Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20211221 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apache2 (2.4.51 -> 2.4.52) apache2-manual (2.4.51 -> 2.4.52) apache2-mod_php7 (7.4.26 -> 7.4.27) apache2-prefork (2.4.51 -> 2.4.52) apache2-utils (2.4.51 -> 2.4.52) cantarell-fonts (0.301 -> 0.303.1) epiphany (41.2 -> 41.3) fwupd (1.6.4 -> 1.7.3) gnome-shell harfbuzz (3.1.1 -> 3.2.0) libinput (1.19.2 -> 1.19.3) libqt5-qtwayland (5.15.2+kde34 -> 5.15.2+kde37) librsvg (2.52.4 -> 2.52.5) libstorage-ng (4.4.66 -> 4.4.68) live555 (2021.11.23 -> 2021.12.18) mutter openvpn (2.5.4 -> 2.5.5) php7 (7.4.26 -> 7.4.27) python-chardet remmina (1.4.22 -> 1.4.23) squid (5.2 -> 5.3) suse-module-tools (16.0.16 -> 16.0.17) xxhash yast2 (4.4.30 -> 4.4.31) yast2-storage-ng (4.4.27 -> 4.4.28) === Details === ==== apache2 ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-manual ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-mod_php7 ==== Version update (7.4.26 -> 7.4.27) - updated to 7.4.27: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.27 ==== apache2-prefork ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-utils ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See <https://github.com/icing/mod_h2/issues/212>. * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `<MDomain dnsname>` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See <https://github.com/icing/mod_md/issues/268> - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== cantarell-fonts ==== Version update (0.301 -> 0.303.1) - Update to version 0.303.1: + Add missing font. - Changes from version 0.303: + Actually update the version number in the fonts. - Changes from version 0.302: + Maintenance release: Make the variable font the default, only build statics on demand. Also build two packages with variable and static fonts. Packagers can chose the statics package if they run into problems with the variable font, but you should probably not install both at the same time. + Amended OS/2 super- and subscript values so that new Pango can use them properly. + Update production names for Jacute, bulletoperator, commercialMinusSign, divisionslash, notidentical, ringcomb_acutecomb and ringcomb_acutecomb.case. + Updated appstream translations. ==== epiphany ==== Version update (41.2 -> 41.3) Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Update to version 41.3: + Fix Reload buttons on error pages. + Fix delete button in about:applications. ==== fwupd ==== Version update (1.6.4 -> 1.7.3) Subpackages: fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.7.3: * This release adds the following features: + Add a sync-bkc subcommand to ensure a known set of firmware versions + Add FuArchiveFirmware for plugins that use archives as firmware files + Add quirkable page and sector size properties to FuCfiDevice + Make Upower and powerd support optional * This release fixes the following bugs: + Add some sanity checks to the elanfp firmware parser + Add the CFI JEDEC instance ID if using the vendor-extended version + Check the value range when parsing the quirk keys + Do not wait for a USB runtime if will-disappear is set + Enable the MOTD integration when using pam_motd + Fix DFU regression when merging the FuProgress work + Fix running the tests when fwupd is not installed + Fix the GLib error message when inotify max_user_instances is too low + Fix VLI VL820Q7 detection to fix flashing of the Lenovo TBT3 dock + Ignore a USB error for STM32 attach when the device goes away + Make the HSI tests optional for embedded targets + Make the plugin startup order deterministic + Set Thunderbolt ports offline on host controller + Use endian-safe version functions when enumerating Logitech hardware + Use lowercase flag names in intel-spi to prevent a runtime warning + Wait for the System76 Launch device to come back from DFU mode * This release adds support for the following hardware: + Most Nordic Semiconductor nRF Secure devices - Fix build when not on TW: add BR protobuf-c - Fix build issue in spec (references to libfwupdplugin2 -> libfwupdplugin5) ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang - Add gnome-shell-exit-crash-workaround.patch: + Backport from Ubuntu, This is a workaround to maintain a clean environment for gnome-shell and particularly JavaScript/GJS to shutdown without crashing. + Proper fixes are still pending https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1759 https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/648 (bsc#1190878 glgo#GNOME/gnome-shell#4344). ==== harfbuzz ==== Version update (3.1.1 -> 3.2.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0 - Update to 3.2.0: + Fixed shaping of Apple Color Emoji flags in right-to-left context + Fixed positioning of CFF fonts in HB_TINY profile + OpenType 1.9 language tags update + Add HB_NO_VERTICAL config option + Add HB_CONFIG_OVERRIDE_H for easier configuration + Improved packing of cmap, loca, and Ligature tables + Significantly improved overflow-resolution strategy in the repacker - Update to 3.1.2: + hb-shape / hb-view: revert treating text on the commandline as single paragraph (was introduced in 3.0.0); add new - -single-par to do that + Subsetter bug fixes ==== libinput ==== Version update (1.19.2 -> 1.19.3) Subpackages: libinput-udev libinput10 - Update to release 1.19.3 * quirks: add ModelBouncingKeys for A4Tech X-710BK Mouse * quirks: Dell 15R touchpad settings for firmware v3 * quirks: change touchpad pressure on Lenovo Yoga 2 Pro * gestures: cancel hold gestures on thumb detection ==== libqt5-qtwayland ==== Version update (5.15.2+kde34 -> 5.15.2+kde37) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.2+kde37: * Fix backport, context destruction was omitted * Client: do not empty clipboard when a new popup/window is opened * Wayland client: use wl_keyboard to determine active state - Add patch to fix crashes triggered by unintentional actions when showing a window (kde#421700): * 0001-Client-Avoid-processing-of-events-when-showing-windo.patch ==== librsvg ==== Version update (2.52.4 -> 2.52.5) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.52.5: + Fix mangled output in rsvg-convert when redirecting output to a pipe on Windows. + When outputting to SVG, rsvg-convert now uses the width/height units specified in the command line; it always used pixels before. + Fix incorrect top/left margins for SVG/PS/EPS/PDF output. + Fix incorrect placement of glyphs when text has non-uniform scaling in the X/Y axes. This is not a librsvg bug, but is fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will be released soon with this fix as well. Note that this release of librsvg cannot increase the minimum Pango version to 1.48.11 because it is not released yet. + Miscellaneous: Updated crate dependencies: assert_cmd, cast, clap cssparser, float-cmp, itertools, nalgebra, png, proptest, rctree, selectors, system-deps. ==== libstorage-ng ==== Version update (4.4.66 -> 4.4.68) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#851 - updated pot and po files - 4.4.68 - merge gh#openSUSE/libstorage-ng#850 - extended callbacks for probing problems - 4.4.67 ==== live555 ==== Version update (2021.11.23 -> 2021.12.18) Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 libliveMedia102 - Update to version 2021.12.18: + Fixed a bug in the way that "RTSPClient" handles its two separate TCP connections when it does RTSP-over-HTTP. + Updated "RTPInterface::sendDataOverTCP()" so that if it's necessary to do a blocking send(), we call "makeSocketNonBlocking()" immediately after the call to "send()". + Performed the annual update of the copyright years near the start of each file. - update to 2021.12.07: - Added #ifndef NO_OPENSSL/#endif around "#include <openssl/err.h>" in "liveMedia/TLSState.cpp", so that the code will compile if you're compiling with no OpenSSL headers, and NO_OPENSSL defined. ==== mutter ==== Subpackages: mutter-lang - Add mutter-allow-disable-hardware-cursors.patch: Add a debug environment variable MUTTER_DEBUG_DISABLE_HW_CURSORS to disable hardware cursors and force using software cursors to avoid some driver or hardware bug (glgo#GNOME/mutter#2045, glgo#GNOME/mutter!2150). ==== openvpn ==== Version update (2.5.4 -> 2.5.5) - update to 2.5.5: * SWEET32/64bit cipher deprecation change was postponed to 2.7 * improve "make check" to notice if "openvpn --show-cipher" crashes * improve argv unit tests * ensure unit tests work with mbedTLS builds without BF-CBC ciphers * include "--push-remove" in the output of "openvpn --help" * fix error in iptables syntax in example firewall.sh script * fix "resolvconf -p" invocation in example "up" script * fix "common_name" environment for script calls when "--username-as-common-name" is in effect (Trac #1434) * move "push-peer-info" documentation from "server options" to "client" * correct "foreign_option_{n}" typo in manpage * README.down-root: fix plugin module name ==== php7 ==== Version update (7.4.26 -> 7.4.27) Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - updated to 7.4.27: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.27 ==== python-chardet ==== - pytest-runner is not required for build ==== remmina ==== Version update (1.4.22 -> 1.4.23) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc - Updated to remmina version 1.4.23 * Patch for a Remmina segfault and stats code cleaning !2358 * Make Appindicator optional !2359 * Added check-box to force tight encoding for VNC connections !2360 * remote resolution: use multiple of four !2353 * Add Keyboard mapping per client RDP !2361 * Improve TLS error message, fixes #2364 (closed) !2362 * Triage policy language reworked !2363 ==== squid ==== Version update (5.2 -> 5.3) - update to 5.3: * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses * Bug 5060: Parallel builds are not reliable * Documentation updates for logformat directive ==== suse-module-tools ==== Version update (16.0.16 -> 16.0.17) - Update to version 16.0.17: * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce "none" for loop devices (boo#1193759) * install some modprobe.d files only for relevant architectures (apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974) ==== xxhash ==== - fix racy check execution ==== yast2 ==== Version update (4.4.30 -> 4.4.31) Subpackages: yast2-logs - Do not reinitialize the packaging system during offline upgrade (bsc#1193784 and bsc#1192437). - 4.4.31 ==== yast2-storage-ng ==== Version update (4.4.27 -> 4.4.28) - Partitioner: added a warning if a required mount option, eg. _netdev, is missing in a mount point (jsc#SLE-20535). - 4.4.28