Packages changed: cups (2.3b6 -> 2.3.3) dhcp glib2 (2.64.6 -> 2.66.2) grub2 kernel-source (5.8.15 -> 5.9.1) libpwquality (1.4.2 -> 1.4.4) librsvg (2.48.8 -> 2.50.1) libwpe (1.6.0 -> 1.8.0) microos-tools (2.5 -> 2.6) open-vm-tools (11.1.5 -> 11.2.0) perl-URI (1.76 -> 5.05) transactional-update (2.27 -> 2.28) wpebackend-fdo (1.6.1 -> 1.8.0) === Details === ==== cups ==== Version update (2.3b6 -> 2.3.3) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.3.3: - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI constraint. `ppdcSource::get_resolution` function did not handle invalid resolution strings. - CVE-2019-8842: The `ippReadIO` function may under-read an extension field. - Fixed WARNING_OPTIONS support for GCC 9.x Changes in CUPS 2.3.2: Localization updates Changes in CUPS 2.3.1: - CVE-2019-2228: The `ippSetValuetag` function did not validate the default language value. - Fixed a crash bug in the web interface. - The PPD cache code now looks up page sizes using their dimensions. - PPD files containing "custom" option keywords did not work. - Added a workaround for the scheduler's systemd support. - Added a DigestOptions directive for the `client.conf` file to control whether MD5-based Digest authentication is allowed. - Fixed a bug in the handling of printer resource files. - The libusb-based USB backend now reports an error when the distribution permissions are wrong. - Added paint can labels to Dymo driver. - The `ippeveprinter` program now supports authentication. - The `ippeveprinter` program now advertises DNS-SD services on the correct interfaces, and provides a way to turn them off. - The `--with-dbusdir` option was ignored by the configure script. - Sandboxed applications were not able to get the default printer. - Log file access controls were not preserved by `cupsctl`. - Default printers set with `lpoptions` did not work in all cases. - Fixed an error in the jobs web interface template. - Fixed an off-by-one error in `ippEnumString`. - Fixed some new compiler warnings. - Fixed a few issues with the Apple Raster support. - The IPP backend did not detect all cases where a job should be retried using a raster format. - Fixed spelling of "fold-accordion". - Fixed the default common name for TLS certificates used by `ippeveprinter`. - Fixed the option names used for IPP Everywhere finishing options. - Added support for the second roll of the DYMO Twin/DUO label printers. Changes in CUPS v2.3.0: - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows. - Added a GPL2/LGPL2 exception to the new CUPS license terms. - Fixed a bug in the scheduler job cleanup code. - Fixed builds when there is no TLS library. - "make" failed with GZIP options. - Fixed potential excess logging from the scheduler when removing job files. - Fixed a NULL pointer dereference bug in `httpGetSubField2`. - Added FIPS-140 workarounds for GNU TLS. - The scheduler no longer provides a default value for the description. - The scheduler now logs jobs held for authentication using the error level so it is clear what happened. - The `lpadmin` command did not always update the PPD file for changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords. - The scheduler now uses both the group's membership list as well as the various OS-specific membership functions to determine whether a user belongs to a named group. - Added USB quirks rule for HP LaserJet 1015. - Fixed some PPD parser issues. - The IPP parser no longer allows invalid member attributes in collections. - The configure script now treats the "wheel" group as a potential system group. - Fixed IPP buffer overflow. - Fixed memory disclosure issue in the scheduler. - Fixed DoS issues in the scheduler. - Fixed an issue with unsupported "sides" values in the IPP backend. - The scheduler would restart continuously when idle and printers were not shared. - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests. - Fixed a command ordering issue in the Zebra ZPL driver. - Fixed a memory leak in `ppdOpen`. Changes in CUPS v2.3rc1: - The `cups-config` script no longer adds extra libraries when linking against shared libraries. - The supplied example print documents have been optimized for size. - The `cupsctl` command now prevents setting "cups-files.conf" directives. - The "forbidden" message in the web interface is now explained. - The footer in the web interface covered some content on small displays. - The libusb-based USB backend now enforces read limits, improving print speed in many cases. - The `ippeveprinter` command now looks for print commands in the "command" subdirectory. - The `ipptool` command now supports `$date-current` and `$date-start` variables to insert the current and starting date and time values, as well as ISO-8601 relative time values such as "PT30S" for 30 seconds in the future. Changes in CUPS v2.3b8 - Media size matching now uses a tolerance of 0.5mm. - The lpadmin command would hang with a bad PPD file. - Fixed a potential crash bug in cups-driverd. - Fixed a performance regression with large PPDs. - Fixed a memory reallocation bug in HTTP header value expansion. - Timed out job submission now yields an error. - Restored minimal support for the `Emulators` keyword in PPD files to allow old Samsung printer drivers to continue to work. - The scheduler did not encode octetString values like "job-password" correctly for the print filters. - The `cupsCheckDestSupported` function did not check octetString values correctly. - Added support for `UserAgentTokens` directive in "client.conf". - Updated the systemd service file for cupsd. - The `ippValidateAttribute` function did not catch all instances of invalid UTF-8 strings. - Fixed an issue with the self-signed certificates generated by GNU TLS. - Fixed a potential memory leak when reading at the end of a file. - Fixed potential unaligned accesses in the string pool. - Fixed a potential memory leak when loading a PPD file. - Added a USB quirks rule for the Lexmark E120n. - Updated the USB quirks rule for Zebra label printers. - The lpadmin command, web interface, and scheduler all queried an IPP Everywhere printer differently, resulting in different PPDs for the same printer. - The web interface no longer provides access to the log files. - Non-Kerberized printing to Windows via IPP was broken. - The scheduler no longer stops a printer if an error occurs when a job is canceled or aborted. - Added a USB quirks rule for the DYMO 450 Turbo. - Added a USB quirks rule for Xerox printers. - The scheduler's self-signed certificate did not include all of the alternate names for the server when using GNU TLS. - Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs. - Fixed `PreserveJobHistory` bug with time values. - The scheduler no longer advertises the HTTP methods it supports. - The scheduler did not always idle exit as quickly as it could. - Added a new `ippeveprinter` command based on the old ippserver sample code. Changes in CUPS v2.3b7 - Running ppdmerge with the same input and output filenames did not work as advertised. - Rebase let-cupsd-start-after-network.patch and cups-config-libs.patch. - Drop issue5509-fix-utf-8-validation-issue.patch and issue5453.patch: fixed upstream. ==== dhcp ==== Subpackages: dhcp-client - Complete the /var/run -> /run migration by renaming /var/lib/dhcp/var/run accordingly (boo#1177951). ==== glib2 ==== Version update (2.64.6 -> 2.66.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Enable building of documentation: + Toggle gtk_doc from bcond_with to bcond_without. + Use sed to replace gtk-doc version in docs/reference/meson.build with 1.32. - Update to version 2.66.2: + Important and time-critical fix to DST transitions which will happen in Europe on 2020-10-25 on distributions which use the ?slim? tzdata format (which is now the default in tzdata/tzcode 2020b). + Further timezone handling changes to restore support for changing the timezone when `/etc/localtime/` changes. + Fix deadlock on Windows when `G_SLICE` is set in the environment. + Fix UTF-8 validation when escaping URI components. + Updated translations. - Update to version 2.66.1: + A performance problem where timezones were reloaded from disk every time a `GTimeZone` was created has been fixed, but this means that changes to `/etc/localtime` will not take effect until a process restarts; future changes in a subsequent 2.66.x release will improve this. + Security fix for incorrect scope/zone ID parsing in URIs. + Updated translations. - Update to version 2.66.0: + * Bugs fixed: - Missing tab in makefile rule. - guri: Fix user passed to g_uri_split_with_user() not being NULL'd. + Updated translations. - Update to version 2.65.3: + Fixes to the new `statx()` calls ? note that since GLib 2.65.2 uses `statx()` (if available) instead of `stat()`/`fstat()`/`lstat()`/`fstatat()`, syscall sandboxing for third party applications might need to be updated. + Updated translations. - Update to version 2.65.2: + Support `statx()` and `G_FILE_ATTRIBUTE_TIME_CREATED`. + Fix deadlock in `g_subprocess_communicate_async()`. + Add `%f`/microsecond placeholder support to `g_date_time_format()`. - Changes from version 2.65.1: + Add `GUri` API for parsing, building and representing URIs according to [RFC 3986](https://tools.ietf.org/html/rfc3986). + Fix handling of xattr data with embedded nuls. + Add `g_file_set_contents_full()` which gives more control over fsyncs. + Add a `x-gvfs-notrash` option to disable trash on certain mounts. + Support ?slim? TZif files generated with `zic -b slim`. + Support emitting profiling marks from `GMainContext` to sysprof capture files. + Accept IPv6 zone IDs in `g_hostname_is_ip_address()`. + Updated translations. - Rebase glib2-gdbus-codegen-version.patch. - Build without gtk-doc: it would require a not yet released version of gtk-doc. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix grub2-install error with "failed to get canonical path of `/boot/grub2/i386-pc'." (bsc#1177957) * Modified 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch - Fix https boot interrupted by unrecognised network address error message (bsc#1172952) * 0001-add-support-for-UEFI-network-protocols.patch - grub2.spec: Fix bare words used as string in expression which is no longer allowed in rpm 4.16 - Improve the error handling when grub2-install fails with short mbr gap (bsc#1176062) * 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch * 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch ==== kernel-source ==== Version update (5.8.15 -> 5.9.1) - vt_ioctl: fix GIO_UNIMAP regression (5.9 GIO_UNIMAP regression). - commit 15946ea - kernel-binary.spec.in: pack scripts/module.lds into kernel-$flavor-devel Since mainline commit 596b0474d3d9 ("kbuild: preprocess module linker script") in 5.10-rc1, scripts/module.lds linker script is needed to build out of tree modules. Add it into kernel-$flavor-devel subpackage. - commit fe37c16 - drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally (bsc#1177973). - drm/amd/display: Fix kernel panic by dal_gpio_open() error (bsc#1177973). - commit 3f21462 - series.conf: cleanup - move to "almost mainline" section: patches.suse/coresight-fix-offset-by-one-error-in-counting-ports.patch - commit 8e0635b - Refresh patches.suse/coresight-fix-offset-by-one-error-in-counting-ports.patch. Update upstream status. - commit 7b40cc9 - Linux 5.9.1 (bsc#1012628). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (bsc#1012628). - media: usbtv: Fix refcounting mixup (bsc#1012628). - USB: serial: option: add Cellient MPL200 card (bsc#1012628). - USB: serial: option: Add Telit FT980-KS composition (bsc#1012628). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (bsc#1012628). - USB: serial: pl2303: add device-id for HP GC device (bsc#1012628). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (bsc#1012628). - vt_ioctl: make VT_RESIZEX behave like VT_RESIZE (bsc#1012628). - reiserfs: Initialize inode keys properly (bsc#1012628). - reiserfs: Fix oops during mount (bsc#1012628). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1012628). - crypto: bcm - Verify GCM/CCM key length in setkey (bsc#1012628). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (bsc#1012628). - commit b7f511b - update patches metadata - update upstream references: patches.suse/Bluetooth-A2MP-Fix-not-initializing-all-members.patch patches.suse/Bluetooth-L2CAP-Fix-calling-sk_filter-on-non-socket-.patch - commit b1f22f7 ==== libpwquality ==== Version update (1.4.2 -> 1.4.4) Subpackages: libpwquality-tools libpwquality1 pam_pwquality - update to 1.4.4 * e11f2bd Fix regression with enabling cracklib check * 02e6728 Use make macros in rpm spec file * xxxxxxx Translated using Weblate (Polish, Turkish, Ukrainian) - update to 1.4.3 * 1213d33 Update translation files * a951fbe Add --disable-cracklib-check configure parameter * 6a8845b fixup static compilation * 92c6066 python: Add missing getters/setters for newly added settings * bfef79d Add usersubstr check * 09a2e65 pam_pwquality: Add debug message for the local_users_only option * a6f7705 Fix some gcc warnings * 8c8a260 pwmake: Properly validate the bits parameter. * 7be4797 we use Fedora Weblate now * xxxxxxx Translated using Weblate (Azerbaijani, Bulgarian, Chinese (Simplified), Czech, French, Friulian, Hungarian, Italian, Japanese, Norwegian Bokmål, Persian, Russian, Spanish, Turkish) ==== librsvg ==== Version update (2.48.8 -> 2.50.1) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.50.1: + SVG2: Support a chain of uri() filters in the "filter" property. + Support CSS selectors for attribute matching, like rect[attr^="prefix"]. + Fixed the geometry_for_layer() APIs to not ignore the passed viewport. + Fixed CSS "import" so it allows only files from the same base directory. + The pkg-config files (*.pc) do not define the 'svgz_supported' and 'css_supported' variables anymore. These variables were hardcoded to 'true' and unchanged since 2011. + The source repository no longer produces a librsvg-uninstalled.pc file. - Update to version 2.50.0: + Librsvg now consumes much less memory for large SVG files. + The 'font' shorthand in is now supported in CSS. Librsvg ignores the 'line-height' sub-property because it cannot be done easily with Pango, but everything else in 'font' should work now. + Many new features from SVG2: - radialGradient now supports the "fr" property from SVG2. - Support href attribute in addition to xlink:href per SVG2. - Ignore missing filter references per SVG2. - Support the mix-blend-mode property from SVG2 and the Compositing and Blending Level 1 specification, so layers can be composited with operators like multiply/screen/color-burn. - Support the paint-order property from SVG2, so one can pick the order in which a path's fill/stroke/markers are drawn. + Updated translations. ==== libwpe ==== Version update (1.6.0 -> 1.8.0) - Update to version 1.8.0: + New build configuration system based on Meson. The existing CMake-based system is still maintained, and both produce the same outputs. + Hidden visibility is now used by default for symbols, and only those belonging to the public API are exported. - Switch to meson. ==== microos-tools ==== Version update (2.5 -> 2.6) - Update to version 2.6 - Don't delete autorelabel file in initrd ==== open-vm-tools ==== Version update (11.1.5 -> 11.2.0) Subpackages: libvmtools0 - Update to 11.2.0 (build 16938113) (boo#1177987) + Fixed memory leak occurs in disk device mapping information for IDE, SATA or SAS (LSI Logic SAS) disks configured in the guest. + The following issues and pull requests reported on https://github.com/vmware/open-vm-tools have been addressed: https://github.com/vmware/open-vm-tools/issues/429 https://github.com/vmware/open-vm-tools/pull/431 https://github.com/vmware/open-vm-tools/pull/432 https://github.com/vmware/open-vm-tools/issues/452 + A number of Coverity reported errors and false positives have been addressed. + A complete list of the granular changes that are in the open-vm-tools 11.2.0 release is available at: https://github.com/vmware/open-vm-tools/blob/stable-11.2.0/open-vm-tools/ChangeLog - Update pam-vmtoolsd.patch (boo#1177987): removed the pam_securetty.so line from the new suse file. Modified the Makefile.am to copy the suse file to the /etc/pam.d/vmtoolsd file rather than the default generic file. ==== perl-URI ==== Version update (1.76 -> 5.05) - updated to 5.05 see /usr/share/doc/packages/perl-URI/Changes 5.05 2020-10-21 13:00:44Z - Bump all versions to 5.05 in order to remove various version mismatches. (GH #77) (Olaf Alders) - Add a simple test case for an ipv6 host (GH#66) (Olaf Alders) ==== transactional-update ==== Version update (2.27 -> 2.28) Subpackages: transactional-update-zypp-config - Version 2.28 - Add 'setup-selinux' command for easy setup of a SELinux system - Allow complex commands for the 'run' command - SELinux: Fix /etc / overlay labeling ==== wpebackend-fdo ==== Version update (1.6.1 -> 1.8.0) - Update to version 1.8.0: + Added new API for the audio rendering protocol, which allows embedders to receive audio samples instead of letting WPE WebKit handle their playback. + Added support to export frames using EGLStreams, which can be used e.g. with Nvidia GPUs. + New build configuration system based on Meson. The existing CMake-based system is still maintained, and both produce the same outputs. + Use libepoxy for EGL operations. - Switch to meson. - Add epoxy to BuildRequires: new dependency.