Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&am…
Please do not reply to this email to report issues, rather file a bug
on
bugzilla.opensuse.org. For more information on filing bugs please
see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (20.2.4 -> 20.3.2)
Mesa-drivers (20.2.4 -> 20.3.2)
NetworkManager
busybox (1.32.0 -> 1.32.1)
libebml (1.4.0 -> 1.4.1)
libstorage-ng (4.3.76 -> 4.3.78)
nodejs14 (14.15.3 -> 14.15.4)
openssh
tlp
virt-manager
xen (4.14.1_02 -> 4.14.1_05)
yast2-pkg-bindings (4.3.4 -> 4.3.5)
=== Details ===
==== Mesa ====
Version update (20.2.4 -> 20.3.2)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- update to 20.3.2
* third bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
remove them from egl_platforms
==== Mesa-drivers ====
Version update (20.2.4 -> 20.3.2)
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau
libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon
libxatracker2
- update to 20.3.2
* third bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
remove them from egl_platforms
==== NetworkManager ====
Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0
- Second attempt to exclude systemd.automount from nfs processing:
fix boo#1116625
==== busybox ====
Version update (1.32.0 -> 1.32.1)
Subpackages: busybox-static
- Update to version 1.32.1
- fixes a case where in ash, "wait" never finishes.
- sendmail-ignore-F-option.patch: ignore -F option as used by
cron (workaround for [bbn#13426])
==== libebml ====
Version update (1.4.0 -> 1.4.1)
- Update to version 1.4.1
* Fixed a case EbmlMaster::Read where the element returned via
UpperEltFound and FountElt points to a just-deleted element,
causing callers to think the memory returned is valid,
potentially leading to use-after-free/double-free errors.
This can happen if the specific element's Read function
throws an exception when encountering certain invalid data
constellations.
==== libstorage-ng ====
Version update (4.3.76 -> 4.3.78)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Finnish) (bsc#1149754)
- 4.3.78
- Translated using Weblate (Russian) (bsc#1149754)
- 4.3.77
==== nodejs14 ====
Version update (14.15.3 -> 14.15.4)
Subpackages: npm14
- New upstream LTS version 14.15.4:
* CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS
implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with
a freshly allocated WriteWrap object as first argument.
If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure.
This may be exploited to corrupt memory leading to a
Denial of Service or potentially other exploits (bsc#1180553)
* CVE-2020-8287: HTTP Request Smuggling allow two copies of a
header field in a http request. For example, two Transfer-Encoding
header fields. In this case Node.js identifies the first header
field and ignores the second. This can lead to HTTP Request
Smuggling (
https://cwe.mitre.org/data/definitions/444.html).
(bsc#1180554)
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Support /usr/etc/pam.d
==== tlp ====
Subpackages: tlp-rdw
- Use the same value for TLP_ULIB in the %build phase and the
%install phase (boo#1180495):
+ BuildRequire pkgconfig(udev)
+ Use pkg-config --variable udev_dir udev for the value of
TLP_ULIB.
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1180062 - virt-install uses isoinfo. Include mkisofs in the
spec file.
virt-manager.spec
==== xen ====
Version update (4.14.1_02 -> 4.14.1_05)
Subpackages: xen-libs xen-tools xen-tools-domU
- Update libxl.set-migration-constraints-from-cmdline.patch
Remove code which handled --max_factor. The total amount of
transferred data is no indicator to trigger the final stop+copy.
This should have been removed during upgrade to Xen 4.7.
Fix off-by-one in --max_iters, it caused one additional copy cycle.
Reduce default value of --max_iters from 5 to 2.
The workload within domU will continue to produce dirty pages.
It is unreasonable to expect any slowdown during migration.
Now there is one initial copy of all memory, one instead of four
iteration for dirty memory, and a final copy iteration prior move.
==== yast2-pkg-bindings ====
Version update (4.3.4 -> 4.3.5)
- Set the previous "distro_target" option when restarting the
package manager (bsc#1176275), fixes upgrade from SLE12 via SMT
- 4.3.5