Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20201209 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (20.2.3 -> 20.2.4) Mesa-drivers (20.2.3 -> 20.2.4) ModemManager (1.14.6 -> 1.14.8) NetworkManager (1.26.4 -> 1.28.0) apache2 apache2-prefork apache2-utils bind (9.16.7 -> 9.16.8) busybox cryptsetup firewalld (0.9.0 -> 0.9.1) fprintd (1.90.4 -> 1.90.6) gdb gdk-pixbuf (2.42.0 -> 2.42.2) gnome-chess (3.38.0 -> 3.38.1) gpgme gpgmeqt gtk3 (3.24.23+118 -> 3.24.24) hplip (3.20.6 -> 3.20.9) hwdata (0.341 -> 0.342) libical libqb (2.0.1+20200729.416caf2 -> 2.0.2+20201203.def947e) libstorage-ng (4.3.71 -> 4.3.72) libvirt lvm2 lvm2-device-mapper memcached (1.6.7 -> 1.6.9) mutt (2.0.2 -> 2.0.3) net-snmp netcat-openbsd nodejs14 opensc (0.19.0 -> 0.21.0) php7 plymouth (0.9.5+git20200921+20778f2 -> 0.9.5+git20201026+53c83cc) poppler (20.10.0 -> 20.12.0) poppler-qt5 (20.10.0 -> 20.12.0) procps psmisc python-dkimpy (1.0.3 -> 1.0.5) raspberrypi-firmware (2020.10.22 -> 2020.12.08) raspberrypi-firmware-config (2020.10.22 -> 2020.12.08) raspberrypi-firmware-dt (2020.10.26 -> 2020.12.07) rubygem-net-ssh (6.1.0 -> 6.2.0.rc1) smp_utils subversion sudo (1.9.3p1 -> 1.9.4) sysconfig sysvinit (2.97 -> 2.98) telepathy-glib telepathy-logger tigervnc vim (8.2.2039 -> 8.2.2105) vlan webkit2gtk3 xfsdump xorg-x11-server (1.20.9 -> 1.20.10) yast2-firstboot (4.3.8 -> 4.3.9) yast2-installation (4.3.22 -> 4.3.24) yast2-trans (84.87.20201130.b140fdb5f7 -> 84.87.20201205.6b65f14502) === Details === ==== Mesa ==== Version update (20.2.3 -> 20.2.4) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.2.4 * fourth (second to last) bugfix release for the 20.2 branch ==== Mesa-drivers ==== Version update (20.2.3 -> 20.2.4) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi - update to 20.2.4 * fourth (second to last) bugfix release for the 20.2 branch ==== ModemManager ==== Version update (1.14.6 -> 1.14.8) Subpackages: ModemManager-bash-completion libmm-glib0 - Update to version 1.14.8: + Build: - Fixed distcheck with new gtk-doc releases. - ModemManager-names.h was being included in the dist tarball, but then removed on the 'clean' target. Fix that, by only removing it on the 'maintainer-clean' target. Therefore, 'xsltproc' is now only needed in git builds, not needed when building from a dist tarball. + QMI: - Fix daemon crash when the device is removed during the initialization sequence. + Several other minor improvements and fixes. - Drop libxslt-tools BuildRequires: No longer needed. ==== NetworkManager ==== Version update (1.26.4 -> 1.28.0) Subpackages: libnm0 typelib-1_0-NM-1_0 - Update to version 1.28.0: + Change the behavior of nm-initrd-generator so that the 'ip=off|none' kernel cmdline argument actually generates a connection which disables both ipv4 and ipv6. Previously the generated connection would disable ipv4 but ipv6 would be set to the 'auto' method. ==== apache2 ==== - Require /usr/bin/which instead of which: allow usage of busybox variant for containers. - apache2 main package recommends apache2-utils - break some long lines in the spec as requested by review team - maybe make spec acceptable for factory bot - modified sources % _multibuild - buildrequire netcfg for tests - remove Requires(post): firewalld hard dependency (this is already handled by the %firewalld_reload macro) - package reworked trough [bsc#1178478] - modified patches % apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed) - modified sources % apache2-loadmodule.conf % apache2-manual.conf % apache2-script-helpers % apache2@.service % sysconfig.apache2 - deleted patches - deprecated-scripts-arch.patch (not needed) - httpd-2.0.54-envvars.dif (not needed) - httpd-2.1.3alpha-layout.dif (renamed to apache2-system-dirs-layout.patch) - httpd-2.2.0-apxs-a2enmod.dif (not needed) - httpd-2.4.9-bnc690734.patch (renamed to apache2-LimitRequestFieldSize-limits-headers.patch) - httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch) - httpd-2.x.x-logresolve.patch (renamed to apache2-logresolve-tmp-security.patch) - httpd-apachectl.patch (renamed to apache2-apachectl.patch) - httpd-implicit-pointer-decl.patch (not needed) - httpd-visibility.patch (not needed) - deleted sources - SUSE-NOTICE (outdated) - a2enflag (renamed to apache2-a2enflag) - a2enmod (renamed to apache2-a2enmod) - apache-22-24-upgrade (outdated) - apache2-README (outdated) - apache2-README.QUICKSTART (outedated) - apache2-find-directives (renamed to apache2-find_directives) - apache2-init.logrotate (not needed) - apache2.firewalld (renamed to firewalld.apache2) - apache2.logrotate (renamed to logrotate.apache2) - apache2.ssl.firewalld (renamed to firewalld-ssl.apache2) - apache2.ssl.susefirewall (renamed to susefirewall.apache2) - apache2.susefirewall (renamed to susefirewall-ssl.apache2) - favicon.ico (not needed) - rc.apache2 (not needed) - robots.txt (not needed) - sysconf_addword (not needed, in aaa_base) - added patches fix PATCH: https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2 + apache-test-application-xml-type.patch fix these variables from the test + apache-test-turn-off-variables-in-ssl-var-lookup.patch fix [fate317766] backport of an upstream commit + apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch fix [bnc#690734] TODO, to be upstreamed + apache2-LimitRequestFieldSize-limits-headers.patch fix apachectl is frontend for start_apache2, suse specific + apache2-apachectl.patch fix [bnc#210904] perhaps to be upstreamed + apache2-logresolve-tmp-security.patch fix layout of system dirs configuration, may be upstreamed + apache2-system-dirs-layout.patch - added sources + _multibuild + apache2-a2enflag + apache2-a2enmod + apache2-find_directives + apache2-gensslcert + apache2-mod_example.c + apache2-start_apache2 + firewalld-ssl.apache2 + firewalld.apache2 + logrotate.apache2 + susefirewall-ssl.apache2 + susefirewall.apache2 ==== apache2-prefork ==== - Require /usr/bin/which instead of which: allow usage of busybox variant for containers. - apache2 main package recommends apache2-utils - break some long lines in the spec as requested by review team - maybe make spec acceptable for factory bot - modified sources % _multibuild - buildrequire netcfg for tests - remove Requires(post): firewalld hard dependency (this is already handled by the %firewalld_reload macro) - package reworked trough [bsc#1178478] - modified patches % apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed) - modified sources % apache2-loadmodule.conf % apache2-manual.conf % apache2-script-helpers % apache2@.service % sysconfig.apache2 - deleted patches - deprecated-scripts-arch.patch (not needed) - httpd-2.0.54-envvars.dif (not needed) - httpd-2.1.3alpha-layout.dif (renamed to apache2-system-dirs-layout.patch) - httpd-2.2.0-apxs-a2enmod.dif (not needed) - httpd-2.4.9-bnc690734.patch (renamed to apache2-LimitRequestFieldSize-limits-headers.patch) - httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch) - httpd-2.x.x-logresolve.patch (renamed to apache2-logresolve-tmp-security.patch) - httpd-apachectl.patch (renamed to apache2-apachectl.patch) - httpd-implicit-pointer-decl.patch (not needed) - httpd-visibility.patch (not needed) - deleted sources - SUSE-NOTICE (outdated) - a2enflag (renamed to apache2-a2enflag) - a2enmod (renamed to apache2-a2enmod) - apache-22-24-upgrade (outdated) - apache2-README (outdated) - apache2-README.QUICKSTART (outedated) - apache2-find-directives (renamed to apache2-find_directives) - apache2-init.logrotate (not needed) - apache2.firewalld (renamed to firewalld.apache2) - apache2.logrotate (renamed to logrotate.apache2) - apache2.ssl.firewalld (renamed to firewalld-ssl.apache2) - apache2.ssl.susefirewall (renamed to susefirewall.apache2) - apache2.susefirewall (renamed to susefirewall-ssl.apache2) - favicon.ico (not needed) - rc.apache2 (not needed) - robots.txt (not needed) - sysconf_addword (not needed, in aaa_base) - added patches fix PATCH: https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2 + apache-test-application-xml-type.patch fix these variables from the test + apache-test-turn-off-variables-in-ssl-var-lookup.patch fix [fate317766] backport of an upstream commit + apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch fix [bnc#690734] TODO, to be upstreamed + apache2-LimitRequestFieldSize-limits-headers.patch fix apachectl is frontend for start_apache2, suse specific + apache2-apachectl.patch fix [bnc#210904] perhaps to be upstreamed + apache2-logresolve-tmp-security.patch fix layout of system dirs configuration, may be upstreamed + apache2-system-dirs-layout.patch - added sources + _multibuild + apache2-a2enflag + apache2-a2enmod + apache2-find_directives + apache2-gensslcert + apache2-mod_example.c + apache2-start_apache2 + firewalld-ssl.apache2 + firewalld.apache2 + logrotate.apache2 + susefirewall-ssl.apache2 + susefirewall.apache2 ==== apache2-utils ==== - Require /usr/bin/which instead of which: allow usage of busybox variant for containers. - apache2 main package recommends apache2-utils - break some long lines in the spec as requested by review team - maybe make spec acceptable for factory bot - modified sources % _multibuild - buildrequire netcfg for tests - remove Requires(post): firewalld hard dependency (this is already handled by the %firewalld_reload macro) - package reworked trough [bsc#1178478] - modified patches % apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed) - modified sources % apache2-loadmodule.conf % apache2-manual.conf % apache2-script-helpers % apache2@.service % sysconfig.apache2 - deleted patches - deprecated-scripts-arch.patch (not needed) - httpd-2.0.54-envvars.dif (not needed) - httpd-2.1.3alpha-layout.dif (renamed to apache2-system-dirs-layout.patch) - httpd-2.2.0-apxs-a2enmod.dif (not needed) - httpd-2.4.9-bnc690734.patch (renamed to apache2-LimitRequestFieldSize-limits-headers.patch) - httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch) - httpd-2.x.x-logresolve.patch (renamed to apache2-logresolve-tmp-security.patch) - httpd-apachectl.patch (renamed to apache2-apachectl.patch) - httpd-implicit-pointer-decl.patch (not needed) - httpd-visibility.patch (not needed) - deleted sources - SUSE-NOTICE (outdated) - a2enflag (renamed to apache2-a2enflag) - a2enmod (renamed to apache2-a2enmod) - apache-22-24-upgrade (outdated) - apache2-README (outdated) - apache2-README.QUICKSTART (outedated) - apache2-find-directives (renamed to apache2-find_directives) - apache2-init.logrotate (not needed) - apache2.firewalld (renamed to firewalld.apache2) - apache2.logrotate (renamed to logrotate.apache2) - apache2.ssl.firewalld (renamed to firewalld-ssl.apache2) - apache2.ssl.susefirewall (renamed to susefirewall.apache2) - apache2.susefirewall (renamed to susefirewall-ssl.apache2) - favicon.ico (not needed) - rc.apache2 (not needed) - robots.txt (not needed) - sysconf_addword (not needed, in aaa_base) - added patches fix PATCH: https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2 + apache-test-application-xml-type.patch fix these variables from the test + apache-test-turn-off-variables-in-ssl-var-lookup.patch fix [fate317766] backport of an upstream commit + apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch fix [bnc#690734] TODO, to be upstreamed + apache2-LimitRequestFieldSize-limits-headers.patch fix apachectl is frontend for start_apache2, suse specific + apache2-apachectl.patch fix [bnc#210904] perhaps to be upstreamed + apache2-logresolve-tmp-security.patch fix layout of system dirs configuration, may be upstreamed + apache2-system-dirs-layout.patch - added sources + _multibuild + apache2-a2enflag + apache2-a2enmod + apache2-find_directives + apache2-gensslcert + apache2-mod_example.c + apache2-start_apache2 + firewalld-ssl.apache2 + firewalld.apache2 + logrotate.apache2 + susefirewall-ssl.apache2 + susefirewall.apache2 ==== bind ==== Version update (9.16.7 -> 9.16.8) Subpackages: bind-chrootenv bind-doc bind-utils libbind9-1600 libirs1601 libisccc1600 libisccfg1601 python3-bind - Added special make instruction for the "Administrator Reference Manual" which is built using python3-Sphinx [bsc#1177983, bind.spec] - Removed "Before=nss-lookup.target" from named.service as that leads to a systemd ordering cycle [bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2] - Upgrade to version 9.16.8 New Features: * Add a new rndc command, "rndc dnssec -rollover", which triggers a manual rollover for a specific key. * Add a new rndc command, "rndc dumpdb -expired", which dumps the cache database, including expired RRsets that are awaiting cleanup, to the dump-file for diagnostic purposes. Bug Fixes: * named reported an invalid memory size when running in an environment that did not properly report the number of available memory pages and/or the size of each memory page. * With multiple forwarders configured, named could fail the REQUIRE(msg->state == (-1)) assertion in lib/dns/message.c, causing it to crash. This has been fixed. * named erroneously performed continuous key rollovers for KASP policies that used algorithm Ed25519 or Ed448 due to a mismatch between created key size and expected key size. * Updating contents of an RPZ zone which contained names spelled using varying letter case could cause some processing rules in that RPZ zone to be erroneously ignored. Local changes: * Add /usr/lib64/named to the files and directories in bind-chrootenv.conf. This directory contains plugins loaded after the chroot(). [bsc#1177913,bsc#1178078,bsc#1177603,bind-chrootenv.conf] - Removed "dnssec-enable" from named.conf as it has been obsoleted. Added a comment for reference which should be removed in the future. - Added a comment to the "dnssec-validation" in named.conf with a reference to forwarders which do not return signed responses. - Replaced named's dependency on time-sync with a dependency on time-set in named.service. [bsc#1177790,bsc#1175894,bsc#1177915,vendor-files.tar.bz2] ==== busybox ==== Subpackages: busybox-static - cpio-long-opt.patch: add more long options to cpio for IBS/unrpm ==== cryptsetup ==== Subpackages: libcryptsetup12 libcryptsetup12-hmac - SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149 ==== firewalld ==== Version update (0.9.0 -> 0.9.1) Subpackages: python3-firewall - Remove the patch which enforces usage of iptables instead of nftables: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022) - Update to 0.9.1: * Bugfixes: * docs(firewall-cmd): clarify lockdown whitelist command paths * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active * fix(policy): zone interface/source changes should affect all using zone ==== fprintd ==== Version update (1.90.4 -> 1.90.6) Subpackages: fprintd-lang fprintd-pam - Update to version 1.90.5 The 1.90.5 release was unusable due to a number of inter-related issues with the DBus interface and authorization. We also found a number of problems with possible security implications. Currently fprintd will do interactive authorization even if this was not requested using the correct DBus method call flag. All API users MUST be updated to set the flag as it will be enabled in the future! Highlights: * Fix fprintd DBus configuration * Change details of what requires authorization * Fix various race conditions in pam_fprintd * Permit interactive authorization from fprintd utilities * Do not allow deletion while another operation is ongoing - Drop patch: * 0001-tests-Fix-test-not-failing-on-error.patch - Update to version 1.90.4 The 1.90.4 release caused a major regression, as it included a USB hub in UDEV the autosupend rule list. Highlights: * Remove USB hub from udev autosupend rules * synaptics: Add PID 0x00c9 which is used in some HP laptops ==== gdb ==== - Backport from master [jsc#13656]: * gdb-powerpc-remove-512-bytes-region-limit-if-2nd-dawr-is-avaliable.patch - Require 8GB diskspace for x86_64. ==== gdk-pixbuf ==== Version update (2.42.0 -> 2.42.2) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.2: + Requre Meson 0.55.3. + Improve the PNG save operation. + Fix leak in the error path of the XPM loader. + Fix loading GIF without a GCE rendering color 0. + Fix invalid LZW codes in the GIF loader (CVE-2020-29385). ==== gnome-chess ==== Version update (3.38.0 -> 3.38.1) - Update to version 3.38.1: + Try to make all chess engines easier on Easy and Normal difficulty. + Fix claim draw dialog appearing every turn after threefold repetition. + Fix bogus "computer player is confused" errors in several situations: - When the engine is stalemated. - When starting a new game while the game is paused, if the engine has moved during pause. - When resigning immediately before the engine moves. + Fix file chooser defaulting to /run when game is saved for a second time under flatpak. + Fix detection of stalled chess engine in untimed games. + Fix claim draw dialog appearing before a forced draw. + Fix ChessScene removing invalid GSource. ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 python3-gpg - Use python-rpm-macros to provide python3X-gpg for all present python3 flavors -- gh#openSUSE/python-rpm-macros#66 ==== gpgmeqt ==== - Use python-rpm-macros to provide python3X-gpg for all present python3 flavors -- gh#openSUSE/python-rpm-macros#66 ==== gtk3 ==== Version update (3.24.23+118 -> 3.24.24) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.24: + GtkColorChooser: Update the default color palette. + GtkFontChooser: Fix family-only mode to return regular style. + GtkTreeView: Don't set focus-on-click for header buttons. + Accessibility: - Implement scrollSubstringTo. - Add a11y support to GtkPlug/GtkSocket. + Printing: Allow the lpr backend to print pdf and ps files. + Theme: - Update gesture graphics. - Update HighContrast css. + Wayland: Support the primary-selection-unstable-v1 protocol. + X11: Fix a crash with parent-relative backgrounds. + Broadway: Set modifier state of scroll events. + Build: Fix pc file generation on NixOS. + Updated translations. ==== hplip ==== Version update (3.20.6 -> 3.20.9) Subpackages: hplip-hpijs hplip-sane - Update to 3.20.9 Add support for the following printers: * HP Color LaserJet Managed MFP E57540dn * HP Color LaserJet Managed Flow MFP E57540c * HP Color LaserJet Enterprise MFP M578dn * HP Color LaserJet Enterprise MFP M578f * HP Color LaserJet Enterprise Flow MFP M578c * HP Color LaserJet Enterprise Flow MFP M578z * HP Color LaserJet Managed E55040dw * HP Color LaserJet Managed E55040dn * HP Color LaserJet Enterprise M554dn * HP Color LaserJet Enterprise M555dn * HP Color LaserJet Enterprise M555x - Modified patches: * Use-lsb_release-fallback-code-if-import-distro-fails.patch * hp_ipp.h-add-missing-prototypes.patch * hplip-remove-imageprocessor.diff * hplip-udev-rules-in-usr.patch + refresh using source service * add_missing_includes_and_define_GNU_SOURCE.patch + refresh, drop inexisting file and add GNU_SOURCE definition and missing include in common/utils.c * hplip-misc-missing-includes-and-definitions.patch + rediff to changed context - New build dependency on libavahi-devel ==== hwdata ==== Version update (0.341 -> 0.342) - Update to version 0.342: + Updated pci, usb and vendor ids. ==== libical ==== - Add 0001-Fix-build-with-icu-68.1.patch: fix build with icu 68.1. ==== libqb ==== Version update (2.0.1+20200729.416caf2 -> 2.0.2+20201203.def947e) - Update to version 2.0.2+20201203.def947e (v2.0.2): - ipcs : Decrease log level. (#426) - cov: Quieten some covscan warnings (#427) - doxygen2man: Fix a couple of covscan-detected errors (#425) - ipcs: Add missing qb_list_del when freeing server (#423) (gh#ClusterLabs/libqb#422) - ipc: add qb_ipcc_auth_get() API call (#418) - doxygen2man: Remove horrible hack (#420) (gh#ClusterLabs/libqb#419) - doxygen2man: Add support for @code blocks (#417) - man: Tidy man pages (#416) - doxygen2man: Add option to read copyright line from the header file (#415) (gh#ClusterLabs/libqb#414) ==== libstorage-ng ==== Version update (4.3.71 -> 4.3.72) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#785 - handle missing partition device nodes for multipath (bsc#1175981) - 4.3.72 ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-libs - spec: Enable mdevctl support in the nodedev driver for SLE15 SP3 jsc#SLE-15861, bsc#1179770 - apparmor: Allow lxc processes to receive signals from libvirt lxc: Set default security model in XML parser config 0d05d51b-apparmor-lxc-fix.patch, cf4e7e62-lxc-def-secmodel.patch bsc#1179735 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - prepare usrmerge (boo#1029961) ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - prepare usrmerge (boo#1029961) ==== memcached ==== Version update (1.6.7 -> 1.6.9) - update to 1.6.9: * arm64: Re-add arm crc32c hw acceleration for extstore * restart mode: expose memory_file path in stats settings * 'shutdown graceful' command for raising SIGUSR1 * Introduce NAPI ID based worker thread selection (see doc/napi_ids.txt) * item crawler hash table walk mode * bugfixes - Trim history lesson from description. - Do not suppress errors from useradd. - Reduce hard dependency on systemd. ==== mutt ==== Version update (2.0.2 -> 2.0.3) Subpackages: mutt-doc mutt-lang - mutt 2.0.3: * Fix pager dropped input on SigWinch flag handling * Fix REPLY_TO environment variable handling * Fix undefined NULL pointer arithmetic * Fix exact-address recording of last value * Fix exact-address handling when addr->personal is set ==== net-snmp ==== Subpackages: libsnmp30 perl-SNMP snmp-mibs - Fix the python subpackage generation gh#openSUSE/python-rpm-macros#79 - Support multiple python 3 flavors in the python subpackage gh#openSUSE/python-rpm-macros#66 ==== netcat-openbsd ==== - Add port-select-on-connect.patch: if -s is given but not -p do not select port at bind() but at connect() time. ==== nodejs14 ==== Subpackages: npm14 - openssl_binary_detection.patch: fixes unit tests on SLE12 ==== opensc ==== Version update (0.19.0 -> 0.21.0) - OpenSC 0.21.0: * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK smart card software driver (boo#1177380) * CVE-2020-26572: stack-based buffer overflow in the TCOS smart card software driver (boo#1177378) * CVE-2020-26570: heap-based buffer overflow in the Oberthur smart card software driver (boo#1177364) * CardOS 5.x support boo#1179291 * Support for OAEP encryption, make SHA256 default * New separate debug level for PIN commands * Fix handling of card/reader insertion/removal events in pcscd * Fixes of removed readers handling * Fix Firefox crash because of invalid pcsc context * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards * Propagate ignore_user_content to PKCS#11 layer not to confuse applications * Minidriver: Fix check of ATR length (2-to 33 characters inclusive) * pkcs11-tool: allow using SW tokens * opensc-explorer asn1 accepts offsets and decode records * opensc-explorer cat accepts records * OpenPGP: Add new ec curves supported by GNUK * First steps supporting OpenPGP 3.4 * OpenPGP: Add support for EC key import * Rutoken: Add ATR for Rutoken ECP SC NFC * Improve detection of various CardOS 5 configurations * DNIe: Add new DNIe CA structure for the secure channel * ePass2003: Improve ECC support * ePass2003: Fix erase sequence * IAS-ECC: Fix support for Idemia Cosmo cards * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available * IAS-ECC: Added PIN-pad support for PIN unblock * New driver for Gemalto IDPrime (only some types) * eDo: New driver with initial support for Polish eID card (e-dowód, eDO) * MCRD: Remove unused and broken RSA EstEID support * TCOS: Add missing encryption certificates * PIV: Add ATR of DOD Yubikey * fixed PIV global pin bug * CAC1: Support changing PIN with CAC Alt tokens - includes changes from 0.20.0 * CVE-2019-6502: memory leak in libopensc (boo#1122756) * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747) * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746) * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256) * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307) * Support RSA-PSS signature mechanisms using RSA-RAW * Added memory locking for secrets * added support for terminal colors * PC/SC driver: Fixed error handling in case of changing or removing the card reader * rename md_read_only to read_only and use it for PKCS#11 and Minidriver * allow global use of ignore_private_certificate * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects * PKCS#11: Truncate long PKCS#11 labels with ... * PKCS#11: Fixed recognition of a token when being unplugged and reinserted * Minidriver: Register for CardOS5 cards * Minidriver: Add support for RSA-PSS * tools: Harmonize the use of option -r/--reader * goid-tool: GoID personalization with fingerprint * openpgp-tool: replace the options -L/--key-length with -t/--key-type * openpgp-tool: add options -C/--card-info and -K/--key-info * opensc-explorer: add command pin_info, extend random * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11 * pkcd11-register: Autostart * opensc-tool: Show ATR also for cards not recognized by OpenSC * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values * pkcs11-tool: Support for signature verification via --verify * pkcs11-tool: Add object type secrkey for --type option * pkcs11-tool: Implement Secret Key write object * pkcs11-tool: Add GOSTR3410-2012 support * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP * pkcs11-tool: Add extractable option to key import * pkcs11-tool: list more key access flags when listing keys * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys * pkcs15-crypt: *Handle keys with user consent * New separate CAC1 driver using the old CAC specification (#1502) * CardOS: Add support for 4K RSA keys in CardOS 5 * CardOS: Fixed decryption with CardOS 5 * Enable CoolKey driver to handle 2048-bit keys * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 * GIDS Decipher fix (#1881) * GIDS: Allow RSA 4K support * MICARDO: Remove long expired EstEID 1.0/1.1 card support * MyEID: Add support for unwrapping a secret key with an RSA key or secret key * MyEID Add support for wrapping a secret key with a secret key * Support for MyEID 4K RSA * Support for OsEID * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys * OpenPGP Card v3 ECC support * Add Rutoken ECP SC * Add Rutoken Lite * Add SmartCard-HSM 4K ATR * Add missing secp384r1 curve parameter * Stacros: Fix decipher with 2.3 * Stacros: Add ATR for 2nd gen. eGK * Stacros: Add new ATR for 3.5 * Stacros: Detect and allow Globalplatform PIN encoding * Fix TCOS IDKey support * TCOS: add encryption certificate for IDKey * Infocamere, Postecert, Cnipa: Remove profiles * Remove incomplete acos5 driver - drop patches now upstream: * opensc-0.19.0-piv_card_matching.patch * opensc-0.19.0-redundant_logging.patch * opensc-0.19.0-rsa-pss.patch ==== php7 ==== Subpackages: apache2-mod_php7 php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - do not add mod_php to httpd.conf during %install (better fix for new apache2 from Apache development repo) + php-install-mod_php.patch - do not build php-cgi when not needed - only build extensions in cli ==== plymouth ==== Version update (0.9.5+git20200921+20778f2 -> 0.9.5+git20201026+53c83cc) Subpackages: libply-boot-client5 libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Update to version: 0.9.5+git20201026: Don't wait forever for a ping reply. ==== poppler ==== Version update (20.10.0 -> 20.12.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - Update to 20.12.0: + core: - Draw better circles for circle annotations - Fix annotation line width if no appearance stream or style are given - Tweak rendering of highlight annotations - Fix border rendering of some annotations - Fix rendering of some files. Issue #976 Issue #567 - PSOutputDev: provide options to set the rasterization color space and ICC profile - PSOutputDev: for splashModeCMYK8 and language level >=2 activate overprint emulation - PSOutputDev: use the DeviceN8 bitmap for rasterization with CMYK-output + overprint - Use the font name without subset tag when querying for a system font - Splash: Fix wrong x adjustment during clipping - Splash: Fix blitImage in uncolored tiling patterns - timeToDateString: We forgot the ' after the minutes - Move psLevel to PSOutputDev creation - Fix several issues in broken files + utils: - pdftops: provide options to set the rasterization color space and ICC profile - pdftops: for splashModeCMYK8 and language level >=2 activate overprint emulation ==== poppler-qt5 ==== Version update (20.10.0 -> 20.12.0) - Update to 20.12.0: + core: - Draw better circles for circle annotations - Fix annotation line width if no appearance stream or style are given - Tweak rendering of highlight annotations - Fix border rendering of some annotations - Fix rendering of some files. Issue #976 Issue #567 - PSOutputDev: provide options to set the rasterization color space and ICC profile - PSOutputDev: for splashModeCMYK8 and language level >=2 activate overprint emulation - PSOutputDev: use the DeviceN8 bitmap for rasterization with CMYK-output + overprint - Use the font name without subset tag when querying for a system font - Splash: Fix wrong x adjustment during clipping - Splash: Fix blitImage in uncolored tiling patterns - timeToDateString: We forgot the ' after the minutes - Move psLevel to PSOutputDev creation - Fix several issues in broken files + utils: - pdftops: provide options to set the rasterization color space and ICC profile - pdftops: for splashModeCMYK8 and language level >=2 activate overprint emulation ==== procps ==== Subpackages: libprocps8 - prepare usrmerge (boo#1029961) ==== psmisc ==== - prepare usrmerge (boo#1029961) ==== python-dkimpy ==== Version update (1.0.3 -> 1.0.5) - update to 1.0.5 - Update dnsplug for DNS Python (dns) 2.0 compatibility (LP: #1888583) - Fix @param srv_id typos (LP: #1890532) - Correct dkim.verify processing to avoid errors when verifying messages with no DKIM signatures ==== raspberrypi-firmware ==== Version update (2020.10.22 -> 2020.12.08) - Update to 919aee0ed7 (2020-12-08): * firmware: Switch DA9121 PMIC to PWM mode when ARM > 600 MHz * firmware: xhci: Don't reset BCM2711 XHCI from filesys in start.elf * firmware: platform: Avoid vco issue with low arm_freq_min on Pi0-3 ==== raspberrypi-firmware-config ==== Version update (2020.10.22 -> 2020.12.08) - Update to 919aee0ed7 (2020-12-08): * firmware: Switch DA9121 PMIC to PWM mode when ARM > 600 MHz * firmware: xhci: Don't reset BCM2711 XHCI from filesys in start.elf * firmware: platform: Avoid vco issue with low arm_freq_min on Pi0-3 ==== raspberrypi-firmware-dt ==== Version update (2020.10.26 -> 2020.12.07) - Update to f77383ec0ed3 (2020-12-07): * Introduce RPi400 device-tree ==== rubygem-net-ssh ==== Version update (6.1.0 -> 6.2.0.rc1) New upstream release 6.2.0 rc1 * rsa-sha2-512, rsa-sha2-256 host_key algs [#771] * JRuby aes*-ctr suppport [#767] ==== smp_utils ==== Subpackages: libsmputils1-1 - Add missing ldconfig calls for libsmputils1-1. ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl subversion-server subversion-tools - use system apache rpm macros ==== sudo ==== Version update (1.9.3p1 -> 1.9.4) Subpackages: sudo-plugin-python - Update to 1.9.4 * The sudoers parser will now detect when an upper-case reserved word is used when declaring an alias. Now instead of "syntax error, unexpected CHROOT, expecting ALIAS" the message will be "syntax error, reserved word CHROOT used as an alias name". Bug #941. * Better handling of sudoers files without a final newline. The parser now adds a newline at end-of-file automatically which removes the need for special cases in the parser. * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end where an uninitialized pointer could be freed on an error path. GitHub issue #67. * The core logging code is now shared between sudo_logsrvd and the sudoers plugin. * JSON log entries sent to syslog now use "minimal" JSON which skips all non-essential whitespace. * The sudoers plugin can now produce JSON-formatted logs. The "log_format" sudoers option can be used to select sudo or json format logs. The default is sudo format logs. * The sudoers plugin and visudo now display the column number in syntax error messages in addition to the line number. Bug #841. * If I/O logging is not enabled but "log_servers" is set, the sudoers plugin will now log accept events to sudo_logsrvd. Previously, the accept event was only sent when I/O logging was enabled. The sudoers plugin now sends reject and alert events too. * The sudo logsrv protocol has been extended to allow an AlertMessage to contain an optional array of InfoMessage, as AcceptMessage and RejectMessage already do. * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result in duplicate entries in the debug log when debugging was enabled. * The visudo utility now supports EDITOR environment variables that use single or double quotes in the command arguments. Bug #942. * The PAM session modules now run when sudo is set-user-ID root, which allows a module to determine the original user-ID. Bug #944. * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end where sudoNotBefore and sudoNotAfter were applied even when the SUDOERS_TIMED setting was not present in ldap.conf. Bug #945. * Sudo packages for macOS 11 now contain universal binaries that support both Intel and Apple Silicon CPUs. * For sudo_logsrvd, an empty value for the "pid_file" setting in sudo_logsrvd.conf will now disable the process ID file. - Remove sudo-1.9.3p1-pam_xauth.patch (upstreamed) ==== sysconfig ==== Subpackages: sysconfig-netconfig - Also support service(network) provides ==== sysvinit ==== Version update (2.97 -> 2.98) - Update to sysvinit 2.98: * Fixed time parsing in shutdown when there is a + in front of a 0 time offset. Commands with a postiive time offset (+1) would work but +0 fails. This has been corrected by Arkadiusz Miskiewicz. ==== telepathy-glib ==== Subpackages: libtelepathy-glib0 typelib-1_0-TelepathyGlib-0_12 - Drop python-xml BuildRequires: the installation is using python3. ==== telepathy-logger ==== Subpackages: libtelepathy-logger3 typelib-1_0-TelepathyLogger-0_2 - Build with python3 instead of python2: + Add 1.diff: tools: Fix the build with Python 3. + Drop python2-devel and python-xml BuildRequires. - Drop empty post/postun scriptlets that were calling glib2_gsettings_schema_post/postun: macros are now empty placeholder and the funcionality handled by file triggers. ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - x11vnc wrapper script: converted to python3 (boo#1179592) ==== vim ==== Version update (8.2.2039 -> 8.2.2105) Subpackages: gvim vim-data vim-data-common - Updated to version 8.2.2105, fixes the following problems * Viminfo is not written when creating a new file. * Terminal buffer disappears even when 'bufhidden' is "hide". (Sergey Vlasov) * Haskell filetype not optimally recognized. * Build failure with +profile but without +reltime. * GTK3: white border around text stands out. * Highlighting a character too much with incsearch. * Some test failures don't give a clear error. * Amiga: FEAT_ARP defined when it should not. * Amiga: obsolete code. * Amiga: obsolete function. * Search test contains unneeded sleeps. * Vim9: crash when aborting a user function call. * Vim9: "edit +4 fname" gives an error. (Naruhiko Nishino) * Vim9: lamba doesn't accept argument types. * Configure fails when building with the "implicit-function-declaration" error enabled, specifically on Mac. * Getting the selection may trigger TextYankPost autocmd. * Using mkview/loadview changes the jumplist. * Check for features implemented with "if". * Vim9: E1030 error when using empty string for term_sendkeys(). * <Cmd> does not handle CTRL-V. * Vim9: only one level of indexing supported. * terminal: cursor is on while redrawing, causing flicker. * Using map() and filter() on a range() is inefficient. * Vim9: assignment with += doesn't work. * Cursor position in popup terminal is wrong. * Transparent syntax item uses start/end of containing region. * The quickfix window is not updated after setqflist(). * Can't get the exit value in VimLeave or VimLeavePre autocommands. * Vim9: list assign doesn't except empty remainder list. * Vim9: list assign not well tested. * Vim9: for with unpack only works for local variables. * Vim9: using :normal from Vim9 script can't handle range. * Error for const argument to mapnew(). * Build failure with small features. * Illegal memory access when using :print on invalid text. (Dhiraj Mishra) * Vim9: cannot put a linebreak before or after "in" of ":for". * Vim9: no proper error message for using s:var in for loop. * Vim9: cannot handle a linebreak after "=" in assignment. * Vim9: can still use the depricated #{} dict syntax. * Vim9: crash when using ":silent!" and getting member fails. * CTRL-V U doesn't work to enter a Unicode character when modifyOtherKeys is effective. (Ken Takata) * Qt translation file is recognized as typescript. * Libvterm tests are only run on Linux. * Vim9: memory leak when statement is truncated. * Vim9: script test sometimes fails. * Vim9: dict does not accept a key in quotes. * Vim9: unpredictable errors for script tests. * Vim9: script test sometimes fails. * When an expression fails getting the next command may be wrong. * Vim9: crash when failed dict member is followed by concatenation. * Vim9: command modifiers not restored after assignment. * Vim9: using :silent! when calling a function prevents abortng that function. * Vim9: function argument of sort() and map() not tested. * Vim9: some checks are not tested. * Insufficient testing for function range and dict. * Vim9: memory leak when literal dict has an error and when an expression is not complete. * Vim9: not all error messages tested. * Vim9: unreachable code. * Build problem with Ruby 2.7. * Sound test is a bit flaky. ==== vlan ==== - prepare usrmerge (boo#1029961) ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Add old-wayland-scanner.patch for 15.0/15.1: support older wayland-scanner. Also renumber patches to group 15.0/15.1-specific patches together. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (boo#1171531). ==== xfsdump ==== - prepare usrmerge (boo#1029961) ==== xorg-x11-server ==== Version update (1.20.9 -> 1.20.10) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk xorg-x11-server-wayland - Update to version 1.20.10: * Check SetMap request length carefully. * Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows * present/wnmd: Translate update region to screen space * modesetting: keep going if a modeset fails on EnterVT * modesetting: check the kms state on EnterVT * configure: Build hashtable for Xres and glvnd * xwayland: Create an xwl_window for toplevel only * xwayland: non-rootless requires the wl_shell protocol * glamor: Update pixmap's devKind when making it exportable * os: Fix instruction pointer written in xorg_backtrace * present/wnmd: Execute copies at target_msc-1 already * present/wnmd: Move up present_wnmd_queue_vblank * present: Add present_vblank::exec_msc field * present: Move flip target_msc adjustment out of present_vblank_create * xwayland: Remove pending stream reference when freeing * xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one * xwayland: Do not discard frame callbacks on allow commits * present/wnmd: Remove dead check from present_wnmd_check_flip * xwayland: Check window pixmap in xwl_present_check_flip2 * present/wnmd: Can't use page flipping for windows clipped by children * xfree86: Take second reference for SavedCursor in xf86CursorSetCursor * glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling * include: Increase the number of max. input devices to 256. * Revert "linux: Make platform device probe less fragile" * Revert "linux: Fix platform device PCI detection for complex bus topologies" * Revert "linux: Fix platform device probe for DT-based PCI" - Remove included pachtes * U_xfree86_take_second_ref_for_xcursor.patch * U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch * U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch * U_Revert-linux-Make-platform-device-probe-less-fragile.patch * U_Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch * U_Check-SetMap-request-length-carefully.patch - remove unneeded python2 script 'fdi2iclass.py' from xorg-x11-server-sources subpackage (boo#1179591) ==== yast2-firstboot ==== Version update (4.3.8 -> 4.3.9) - Fix: Starting YaST2 Control Center if the flag SHOW_Y2CC_CHECKBOX has been set in /etc/sysconfig/firstboot and the user has selected it while the firstboot installation workflow (bsc#1178834). - 4.3.9 ==== yast2-installation ==== Version update (4.3.22 -> 4.3.24) - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) - 4.3.24 - Starting YAST2 Control Center if it has been set while an yast2-firstboot installation workflow (bsc#1178834). - 4.3.23 ==== yast2-trans ==== Version update (84.87.20201130.b140fdb5f7 -> 84.87.20201205.6b65f14502) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20201205.6b65f14502: * Translated using Weblate (Dutch) * Translated using Weblate (Slovak) * Translated using Weblate (German) * Translated using Weblate (Czech) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'update'. * New POT for text domain 'cluster'. * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Portuguese) * New POT for text domain 'users'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'control'.