Packages changed: 389-ds (1.4.3.3~git0.776c6edf5 -> 1.4.3.4~git0.3422d6574) ImageMagick (7.0.10.0 -> 7.0.10.1) MozillaFirefox-branding-openSUSE MozillaThunderbird (68.5.0 -> 68.6.0) bash-completion bind (9.16.0 -> 9.16.1) elementary-xfce-icon-theme (0.14+git30.e40a2684 -> 0.15+git0.6fc555d6) fuse3 (3.9.0 -> 3.9.1) gmime (3.2.6 -> 3.2.7) kernel-firmware (20200302 -> 20200316) kernel-source (5.5.9 -> 5.5.11) lensfun (0.3.2 -> 0.3.95.1584325617.48775126) libzypp (17.23.1 -> 17.23.2) mariadb mercurial (5.3 -> 5.3.1) patterns-server (20180718 -> 20200312) perl-Apache-AuthCookie (3.28 -> 3.29) php7 (7.4.3 -> 7.4.4) qemu qemu-linux-user rpm rubygem-mustermann (1.0.3 -> 1.1.1) rubygem-rest-client (2.0.2 -> 2.1.0) suitesparse syslinux valgrind vhba-kmp (20190410_k5.5.9_1 -> 20200106_k5.5.11_1) virt-manager virtualbox xdm xfce4-panel xfce4-screensaver (0.1.8 -> 0.1.9) zypper (1.14.34 -> 1.14.35) === Details === ==== 389-ds ==== Version update (1.4.3.3~git0.776c6edf5 -> 1.4.3.4~git0.3422d6574) Subpackages: lib389 libsvrcore0 - Remove 0001-fix-cargo-build.patch as it has been included upstream - Update to version 1.4.3.4~git0.3422d6574: * Bump version to 1.4.3.4 * Issue 50954 - Port buildnum.pl to python(part 2) * Issue 50955 - Fix memory leaks in chaining plugin * Issue 50954 - Port buildnum.pl to python * Ticket 50947 - change 00core.ldif objectClasses for openldap migration * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory * Issue 50937 - Update CLI for new backend split configuration * Issue: 50860 - Port Password Policy test cases from TET to python3 pwp.sh * Ticket 50945 - givenname alias of gn from openldap * Ticket 50935 - systemd override in lib389 for dscontainer * Issue 50499 - Fix npm audit issues * Issue 49761 - Fix CI test suite issues * Ticket 50618 - clean compiler warning and log level * Ticket 50889 - fix compiler issues * Issue 50884 - Health check tool DSEldif check fails * Issue 50926 - Remove dual spinner and other UI fixes * Issue 50928 - Unable to create a suffix with countryName * Issue 50758 - Only Recommend bash-completion, not Require * Issue 50923 - Fix a test regression * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code * Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments * Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name * Issue 50919 - Backend delete fails using dsconf * Issue 50872 - dsconf can't create GSSAPI replication agreements * Issue 50912 - RFE - add password policy attribute pwdReset * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group * Ticket 50889 - Extract pem files into a private namespace * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before * Issue: 50686 - Port fractional replication test cases from TET to python3 final * Issue 49845 - Remove pkgconfig check for libasan * Issue:50860 - Port Password Policy test cases from TET to python3 bug624080 * Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs * Ticket 50786 - connection table freelist * Ticket 50618 - support cgroupv2 * Ticket 50900 - Fix cargo offline build * Ticket 50898 - ldclt core dumped when run with -e genldif option ==== ImageMagick ==== Version update (7.0.10.0 -> 7.0.10.1) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7 perl-PerlMagick - version update to 7.0.10.1 * Add support for returning the convex hull of an image with the %[canvas-hull] property. * Added option to specify the preferred version when writing a PDF file with - define pdf:version=version (e.g. 1.7). * Do not throw exception on empty draw path (reference https://github.com/ImageMagick/ImageMagick/issues/974). * Fix possible buffer overflow in ComplexImages(). * SVG to MVG requires transforms to appear before clipping paths (reference https://github.com/ImageMagick/ImageMagick/issues/1860). ==== MozillaFirefox-branding-openSUSE ==== - Update the default homepage and the bookmark icons ==== MozillaThunderbird ==== Version update (68.5.0 -> 68.6.0) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 68.6.0 MFSA 2020-10 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636, bmo#1614339) Memory safety bugs fixed in Thunderbird 68.6 - requires NSS >= 3.44.3 ==== bash-completion ==== - Add patch to also complete qdbus-qt5: * qdbus-qt5.patch ==== bind ==== Version update (9.16.0 -> 9.16.1) Subpackages: bind-chrootenv bind-doc bind-utils libbind9-1600 libirs1600 libisccc1600 libisccfg1600 python3-bind - Use sysusers.d to create named user - Have only one package creating the user - coreutils are not used in %post, remove Requires. - Use systemd_ordering instead of hard requiring systemd - Upgrade to version 9.16.1 * UDP network ports used for listening can no longer simultaneously be used for sending traffic. * The system-provided POSIX Threads read-write lock implementation is now used by default instead of the native BIND 9 implementation. * Fixed re-signing issues with inline zones which resulted in records being re-signed late or not at all. [bind-9.16.1.tar.xz] ==== elementary-xfce-icon-theme ==== Version update (0.14+git30.e40a2684 -> 0.15+git0.6fc555d6) - Build using buildsystem to take advantage of the SVG to PNG conversion script. PNG load faster than SVG. - Update to version 0.15+git0.6fc555d6: * Run vacuum-defs * Add 24px clipman icon * Fixed dangling symlinks ==== fuse3 ==== Version update (3.9.0 -> 3.9.1) Subpackages: libfuse3-3 - Update to version 3.9.1 * Fixed memory leak in fuse_session_new(). * Fixed an issue with the linker version script. * Make ioctl prototype conditional on FUSE_USE_VERSION. Define FUSE_USE_VERSION < 35 to get old ioctl prototype with int commands; define FUSE_USE_VERSION >= 35 to get new ioctl prototype with unsigned int commands. * Various small bugfixes. ==== gmime ==== Version update (3.2.6 -> 3.2.7) - Update to version 3.2.7: + Added some configure logic to auto-detect the system shift-jis charset alias. + Fixed tests/Makefile.am to exit with a non-negative value. + Fixed logic to skip expired or revoked gpg subkeys when looking for the correct subkey to use for signing or encrypting. + Fixed a regression introduced into 3.2.6 as part of the header parser rewrite that lost the ability to warn about invalid headers for non-toplevel MIME parts. + Fixed S/MIME to always set GPGME_KEYLIST_MODE_VALIDATE when looking up certificates as this is needed in order to correctly populate the GMimeCertificates. ==== kernel-firmware ==== Version update (20200302 -> 20200316) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20200316 (git commit 8eb0b281511d): * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * amdgpu: update vega20 firmware from 19.50 * amdgpu: update vega12 firmware from 19.50 * amdgpu: update vega10 firmware from 19.50 * rtl_bt: Add firmware and configuration files for RTL8822C BT UART chip * i915: Add DMC firmware v2.06 for TGL * i915: add HuC firmware v7.0.12 for TGL ==== kernel-source ==== Version update (5.5.9 -> 5.5.11) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 5.5.11 (bnc#1012628). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (bnc#1012628). - ARM: 8961/2: Fix Kbuild issue caused by per-task stack protector GCC plugin (bnc#1012628). - HID: add ALWAYS_POLL quirk to lenovo pixart mouse (bnc#1012628). - HID: google: add moonball USB id (bnc#1012628). - mm: slub: add missing TID bump in kmem_cache_alloc_bulk() (bnc#1012628). - ARM: 8958/1: rename missed uaccess .fixup section (bnc#1012628). - ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() (bnc#1012628). - blk-mq: insert flush request to the front of dispatch queue (bnc#1012628). - jbd2: fix data races at struct journal_head (bnc#1012628). - net: dsa: mv88e6xxx: Fix masking of egress port (bnc#1012628). - mlxsw: pci: Wait longer before accessing the device after reset (bnc#1012628). - sfc: fix timestamp reconstruction at 16-bit rollover points (bnc#1012628). - net: rmnet: fix packet forwarding in rmnet bridge mode (bnc#1012628). - net: rmnet: fix bridge mode bugs (bnc#1012628). - net: rmnet: use upper/lower device infrastructure (bnc#1012628). - net: rmnet: do not allow to change mux id if mux id is duplicated (bnc#1012628). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (bnc#1012628). - net: rmnet: fix suspicious RCU usage (bnc#1012628). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (bnc#1012628). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (bnc#1012628). - hinic: fix a bug of rss configuration (bnc#1012628). - hinic: fix a bug of setting hw_ioctxt (bnc#1012628). - hinic: fix a irq affinity bug (bnc#1012628). - net: phy: mscc: fix firmware paths (bnc#1012628). - slip: not call free_netdev before rtnl_unlock in slip_open (bnc#1012628). - net: bcmgenet: Clear ID_MODE_DIS in EXT_RGMII_OOB_CTRL when not needed (bnc#1012628). - signal: avoid double atomic counter increments for user accounting (bnc#1012628). - kbuild: add dt_binding_check to PHONY in a correct place (bnc#1012628). - kbuild: add dtbs_check to PHONY (bnc#1012628). - io_uring: pick up link work on submit reference drop (bnc#1012628). - drm/amdgpu: fix memory leak during TDR test(v2) (bnc#1012628). - io_uring: fix poll_list race for SETUP_IOPOLL|SETUP_SQPOLL (bnc#1012628). - blk-mq: insert passthrough request into hctx->dispatch directly (bnc#1012628). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (bnc#1012628). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (bnc#1012628). - net: ll_temac: Add more error handling of dma_map_single() calls (bnc#1012628). - net: ll_temac: Fix race condition causing TX hang (bnc#1012628). - mac80211: rx: avoid RCU list traversal under mutex (bnc#1012628). - net: ks8851-ml: Fix IRQ handling and locking (bnc#1012628). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (bnc#1012628). - scsi: libfc: free response frame from GPN_ID (bnc#1012628). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bnc#1012628). - tracing: Fix number printing bug in print_synth_event() (bnc#1012628). - selftests/rseq: Fix out-of-tree compilation (bnc#1012628). - kunit: run kunit_tool from any directory (bnc#1012628). - riscv: set pmp configuration if kernel is running in M-mode (bnc#1012628). - HID: hid-bigbenff: fix race condition for scheduled work during removal (bnc#1012628). - HID: hid-bigbenff: call hid_hw_stop() in case of error (bnc#1012628). - HID: hid-bigbenff: fix general protection fault caused by double kfree (bnc#1012628). - HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override (bnc#1012628). - ACPI: watchdog: Set default timeout in probe (bnc#1012628). - HID: apple: Add support for recent firmware on Magic Keyboards (bnc#1012628). - ACPI: watchdog: Allow disabling WDAT at boot (bnc#1012628). - pinctrl: qcom: ssbi-gpio: Fix fwspec parsing bug (bnc#1012628). - commit 794b2e9 - Linux 5.5.10 (bnc#1012628). - virtio_balloon: Adjust label in virtballoon_probe (bnc#1012628). - ALSA: hda/realtek - More constifications (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported for HP cPC (bnc#1012628). - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported (bnc#1012628). - cgroup, netclassid: periodically release file_lock on classid updating (bnc#1012628). - cxgb4: fix checks for max queues to allocate (bnc#1012628). - gre: fix uninit-value in __iptunnel_pull_header (bnc#1012628). - inet_diag: return classid for all socket types (bnc#1012628). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (bnc#1012628). - ipvlan: add cond_resched_rcu() while processing muticast backlog (bnc#1012628). - ipvlan: do not add hardware address of master to its unicast filter list (bnc#1012628). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (bnc#1012628). - ipvlan: don't deref eth hdr before checking it's set (bnc#1012628). - macvlan: add cond_resched() during multicast processing (bnc#1012628). - net: dsa: fix phylink_start()/phylink_stop() calls (bnc#1012628). - net: dsa: mv88e6xxx: fix lockup on warm boot (bnc#1012628). - net: fec: validate the new settings in fec_enet_set_coalesce() (bnc#1012628). - net: hns3: fix a not link up issue when fibre port supports autoneg (bnc#1012628). - net/ipv6: use configured metric when add peer route (bnc#1012628). - netlink: Use netlink header as base to calculate bad attribute offset (bnc#1012628). - net: macsec: update SCI upon MAC address change (bnc#1012628). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (bnc#1012628). - net: nfc: fix bounds checking bugs on "pipe" (bnc#1012628). - net/packet: tpacket_rcv: do not increment ring index on drop (bnc#1012628). - net: phy: bcm63xx: fix OOPS due to missing driver name (bnc#1012628). - net/smc: cancel event worker during device removal (bnc#1012628). - net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used (bnc#1012628). - net: systemport: fix index check to avoid an array out of bounds access (bnc#1012628). - r8152: check disconnect status after long sleep (bnc#1012628). - sfc: detach from cb_page in efx_copy_channel() (bnc#1012628). - slip: make slhc_compress() more robust against malicious packets (bnc#1012628). - taprio: Fix sending packets without dequeueing them (bnc#1012628). - bonding/alb: make sure arp header is pulled before accessing it (bnc#1012628). - bnxt_en: reinitialize IRQs when MTU is modified (bnc#1012628). - bnxt_en: fix error handling when flashing from file (bnc#1012628). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bnc#1012628). - net: memcg: late association of sock to memcg (bnc#1012628). - net: memcg: fix lockdep splat in inet_csk_accept() (bnc#1012628). - dt-bindings: net: FMan erratum A050385 (bnc#1012628). - arm64: dts: ls1043a: FMan erratum A050385 (bnc#1012628). - fsl/fman: detect FMan erratum A050385 (bnc#1012628). - dpaa_eth: FMan erratum A050385 workaround (bnc#1012628). - net: hns3: fix "tc qdisc del" failed issue (bnc#1012628). - net: hns3: fix RMW issue for VLAN filter switch (bnc#1012628). - net: hns3: clear port base VLAN when unload PF (bnc#1012628). - devlink: validate length of param values (bnc#1012628). - devlink: validate length of region addr/len (bnc#1012628). - fib: add missing attribute validation for tun_id (bnc#1012628). - nl802154: add missing attribute validation (bnc#1012628). - nl802154: add missing attribute validation for dev_type (bnc#1012628). - can: add missing attribute validation for termination (bnc#1012628). - macsec: add missing attribute validation for port (bnc#1012628). - openvswitch: add missing attribute validation for hash (bnc#1012628). - net: fq: add missing attribute validation for orphan mask (bnc#1012628). - net: taprio: add missing attribute validation for txtime delay (bnc#1012628). - team: add missing attribute validation for port ifindex (bnc#1012628). - team: add missing attribute validation for array index (bnc#1012628). - tipc: add missing attribute validation for MTU property (bnc#1012628). - nfc: add missing attribute validation for SE API (bnc#1012628). - nfc: add missing attribute validation for deactivate target (bnc#1012628). - nfc: add missing attribute validation for vendor subcommand (bnc#1012628). - net: phy: avoid clearing PHY interrupts twice in irq handler (bnc#1012628). - net: phy: fix MDIO bus PM PHY resuming (bnc#1012628). - net/ipv6: need update peer route when modify metric (bnc#1012628). - net/ipv6: remove the old peer route if change it to a new one (bnc#1012628). - selftests/net/fib_tests: update addr_metric_test for peer route testing (bnc#1012628). - s390/qeth: don't reset default_out_queue (bnc#1012628). - s390/qeth: handle error when backing RX buffer (bnc#1012628). - net: dsa: Don't instantiate phylink for CPU/DSA ports unless needed (bnc#1012628). - net: dsa: mv88e6xxx: Add missing mask of ATU occupancy register (bnc#1012628). - net: phy: Avoid multiple suspends (bnc#1012628). - cgroup: fix psi_show() crash on 32bit ino archs (bnc#1012628). - cgroup: cgroup_procs_next should increase position index (bnc#1012628). - cgroup: Iterate tasks that did not finish do_exit() (bnc#1012628). - netfilter: nf_tables: fix infinite loop when expr is not available (bnc#1012628). - virtio-blk: fix hw_queue stopped on arbitrary error (bnc#1012628). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bnc#1012628). - netfilter: nf_conntrack: ct_cpu_seq_next should increase position index (bnc#1012628). - netfilter: synproxy: synproxy_cpu_seq_next should increase position index (bnc#1012628). - netfilter: xt_recent: recent_seq_next should increase position index (bnc#1012628). - netfilter: x_tables: xt_mttg_seq_next should increase position index (bnc#1012628). - workqueue: don't use wq_select_unbound_cpu() for bound works (bnc#1012628). - drm/amd/display: remove duplicated assignment to grph_obj_type (bnc#1012628). - drm/i915: Actually emit the await_start (bnc#1012628). - drm/i915: Return early for await_start on same timeline (bnc#1012628). - drm/i915: be more solid in checking the alignment (bnc#1012628). - drm/i915: Defer semaphore priority bumping to a workqueue (bnc#1012628). - drm/i915/gt: Close race between cacheline_retire and free (bnc#1012628). - drm/i915/execlists: Enable timeslice on partial virtual engine dequeue (bnc#1012628). - mmc: sdhci-pci-gli: Enable MSI interrupt for GL975x (bnc#1012628). - pinctrl: falcon: fix syntax error (bnc#1012628). - pinctrl: qcom: Assign irq_eoi conditionally (bnc#1012628). - ktest: Add timeout for ssh sync testing (bnc#1012628). - block: Fix partition support for host aware zoned block devices (bnc#1012628). - cifs_atomic_open(): fix double-put on late allocation failure (bnc#1012628). - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (bnc#1012628). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bnc#1012628). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (bnc#1012628). - ARC: define __ALIGN_STR and __ALIGN symbols for ARC (bnc#1012628). - fuse: fix stack use after return (bnc#1012628). - MIPS: DTS: CI20: fix PMU definitions for ACT8600 (bnc#1012628). - MIPS: DTS: CI20: fix interrupt for pcf8563 RTC (bnc#1012628). - MIPS: Fix CONFIG_MIPS_CMDLINE_DTB_EXTEND handling (bnc#1012628). - s390/dasd: fix data corruption for thin provisioned devices (bnc#1012628). - ftrace: Return the first found result in lookup_rec() (bnc#1012628). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bnc#1012628). - fscrypt: don't evict dirty inodes after removing key (bnc#1012628). - pid: Fix error return value in some cases (bnc#1012628). - macintosh: windfarm: fix MODINFO regression (bnc#1012628). - x86/ioremap: Map EFI runtime services data as encrypted for SEV (bnc#1012628). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bnc#1012628). - efi: Add a sanity check to efivar_store_raw() (bnc#1012628). - i2c: designware-pci: Fix BUG_ON during device removal (bnc#1012628). - mt76: fix array overflow on receiving too many fragments for a packet (bnc#1012628). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bnc#1012628). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bnc#1012628). - iommu/dma: Fix MSI reservation allocation (bnc#1012628). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bnc#1012628). - iommu/vt-d: dmar_parse_one_rmrr: replace WARN_TAINT with pr_warn + add_taint (bnc#1012628). - iommu/vt-d: Fix RCU list debugging warnings (bnc#1012628). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bnc#1012628). - batman-adv: Don't schedule OGM for disabled interface (bnc#1012628). - clk: imx8mn: Fix incorrect clock defines (bnc#1012628). - pinctrl: meson-gxl: fix GPIOX sdio pins (bnc#1012628). - pinctrl: imx: scu: Align imx sc msg structs to 4 (bnc#1012628). - virtio_ring: Fix mem leak with vring_new_virtqueue() (bnc#1012628). - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (bnc#1012628). - drm/i915/gvt: Fix dma-buf display blur issue on CFL (bnc#1012628). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bnc#1012628). - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (bnc#1012628). - driver code: clarify and fix platform device DMA mask allocation (bnc#1012628). - iommu/vt-d: Fix RCU-list bugs in intel_iommu_init() (bnc#1012628). - i2c: gpio: suppress error on probe defer (bnc#1012628). - nl80211: add missing attribute validation for critical protocol indication (bnc#1012628). - nl80211: add missing attribute validation for beacon report scanning (bnc#1012628). - nl80211: add missing attribute validation for channel switch (bnc#1012628). - perf bench futex-wake: Restore thread count default to online CPU count (bnc#1012628). - netfilter: nf_tables: free flowtable hooks on hook register error (bnc#1012628). - netfilter: cthelper: add missing attribute validation for cthelper (bnc#1012628). - netfilter: nft_payload: add missing attribute validation for payload csum flags (bnc#1012628). - netfilter: nft_tunnel: add missing attribute validation for tunnels (bnc#1012628). - netfilter: nf_tables: dump NFTA_CHAIN_FLAGS attribute (bnc#1012628). - netfilter: nft_chain_nat: inet family is missing module ownership (bnc#1012628). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bnc#1012628). - iommu/vt-d: Ignore devices with out-of-spec domain number (bnc#1012628). - i2c: acpi: put device when verifying client fails (bnc#1012628). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bnc#1012628). - ipv6: restrict IPV6_ADDRFORM operation (bnc#1012628). - net/smc: check for valid ib_client_data (bnc#1012628). - Update config files. - commit 3925fb5 - mmc: sdhci: iproc: Add custom set_power() callback for bcm2711 (bsc#1165954). - mmc: sdhci: Introduce sdhci_set_power_and_bus_voltage() (bsc#1165954). - commit e9e359d ==== lensfun ==== Version update (0.3.2 -> 0.3.95.1584325617.48775126) - Update to version v0.3.95.1584325617.48775126: * add support for lots of new cameras * add support for lots of new lenses * lots of bug fixes - Remove 0060-Various-CMake-patches-from-the-mailing-list.patch - Remove lensfun-respect-DESTDIR.patch - Remove lensfun-test-database.patch - Remove lensfun_fix_memory_leak.patch - Update the package URLs ==== libzypp ==== Version update (17.23.1 -> 17.23.2) - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - version 17.23.2 (22) ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Add mariadb-10.5-fix-prevent-optimizing-out-buf-argument-in-ch.patch in order to fix boo#1158405 (MDEV-21248). ==== mercurial ==== Version update (5.3 -> 5.3.1) Subpackages: mercurial-lang - Mercurial 5.3.1 ==== patterns-server ==== Version update (20180718 -> 20200312) Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-kvm_server patterns-server-lamp_server patterns-server-mail_server patterns-server-printing patterns-server-xen_server - fix reordering of pattern() - kvm-server for arm: fix missing qemu-ipxe packages and improve arm detection (bsc#1158430) - version 20200312 ==== perl-Apache-AuthCookie ==== Version update (3.28 -> 3.29) - updated to 3.29 see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes 3.29 2020-03-22 - Add optional support for enforcing a local destination, like so: PerlSetVar MyAuthEnforceLocalDestination 1 - Add optional support for specifying a default destination when the login form's destination argument is unspecified or invalid (including non-local if local destinations are enforced), like this: PerlSetVar MyAuthDefaultDestination /protected/user/ ==== php7 ==== Version update (7.4.3 -> 7.4.4) Subpackages: apache2-mod_php7 php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - build firebird extension in any case - updated to 7.4.4: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.4 ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-ui-spice-app qemu-vgabios qemu-vhost-user-gpu qemu-x86 - Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch - Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1163140) pc-bios-s390x-Save-iplb-location-in-lowc.patch - Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch util-add-slirp_fmt-helpers.patch - Replace this patch with upstream version target-arm-monitor-query-cpu-model-expan.patch ==== qemu-linux-user ==== - Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch - Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1163140) pc-bios-s390x-Save-iplb-location-in-lowc.patch - Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch util-add-slirp_fmt-helpers.patch - Replace this patch with upstream version target-arm-monitor-query-cpu-model-expan.patch ==== rpm ==== Subpackages: librpmbuild9 rpm-build rpm-devel - Follow one level of symlink indirection when converting the rpm database [bnc#1167537] * modified patch: db_conversion.diff - Add macro for supported ARM 64bit processors ==== rubygem-mustermann ==== Version update (1.0.3 -> 1.1.1) - updated to version 1.1.1 no changelog found ==== rubygem-rest-client ==== Version update (2.0.2 -> 2.1.0) - updated to version 2.1.0 see installed history.md [#] 2.1.0 - Add a dependency on http-accept for parsing Content-Type charset headers. This works around a bad memory leak introduced in MRI Ruby 2.4.0 and fixed in Ruby 2.4.2. (#615) - Use mime/types/columnar from mime-types 2.6.1+, which is leaner in memory usage than the older storage model of mime-types. (#393) - Add `:log` option to individual requests. This allows users to set a log on a per-request / per-resource basis instead of the kludgy global log. (#538) - Log request duration by tracking request start and end times. Make `log_response` a method on the Response object, and ensure the `size` method works on RawResponse objects. (#126) - `# => 200 OK | text/html 1270 bytes, 0.08s` - Also add a new `:stream_log_percent` parameter, which is applicable only when `:raw_response => true` is set. This causes progress logs to be emitted only on every N% (default 10%) of the total download size rather than on every chunk. - Drop custom handling of compression and use built-in Net::HTTP support for supported Content-Encodings like gzip and deflate. Don't set any explicit `Accept-Encoding` header, rely instead on Net::HTTP defaults. (#597) - Note: this changes behavior for compressed responses when using `:raw_response => true`. Previously the raw response would not have been uncompressed by rest-client, but now Net::HTTP will uncompress it. - The previous fix to avoid having Netrc username/password override an Authorization header was case-sensitive and incomplete. Fix this by respecting existing Authorization headers, regardless of letter case. (#550) - Handle ParamsArray payloads. Previously, rest-client would silently drop a ParamsArray passed as the payload. Instead, automatically use Payload::Multipart if the ParamsArray contains a file handle, or use Payload::UrlEncoded if it doesn't. (#508) - Gracefully handle Payload objects (Payload::Base or subclasses) that are passed as a payload argument. Previously, `Payload.generate` would wrap a Payload object in Payload::Streamed, creating a pointlessly nested payload. Also add a `closed?` method to Payload objects, and don't error in `short_inspect` if `size` returns nil. (#603) - Test with an image in the public domain to avoid licensing complexity. (#607) ==== suitesparse ==== Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5 - Update to SuiteSparse 5.7.1 * GraphBLAS 3.2.0: better performance, new ANY and PAIR operators, structural mask, GrB_DESC_* from 1.3 C API Specification. * CHOLMOD 3.0.14: minor update to cholmod_check to print a matrix ==== syslinux ==== - syslinux-4.04-gcc10.diff: fix gcc10 related issues (bsc#1166605) * -fno-common is now the default * provide missing strlen() implementation ==== valgrind ==== - add 0001-Fix-makefile-consistency-check.patch 0001-s390x-Add-models-z14-and-z14-ZR1.patch 0001-s390x-Clean-up-s390-check-opcodes.pl.patch 0001-s390x-Add-CPU-model-for-z15.patch (bsc#1165834) ==== vhba-kmp ==== Version update (20190410_k5.5.9_1 -> 20200106_k5.5.11_1) - Update to release 20200106 * Added an ioctl to retrieve the global device number - Update to release 20190831 * Don't try to unload module from running kernel. * Add support for multiple SCSI channels. * Add proper support for scatterlist chaining. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1167569 - SLES 15 SP2 RC1 - virt-install: cache=none is ignored (kvm) virtinst-set-cache-mode-unsafe-for-install.patch - bsc#1167202 - SLES 15 SP2 Snapshot8 - virt-install misses module gi virt-manager.spec ==== virtualbox ==== Subpackages: virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default - With version 6.1.4 of VB, the bidirectional clipboard part of VBoxClient for guest systems is failing. A patch is provided at https://www.virtualbox.org/ticket/19336. These changes have been added to file "VirtualBox-6.1.4-VBoxClient-vmsvga-x11-crash.patch". This fixes boo #1167403 "VBoxClient --clipboard dies". - Update the wrapper that starts the UI for VirtualBox to check the version of the extpack that is installed. If no pack is installed or if the license is not current, the new code does nothing. If there is a current license and the installed pack does not match the running version of VB, then the script downloads and installs the new version. File "update-extpack.sh" is added. ==== xdm ==== Subpackages: xdm-xsession - README.security: fixed and improved documentation about how to enable xdmcp for xdm (boo#1167293) ==== xfce4-panel ==== Subpackages: libxfce4panel-1_0-4 libxfce4panel-2_0-4 xfce4-panel-lang xfce4-panel-restore-defaults - Added systray-symbolic-icons.patch. Backport to enable symbolic icons in systray ==== xfce4-screensaver ==== Version update (0.1.8 -> 0.1.9) - Update to version 1.9.0 * Replace deprecated GTimeVal usage * Rebuild windows on monitor reconfiguration * Draw overlays during window reconstruction to protect screen * Do not activate DPMS when screensaver is inactive (bxo#16327) * Better handling of multi-monitor and lid-close events (bxo#16102) * Update LINGUAS (bxo#15949) * Fix decimal properties when running through atof * Return 1 on lock command failure (bxo#15945) * Rename 'Pictures folder' to 'Slideshow' (bxo#15589) * Raise NameError and TypeError (bxo#15830) * Fix float parsing error (bxo#16295) * Fix inhibitor proxying (bxo#16356) * Fix inhibitor listing in xfce4-screensaver-command (bxo#16355) * Add systemd sleep inhibitor (bxo#15929) * Fix dbus inhibition (bxo#16365) * dbus: Prevent overzealous activation (bxo#16365) * Translation Updates ==== zypper ==== Version update (1.14.34 -> 1.14.35) Subpackages: zypper-log zypper-needs-restarting - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - BuildRequires: libzypp-devel >= 17.23.2. - version 1.14.35