Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&build=501.1&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.2 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: Mesa Mesa-drivers SDL2 binutils (2.31 -> 2.32) chromium (77.0.3865.75 -> 77.0.3865.90) djvulibre ghostscript (9.26a -> 9.27) grub2 ipmitool kernel-source (5.3.0 -> 5.3.1) kvm_stat (4.12.14 -> 5.3.1) libcdio libnetfilter_conntrack (1.0.6 -> 1.0.7) libopenmpt (0.3.9 -> 0.3.17) libosinfo (1.2.0 -> 1.6.0) nghttp2 (1.31.1 -> 1.39.2) open-vm-tools (10.3.10 -> 11.0.0) osinfo-db (20190504 -> 20190905) patterns-base permissions (20181116 -> 20190830) polkit-default-privs (13.2 -> 13.2+20190905.0016c47) python-numpy (1.14.0 -> 1.16.1) qpdf (9.0.0 -> 9.0.1) remmina (1.3.4 -> 1.3.6) strace (5.2 -> 5.3) ucode-intel (20190618 -> 20190918) virt-manager (2.1.0 -> 2.2.1) virt-viewer (7.0 -> 8.0) webkit2gtk3 (2.24.2 -> 2.24.4) yast2 (4.2.21 -> 4.2.23) yast2-country (4.2.4 -> 4.2.5) yast2-installation (4.2.13 -> 4.2.14) yast2-packager (4.2.25 -> 4.2.27) yast2-storage-ng (4.2.38 -> 4.2.41) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Mesa-libEGL-devel needs Mesa-KHR-devel (bsc#1117365) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - Mesa-libEGL-devel needs Mesa-KHR-devel (bsc#1117365) ==== SDL2 ==== - Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). - Add CVE-2019-13626.patch: add safeguards to the wav parser to prevent crashes (boo#1142031 CVE-2019-13626). - Drop CVE-2019-7572.patch, CVE-2019-7574.patch, CVE-2019-7575.patch, CVE-2019-7577.patch, and CVE-2019-7578.patch: these are handled by the new code added in CVE-2019-13626.patch. ==== binutils ==== Version update (2.31 -> 2.32) - Update to current 2.32 branch @7b468db3 adding binutils-2.32-branch.diff.gz [jsc#ECO-368]. - Includes fixes for these CVEs: bsc#1109412 aka CVE-2018-17358 aka PR23686 bsc#1109413 aka CVE-2018-17359 aka PR23686 bsc#1109414 aka CVE-2018-17360 aka PR23685 bsc#1111996 aka CVE-2018-18309 aka PR23770 bsc#1112534 aka CVE-2018-18484 aka GCC PR87636 bsc#1112535 aka CVE-2018-18483 aka PR23767 bsc#1113247 aka CVE-2018-18607 aka PR23805 bsc#1113252 aka CVE-2018-18606 aka PR23806 bsc#1113255 aka CVE-2018-18605 aka PR23804 bsc#1116827 aka CVE-2018-17985 aka GCC PR87335 bsc#1118830 aka CVE-2018-19932 aka PR23932 bsc#1118831 aka CVE-2018-19931 aka PR23942 bsc#1120640 aka CVE-2018-1000876 aka PR23994 bsc#1121034 aka CVE-2018-20651 aka PR24041 bsc#1121035 aka CVE-2018-20623 aka PR24049 bsc#1121056 aka CVE-2018-20671 aka PR24005 bsc#1142772 aka CVE-2019-1010180 aka PR23657 - Refresh s390-biarch.diff and binutils-revert-plt32-in-branches.diff . - For the SLE12 package this also removes patches binutils-z13-1.diff, binutils-z13-2.diff, binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff . - enable xtensa architecture (Tensilica lc6 and related) - Fix SUSE typo in README package name - Use -ffat-lto-objects in order to provide assembly for static libs (boo#1141913). Fake entry for SLE12 package variant only: - Add support for new z13 instructions. [fate#327074, jsc#SLE-6206, bsc#1137271] Adds patches binutils-z13-1.diff, binutils-z13-2.diff, binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff . - Add binutils-pr24486.patch: fix for PR24486 (boo#1133131 boo#1133232). - Add rx-gas-padding-pr24464.patch: fix for PR24464. - riscv-abi-check.patch: Don't check ABI flags if no code section - Add binutils.keyring and verify signature. - Add disk and RAM (for ppc, ppc64 and ppc64le) constraint with _constraints. - Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Remove binutils-2.31-branch.diff.gz, fix-pr23919-1.diff, fix-pr23919-2.diff, fix-pr23919-3.diff, gold-depend-on-opcodes.diff and s390-relro.diff. - Refresh binutils-skip-rpaths.patch, s390-biarch.diff, cross-avr-size.patch and binutils-revert-plt32-in-branches.diff. ==== chromium ==== Version update (77.0.3865.75 -> 77.0.3865.90) - update to chromium 77.0.3865.90 boo#1151229: * CVE-2019-13685: Use-after-free in UI * CVE-2019-13688: Use-after-free in media * CVE-2019-13687: Use-after-free in media * CVE-2019-13686: Use-after-free in offline pages ==== djvulibre ==== - security update - added patches CVE-2019-15142 [bsc#1146702] + djvulibre-CVE-2019-15142.patch CVE-2019-15143 [bsc#1146569] + djvulibre-CVE-2019-15143.patch CVE-2019-15144 [bsc#1146571] + djvulibre-CVE-2019-15144.patch CVE-2019-15145 [bsc#1146572] + djvulibre-CVE-2019-15145.patch do not segfault when libtiff encounters corrupted TIFF (upstream issue #295) + djvulibre-invalid-tiff.patch ==== ghostscript ==== Version update (9.26a -> 9.27) Subpackages: ghostscript-x11 - Port latest ghostscript 9.27 from factory including latest security patches to SLES15/SLES12 * Port patch CVE-2019-10216.patch to 9.27 which is the orignal upstream commit now * Drop patch CVE-2019-3838.patch as now part of 9.27 - Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 - Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 for CVE-2019-14817 - Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 for CVE-2019-12973 ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix fallback embed doesn't work when no post mbr gap at all (boo#1142229) * Refresh grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch ==== ipmitool ==== - Enable USB interface by explicit passing --enable-intf-usb (jira#SLE-7780) - Enable free interface by adding freeipmi-devel package to build requires ==== kernel-source ==== Version update (5.3.0 -> 5.3.1) - Delete patches.suse/squashfs-3.4.patch. Deprecate squashfs-3.4 legacy fs format support (jsc#SLE-9416) - commit e1d0aab - config: Enable dual-role modes for DWC on arm64 as well - CONFIG_USB_DWC2_DUAL_ROLE=y and CONFIG_USB_DWC3_DUAL_ROLE=y - Previously that was only enabled on armv6/armv7 - commit a9c5486 - supported.conf: cleanup - drop obsolete mask sound/oss/* - drop removed module nf_conntrack_slp - commit 30def80 - config.conf: disable vanilla flavour As was discussed on the labs conf 2019, vanilla flavour is barely used. Given we are not going to use stable patches when building kernel-vanilla, it becomes a yet bit more useless. So disable it for now only. If nobody cares, we can drop also the configs later. - commit 4223115 - Linux 5.3.1 (bnc#1151927 5.3.1). - ovl: fix regression caused by overlapping layers detection (bnc#1151927 5.3.1). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bnc#1151927 5.3.1). - net: stmmac: Hold rtnl lock in suspend/resume callbacks (bnc#1151927 5.3.1). - ip6_gre: fix a dst leak in ip6erspan_tunnel_xmit (bnc#1151927 5.3.1). - udp: correct reuseport selection with connected sockets (bnc#1151927 5.3.1). - net_sched: let qdisc_put() accept NULL pointer (bnc#1151927 5.3.1). - net: dsa: Fix load order between DSA drivers and taggers (bnc#1151927 5.3.1). - net/sched: fix race between deactivation and dequeue for NOLOCK qdisc (bnc#1151927 5.3.1). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bnc#1151927 5.3.1). - firmware: google: check if size is valid when decoding VPD data (bnc#1151927 5.3.1). - phy: qcom-qmp: Correct ready status, again (bnc#1151927 5.3.1). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bnc#1151927 5.3.1). - serial: sprd: correct the wrong sequence of arguments (bnc#1151927 5.3.1). - tty/serial: atmel: reschedule TX after RX was started (bnc#1151927 5.3.1). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bnc#1151927 5.3.1). - KVM: coalesced_mmio: add bounds checking (bnc#1151927 5.3.1). - media: tm6000: double free if usb disconnect while streaming (bnc#1151927 5.3.1). - media: technisat-usb2: break out of loop at end of buffer (bnc#1151927 5.3.1). - floppy: fix usercopy direction (bnc#1151927 5.3.1). - Documentation: sphinx: Add missing comma to list of strings (bnc#1151927 5.3.1). - Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" (bnc#1151927 5.3.1). - commit af71771 - enable VFIO-CCW and CCW IOMMU (bsc#1151192 jsc#SLE-6138) - config changes (s390x only) - VFIO_CCW=m - S390_CCW_IOMMU=y - supported.conf: add vfio_ccw as externally supported (by IBM) supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - commit bbfc15f - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - commit 431bc28 - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - commit e574522 - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - commit a9647b9 - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - commit d3b1602 - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Don't push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - commit 3411cdc - iommu/dma: Fix for dereferencing before null checking (bsc#1151674). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151675). - iommu/vt-d: Fix wrong analysis whether devices share the same bus (bsc#1151679). - iommu/ipmmu-vmsa: Move IMTTBCR_SL0_TWOBIT_* to restore sort order (bsc#1151676). - iommu/mediatek: Fix VLD_PA_RNG register backup when suspend (bsc#1151678). - iommu/mediatek: Fix iova_to_phys PA start for 4GB mode (bsc#1151677). - commit 6809156 - powerpc/64s/exception: reduce page fault unnecessary loads (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Remove pointless KVM handler name bifurcation (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: program check handler do not branch into a macro (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: move interrupt entry code above the common handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: INT_COMMON add DAR, DSISR, reconcile options (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Expand EXCEPTION_PROLOG_COMMON_1 and 2 into caller (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Expand EXCEPTION_COMMON macro into caller (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Add INT_COMMON gas macro to generate common exception code (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Merge EXCEPTION_PROLOG_COMMON_2/3 (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: KVM_HANDLER reorder arguments to match other macros (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Add INT_KVM_HANDLER gas macro (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: INT_HANDLER support HDAR/HDSISR and use it in HDSI (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Add the virt variant of the denorm interrupt handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: remove EXCEPTION_PROLOG_0/1, rename _2 (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exceptions: Use keyword params to shorten arg lists (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Replace PROLOG macros and EXC helpers with a gas macro (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: remove 0xb00 handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Fix performance monitor virt handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Add EXC_HV_OR_STD, which selects HSRR if HVMODE (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: move head-64.h exception code to exception-64s.S (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: Fix DAR load for handle_page_fault error case (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check improve labels and comments (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: untangle early machine check handler branch (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check move unrecoverable handling out of line (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: simplify machine check early path (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check move tramp code (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check restructure to reuse common macros (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check pseries should skip the late handler for kernel MCEs (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/pseries: machine check convert to use common event code (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/powernv: machine check dump SLB contents (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check use correct cfar for late handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check remove machine_check_pSeries_0 branch (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check pseries should always run the early handler (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check adjust RFI target (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check fix KVM guest test (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check remove bitrotted comment (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - powerpc/64s/exception: machine check fwnmi remove HV case (jsc#PM-1334 jsc#SLE-9246 jsc#SLE-9251). - commit 0e08ffb - kexec_elf: support 32 bit ELF files (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec_elf: remove unused variable in kexec_elf_load() (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec_elf: remove Elf_Rel macro (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec_elf: remove PURGATORY_STACK_SIZE (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec_elf: remove parsing of section headers (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec_elf: change order of elf_*_to_cpu() functions (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - kexec: add KEXEC_ELF (jsc#PM-1333 jsc#SLE-9255 jsc#SLE-9527). - new config options: - KEXEC_ELF=y (ppc64le only, autoselected) - commit 2985288 - powerpc/fadump: support holes in kernel boot memory area (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: remove RMA_START and RMA_END macros (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: update documentation about option to release opalcore (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: consider f/w load area (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/opalcore: provide an option to invalidate /sys/firmware/opal/core file (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/opalcore: export /sys/firmware/opal/core for analysing opal crashes (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - new config options: - OPAL_CORE=n (ppc64le only) - powerpc/fadump: update documentation about CONFIG_PRESERVE_FA_DUMP (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: improve how crashed kernel's memory is reserved (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: consider reserved ranges while releasing memory (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: make crash memory ranges array allocation generic (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: process architected register state data provided by firmware (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: make use of memblock's bottom up allocation mode (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: Update documentation about OPAL platform support (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: handle invalidation of crashdump and re-registraion (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: Warn before processing partial crashdump (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: process the crashdump by exporting it as /proc/vmcore (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: support copying multiple kernel boot memory regions (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: define OPAL register/un-register callback functions (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: reset metadata address during clean up (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: register kernel metadata address with opal (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: improve fadump_reserve_mem() (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: add fadump support on powernv (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/opal: add MPIPL interface definitions (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: use FADump instead of fadump for how it is pronounced (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - pseries/fadump: move out platform specific support from generic code (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - Refresh patches.suse/powerpc-fadump-when-fadump-is-supported-register-the.patch. - powerpc/fadump: release all the memory above boot memory size (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: add source info while displaying region contents (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - pseries/fadump: define RTAS register/un-register callback functions (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - Refresh patches.suse/powerpc-fadump-when-fadump-is-supported-register-the.patch. - powerpc/fadump: introduce callbacks for platform specific operations (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: move rtas specific definitions to platform code (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: use helper functions to reserve/release cpu notes buffer (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: Improve fadump documentation (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: declare helper functions in internal header file (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: add helper functions (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - powerpc/fadump: move internal macros/definitions to a new header (jsc#PM-1318 jsc#SLE-9099 jsc#SLE-9176). - commit deefc64 - Refresh sorted section. - Refresh patches.suse/powerpc-dump-kernel-log-before-carrying-out-fadump-o.patch with upstream status. - commit 9991920 ==== kvm_stat ==== Version update (4.12.14 -> 5.3.1) - Fix our patching for Leap 15.1 (boo#1140899) - Detect SLE15-SP2 / Leap 15.2 and patch accordingly - Adjust a patch that no longer applies due to upstream (non-code) changes - Add python3 tweak to be compatible with v5.0 kernel source (bsc#1116822) + 0050-tools-kvm_stat-switch-python-reference-again.patch ==== libcdio ==== - Add libcdio-LE-BE-sizemismatch.patch: Fix warning when BigEndian and LittleEndian sizes do not match. Use LE as authorative information (workaround for boo#1094761). - Add libcdio-more-relaxed-from_733.patch: Switch to using the more relaxed from_733 in _iso9660_dir_to_statbuf: Done so that libcdio doesn't bail out when processing non-compliant ISOs such as openSUSE ISO files. ==== libnetfilter_conntrack ==== Version update (1.0.6 -> 1.0.7) - Update to new upstream release 1.0.7 * new synproxy support * don't crash on NULL labelmap * expose a copy of nf_conntrack_common.h ==== libopenmpt ==== Version update (0.3.9 -> 0.3.17) Subpackages: libmodplug1 libopenmpt0 - Update to 0.3.17: * Update to latest release to get all the security fixes: + bsc#1143581 CVE-2018-20860 + bsc#1143578 CVE-2018-20861 + bsc#1143582 CVE-2019-14382 + bsc#1143584 CVE-2019-14383 ==== libosinfo ==== Version update (1.2.0 -> 1.6.0) Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 - Update to version 1.6.0 Changes in this release include: * Add API to get the kernel URL argument for an OsinfoOs * Improve detection of PPC ISOs * Add API to create an OsinfoMedia from location using OsinfoMediaDetectFlags * Add API to get whether a media is bootable or not * Add OsinfoTree treeinfo properties * Add API to identify an OsinfoTree * Deprecate API to guess an OsinfoOs from OsinfoTree * Add --config-file to osinfo-install-script tool * Deprecate --config usage for user & admin passwords on osinfo-install-script tool * Add API to generate an install-script and its command-line for OsinfoTree * Use libsoup for "http://" & "https://" requests for creating both OsinfoMedia & OsinfoTree * Drop GVFS dependency * Add OsinfoOs property to OsinfoTree - Drop CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch CVE-2019-13313-pass-username-password-via-config-file.patch - bsc#1140749 - VUL-1: CVE-2019-13313: libosinfo: osinfo-install- script option leaks password via command line argument CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch CVE-2019-13313-pass-username-password-via-config-file.patch - Update to version 1.5.0 Changes in this release include: * Add API to get an OS from OsinfoTrees & OsinfoImages * Add API to set an OS to OsinfoTrees & OsinfoImages * Add API to get the OS variants from OsinfoTrees & OsinfoImages * Add API to set the installation URL to a OsinfoInstallConfig * Add API to get all short-ids from an OsinfoProduct * Improve OsinfoLoader in order to fully support multiple short-ids values on an OsinfoProduct * Improve osinfo-detect tool's help wording * Improve osinfo-detect tool, making it aware of OsinfoTree's OS variants * Fix the loading of the architecture value of OsinfoImages * Fix usage of application id on media detection * Accept "all" as a valid fallback architecture for OsinfoTrees & OsinfoMedias * Improve treeinfo check by checking for both ".treeinfo" and "treeinfo" files * Explicitly set GVFS as a requirement in the project spec file * Move osinfo-db related tests to osinfo-db project - Drop 0001-media-Fix-usage-of-application-id.patch 0002-loader-Properly-load-the-arch-value-for-images.patch - Upstream bug fixes from Fabiano Fidêncio <fabiano@fidencio.org> 0001-media-Fix-usage-of-application-id.patch 0002-loader-Properly-load-the-arch-value-for-images.patch - Update to version 1.4.0 Changes in this release include: * Add isodata test files for more distros * Refreshed translations from Zanata * Drop deprecated gnome-common and intltool * Fix test cases checking for medias, trees and images URIs due to libcurl issues when reusing the curl handler * Fix media identification when its identifiers have the maximum allowed size * Fix filling up the media properties when identifying it * Improvements in the tests in order to reduce code duplication * Add one test case per OS for medias, trees and images URIs tests * Add OSINFO_RELEASE_STATUS_ROLLING release status * Add API to add an installer script to a media * Add API to get all the installer scripts from a media - Use noun phrase in summaries. - Update to version 1.3.0 Changes in this release include: * Add isodata test files for many more distros * Refreshed translations from Zanata * Refuse to load data files which do not follow the documented directory layout and file naming conventions introduced in version 0.3.0 * Avoid warnings when setting GError objects with new glib * Remove outdated FSF address from source file headers * Make several test suites collect & report all errors before exiting with failure for easy diagnosis * Avoid misc memory leaks * Add support for reporting maximum resource settings * Add support for reporting network installer resource settings * Fix data returned for osinfo_devicelinklist_get_devices * Support removal of devices during inheritance processing * Support inheritance of resources settings * Add OsinfoImage class & related APIs for reporting pre-installed disk images * Add API to determine if treeinfo metadata is provided * Add API to determine if media supports installer scripts * Add API to determine preferred install script injection methods * Add support for detecting if PPC ISO images are bootable ==== nghttp2 ==== Version update (1.31.1 -> 1.39.2) Subpackages: libnghttp2-14 libnghttp2-14-32bit - Require correct library from devel package - boo#1125689 - Update to version 1.39.2 (bsc#1146184, bsc#1146182): * This release fixes CVE-2019-9511 ?Data Dribble? and CVE-2019-9513 ?Resource Loop? vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-p... for details. For nghttpx, additionally limiting inbound traffic by - -read-rate and --read-burst options is quite effective against this kind of attack. * Add nghttp2_option_set_max_outbound_ack API function * nghttpx: Fix request stall - Update to version 1.39.1: * This release fixes the bug that log-level is not set with cmd-line or configuration file. It also fixes FPE with default backend. - Changes for version 1.39.0: * libnghttp2 now ignores content-length in 200 response to CONNECT request as per RFC 7230. * mruby has been upgraded to 2.0.1. * libnghttp2-asio now supports boost-1.70. * http-parser has been replaced with llhttp. * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT. - Drop no longer needed boost170.patch - Update to 1.38.0: * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry. * It also fixes the bug that HTTP/1.1 chunked request stalls. * Now nghttpx does not log authorization request header field value with -LINFO. * This release fixes possible backend stall when header and request body are sent in their own packets. * The backend option gets weight parameter to influence backend selection. * This release fixes compile error with BoringSSL. - Add patch from upstream to build with new boost bsc#1134616: * boost170.patch - Update to 1.36.0 * build: disable shared library if ENABLE_SHARED_LIB is off * third-party: use http-parser to v2.9.0 (GH-1294) * third-party: Update mruby to 2.0.0 * nghttpx: Pool h1 backend connection per address (GH-1292) * nghttpx: Randomize backend address round robin order per thread (GH-1291) * nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287) * h2load: add an option to write per-request logs (GH-1256) * asio: added access to # of the current server port (GH-1257) - Use multibuild to not pull in python3 in first build, nghttp2 is low in the system - Update to version 1.35.1: * nghttpx: Fix broken trailing slash handling (GH-1276) - Changes for version 1.35: * build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238) * lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222) * src: Require C++14 language feature * nghttpx: Write mruby send_info early * nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend * h2load: Handle HTTP/1 non-final response (GH-1259) * h2load: Clarify that time for connect includes TLS handshake - Update to version 1.34.0: (bsc#1112438, FATE#326776) * lib: Implement RFC 8441 :protocol support * nghttpx: Add read/write-timeout parameters to backend option * nghttpx: Fix mruby parameter validation in backend option * nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 * nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues * nghttpx: Update mruby 1.4.1 * nghttpx: Add mruby env.tls_handshake_finished * nghttpx: Add --tls13-ciphers and --tls-client-ciphers options * nghttpx: Add RFC 8470 Early-Data header field support * nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support - Update to version 1.33.0: * lib: Tweak nghttp2_session_set_stream_user_data * lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS. * lib: Implement ORIGIN frame * asio: support definition of local endpoint for cleartext client session * integration: Remove remaining SPDY code from the integration tests * nghttpx: Fix worker process crash with neverbleed write error * nghttpx: Support per-backend mruby script * nghttpx: Fix stream reset if data from client is arrived before dconn is attached - Update to version 1.32.0: * lib: Ignore all input after calling session_terminate_session * lib: Fix treatment of padding * lib: Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade * build: add ENABLE_STATIC_LIB option to build static lib * third-party: Upgrade neverbleed to the latest master * asio: Support client side SNI * src: Compile with libressl 2.7.2 * src: Allow building without NPN * h2load: -r and --duration are mutually exclusive ==== open-vm-tools ==== Version update (10.3.10 -> 11.0.0) Subpackages: libvmtools0 open-vm-tools-desktop - Update to 11.0.0 (build 14549424) (boo#1151523) + Added appInfo to publish information about running applications inside the guest. + Provided sample tool.conf for ease of administration. - Updated spec file to build 11.0.0 - Removed libgrabbitmqProxy.so, vmware-guestproxycerttool, and guestproxy-ssl.conf - Added %config(noreplace) %{_sysconfdir}/vmware-tools/tools.conf.example - Drop unnecessary patch: - gcc9-warnings.patch ==== osinfo-db ==== Version update (20190504 -> 20190905) - Update database to version 20190905 osinfo-db-20190905.tar.xz - Update database to version 20190805 osinfo-db-20190805.tar.xz - Add support for SLE15-SP2 add-sle15sp2-support.patch - Update database to version 20190726 osinfo-db-20190726.tar.xz - Drop add-sle15sp1-support.patch - Update database to version 20190611 osinfo-db-20190611.tar.xz - Drop add-sle12sp4-support.patch ==== patterns-base ==== Subpackages: patterns-base-32bit patterns-base-apparmor patterns-base-apparmor-32bit patterns-base-apparmor_opt patterns-base-base patterns-base-base-32bit patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base-32bit patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base-32bit patterns-base-sw_management patterns-base-sw_management-32bit patterns-base-transactional_base patterns-base-update_test patterns-base-x11 patterns-base-x11-32bit patterns-base-x11_enhanced patterns-base-x11_enhanced-32bit patterns-base-x11_opt - Need to explicitly have glibc-locale-base in patterns to make 32bit pattern have it too (boo#1142156). ==== permissions ==== Version update (20181116 -> 20190830) - Update to version 20190830: * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687) - Update to version 20190829: * add one more missing slash for icinga2 * fix more missing slashes for directories - Update to version 20190820: * cron directory permissions: add slashes - Update to version 20190711: * iputils: Add capability permissions for clockdiff (bsc#1140994) - Update to version 20190710: * iputils/ping: Drop effective capability * iputils/ping6: Remove definitions ==== polkit-default-privs ==== Version update (13.2 -> 13.2+20190905.0016c47) - Update to version 13.2+20190905.0016c47: * whitelist new systemd-resolved actions (bnc#1149216) - Update to version 13.2+20190827.0cc2a82: * make new systemd rules more restrictive (boo#1146300, boo#1145639) - Update to version 13.2+20190823.a5f89c3: * systemd-networkd (boo#1146300) * systemd-portabled (boo#1145639) - Update to version 13.2+20190806.841a06b: * libvirt polkit actions: Additional no:no:no action (bsc#1144077) - Update to version 13.2+20190801.f0c6234: * calamares: whitelist pkexec run as root in X11 action * mousepad: whitelisting of pkexec action (bsc#1143216) ==== python-numpy ==== Version update (1.14.0 -> 1.16.1) - (jsc#SLE-8532, bsc#1149203) Update to 1.16.1: - The NumPy 1.16.1 release fixes bugs reported against the 1.16.0 release, and also backports several enhancements from master that seem appropriate for a release series that is the last to support Python 2.7. The wheels on PyPI are linked with OpenBLAS v0.3.4+, which should fix the known threading issues found in previous OpenBLAS versions. - Specifically: - Experimental (opt-in only) support for overriding numpy functions, see __array_function__ below. - The matmul function is now a ufunc. This provides better performance and allows overriding with __array_ufunc__. - Improved support for the ARM and POWER architectures. - Improved support for AIX and PyPy. - Improved interop with ctypes. - Improved support for PEP 3118. - Also includes all improvements to 1.15.*, namely: - NumPy has switched to pytest for testing. - A new numpy.printoptions context manager. - Many improvements to the histogram functions. - Support for unicode field names in python 2.7. - Improved support for PyPy. - Fixes and improvements to numpy.einsum. - Removed CVE-2019-6446_numpy_load.patch, which is included into the upstream release. - numpy-1.9.0-remove-__declspec.patch has been refreshed to fit the current upstream tarball. ==== qpdf ==== Version update (9.0.0 -> 9.0.1) - Update to version 9.0.1 * Upstream fixed bsc#1150151, removed explicit -fsigned-chars from CXXFLAGS * See included ChangeLog file for the complete changelog ==== remmina ==== Version update (1.3.4 -> 1.3.6) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp - Update to new upstream release 1.3.6 (jsc#SLE-9616) * Fix fullscreen switching * Fullscreen fixes * rdpr channel initialization for special devices sharing. Closes #1955 * Fixing remminamain destroy issues * Makes Rmnews modal to avoid that it steals input to the RCW * Make some cmake targets optional to avoid packaging isssues * SNAP fixing dependencies for the plugin WWW * Updating Remmna icon to the yaru/suru icon set. * Adding harfbuzz headers, closes #1941 * New stats * *.md: typo corrections * Remove G+ from documents - Removed dependency to NX for remmina-plugin-kwallet. - Update to new upstream release 1.3.5 * Configurable, human readable profile file names * A KDE Wallte plugin, that can be used instead of the GNOME Keyring * Many notable and subtle bugs fixed by Giovanni Panozzo. * Null pointer reference, RDP issues, remmina connection window fixes and refactoring and many more!! * Remmina news (and announcements) widget * Periodically (sporadically) a widget will be shown with news and announcements related to your Remmina version. * Master password, to protect settings and profiles from unauthorized modifications * WWW plugin (web browser with authentication for Remmina) * New color schemes for the SSH plugin. * Preferences cleaning * Profile saving bug fixed * Remmina main UI improvements * Typographic and wording corrections - Removed broken telepathy plugin - New kwallet plugin will be built only on openSUSE and SLE backport releases. ==== strace ==== Version update (5.2 -> 5.3) - Update to strace 5.3 * Improvements * Implemented usage of seccomp-bpf for stopping tracees only for filtered syscalls. Use --seccomp-bpf option to enable. * Implemented decoding of pidfd_open and clone3 syscalls. * Enhanced decoding of io_cancel, io_submit, s390_sthyi, and syslog syscalls. * Enhanced decoding of NETLINK_ROUTE protocol. * Implemented decoding of UNIX_DIAG_UID netlink attribute. * Implemented decoding of WDIOC_* ioctl commands. * Enchanced syscall count statistics: overhead is now applied per-call, added ability for sorting on errors field. * Syscall delay injection and overhead values can now be supplied with time measure unit suffix and provided in IEEE 754 floating point format. * Updated lists of AUDIT_*, BPF_*, ETH_*, KEYCTL_*, KVM_*, MAP_*, SO_*, TCP_*, V4L2_*, XDP_*, and *_MAGIC constants. * Updated lists of ioctl commands from Linux 5.3. * Enhanced manual page. * Bug fixes * Fixed syscall tampering on arc, avr32, csky, ia64, m68k, metag, mips, nios2, or1k, riscv, s390, s390x, sparc, sparc64, and tile architectures when PTRACE_GET_SYSCALL_INFO is in use. * Fixed decoding of sockaddr_hci (AF_BLUETOOTH) addresses that lack hci_channel field. * Fixed evdev ioctl bitset decoding. * Fixed tests on alpha with Linux kernel headers 5.1+. * Portability * Removed support for decoding syscalls in range [1024...1079] on AArch64 architecture as this range has never been implemented in mainline kernel releases. ==== ucode-intel ==== Version update (20190618 -> 20190918) - Updated to 20190918 bugfix release (bsc#1151232 bsc#1138185) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New - --- updated platforms ------------------------------------ BDW-U/Y E0/F0 6-3d-4/c0 0000002d->0000002e Core Gen5 HSX-EX E0 6-3f-4/80 00000014->00000016 Xeon E7 v3 BDW-H/E3 E0/G0 6-47-1/22 00000020->00000021 Core Gen5 BDX-ML B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx BDX-DE V1 6-56-2/10 0000001a->0000001c Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87 BDX-NS A0 6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53 SKX-SP H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable SKX-D M1 6-55-4/b7 0200005e->00000064 Xeon D-21xx CLX-SP B1 6-55-7/bf 05000021->0500002b Xeon Scalable Gen2 ==== virt-manager ==== Version update (2.1.0 -> 2.2.1) Subpackages: virt-install virt-manager-common - Upstream bug fixes (bsc#1027942) 0c223ab2-guest-Dont-set-default-uefi-if-firmware-is-set.patch 414ffa5e-virt-install-Use-minutes-instead-of-seconds-on-get_time_string.patch 53245827-urlfetcher-Force-a-flush-after-writing-to-a-file.patch 3009888a-urlfetcher-Dont-override-fullurl-when-its-explicitly-set.patch - bsc#1143315 - virt-manager: Fix detection for SLE15 virtinst-add-sle15-detection-support.patch virtinst-add-caasp-support.patch virtinst-detect-oes-distros.patch virtinst-add-pvh-support.patch virtinst-s390x-disable-graphics.patch virtinst-set-qemu-emulator.patch - Upstream bug fix (bsc#1027942) 3c6e8537-guest-fix-warning-message-when-machine-type-is-changed-for-secure-boot.patch - Update to virt-manager 2.2.1 (fate#326786) virt-manager-2.2.1.tar.bz2 * CVE-2019-10183: Replace ?unattended user-password and admin-password with user-password-file and admin-password-file (Fabiano Fidêncio) * Consistent ?memballoon default across non-x86 (Andrea Bolognani) * virt-install: add ?numatune memnode.* (Athina Plaskasoviti) * Drop hard dep on gtksourceview4, gtksourceview3 is fine as well - Drop patches no longer needed 033e9702-xmleditor-Handle-gtksourceview3-as-well-as-gtksourceview4.patch 51d28f04-unattended-Dont-log-user-admin-passwords.patch 5312a961-virt-install-Revive-wait-0-as-alias-for-noautoconsole.patch 58c68764-unattended-Read-the-passwords-from-a-file.patch - bsc#1140211 - VUL-1: CVE-2019-10183: virt-manager: unattended option leaks password via command line argument 58c68764-unattended-Read-the-passwords-from-a-file.patch 51d28f04-unattended-Dont-log-user-admin-passwords.patch - Upstream bug fix (bsc#1027942) 5312a961-virt-install-Revive-wait-0-as-alias-for-noautoconsole.patch - Update to virt-manager 2.2.0 (fate#326786) virt-manager-2.2.0.tar.bz2 * libvirt XML viewing and editing UI for new and existing domain, pools, volumes, networks * virt-install: libosinfo ?unattended support (Fabiano Fidêncio, Cole Robinson) * Improve CPU model security defaults (Pavel Hrdina) * virt-install: new ?install option. Ex: virt-install ?install fedora29 * virt-install: new ?install kernel=,initrd= * virt-install: ?disk, ?memory, ?name defaults from libosinfo (Fabiano Fidêncio, Cole Robinson) * virt-install: add device suboption aliases which consistently match libvirt XML naming * virt-xml: new ?start, ?no-define options (Marc Hartmayer) * virt-install: Add driver_queues argument to ?controller (Vasudeva Kamath) * RISC-V support (Andrea Bolognani) * Device default improvements for non-x86 KVM (Andrea Bolognani) * Redesigned ?New Network? wizard * libguestfs inspection improvements (Pino Toscano) * virt-install: Add support for xenbus controller (Jim Fehlig) * cli: Add ?disk wwn=,rawio= (Athina Plaskasoviti) * cli: Add ?memballoon autodeflate=,stats.period= (Athina Plaskasoviti) * cli: Add ?iothreads (Athina Plaskasoviti) * cli: Add ?numatune memory.placement (Athina Plaskasoviti) * cli: Add ?launchSecurity option (Erik Skultety) * cli: Fill in ?memorybacking options * cli: ?smartcard: support database= and certificate[0-9]*= * cli: ?sysinfo: Add chasis suboptions * cli: ?metadata: add genid= and genid_enable= * cli: ?vcpus: add vcpus.vcpu[0-9]* config * cli: fill in all common char source options for ?serial, ?parellel, ?console, ?channel, ?smartcard, ?rng, ?redirdev 033e9702-xmleditor-Handle-gtksourceview3-as-well-as-gtksourceview4.patch virtman-dont-specify-gtksource-version.patch - Drop patches no longer needed f7508d02-addhardware-Fix-setting-optimal-default-net-model.patch 1018ab44-inspection-handle-failures-in-application-listing.patch ae8a4f3d-engine-Fix-first-run-startup-error.patch 57db4185-virt-clone-fix-force-copy-of-empty-cdrom-or-floppy-disk.patch 26a433fc-virtManager-clone-check-which-storage-pools-supports-volume-cloning.patch 4f66c423-cloner-Handle-nonsparse-for-qcow2-images.patch a02fc0d0-virtManager-clone-build-default-clone-path-if-we-know-how.patch 1856c1fa-support-Fix-minimum-version-check.patch 001-adf30349-cli-refactor-get_prop.patch 002-60c7e778-xmlapi-add-set_prop.patch 003-5bad22e8-tests-Use-get-set_prop.patch 004-ee5f3eab-support-Add-SUPPORT_CONN_DEVICE_BOOT_ORDER.patch 005-7768eb17-cli-Add-check-if-device-boot-order-is-supported.patch 006-ecc0861c-tests-xmlparse-refactor-method-for-generating-out-file-path.patch 007-c9d070da-guest-Add-reorder_boot_order-method.patch 008-1b535940-tests-Add-test-case-for-reorder_boot_order-method.patch 009-b83a0a61-cli-Use-reorder_boot_order-for-setting-the-boot-order.patch 010-c896d19d-tests-cli-Add-boot.order-tests.patch 011-29f9f2ac-virt-xml-Add-no-define-argument.patch 012-c2bff509-tests-cli-Add-test-case-for-no-define-argument.patch 013-90b1a3ab-virt-xml-Add-support-for-starting-the-domain.patch 014-908b8e8d-tests-virt-xml-Add-test-cases-for-start-option.patch 5bc847eb-virt-install-Do-not-warn-about-consoles-on-s390x.patch 74bbc3db-urldetect-Check-also-for-treeinfo.patch 708af01c-osdict-Add-supports_virtioinput.patch f23b01be-guest-Add-VirtIO-input-devices-to-s390x-guests-with-graphics.patch 7afbb90b-virt-xml-Handle-VM-names-that-look-like-id-uuid.patch 8d9743d6-virt-install-Add-support-for-xenbus-controller.patch a0ca387a-cli-Fix-pool-default-when-path-belongs-to-another-pool.patch 578451fe-urldetect-Dont-run-regex-against-None-SUSE-product-name.patch virtman-default-guest-from-host-os.patch virtman-prevent-double-click-starting-vm-twice.patch - bsc#1138110 - XEN guest can not be restored from virt-manager after it is saved virtman-fix-restore-vm-menu-selection.patch - Upstream bug fix (bsc#1027942) 578451fe-urldetect-Dont-run-regex-against-None-SUSE-product-name.patch - Make sure the old qemu-dm is not used for installing VMs. It can't handle direct kernel boot. (bsc#1125725) virtinst-set-qemu-emulator.patch - jsc#SLE-6262, fate#327048: KVM: Boot Configuration Override 001-adf30349-cli-refactor-get_prop.patch 002-60c7e778-xmlapi-add-set_prop.patch 003-5bad22e8-tests-Use-get-set_prop.patch 004-ee5f3eab-support-Add-SUPPORT_CONN_DEVICE_BOOT_ORDER.patch 005-7768eb17-cli-Add-check-if-device-boot-order-is-supported.patch 006-ecc0861c-tests-xmlparse-refactor-method-for-generating-out-file-path.patch 007-c9d070da-guest-Add-reorder_boot_order-method.patch 008-1b535940-tests-Add-test-case-for-reorder_boot_order-method.patch 009-b83a0a61-cli-Use-reorder_boot_order-for-setting-the-boot-order.patch 010-c896d19d-tests-cli-Add-boot.order-tests.patch 011-29f9f2ac-virt-xml-Add-no-define-argument.patch 012-c2bff509-tests-cli-Add-test-case-for-no-define-argument.patch 013-90b1a3ab-virt-xml-Add-support-for-starting-the-domain.patch 014-908b8e8d-tests-virt-xml-Add-test-cases-for-start-option.patch - Drop unneeded 0003-virtinst-python3-avoid-using-long-type.patch Drop Requires on python3-six ==== virt-viewer ==== Version update (7.0 -> 8.0) - Update to 8.0: - Fix warnings with latest GCC versions - More strictly filter out non-ISO images in ovirt menu - Require libgovirt >= 0.3.3 - Require librest >= 0.8 - Support UNIX and TLS URI schemes for spice - Fix full screen monitor placement under wayland - Fix command line encoding on Windows - Ensure VM name is set in window title - Support unix-path in .vv files - Support text console windows via VTE - Add machine power control menu options - Record full build env in MSI installer - update virtview-desktop.patch ==== webkit2gtk3 ==== Version update (2.24.2 -> 2.24.4) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.24.4 (boo#1148931): + Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. + Improve loading of multimedia streams to avoid memory exhaustion due to excessive caching. + Fix display of documents with MIME type application/xml in the Web Inspector, when loaded using XmlHttpRequest. + Fix a hang while scrolling certain websites which include HLS video content (Twitter, for example). + Fix rounding artifacts in volume levels for media playback. + Fix several crashes and rendering issues. + Fix the build with video track support disabled. + Fix the build with OpenGL support disabled. + Fix build issue which would cause media controls to disappear when Python 3.x was used during the build process. + Security fixes: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688. - Drop webkit2gtk3-bwo197558-hang.patch: Fixed upstream. - Add webkit2gtk3-bwo197558-hang.patch for hang (bwo#197558) - Drop webkit2gtk3-boo1088932-a11y-state-set.patch: fixed upstream. - Update to version 2.24.3: + Deprecate WebSQL APIs. + Make Previous/Next gesture work in RTL mode. + Fix content disappearing when using CSS transforms. + Fix rendering artifacts in youtube volume button. + Fix trapezoid artifact in github comment box. + Fix video pause that sometimes caused to skip to finish. + Fix volume level changes when playing a video. + Fix HLS streams being slow to start. + Fix some radio streams that could not be played. + Fix the build with older versions of GStreamer. + Fix the build with video and audio disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2019-8666, CVE-2019-8673, CVE-2019-8676, CVE-2019-8681, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690. + Updated translations. - Drop upstream fixed patches: + webkit2gtk3-bug196440-build-fix.patch. + webkit2gtk3-bug198080-build-fix.patch. ==== yast2 ==== Version update (4.2.21 -> 4.2.23) Subpackages: yast2-logs - Use "display_name" tag for the product label, "label" marks a translatable text (jsc#SLE-7214) - 4.2.23 - Added support for reading products from control.xml file (jsc#SLE-7104) - 4.2.22 ==== yast2-country ==== Version update (4.2.4 -> 4.2.5) Subpackages: yast2-country-data - Add missing Persian/Farsi language and keyboard layout (bsc#1092920). - 4.2.5 ==== yast2-installation ==== Version update (4.2.13 -> 4.2.14) - Support for the online installation medium (jsc#SLE-7214) - 4.2.14 ==== yast2-packager ==== Version update (4.2.25 -> 4.2.27) - Support for the online installation medium (jsc#SLE-7214) - 4.2.27 - Properly initialize the used base product name at upgrade (bsc#1150856) - 4.2.26 ==== yast2-storage-ng ==== Version update (4.2.38 -> 4.2.41) - Partitioner: allows encrypting volumes using pervasive encryption (jsc#SLE-7376). - 4.2.41 - Partitioner: allow creating encrypted swap with random password (bsc#1088641). - Partitioner: allow importing mount points from encrypted swap with random password. - Storage: fix an encryption type inconsistency (bsc#1151079). - 4.2.40 - add warning if /boot is on a LUKS2 encrypted partition - 4.2.39