scalability improvements and bugfixes. + Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. + Summaries and delta have been reworked to allow more fine-grained fetching. + Finally, this fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Changes from version 2020.7: + Static deltas can now be signed to more easily support offline verification. + There's now support for multiple initramfs images; the idea here is that one can have a "main" initramfs image and a secondary one which represents local configuration. + The documentation is now moved to https://ostreedev.github.io/ostree/ + Lot of preparatory cleanups to the pull code landed for upcoming work on indexing deltas outside of the summary. + On the bugfix side, the biggest one is a fix for an assertion failure when upgrading from systems before ostree supported devicetree. + Also notable is that ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - Changes from version 2020.6: + One notable feature: ostree now supports / and /boot being on the same filesystem. + Other than that it's mostly bugfixes; there is one quite important one for anyone using the readonly=true for /sysroot (which is still just Fedora CoreOS I suspect). + There's some improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file, etc. - Changes from version 2020.5: + This release primarily fixes a regression in 2020.4 where the "readonly sysroot" changes incorrectly left the sysroot read-only on systems that started out with a read-only / (most of them, e.g. Fedora Silverblue/IoT at least). + There's some additions to the pull API to aid flatpak. + There were a few fixes to the man pages, and ostree show now displays the parent commit. + The default dracut config now enables reproducibility. + On the "feature" side, there is a new ostree admin unlock - -transient. We expect this to be a foundation for further support for "live" updates. - Changes from version 2020.4: + By far the biggest change in this release is new ed25519 signing support, powered by libsodium. + stree commit gained a new --base argument, which significantly simplifies constructing "derived" commits, particularly for systems using SELinux. + Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the readonly=true flag in the repo config is recommended. + Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS. + lib: Coerce flags enums to GIR bitfields changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C). + A new timestamp-check-from-rev option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. + Several fixes and enhancements were made for "collection" pulls including a new --mirror option. + The ostree commit command learned a new --mode-ro-executables which enforces W^R semantics on all executables. + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. ==== libqt5-qtbase ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtbase.git/plain/dist/changes-5.15.2/?h=5.15.2 - Drop patches, now upstream: * 0001-Revert-Emit-QScreen-availableG-g-eometryChanged-on-l.patch - Pass -confirm-license option, drop duplicates - BuildRequire xcb-util - Add patch to avoid coredumps with missing display: * 0001-Avoid-SIGABRT-on-platform-plugin-initialization-fail.patch ==== libqt5-qtdeclarative ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtdeclarative.git/plain/dist/changes-5.15.2/?h=5.15.2 - Refresh qtdeclarative-5.15.0-FixMaxXMaxYExtent.patch ==== libqt5-qtgraphicaleffects ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtgraphicaleffects.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtlocation ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtlocation.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtmultimedia ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtmultimedia.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtquickcontrols ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtquickcontrols.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtquickcontrols2 ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtquickcontrols2.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtscript ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtscript.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtsensors ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtsensors.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtspeech ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtspeech.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtsvg ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtsvg.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qttools ==== Version update (5.15.1 -> 5.15.2) Subpackages: libqt5-qdbus libqt5-qtpaths - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qttools.git/plain/dist/changes-5.15.2/?h=5.15.2 - Fix the clang requirement for Leap 15.2. The clang headers are also in the libclang package. - Use the %pkg_version macro available since Leap 15 ==== libqt5-qtwayland ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwayland.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtwebchannel ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwebchannel.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtwebengine ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtx11extras ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtx11extras.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== librsvg ==== Version update (2.50.1 -> 2.50.2) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.50.2: + Fix dx/dy offsets in nested elements. ==== libselinux ==== Subpackages: libselinux1 selinux-tools - install to /usr (boo#1029961) ==== libsepol ==== - install to /usr (boo#1029961) ==== libsigc++2 ==== Version update (2.10.4 -> 2.10.6) - Update to version 2.10.6: + Build: Meson build: Fix versioning on macOS. + Documentation: - sigc++/sigc++.h: Describe how to use libsigc++ with Meson. - Update links to the web page, now at libsigcplusplus.github.io/libsigcplusplus. ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - install libraries to %{_libdir} (boo#1029961) ==== libxkbcommon ==== Version update (1.0.1 -> 1.0.3) Subpackages: libxkbcommon-x11-0 libxkbcommon0 - Update to release 1.0.3 * Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some unclear situation (bug introduced in 1.0.2). * Fix keymaps created with xkb_x11_keymap_new_from_device() do not have level names (bug introduced in 0.8.0). - Update to release 1.0.2 * Fix a bug where a keysym that cannot be resolved in a keymap gets compiled to a garbage keysym. Now it is set to XKB_KEY_NoSymbol instead. * Improve the speed of xkb_x11_keymap_new_from_device() on repeated calls in the same xkb_context(). ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch ==== libyui ==== Version update (3.12.1 -> 3.12.2) - Higher priority for toplevel menu shortcuts (bsc#1175489) - Dropped support for openSUSE 13.2 (or earlier) builds in .spec file - 3.12.2 ==== libyui-qt ==== Version update (2.56.2 -> 2.56.3) - Honor menu bar toplevel menu enabled/disabled and visibility state (boo#1178394 again) - 2.56.3 ==== libzip ==== - Use full _libdir path in libzip.pc ==== lz4 ==== Version update (1.9.2 -> 1.9.3) - Update to release 1.9.3 * api: LZ4_decompress_safe_partial() now supports unknown compressed size * api: improved LZ4F_compressBound() with automatic flushing * cli: multiple files are compressed now using the legacy format ==== malcontent ==== Subpackages: libmalcontent-0-0 libmalcontent-ui-0-0 typelib-1_0-Malcontent-0 - Don't actually install com.endlessm.ParentalControls.rules: this just grants 'wheel'-group members access without password; as openSUSE does not support 'wheel' by default, we only ship the file as sample file (boo#1177974#c8). ==== mozilla-nss ==== Version update (3.57 -> 3.58) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. ==== nautilus ==== Version update (3.38.1 -> 3.38.2) Subpackages: libnautilus-extension1 - Update to version 3.38.2: + Search for tracker3 in PATH. + Fix batch rename dialog crashes. + Fix double-click row check. + Updated translations. ==== nvme-cli ==== - Drop '-f' option with %service_del_postun This option shouldn't be needed besides very few special cases. But this package doesn't seem to belong to this category. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix build breakage caused by missing security key objects: + Modify openssh-7.7p1-cavstest-ctr.patch. + Modify openssh-7.7p1-cavstest-kdf.patch. + Add openssh-link-with-sk.patch. - Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). This ensures only approved DH parameters are used in FIPS mode. - Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. ==== pam ==== Version update (1.4.0 -> 1.5.0) - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least characters length in some form. This is enabled by the new parameter "usersubstr=" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] - Enable pam_faillock [bnc#1171562] - /usr/bin/xauth chokes on the old user's $HOME being on an NFS file system. Run /usr/bin/xauth using the old user's uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch] - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec] - Add requirement for group "wheel" to spec file. [bsc#1171016, pam.spec] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Add udisks2 and upower to the Plasma desktop pattern - GNOME: encrypt/decript files from Nautilus * we need both the extension and the package providing /usr/bin/seahorse-daemon * Seahorse, the app, is _not_ installed as it's available on flathub - GNOME pattern package changes: * drop file roller RPM as there is org.gnome.FileRoller * add some packages that I've (as well as most users that have tried MicroOS desktop recently) found useful during initial setup * while there, update a comment about using Requires vs. Recommends ==== perl ==== Subpackages: perl-base - Correct perl license According to https://dev.perl.org/licenses/ perl is licensed under the artistic license or the GPL 1.0 or later ==== perl-HTTP-Cookies ==== Version update (6.08 -> 6.09) - updated to 6.09 see /usr/share/doc/packages/perl-HTTP-Cookies/Changes 6.09 2020-11-19 22:20:47Z - Allow HttpOnly cookies to be loaded by HTTP::Cookies::Netscape (GH#63) (Charlie Hothersall-Thomas) ==== polkit-default-privs ==== Version update (1550+20201103.994a5ed -> 1550+20201119.2c1dce4) - Update to version 1550+20201119.2c1dce4: - cleanup of dead and inconsistent polkit actions: * profiles: drop the now rather confusing comment from nwfilter-binding actions * profiles: harmonize and normalize profile syntax and style * profiles: harmonize spice-space.lowlevelusbaccess actions * profiles: remove dead pantheon actions * profiles: remove dead org.gnome.DejaDup.duplicity action * profiles: drop dead com.redhat.tuned.gui.run action * profiles: fix brltty action(s) * profiles: remove dead netvisix action * profiles: realmd.discover-realm action: fix restrictive any setting * profiles: remove dead com.redhat.lvm2.* actions * profiles: group together org.kde.powerdevil actions * profiles: remove dead org.kde.powerdevil.backlighthelper actions * profiles: fix FirewallD1.info action in standard profile * profiles: remove dead org.kde.baloo action * profiles: remove dead kwallet actions and fix kwallet5 restrictive setting * profiles: selinux actions: make restrictive profile no weaker than upstream * profiles: remove dead gufw pkexec action * profiles: adjust mate actions better to upstream defaults * profiles: remove dead org.libvirt.api.newfilter.bind-* actions * profiles: clear dead nepomuk.filewatch.raiselimit action * profiles: remove dead kcmlightdm actions * profiles: adjust gnome.controlcenter actions better to upstream defaults * profiles: remove dead org.kde.recorditnow helper * profiles: remove dead de.berlios.smb4k.mounthelper actions * profiles: adjust user-administration action better to upstream defaults * profiles: cleanup urfkill actions * profiles: adjust ModemManager1 actions better to upstream settings * profiles: cleanup ModemManager actions * profiles: sync hp.driveguard.* actions with upstream settings * profiles: gnome settings, xfce backlight-helper actions: sanitize settings * profiles: cleanup dead and sync existing org.gnome actions * profiles: sync timedate1 actions in restrictive profile with standard profile * profiles: remove dead sytemd1.bus-access action * profiles: remove dead org.kde actions * profiles: make org.kde settings no weaker than upstream settings * profiles: remove leftover dead yast actions * profiles: remove dead yast.modules.yapi actions * profiles: remove dead yast.modules.ysr actions * profiles: remove dead yast.modules actions * profiles: remove dead yast.module-manager and yast.scr actions * profiles: remove dead upower actions * profiles: add missing udisks2 actions in restrictive profile * profiles: remove dead udisks (1) actions * profiles: remove dead policykit.lockdown action, harmonize .exec setting * profiles: adjust RealtimeKit actions to upstream settings * profiles: remove dead SuSEfirewall2 zone switcher action * profiles: remove dead backupmanager action * profiles: remove dead smpppd action * profiles: remove dead consolekit actions * profiles: polkit example action run-frobnicate: adjust to upstream settings * profiles: remove dead org.gnome.policykit.examples.* actions * profiles: remove unused pulseaudio realtime actions * profiles: cleanup PackageKit actions * profiles: cleanup gnome-settings-daemon actions * profiles: cleanup network manager actions * profiles: cleanup outdated PolicyKit actions ==== python-attrs ==== Version update (20.2.0 -> 20.3.0) - update to 20.3.0: - ``attr.define()``, ``attr.frozen()``, ``attr.mutable()``, and ``attr.field()`` remain **provisional**. ==== python-certifi ==== Version update (2020.6.20 -> 2020.11.8) - update to 2020.11.8: * Python 3.8+ support - Add two-basic-unit-tests.patch which includes two at least simple test patches (gh#certifi/python-certifi#137). ==== python38 ==== - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== qpdf ==== Version update (10.0.3 -> 10.0.4) - Update to version 10.0.4 * Fix a handful of integer overflows. ==== raspberrypi-firmware-dt ==== - Introduce upstream-overlay-rpi-poe.patch to adapt the overlay to our driver (jsc#SLE-16543) ==== samba ==== Version update (4.13.0+git.138.ff2d5480c67 -> 4.13.2+git.176.0a5e55b510c) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); - Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469). - Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355); - Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245) - Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency ==== sudo ==== Version update (1.9.2 -> 1.9.3p1) - Update to 1.9.3p1 * Fixed a regression introduced in sudo 1.9.3 where the configure script would not detect the crypt(3) function if it was present in the C library, not an additional library. * Fixed a regression introduced in sudo 1.8.23 with shadow passwd file authentication on OpenBSD. BSD authentication was not affected. * Sudo now logs when a user-specified command-line option is rejected by a sudoers rule. Previously, these conditions were written to the audit log, but the default sudo log file. Affected command line arguments include -C (--close-from), -D (--chdir), - R (--chroot), -g (--group) and -u (--user). - News in 1.9.3 * Fixed building the Python plugin on systems with a compiler that doesn't support symbol hiding. * Sudo now uses a linker script to hide symbols even when the compiler has native symbol hiding support. This should make it easier to detect omissions in the symbol exports file, regardless of the platform. * Fixed the libssl dependency in Debian packages for older releases that use libssl1.0.0. * Sudo and visudo now provide more detailed messages when a syntax error is detected in sudoers. The offending line and token are now displayed. If the parser was generated by GNU bison, additional information about what token was expected is also displayed. Bug #841. * Sudoers rules must now end in either a newline or the end-of-file. Previously, it was possible to have multiple rules on a single line, separated by white space. The use of an end-of-line terminator makes it possible to display accurate error messages. * Sudo no longer refuses to run if a syntax error in the sudoers file is encountered. The entry with the syntax error will be discarded and sudo will continue to parse the file. This makes recovery from a syntax error less painful on systems where sudo is the primary method of superuser access. The historic behavior can be restored by add "error_recovery=false" to the sudoers plugin's optional arguments in sudo.conf. Bug #618. * Fixed the sample_approval plugin's symbol exports file for systems where the compiler doesn't support symbol hiding. * Fixed a regression introduced in sudo 1.9.1 where arguments to the "sudoers_policy" plugin in sudo.conf were not being applied. The sudoers file is now parsed by the "sudoers_audit" plugin, which is loaded implicitly when "sudoers_policy" is listed in sudo.conf. Starting with sudo 1.9.3, if there are plugin arguments for "sudoers_policy" but "sudoers_audit" is not listed, those arguments will be applied to "sudoers_audit" instead. * The user's resource limits are now passed to sudo plugins in the user_info[] list. A plugin cannot determine the limits itself because sudo changes the limits while it runs to prevent resource starvation. * It is now possible to set the working directory or change the root directory on a per-command basis using the CWD and CHROOT options. There are also new Defaults settings, runchroot and runcwd, that can be used to set the working directory or root directory on a more global basis. * New -D (--chdir) and -R (--chroot) command line options can be used to set the working directory or root directory if the sudoers file allows it. This functionality is not enabled by default and must be explicitly enabled in the sudoers file. - add sudo-1.9.3p1-pam_xauth.patch to stay setuid until just before executing the command. Fixes a problem with pam_xauth which checks effective and real uids to get the real identity of the user [bsc#1174593] ==== system-users ==== Subpackages: system-group-hardware system-user-lp system-user-nobody - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf ==== systemd-default-settings ==== Version update (0.4 -> 0.5) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Issue a daemon-reload in %post of the main package - Import 0.5 0c5e241 SLE: turn off RemoveIPC by default for logind (fate#320125) cb6914f SLE: restore ProtectHostname=no for udevd (bsc#1178374) 7e332a6 Add a header in all each drop-ins 465e1c7 Makefile: simplify 'archive' target ==== systemd-presets-branding-openSUSE ==== - Fix package description mention of 'systemd-presets-common-SUSE' ==== tar ==== - prepare usrmerge (boo#1029961) ==== toolbox ==== Version update (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) - Update to version 1.0+git20201126.3d26283: * Make it easier to use custom images (#10) * Update toolbox doc (#9) ==== tracker ==== - split out the datafiles that are required by the tracker-miners ==== tracker-miners ==== Subpackages: tracker-miner-files - require the newly split out tracker-data-files ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Added u-boot tools binaries to tools package - Add pinebook-pro-rk3399 support ==== vim ==== Version update (8.2.1975 -> 8.2.2039) Subpackages: vim-data-common vim-small - Updated to version 8.2.2039, fixes the following problems * Cannot backspace in prompt buffer after using cursor-left. (Maxim Kim) * Vim9: error for using a string in a condition is confusing. * Making a mapping work in all modes is complicated. * "term_opencmd" option of term_start() is truncated. (Sergey Vlasov) * Vim9: some tests are not done at the script level. * MinGW: parallel compilation might fail. * Quickfix window not updated when adding invalid entries. * ml_get error when using to open a terminal. * Cannot use :vimgrep in omni completion, causing C completion to fail. * Crash when closing terminal popup with mapping. * Expression test is flaky on Appveyor. * Still in Insert mode when opening terminal popup with a mapping in Insert mode. * Info popup triggers WinEnter and WinLeave autocommands. * Cursor position wrong in terminal popup with finished job. * Coverity warns for not using the ga_grow() return value. * Build fails with small features. * Occasional failure of the netbeans test. * The popup menu can cause too much redrawing. * Vim9: invalid error for argument of extend(). * Window changes when using bufload() while in a terminal popup. * Terminal Cmd test sometimes fails to close popup. * Terminal popup test sometimes fails. * Vim9: dict.key assignment not implemented yet. * Vim9: :def function does not apply 'maxfuncdepth'. * Vim9: lambda argument shadowed by function name. * Build error with +conceal but without +popupwin. * Compiler warning for uninitialized variable. * Redoing a mapping with doesn't work properly. * .pbtxt files are not recognized. * Test for insert mode in popup is not reliable. * Vim9: compiling fails for unreachable return statement. * "syn sync" reports a very large number. * Vim9: confusing error message when using bool wrongly. * Vim9: not skipping white space after unary minus. * Using CTRL-O in a prompt buffer moves cursor to start of the line. * Vim9: literal dict #{} is not like any other language. * Swap file test is a little flaky. * Missing part of the dict change. * Vim9: script variable not found from lambda. * Swap file test fails on MS-Windows. * Some compilers do not like the "namespace" argument. * Vim9: get E1099 when autocommand resets did_emsg. * Vim9: star command recognized errornously. * Vim: memory leak when :execute fails. * Flicker when redrawing a popup with a title and border. * Amiga: Not all colors are used on OS4. * Coverity warns for possibly using not NUL terminated string. * Coverity warns for uninitialized field. * Coverity warns for using an uninitialized variable. * Coverity warns for not checking return value. * Some tests fail on Mac. * Some tests fail when run under valgrind. * Cabalconfig and cabalproject filetypes not recognized. * Vim9: :def without argument gives compilation error. * Vim9: list unpack in for statement not compiled yet. * Current buffer is messed up if creating a new buffer for the quickfix window fails. * Compiler test depends on list of compiler plugins. * Viminfo is not written when creating a new file. ==== webkit2gtk3 ==== Version update (2.30.2 -> 2.30.3) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.30.3 (boo#1179122): + Add new build option USE(64KB_PAGE_BLOCK). + Fix backdrop filters with rounded borders. + Fix scrolling iframes when async scrolling is enabled. + Allow applications to handle drag and drop on the web view again. + Update Outlook user agent quirk. + Fix the build with video support disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-13584, CVE-2020-9983. - Drop webkit2gtk3-fdo-soname.patch: fixed upstream. - Rebase webkit-process.patch. ==== xprop ==== Version update (1.2.4 -> 1.2.5) - Update to version 1.2.5 * Add missing `-help` function * Make output with unknown width terminal the same as old code * Free string list returned from XmbTextPropertyToTextList * Correct icon buffer width computation for truecolor terminals * Check return value from ioctl(TIOCGWINSZ) * Don't display icons if they would line-wrap. * Break down memory allocation logic and fix overallocating for UTF8. * Fix aspect ratio for icon display by using two characters per icon pixel. * Support true color output for icons if the terminal advertises it. * Fix formatting of back-to-back not shown icons. ==== yast2 ==== Version update (4.3.41 -> 4.3.44) - prepare usrmerge: install legacy symlinks via spec file only (boo#1029961) - CWM ComboBox: an editable ComboBox will not alter the list of items when the current value is not part of the list as it uses the original list which could be already modified (bsc#1177137) - 4.3.43 - CWM ComboBox: reverted the addition of the current_items method (bsc#1177137) - 4.3.42 ==== yelp ==== Version update (3.38.1 -> 3.38.2) Subpackages: libyelp0 - Update to version 3.38.2: + Fix crash when reloading local document. ==== yelp-xsl ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Updated translations. ==== zbar ==== Version update (0.23 -> 0.23.1) - Update to version 0.23.1 * Add i18n translation support and add a pt_BR translation * Change default to autodetect python and gtk versions * Some documentation updates * Add support for binary data extraction * Add support for raw decoding without charset conversions * Add one shot scanning mode * Fix help messages * Fix some makefile issues * Fix error detection in video4linux read * Fix pkgconfig for zbar-qt5 * Fix a double-free condition - Add 0002-get-rid-of-gettext_h.patch ==== zlib ==== Subpackages: libminizip1 libz1 - Fix hw compression on z15 bsc#1176201 - Add zlib-s390x-z15-fix-hw-compression.patch