Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190626 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.0.8.48 -> 7.0.8.49) MozillaFirefox (67.0 -> 67.0.4) MozillaThunderbird (60.7.1 -> 60.7.2) NetworkManager NetworkManager-applet accerciser (3.32.2 -> 3.32.3) audit audit-secondary bolt (0.7 -> 0.8) btrfsmaintenance ding-libs dleyna-core dleyna-server dnsmasq epiphany evolution (3.32.2 -> 3.32.3) evolution-data-server (3.32.2 -> 3.32.3) ffmpeg-4 filesystem gcc9 (9.1.1+r271393 -> 9.1.1+r272147) gconf2 git (2.21.0 -> 2.22.0) gitg glib-networking (2.60.2 -> 2.60.3) glib2 (2.60.3 -> 2.60.4) gnome-shell google-noto-fonts gupnp-igd hwdata (0.323 -> 0.324) kernel-firmware (20190514 -> 20190618) kernel-source (5.1.7 -> 5.1.10) libXi (1.7.9 -> 1.7.10) libappindicator libcontainers-common libguestfs librevenge libseccomp (2.4.0 -> 2.4.1) libsolv (0.7.4 -> 0.7.5) libssh2_org (1.8.2 -> 1.9.0) libvirt libzypp (17.11.4 -> 17.12.0) linux-glibc-devel (5.0 -> 5.1) man ncurses ntp numad obs-service-tar_scm (0.10.9.1557261720.32a1cdb -> 0.10.9.1559745964.22c86cd) openexr ovmf (2019+git1552059899.89910a39dcfd -> 201905) permissions (1550_20190429 -> 1550_20190521) plasma-browser-integration (5.16.1 -> 5.16.2) pulseaudio python python-base rp-pppoe (3.12 -> 3.13) rubygem-cfa (0.7.0 -> 1.0.0) rubygem-cfa_grub2 (1.0.1 -> 2.0.0) rygel (0.36.2 -> 0.38.1) salt schily sessreg (1.1.1 -> 1.1.2) spamassassin system-config-printer systemd-presets-branding-openSUSE systemd-presets-common-SUSE sysvinit (2.90 -> 2.95) vala (0.44.4 -> 0.44.5) vsftpd webkit2gtk3 xdg-desktop-portal-kde (5.16.1 -> 5.16.2) xfce4-panel-plugin-cpugraph (1.0.90 -> 1.0.91) zlib zypper (1.14.27 -> 1.14.28) === Details === ==== ImageMagick ==== Version update (7.0.8.48 -> 7.0.8.49) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick - disable indirect reads [bsc#1138425] (https://imagemagick.org/script/security-policy.php) - modified patches % ImageMagick-configuration-SUSE.patch (refreshed) - version update to 7.0.8.49 * Add support for RGB565 image format (reference https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=36078). * Use user defined allocator instead of `malloc` (reference https://github.com/ImageMagick/ImageMagick6/pull/49/). * Add static decorator to accelerator kernels (reference https://github.com/ImageMagick/ImageMagick/issues/1366). ==== MozillaFirefox ==== Version update (67.0 -> 67.0.4) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 67.0.4 MFSA 2019-19 (boo#1138872) * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open - Mozilla Firefox 67.0.3 MFSA 2019-18 (boo#1138614) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop - Mozilla Firefox 67.0.2 * Fixed: Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bmo#1553413) * Fixed: Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bmo#1548804) * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bmo#1551282) * Fixed: Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bmo#1556612) * Fixed: Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bmo#1554744) * Fixed: Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bmo#1552275) * Fixed: Custom home page is broken with clearing data on shutdown settings applied (bmo#1554167) * Fixed: Performance-regression for eclipse RAP based applications (bmo#1555962) * Fixed: macOS 10.15 crash fix (bmo#1556076) * Fixed: Can't start two downloads in parallel via <a download> anymore (bmo#1542912) - Mozilla Firefox 67.0.1 * enable enhanced tracking protection by default for new users * upgrade of Facebook container to version 2.0 * new version of Firefox Lockwise (password management) * new version of Firefox Monitor * Firefox Send improvements ==== MozillaThunderbird ==== Version update (60.7.1 -> 60.7.2) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 60.7.2 MFSA 2019-20 (boo#1138872) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open ==== NetworkManager ==== Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0 - Add nm-add-CAP_SYS_ADMIN-permission.patch: Add CAP_SYS_ADMIN which netconfig needs to call setdomainname (bsc#1129587). ==== NetworkManager-applet ==== Subpackages: NetworkManager-applet-lang NetworkManager-connection-editor libnma0 nma-data typelib-1_0-NMA-1_0 - Rebase feature-app-indicator-desktop-file.patch (boo#1138523). ==== accerciser ==== Version update (3.32.2 -> 3.32.3) Subpackages: accerciser-lang - Update to version 3.32.3: + Fix showing relations. + Fix support for IPython 7. + Fix build instructions. + Don't crash on empty schema list. + Fix using translations. ==== audit ==== Subpackages: audit-devel libaudit1 libaudit1-32bit libauparse0 - Make use of some %make_install. ==== audit-secondary ==== Subpackages: audit python3-audit - Reduce scriptlets' hard dependency on systemd. ==== bolt ==== Version update (0.7 -> 0.8) - Update to 0.8 * New Features: - IOMMU support: adapt behavior iommu support is present and active * automatically enroll new devices with the new iommu policy when iommu is active * automatically authorize devices with the iommu policy if iommu is active - boltctl config command to describe, get and set global, device and domain properties. - Chain authorization and enrollment via boltctl {enroll, authorize} --chain - bolt-mock script for interactively testing boltd * Improvements: - Automatically import devices that were authorized at boot - Make tests installable - Honour STATE_DIRECTORY and RUNTIME_DIRECTORY - Profiling support via gprof * Bug fixes: - Better handling of random data generation, removed hardening_for_RNG_code.patch - Fix double free in case of client creation failure - Fix invalid format string in warning - dbus configuration moved /usr/share ==== btrfsmaintenance ==== - spec: fix typo in macro name - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== ding-libs ==== Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1 - Add patch fixing errors writeout to stdout: * INI-Remove-definiton-of-TRACE_LEVEL.patch ==== dleyna-core ==== - Add dleyna-core-port-to-gupnp1_2.patch: Port to gupnp-1.2. Following the above patch, replace pkgconfig(gupnp-1.0) with pkgconfig(gupnp-1.2) BuildRequires. ==== dleyna-server ==== - Add dleyna-server-port-gupnp1_2.patch: Port to gupnp-1.2. Following this: replace pkgconfig(gssdp-1.0) and pkgconfig(gupnp-1.0) with pkgconfig(gssdp-1.2) and pkgconfig(gupnp-1.2) BuildRequires. ==== dnsmasq ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== epiphany ==== Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Add epiphany-web-app-utils_Fix-crash.patch: Fix crash when web app profile lacks .app file and broken web apps should crash in a nicer way. ==== evolution ==== Version update (3.32.2 -> 3.32.3) Subpackages: evolution-lang evolution-plugin-bogofilter evolution-plugin-pst-import evolution-plugin-spamassassin - Update to version 3.32.3: + Fix a possible memory leak in e-web-view.c:web_view_initialize(). + Reference a GDBusProxy object in the synchronous call wrappers. + Fix a crash when filling mail threaded view. + Change buffer size argument value in call of icalvalue_decode_ical_string(). + Change path where backup/restore searches for the .running file. + Fix several memory leaks in the addressbook code. + Bugs fixed: glgo#GNOME/evolution#400, glgo#GNOME/evolution#405, glgo#GNOME/evolution#432, glgo#GNOME/evolution#433, glgo#GNOME/evolution#437, glgo#GNOME/evolution#439, glgo#GNOME/evolution#445, glgo#GNOME/evolution#446, glgo#GNOME/evolution#454, glgo#GNOME/evolution#472, glgo#GNOME/evolution#474, glgo#GNOME/evolution#479, glgo#GNOME/evolution#481, glgo#GNOME/evolution#484, glgo#GNOME/evolution!13, glgo#GNOME/evolution!14, glgo#GNOME/evolution!16, glgo#GNOME/evolution#112. + Updated translations. - Use modern cmake_build macro. ==== evolution-data-server ==== Version update (3.32.2 -> 3.32.3) Subpackages: evolution-data-server-lang libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-19 libebook-contacts-1_2-2 libecal-1_2-19 libedata-book-1_2-25 libedata-cal-1_2-29 libedataserver-1_2-24 libedataserverui-1_2-2 - Update to version 3.32.3: + [IMAPx] - Fix a leak of CamelMessageInfo when downloading message from a server. - Prefer local search in folders fully synchronized for offline. + EDataBook/EDataCal: Flush GDBus connection on backend property change. + Add workaround for D-Bus property change into get-revision tests. + Expose E-Book/Cal-BackendSExp lock. + Change buffer size argument value in call of icalvalue_decode_ical_string(). + Update overdue time immediately after the reminders' window is mapped. + Correct test for file writable test in On This Computer backend. + CamelOperation can be used by other thread while in its finalize(). + Change how CamelOfflineStore goes online. + Bugs fixed: glgo#GNOME/evolution-data-server#108, glgo#GNOME/evolution-data-server#112, glgo#GNOME/evolution-data-server#114, glgo#GNOME/evolution-data-server#116, glgo#GNOME/evolution-data-server#123, glgo#GNOME/evolution-data-server#190, glgo#GNOME/evolution-data-server#479. - Drop eds-issue-108.patch: Fixed upstream. - Use modern cmake_build macro. - Add eds-issue-108.patch: Folder changes could be claimed in a wrong folder after APPEND, fixes glgo#GNOME/evolution#296, glgo#GNOME/evolution-data-server#108. ==== ffmpeg-4 ==== Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58 libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5 - Add ffmpeg-4.1-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch from OpenMandriva to optionally enable runtime enabling of fdkaac/lame/x264/x265 - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen - Rename bcond fdk_aac to fdk_aac_dlopen - Remove fdk-aac BuildRequires now it's only dlopen'd ==== filesystem ==== - Re-add /var/cache and /var/log (revert [bsc#1078466] because of [bsc#1078466]) - Fix permission of fs-var.conf ==== gcc9 ==== Version update (9.1.1+r271393 -> 9.1.1+r272147) Subpackages: cpp9 gcc9-c++ gcc9-fortran gcc9-info gcc9-locale gcc9-objc libasan5 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc9 libstdc++6-locale libtsan0 libubsan1 - Update to gcc-9-branch head (r272147). * Pulls fix for random debug info differences when compiling D code. [gcc#90778] - Update to gcc-9-branch head (r271995). * installs workaround for broken lapack C interfaces - Drop gcc9-spectrev1.patch, add gcc9-reproducible-builds.patch and gcc9-reproducible-builds-buildid-for-checksum.patch moving reproducible build improvements over from GCC 8 package. - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. [bsc#1135254] - Update to gcc-9-branch head (r271643). ==== gconf2 ==== Subpackages: gconf-polkit gconf2-lang - Run gsettings-schema-convert through 2to3, and adjust to use python 3. Also require python3, rather than python, and remove python-lxml Recommends (boo#1136216). ==== git ==== Version update (2.21.0 -> 2.22.0) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - git 2.22.0 * The filter specification "--filter=sparse:path=<path>" used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the "--filter=sparse:oid=<blob>" option * "git checkout --no-overlay" can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * "git branch" learned a new subcommand "--show-current". * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to "scissors", even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * "git rebase" that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * "git worktree add" used to do a "find an available name with stat and then mkdir", which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - Removed upstreamed patch worktree-fix-worktree-add-race.patch * previous item ==== gitg ==== Subpackages: gitg-lang libgitg-1_0-0 libgitg-ext-1_0-0 - Add gitg-repository-being-null.patch: Support repository being null (boo#1137583, gl#GNOME/gitg#213). ==== glib-networking ==== Version update (2.60.2 -> 2.60.3) Subpackages: glib-networking-lang - Update to version 2.60.3: + Fix clobbering of the thread-default main context after certificate verification failure during async handshakes since 2.60.1. + Fix GTlsDatabase initialization failures in OpenSSL backend due to uninitialized memory use. + Fix minor leak of ALPN protocols. ==== glib2 ==== Version update (2.60.3 -> 2.60.4) Subpackages: glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit - Update to version 2.60.4: + Fixes to improved network status detection with NetworkManager. + Leak fixes to some `glib-genmarshal` generated code. + Further fixes to the Happy Eyeballs (RFC 8305) implementation. + File system permissions fix to clamp down permissions in a small time window when copying files (CVE-2019-12450). + Bugs fixed: glgo#GNOME/GLib#1755, glgo#GNOME/GLib#1788, glgo#GNOME/GLib#1792, glgo#GNOME/GLib#1793, glgo#GNOME/GLib#1795, glgo#GNOME/GLib!865, glgo#GNOME/GLib!878. ==== gnome-shell ==== Subpackages: gnome-shell-calendar gnome-shell-lang - Drop gnome-shell-animations-speedup.patch: It causes problems with 3'rd party gnome-shell themes, and was dropped from upstream stable branch due to this. ==== google-noto-fonts ==== Subpackages: google-noto-fonts-doc noto-sans-fonts - Separate Noto Color Emoji and Noto Emoji fonts into a new project due to their different release cycle - Fix the direct changes to spec file at the previous commit ==== gupnp-igd ==== - Add gupnp-igd-port-to-new-gupnp-api.patch: Port to new GUPnP API. - Following the above patch, replace pkgconfig(gssdp-1.0) and pkgconfig(gupnp-1.0) with pkgconfig(gssdp-1.2) and pkgconfig(gupnp-1.2) and add libtool BuildRequires aswell as pass autoreconf, as the patch touches the buildsystem. ==== hwdata ==== Version update (0.323 -> 0.324) - Update to version 0.324: * Updated pci, usb and vendor ids. ==== kernel-firmware ==== Version update (20190514 -> 20190618) Subpackages: ucode-amd - Update to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware * linux-firmware: update licence text for Marvell firmware - Update to version 20190607: * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 ==== kernel-source ==== Version update (5.1.7 -> 5.1.10) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms kernel-vanilla - move patches from .fixes to .suse There is no patches.fixes in stable. - commit ad24342 - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586 CVE-2019-11479). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586 CVE-2019-11479). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586 CVE-2019-11478). - tcp: limit payload size of sacked skbs (bsc#1137586 CVE-2019-11477). - commit a5ec6d9 - Linux 5.1.10 (bnc#1012628). - media: rockchip/vpu: Fix/re-order probe-error/remove path (bnc#1012628). - media: rockchip/vpu: Add missing dont_use_autosuspend() calls (bnc#1012628). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bnc#1012628). - fs/fat/file.c: issue flush after the writeback of FAT (bnc#1012628). - sysctl: return -EINVAL if val violates minmax (bnc#1012628). - ipc: prevent lockup on alloc_msg and free_msg (bnc#1012628). - drm/msm: correct attempted NULL pointer dereference in debugfs (bnc#1012628). - drm/pl111: Initialize clock spinlock early (bnc#1012628). - mm/mprotect.c: fix compilation warning because of unused 'mm' variable (bnc#1012628). - ARM: prevent tracing IPI_CPU_BACKTRACE (bnc#1012628). - mm/hmm: select mmu notifier when selecting HMM (bnc#1012628). - hugetlbfs: on restore reserve error path retain subpool reservation (bnc#1012628). - mm/memory_hotplug: release memory resource after arch_remove_memory() (bnc#1012628). - mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE (bnc#1012628). - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails (bnc#1012628). - initramfs: free initrd memory if opening /initrd.image fails (bnc#1012628). - mm/compaction.c: fix an undefined behaviour (bnc#1012628). - mm/memory_hotplug.c: fix the wrong usage of N_HIGH_MEMORY (bnc#1012628). - mm/cma.c: fix the bitmap status to show failed allocation reason (bnc#1012628). - mm: page_mkclean vs MADV_DONTNEED race (bnc#1012628). - mm/cma_debug.c: fix the break condition in cma_maxchunk_get() (bnc#1012628). - mm/slab.c: fix an infinite loop in leaks_show() (bnc#1012628). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (bnc#1012628). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bnc#1012628). - drivers: thermal: tsens: Don't print error message on - EPROBE_DEFER (bnc#1012628). - mfd: tps65912-spi: Add missing of table registration (bnc#1012628). - mfd: intel-lpss: Set the device in reset state when init (bnc#1012628). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bnc#1012628). - mfd: twl6040: Fix device init errors for ACCCTL register (bnc#1012628). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (bnc#1012628). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bnc#1012628). - drm/nouveau: fix duplication of nv50_head_atom struct (bnc#1012628). - drm/bridge: adv7511: Fix low refresh rate selection (bnc#1012628). - objtool: Don't use ignore flag for fake jumps (bnc#1012628). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bnc#1012628). - bpf: fix undefined behavior in narrow load handling (bnc#1012628). - EDAC/mpc85xx: Prevent building as a module (bnc#1012628). - pwm: meson: Use the spin-lock only to protect register modifications (bnc#1012628). - mailbox: stm32-ipcc: check invalid irq (bnc#1012628). - ntp: Allow TAI-UTC offset to be set to zero (bnc#1012628). - f2fs: fix to avoid panic in do_recover_data() (bnc#1012628). - f2fs: fix to avoid panic in f2fs_inplace_write_data() (bnc#1012628). - f2fs: fix error path of recovery (bnc#1012628). - f2fs: fix to avoid panic in f2fs_remove_inode_page() (bnc#1012628). - f2fs: fix to do sanity check on free nid (bnc#1012628). - f2fs: fix to clear dirty inode in error path of f2fs_iget() (bnc#1012628). - f2fs: fix to avoid panic in dec_valid_block_count() (bnc#1012628). - f2fs: fix to use inline space only if inline_xattr is enable (bnc#1012628). - f2fs: fix to avoid panic in dec_valid_node_count() (bnc#1012628). - f2fs: fix to do sanity check on valid block count of segment (bnc#1012628). - f2fs: fix to avoid deadloop in foreground GC (bnc#1012628). - f2fs: fix to retrieve inline xattr space (bnc#1012628). - f2fs: fix to do checksum even if inode page is uptodate (bnc#1012628). - media: atmel: atmel-isc: fix asd memory allocation (bnc#1012628). - percpu: remove spurious lock dependency between percpu and sched (bnc#1012628). - configfs: fix possible use-after-free in configfs_register_group (bnc#1012628). - uml: fix a boot splat wrt use of cpu_all_mask (bnc#1012628). - PCI: dwc: Free MSI in dw_pcie_host_init() error path (bnc#1012628). - PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() (bnc#1012628). - fbcon: Don't reset logo_shown when logo is currently shown (bnc#1012628). - ovl: do not generate duplicate fsnotify events for "fake" path (bnc#1012628). - mmc: mmci: Prevent polling for busy detection in IRQ context (bnc#1012628). - netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast (bnc#1012628). - netfilter: nf_conntrack_h323: restore boundary check correctness (bnc#1012628). - mips: Make sure dt memory regions are valid (bnc#1012628). - netfilter: nf_tables: fix base chain stat rcu_dereference usage (bnc#1012628). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bnc#1012628). - watchdog: fix compile time error of pretimeout governors (bnc#1012628). - blk-mq: move cancel of requeue_work into blk_mq_release (bnc#1012628). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bnc#1012628). - vfio-pci/nvlink2: Fix potential VMA leak (bnc#1012628). - misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test (bnc#1012628). - PCI: designware-ep: Use aligned ATU window for raising MSI interrupts (bnc#1012628). - nvme-pci: unquiesce admin queue on shutdown (bnc#1012628). - nvme-pci: shutdown on timeout during deletion (bnc#1012628). - netfilter: nf_flow_table: check ttl value in flow offload data path (bnc#1012628). - netfilter: nf_flow_table: fix netdev refcnt leak (bnc#1012628). - ALSA: hda - Register irq handler after the chip initialization (bnc#1012628). - powerpc/pseries: Track LMB nid instead of using device tree (bnc#1012628). - arm64: defconfig: Update UFSHCD for Hi3660 soc (bnc#1012628). - iommu/vt-d: Don't request page request irq under dmar_global_lock (bnc#1012628). - nvmem: core: fix read buffer in place (bnc#1012628). - nvmem: sunxi_sid: Support SID on A83T and H5 (bnc#1012628). - fuse: retrieve: cap requested size to negotiated max_write (bnc#1012628). - nfsd: allow fh_want_write to be called twice (bnc#1012628). - nfsd: avoid uninitialized variable warning (bnc#1012628). - vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" (bnc#1012628). - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel (bnc#1012628). - switchtec: Fix unintended mask of MRPC event (bnc#1012628). - net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending (bnc#1012628). - x86/PCI: Fix PCI IRQ routing table memory leak (bnc#1012628). - soc/tegra: pmc: Remove reset sysfs entries on error (bnc#1012628). - i40e: Queues are reserved despite "Invalid argument" error (bnc#1012628). - power: supply: cpcap-battery: Fix signed counter sample register (bnc#1012628). - platform/chrome: cros_ec_proto: check for NULL transfer function (bnc#1012628). - PCI: keystone: Invoke phy_reset() API before enabling PHY (bnc#1012628). - PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 (bnc#1012628). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bnc#1012628). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bnc#1012628). - usb: ohci-da8xx: disable the regulator if the overcurrent irq fired (bnc#1012628). - iommu/vt-d: Flush IOTLB for untrusted device in time (bnc#1012628). - soc: rockchip: Set the proper PWM for rk3288 (bnc#1012628). - arm64: dts: imx8mq: Mark iomuxc_gpr as i.MX6Q compatible (bnc#1012628). - ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bnc#1012628). - drm/amd/display: disable link before changing link settings (bnc#1012628). - drm/amd/display: Use plane->color_space for dpp if specified (bnc#1012628). - ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it (bnc#1012628). - pinctrl: pinctrl-intel: move gpio suspend/resume to noirq phase (bnc#1012628). - platform/x86: intel_pmc_ipc: adding error handling (bnc#1012628). - power: supply: max14656: fix potential use-before-alloc (bnc#1012628). - f2fs: fix potential recursive call when enabling data_flush (bnc#1012628). - net: hns3: return 0 and print warning when hit duplicate MAC (bnc#1012628). - PCI: dwc: Remove default MSI initialization for platform specific MSI chips (bnc#1012628). - PCI: rcar: Fix a potential NULL pointer dereference (bnc#1012628). - PCI: rcar: Fix 64bit MSI message address handling (bnc#1012628). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bnc#1012628). - Input: goodix - add GT5663 CTP support (bnc#1012628). - video: hgafb: fix potential NULL pointer dereference (bnc#1012628). - video: imsttfb: fix potential NULL pointer dereferences (bnc#1012628). - block, bfq: increase idling for weight-raised queues (bnc#1012628). - PCI: xilinx: Check for __get_free_pages() failure (bnc#1012628). - arm64: dts: qcom: qcs404: Fix regulator supply names (bnc#1012628). - gpio: gpio-omap: add check for off wake capable gpios (bnc#1012628). - gpio: gpio-omap: limit errata 1.101 handling to wkup domain gpios only (bnc#1012628). - ice: Add missing case in print_link_msg for printing flow control (bnc#1012628). - media: v4l2-ctrl: v4l2_ctrl_request_setup returns with error upon failure (bnc#1012628). - batman-adv: Adjust name for batadv_dat_send_data (bnc#1012628). - ice: Enable LAN_EN for the right recipes (bnc#1012628). - ice: Do not set LB_EN for prune switch rules (bnc#1012628). - dmaengine: idma64: Use actual device for DMA transfers (bnc#1012628). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bnc#1012628). - media: v4l2-fwnode: Defaults may not override endpoint configuration in firmware (bnc#1012628). - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa (bnc#1012628). - pwm: Fix deadlock warning when removing PWM device (bnc#1012628). - ARM: exynos: Fix undefined instruction during Exynos5422 resume (bnc#1012628). - usb: typec: fusb302: Check vconn is off when we start toggling (bnc#1012628). - soc: renesas: Identify R-Car M3-W ES1.3 (bnc#1012628). - ARM: shmobile: porter: enable R-Car Gen2 regulator quirk (bnc#1012628). - gpio: vf610: Do not share irq_chip (bnc#1012628). - percpu: do not search past bitmap when allocating an area (bnc#1012628). - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" (bnc#1012628). - Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" (bnc#1012628). - ovl: check the capability before cred overridden (bnc#1012628). - ovl: support stacked SEEK_HOLE/SEEK_DATA (bnc#1012628). - ALSA: seq: Cover unsubscribe_port() in list_mutex (bnc#1012628). - io_uring: fix failure to verify SQ_AFF cpu (bnc#1012628). - Refresh patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch. - commit 0aa1dd8 - Update config files. The previous commit did not play well. 5.1.9 is broken with =n of that option, so leave it as =y as it was before 5.1.9. - commit e68f829 - Update config files. Set CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=n, the same as master. - commit cf58ab1 - Linux 5.1.9 (bnc#1012628). - ethtool: fix potential userspace buffer overflow (bnc#1012628). - Fix memory leak in sctp_process_init (bnc#1012628). - ipv4: not do cache for local delivery if bc_forwarding is enabled (bnc#1012628). - ipv6: fix the check before getting the cookie in rt6_get_cookie (bnc#1012628). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bnc#1012628). - net: mvpp2: Use strscpy to handle stat strings (bnc#1012628). - net: rds: fix memory leak in rds_ib_flush_mr_pool (bnc#1012628). - net: sfp: read eeprom in maximum 16 byte increments (bnc#1012628). - packet: unconditionally free po->rollover (bnc#1012628). - pktgen: do not sleep with the thread lock held (bnc#1012628). - Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" (bnc#1012628). - udp: only choose unbound UDP socket for multicast when not in a VRF (bnc#1012628). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (bnc#1012628). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (bnc#1012628). - net: aquantia: fix wol configuration not applied sometimes (bnc#1012628). - neighbor: Reset gc_entries counter if new entry is released before insert (bnc#1012628). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (bnc#1012628). - cls_matchall: avoid panic when receiving a packet before filter set (bnc#1012628). - ipmr_base: Do not reset index in mr_table_dump (bnc#1012628). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (bnc#1012628). - net/tls: replace the sleeping lock around RX resync with a bit lock (bnc#1012628). - rcu: locking and unlocking need to always be at least barriers (bnc#1012628). - habanalabs: fix debugfs code (bnc#1012628). - ARC: mm: SIGSEGV userspace trying to access kernel virtual memory (bnc#1012628). - parisc: Use implicit space register selection for loading the coherence index of I/O pdirs (bnc#1012628). - parisc: Fix crash due alternative coding for NP iopdir_fdc bit (bnc#1012628). - SUNRPC fix regression in umount of a secure mount (bnc#1012628). - SUNRPC: Fix a use after free when a server rejects the RPCSEC_GSS credential (bnc#1012628). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (bnc#1012628). - NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled (bnc#1012628). - fuse: fallocate: fix return with locked inode (bnc#1012628). - fuse: fix copy_file_range() in the writeback case (bnc#1012628). - pstore: Set tfm to NULL on free_buf_for_compression (bnc#1012628). - pstore/ram: Run without kernel crash dump region (bnc#1012628). - kbuild: use more portable 'command -v' for cc-cross-prefix (bnc#1012628). - memstick: mspro_block: Fix an error code in mspro_block_issue_req() (bnc#1012628). - mmc: tmio: fix SCC error handling to avoid false positive CRC error (bnc#1012628). - mmc: sdhci_am654: Fix SLOTTYPE write (bnc#1012628). - x86/power: Fix 'nosmt' vs hibernation triple fault during resume (bnc#1012628). - x86/insn-eval: Fix use-after-free access to LDT entry (bnc#1012628). - i2c: xiic: Add max_read_len quirk (bnc#1012628). - s390/mm: fix address space detection in exception handling (bnc#1012628). - nvme-rdma: fix queue mapping when queue count is limited (bnc#1012628). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bnc#1012628). - MIPS: Bounds check virt_addr_valid (bnc#1012628). - MIPS: pistachio: Build uImage.gz by default (bnc#1012628). - genwqe: Prevent an integer overflow in the ioctl (bnc#1012628). - test_firmware: Use correct snprintf() limit (bnc#1012628). - drm/rockchip: fix fb references in async update (bnc#1012628). - drm/vc4: fix fb references in async update (bnc#1012628). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bnc#1012628). - drm/msm: fix fb references in async update (bnc#1012628). - drm: add non-desktop quirk for Valve HMDs (bnc#1012628). - drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3) (bnc#1012628). - drm: add non-desktop quirks to Sensics and OSVR headsets (bnc#1012628). - drm: Fix timestamp docs for variable refresh properties (bnc#1012628). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bnc#1012628). - drm/radeon: prefer lower reference dividers (bnc#1012628). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bnc#1012628). - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1012628). - drm/amdgpu/soc15: skip reset on init (bnc#1012628). - drm/amd/display: Add ASICREV_IS_PICASSO (bnc#1012628). - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bnc#1012628). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bnc#1012628). - drm/i915/gvt: emit init breadcrumb for gvt request (bnc#1012628). - drm: don't block fb changes for async plane updates (bnc#1012628). - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bnc#1012628). - drm/amd: fix fb references in async update (bnc#1012628). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (bnc#1012628). - commit 8904439 - Revert "drm: allow render capable master with DRM_AUTH ioctls" (fix radv check). - commit 3ca4077 - drm/i915: Maintain consistent documentation subsection ordering (fix kernel-doc). - Delete patches.rpmify/Revert-doc-Cope-with-the-deprecation-of-AutoReporter.patch. Use usptream fix instead of revert. - commit 4e8aae9 - scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (bsc#1136922 cve-2019-12456). - commit 0c3fc9f - Revert "doc: Cope with the deprecation of AutoReporter" (fix kernel-doc). - commit 1c5c2b4 - Linux 5.1.8 (bnc#1012628). - sparc64: Fix regression in non-hypervisor TLB flush xcall (bnc#1012628). - include/linux/bitops.h: sanitize rotate primitives (bnc#1012628). - xhci: update bounce buffer with correct sg num (bnc#1012628). - xhci: Use %zu for printing size_t type (bnc#1012628). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bnc#1012628). - usb: xhci: avoid null pointer deref when bos field is NULL (bnc#1012628). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bnc#1012628). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bnc#1012628). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bnc#1012628). - USB: sisusbvga: fix oops in error path of sisusb_probe (bnc#1012628). - USB: Add LPM quirk for Surface Dock GigE adapter (bnc#1012628). - USB: rio500: refuse more than one device at a time (bnc#1012628). - USB: rio500: fix memory leak in close after disconnect (bnc#1012628). - media: usb: siano: Fix general protection fault in smsusb (bnc#1012628). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bnc#1012628). - media: smsusb: better handle optional alignment (bnc#1012628). - brcmfmac: fix NULL pointer derefence during USB disconnect (bnc#1012628). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bnc#1012628). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bnc#1012628). - tracing: Avoid memory leak in predicate_parse() (bnc#1012628). - Btrfs: fix wrong ctime and mtime of a directory after log replay (bnc#1012628). - Btrfs: fix race updating log root item during fsync (bnc#1012628). - Btrfs: fix fsync not persisting changed attributes of a directory (bnc#1012628). - btrfs: correct zstd workspace manager lock to use spin_lock_bh() (bnc#1012628). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bnc#1012628). - Btrfs: incremental send, fix file corruption when no-holes feature is enabled (bnc#1012628). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bnc#1012628). - iio: dac: ds4422/ds4424 fix chip verification (bnc#1012628). - iio: adc: ads124: avoid buffer overflow (bnc#1012628). - iio: adc: modify NPCM ADC read reference voltage (bnc#1012628). - iio: adc: ti-ads8688: fix timestamp is not updated in buffer (bnc#1012628). - s390/crypto: fix gcm-aes-s390 selftest failures (bnc#1012628). - s390/crypto: fix possible sleep during spinlock aquired (bnc#1012628). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bnc#1012628). - KVM: PPC: Book3S HV: Fix lockdep warning when entering guest on POWER9 (bnc#1012628). - KVM: PPC: Book3S HV: Restore SPRG3 in kvmhv_p9_guest_entry() (bnc#1012628). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bnc#1012628). - powerpc/kexec: Fix loading of kernel + initramfs with kexec_file_load() (bnc#1012628). - ALSA: line6: Assure canceling delayed work at disconnection (bnc#1012628). - ALSA: hda/realtek - Set default power save node to 0 (bnc#1012628). - ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops (bnc#1012628). - KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID (bnc#1012628). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bnc#1012628). - i2c: mlxcpld: Fix wrong initialization order in probe (bnc#1012628). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bnc#1012628). - tty: serial: msm_serial: Fix XON/XOFF (bnc#1012628). - tty: max310x: Fix external crystal register setup (bnc#1012628). - mm, memcg: consider subtrees in memory.events (bnc#1012628). - kasan: initialize tag to 0xff in __kasan_kmalloc (bnc#1012628). - kernel/signal.c: trace_signal_deliver when signal_group_exit (bnc#1012628). - signal/arm64: Use force_sig not force_sig_fault for SIGKILL (bnc#1012628). - mm, compaction: make sure we isolate a valid PFN (bnc#1012628). - arm64: Fix the arm64_personality() syscall wrapper redirection (bnc#1012628). - docs: Fix conf.py for Sphinx 2.0 (bnc#1012628). - doc: Cope with the deprecation of AutoReporter (bnc#1012628). - doc: Cope with Sphinx logging deprecations (bnc#1012628). - x86/ima: Check EFI_RUNTIME_SERVICES before using (bnc#1012628). - ima: fix wrong signed policy requirement when not appraising (bnc#1012628). - ima: show rules with IMA_INMASK correctly (bnc#1012628). - evm: check hash algorithm passed to init_desc() (bnc#1012628). - clk: imx: imx8mm: fix int pll clk gate (bnc#1012628). - vt/fbcon: deinitialize resources in visual_init() after failed memory allocation (bnc#1012628). - serial: sh-sci: disable DMA for uart_console (bnc#1012628). - staging: vc04_services: prevent integer overflow in create_pagelist() (bnc#1012628). - staging: wlan-ng: fix adapter initialization failure (bnc#1012628). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bnc#1012628). - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM (bnc#1012628). - Revert "lockd: Show pid of lockd for remote locks" (bnc#1012628). - gcc-plugins: Fix build failures under Darwin host (bnc#1012628). - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bnc#1012628). - drm/vmwgfx: Fix user space handle equal to zero (bnc#1012628). - drm/vmwgfx: Fix compat mode shader operation (bnc#1012628). - drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set (bnc#1012628). - drm/sun4i: Fix sun8i HDMI PHY clock initialization (bnc#1012628). - drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz (bnc#1012628). - drm/imx: ipuv3-plane: fix atomic update status query for non-plus i.MX6Q (bnc#1012628). - drm/fb-helper: generic: Call drm_client_add() after setup is done (bnc#1012628). - drm/atomic: Wire file_priv through for property changes (bnc#1012628). - drm: Expose "FB_DAMAGE_CLIPS" property to atomic aware user-space only (bnc#1012628). - drm/rockchip: shutdown drm subsystem on shutdown (bnc#1012628). - drm/lease: Make sure implicit planes are leased (bnc#1012628). - drm/cma-helper: Fix drm_gem_cma_free_object() (bnc#1012628). - Revert "x86/build: Move _etext to actual end of .text" (bnc#1012628). - x86/kprobes: Set instruction page as executable (bnc#1012628). - commit ed4965b - s390: drop meaningless 'targets' from tools Makefile (s390 kmp build fix). - commit c8cc0ca ==== libXi ==== Version update (1.7.9 -> 1.7.10) Subpackages: libXi6 libXi6-32bit - Update to version 1.7.10 * Fix the FIXME in XIValuatorClass case of copy_classes function in XExtInt.c * _XIPassiveGrabDevice needs to set time value * Replace open-coded FP3232_TO_DOUBLE * autogen: add default patch prefix * autogen.sh: use quoted string variables * autogen.sh: use exec instead of waiting for configure to finish * Update configure.ac bug URL for gitlab migration * Update README for gitlab migration * man: add a bunch of missing spaces * Update XIChangeHierarchy.txt ==== libappindicator ==== - Drop libappindicator-activate-support.patch as it's no longer needed and breaks context menu / actions in fall-back mode (boo#1132659) ==== libcontainers-common ==== - Update to libpod v1.4.0 - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately - Update to storage v1.12.10 - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback - Add default SLES mounts for container-suseconnect usage ==== libguestfs ==== Subpackages: guestfs-data libguestfs0 python3-libguestfs - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== librevenge ==== Subpackages: librevenge-0_0-0 librevenge-stream-0_0-0 - Co-own %{_datadir}/gdb: so far we just relied on gcc9 in the build stack to coincidentially own this directory for us, but gcc9 split the gdb pretty printers out in a separate sub-package. ==== libseccomp ==== Version update (2.4.0 -> 2.4.1) - Update to new upstream release 2.4.1 * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. ==== libsolv ==== Version update (0.7.4 -> 0.7.5) Subpackages: libsolv-devel libsolv-tools python3-solv ruby-solv - make cleandeps jobs on patterns work [bnc#1137977] - fix favorq leaking between solver runs if the solver is reused - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - be more correct with multiversion packages that obsolete their own name [bnc#1127155] - allow building with swig-4.0.0 [bnc#1135749] - bump version to 0.7.5 - always prefer to stay with the same package name if there are multiple alternatives [bnc#1131823] ==== libssh2_org ==== Version update (1.8.2 -> 1.9.0) - Version update to 1.9.0: Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Rebased patch libssh2-ocloexec.patch ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - api: disallow virConnect*HypervisorCPU, virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, and virDomainSaveImageGetXMLDesc on read-only connections aed6a032-CVE-2019-10161.patch, db0b7845-CVE-2019-10166.patch, 8afa68ba-CVE-2019-10167.patch, bf6c2830-CVE-2019-10168.patch CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 - Drop systemd BuildRequires: there is already pkgconfig(systemd) present, which is the same package. ==== libzypp ==== Version update (17.11.4 -> 17.12.0) - Drop unused InterProcessMutex class and test - Drop unused WebpinResult class and test - Give posttrans script a parameter of 0 (issue #168) - Use CURL_HTTP_VERSION_2TLS if available (fixes #141) - version 17.12.0 (12) ==== linux-glibc-devel ==== Version update (5.0 -> 5.1) - Update to kernel headers 5.1 ==== man ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== ncurses ==== Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen - Add ncurses patch 20190609 + add mintty, mintty-direct (adapted from patch by Thomas Wolff). Some of the suggested user-defined capabilities are commented-out, to allow builds with ncurses 5.9 and 6.0 + add Smol/Rmol for tmux, vte-2018 (patch by Nicholas Marriott). + add rs1 to konsole, mlterm -TD + modify _nc_merge_entry() to make a copy of the data which it merges, to avoid modifying the source-data when aligning extended names. - Add ncurses patch 20190601 + modify an internal call to vid_puts to pass extended color pairs e.g., from tty_update.c and lib_mvcur.c (report by Niegodziwy Beru). + improve manual page description of init_tabs capability and TABSIZE variable. - Add ncurses patch 20190525 + modify reset_cmd.c to allow for tabstops at intervals other than 8 (report by Vincent Huisman). - Add ncurses patch 20190518 + update xterm-new to xterm patch #345 -TD + add/use xterm+keypad in xterm-new (report by Alain D D Williams) -TD + update terminator entry -TD + remove hard-tabs from ti703 (report by Robert Clausecker) + mention meml/memu/box1 in user_caps manual page. + mention user_caps.5 in tic and infocmp manual pages. - Adopt the patches ncurses-5.9-ibm327x.dif and ncurses-6.1.dif ==== ntp ==== - Drop the omc config fate#301838: * it is obsolete since SLE11 ==== numad ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== obs-service-tar_scm ==== Version update (0.10.9.1557261720.32a1cdb -> 0.10.9.1559745964.22c86cd) Subpackages: obs-service-obs_scm obs-service-obs_scm-common - Update to version 0.10.9.1559745964.22c86cd: * [dist] python3 for SLE12 and openSUSE 42.3 - Update to version 0.10.9.1559647449.d965035: * [dist] enable python3 in SLE >= 12 ==== openexr ==== - security update - added patches CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 [bsc#1040115] + openexr-CVE-2017-9111,9113,9115.patch ==== ovmf ==== Version update (2019+git1552059899.89910a39dcfd -> 201905) Subpackages: qemu-ovmf-x86_64 - Update to edk2-stable201905 + Update OpenSSL version to upcoming 1.1.1 + Delete EdkCompatibilityPkg from edk2/master + Remove .S assembly code for IA32 and X64 arch + Replace BSD 2-Clause License with BSD + Patent Licence + Recovery PEI BlockIO support for ATA device + Add PCD to Enabled/Disabled IPv4/IPv6 PXE Support in NetworkPkg + Remove NetworkPkg/IpSecDxe + Add api to DebubLib to expose a print routine with VaList parameter + Introduce DebugPpi to save the image size with the debug message + ResetSystemLib Adds a new API ResetSystem + ResetUtilityLib Add a new API ResetSystemWithSubtype + Add support for get organization name to x509 in BaseCryptLib + Add support for checking x509 EKUs in BaseCryptLib + Add support for PKCS 1v2 RSAES-OAEP PKI encryption in BaseCryptLib + Remove ShellBinPkg from edk2/master + Enable multiple thread /MP option for MSVC compiler + Upstream the EnrollDefaultKeys application to OvmfPkg + Share code for BaseUefiDecompressLib in MdePkg and MdeModulePkg + Move network related components from MdeModulePkg to NetworkPkg + Move BeagleBoardPkg and Omap35xxPkg from edk2 to edk2-platforms repo + Move MinnowMax and Quark platform to edk2-platforms repo + Move OptionRomPkg into new Drivers directory edk2-platforms repo + Add ACPI6.3 definition + Remove Nt32Pkg from edk2/master + update ArmSoftFloatLib to latest upstream version (= 3e) - Update openssl to 1.1.1b + Add berkeley-softfloat-3-b64af41c3276f.tar.xz since arm7 needs the softfloat implementation for openssl 1.1.1b - Build the varstore templates with EnrollDefaultKeys.efi + Create the iso files for key enrollment - Add gen-key-enrollment-iso.sh to generate the iso file + Drop the non-upstream ovmf-embed-default-keys.patch - Also drop owner-guid-zero.h + Drop the MS keys and dbx since they are already in EnrollDefaultKeys.efi: MicCorKEKCA2011_2011-06-24.crt, MicCorUEFCA2011_2011-06-27.crt, MicWinProPCA2011_2011-10-19.crt, and dbxupdate.zip - Also drop the related script strip_authinfo.pl + Add ovmf-set-fixed-enroll-time.patch to set the fixed enrolling time to make the varstore template reproducible + Require qemu 3.0.0 for fw_cfg - Update the build flags for network functions + For x86_64, only enable TLS for the 4MB image since the code size exceeds the boundary of 2MB image - Refresh patches: + ovmf-add-exclude-shell-flag.patch + ovmf-disable-ia32-firmware-piepic.patch + ovmf-pie.patch - Drop the requirement of xxd - Update README - Update the License tag to BSD-2-Clause-Patent ==== permissions ==== Version update (1550_20190429 -> 1550_20190521) Subpackages: chkstat permissions-config permissions-doc - Update to version 20190521: * singluarity: Add starter-suid for version 3.2.0 * adjust settings for amanda to current binary layout - Move BuildRequires: back to main package - Moved requires to subpackages (bsc#1137257) ==== plasma-browser-integration ==== Version update (5.16.1 -> 5.16.2) Subpackages: plasma-browser-integration-lang - Update to 5.16.2 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.16.2.php - No code changes since 5.16.1 ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils - Rebase qpaeq-shebang.patch to python3 instead of python, as we build pulseaudio with python3 support and not python2. Aka pulseaudio requires /usr/bin/python3 and not /usr/bin/python. - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== python ==== Subpackages: python-curses python-tk - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package. ==== python-base ==== Subpackages: libpython2_7-1_0 python-xml - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package. - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. ==== rp-pppoe ==== Version update (3.12 -> 3.13) - Refresh spec-file via spec-cleaner and manual optimisations. * New URL and Source project. * Add pkgconfig for BuildRequires. - Update rp-pppoe to version 3.13. * Fix potential use-after-free bug. * Properly detecte kernel-mode PPPoE. - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== rubygem-cfa ==== Version update (0.7.0 -> 1.0.0) - Dropped the changes_only argument of BaseModel#save, it does not work in the generic case. - Fixed NameError in AugeasTree#replace_entry (bsc#1137948) - Drop support for Ruby 2.2 and 2.3; add 2.6. - 1.0.0 ==== rubygem-cfa_grub2 ==== Version update (1.0.1 -> 2.0.0) - Dropped the changes_only argument of Default,DeviceMap#save following the same change in BaseModel#save in cfa-1.0.0 because the merging was not working anyway (bsc#1137948) - Drop support for Ruby 2.2 and 2.3; add 2.6. - 2.0.0 ==== rygel ==== Version update (0.36.2 -> 0.38.1) Subpackages: librygel-core-2_6-2 librygel-server-2_6-2 - Drop systemd BuildRequires: there is already pkgconfig(systemd) present, which is sufficient. - Replace systemd_requires macro with systemd_ordering: systemd is not strictly required for rygel to be usable, but if systemd and rygel are installed as part of one transaction, we would like to see systemd installed first. - Update to version 0.38.1: + Several build fixes for recent vala. + Updated translations. - Update to version 0.38.0: + Examples: - Fix crash if logo is missing in full-screen renderer. - Fix missing GResource for full-screen renderer. + Renderer: Fix a critical if mime type is not present. - Add libtool BuildRequires and pass autogen.sh, bootstrap tarball. - Drop api documentation, no longer provided in tarball. - Update to version 0.37.2: + Build: - Bump GLib dependency to 2.44. - Drop Valac requirement to 0.36. + Server: - Fix @ADDRESS@ replacement for proxy or transcoded urls. - Use a proper check for localhost. - Add some hacks for LG devices. + MediaExport: Document blacklisting behaviour. + Updated translations. - Update to version 0.37.1: + Add meson build files. + Port to GSSDP and GUPnP 1.2 API. + Preliminary IPv6 support. - Changes from version 0.37.0: + All: - Update URLs for gitlab - Fix compiler warnings in C code - Documentation updates - Fix several deprecated functions + Renderer: Fix type argument mismatch of return value + GStreamer Media Engine: Implement JPEG transcoding + GStreamer Renderer: - Make sinks configurable - Add support for audio/aac mime type + Server: Move engine intialization into server plugin + MediaExport: Remove dead code + Updated/added dependencies: - Vala version requirement bumped to 0.40 - GTK+ requirement bumped to 3.22 - GStreamer requirement bumped to 1.12 + Bugs fixed: glgo#GNOME/rygel#120, glgo#GNOME/rygel#7. + Updated translations. - Replace libgupnp-devel, libgupnp-av-devel, libsoup-devel and sqlite3-devel with pkgconfig(gupnp-1.2), pkgconfig(gupnp-av-1.0), pkgconfig(libsoup-2.4) and pkgconfig(sqlite3) BuildRequires: Align with what configure checks for. - Add pkgconfig(gio-2.0), pkgconfig(gio-unix-2.0), pkgconfig(gmodule-2.0), pkgconfig(gssdp-1.2) and pkgconfig(gupnp-dlna-2.0): Align with what configure checks for. ==== salt ==== Subpackages: python3-salt salt-master salt-minion - Provide the missing features required for Yomi (Yet one more installer) - Added: * provide-the-missing-features-required-for-yomi-yet-o.patch ==== schily ==== Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind3_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star - Update to new upstream release 2019.06.13 * cdrecord: The manpage now lists all supported media types and which media types are preferred over others. * star 1.6.1: fixed a bug in the FIFO code where star reported "star: Implementation botch: with FIFO_MEOF" as the tar side of the FIFO did sometimes not wait for the FIFO_IWAIT state when called as "star -multivolume -tv f=... f=... ..." * bsh: When expanding file names, the directory entries "." and ".." are now skipped and not part of the results. This is to make bsh to behave similar to the Bourne Shell with respect to globbing. ==== sessreg ==== Version update (1.1.1 -> 1.1.2) - Update to version 1.1.2 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Add comment about why safe_strncpy isn't replaced with strlcpy * Fix missing defines _PATH_WTMPX/_PATH_UTMPX in musl * Replace strncpy calls with a sane version that always terminates ==== spamassassin ==== Subpackages: perl-Mail-SpamAssassin - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-applet system-config-printer-common system-config-printer-common-lang system-config-printer-dbus-service udev-configure-printer - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== systemd-presets-branding-openSUSE ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== systemd-presets-common-SUSE ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== sysvinit ==== Version update (2.90 -> 2.95) - Remove logsave as well as the manual page as those as part of package e2fsprogs already - Update to sysvinit 2.95 * new logsave helper - Update to startpar-0.63 * move startpar from /sbin to /bin - Port our patches * startpar-0.58.dif * sysvinit-2.88dsf-suse.patch * sysvinit-2.90-no-kill.patch * sysvinit-2.90.dif ==== vala ==== Version update (0.44.4 -> 0.44.5) Subpackages: libvala-0_44-0 - Update to version 0.44.5: + Various improvements and bug fixes: - Only warn about imcompatible type of external construct property. - codegen: Use array_length of collection variable instead of expression. - girparser: Skip 'attribute' elements. - girwriter: Report error on secondary top-level namespace. + Bindings: - gtk+-3.0: Update to 3.24.9~18177388. - gtk4: Update to 3.96.0+8cfdd6c5. ==== vsftpd ==== - Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation fault that occurred while trying to write to an invalid TLS context. [bsc#1125951] - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-bug196440-build-fix.patch and webkit2gtk3-bug198080-build-fix.patch: fix build failures on SLE/Leap 15 and SLE 12. ==== xdg-desktop-portal-kde ==== Version update (5.16.1 -> 5.16.2) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.16.2 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.16.2.php - No code changes since 5.16.1 ==== xfce4-panel-plugin-cpugraph ==== Version update (1.0.90 -> 1.0.91) Subpackages: xfce4-panel-plugin-cpugraph-lang - update to version 1.0.91 * Add option to disable the graph (bxo#15163) * Use css to change bar colors (bxo#15186) * Fix bars in horizontal mode * Updated translations ==== zlib ==== Subpackages: libminizip1 libz1 libz1-32bit zlib-devel - Do not enable the previous patchset on s390 but just s390x bsc#1137624 - Add patchset for s390 improvements jsc#SLE-5807 bsc#1136717: * 410.patch ==== zypper ==== Version update (1.14.27 -> 1.14.28) Subpackages: zypper-aptitude zypper-log zypper-needs-restarting - man: split '--with[out]' like options to ease searching. - Unhide 'ps' command in help - Add option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fix repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fix unknown package handling in zypper install (fixes bsc#1127608) - Fix the package build failure with CMake 3.14. - Re-show progress bar after pressing retry upon install error (bsc#1131113) - version 1.14.28 - Fix build with CMake >= 3.14 Starting with CMake 3.14, EXCLUDE_FROM_ALL now spreads from directories to targets. 'make -C someSubdir' when 'someSubdir' uses the 'EXCLUDE_FROM_ALL' keyword does nothing. - Remove unneeded CMake commands. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org