Packages changed: MozillaFirefox (79.0 -> 80.0) ark autoyast2 (4.3.35 -> 4.3.43) ceph (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) corosync dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) fetchmail gstreamer-plugins-base intel-vaapi-driver libdrm libglvnd libmfx libmysofa (1.0 -> 1.1) libqmi (1.24.14 -> 1.26.4) libstorage-ng (4.3.39 -> 4.3.40) libteam (1.29 -> 1.31) libva libva-gl libyui-ncurses (2.56.1 -> 2.56.2) libzypp (17.24.1 -> 17.24.2) mlterm (3.8.9 -> 3.9.0) mozilla-nspr (4.26 -> 4.27) mozilla-nss (3.54 -> 3.55) mozjs68 open-vm-tools (11.1.0 -> 11.1.5) openvpn perl-HTML-Parser (3.72 -> 3.75) procps python-sip (4.19.19 -> 4.19.24) python3-qt5 (5.13.2 -> 5.15.0) qemu syslogd tracker (2.3.4 -> 2.3.5) tracker-miners (2.3.3 -> 2.3.4) xfce4-notifyd (0.6.1 -> 0.6.2) xorg-x11-server (1.20.8+0 -> 1.20.9) yast2 (4.3.19 -> 4.3.24) yast2-network (4.3.15 -> 4.3.17) yast2-online-update-configuration (4.3.1 -> 4.3.2) yast2-pkg-bindings (4.2.9 -> 4.3.0) yast2-services-manager (4.3.4 -> 4.3.5) yast2-storage-ng (4.3.14 -> 4.3.15) zypper (1.14.37 -> 1.14.38) === Details === ==== MozillaFirefox ==== Version update (79.0 -> 80.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 80.0 MFSA 2020-36 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-12401 (bmo#1631573) Timing-attack on ECDSA signature generation * CVE-2020-6829 (bmo#1631583) P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation * CVE-2020-12400 (bmo#1623116) P-384 and P-521 vulnerable to a side channel attack on modular inversion * CVE-2020-15665 (bmo#1651636) Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown * CVE-2020-15666 (bmo#1450853) MediaError message property leaks cross-origin response status * CVE-2020-15667 (bmo#1653371) Heap overflow when processing an update file * CVE-2020-15668 (bmo#1651520) Data Race when reading certificate information * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - requires * NSPR 4.27 * NSS 3.55 - added mozilla-system-nspr.patch (bmo#1661096) - exclude ga-IE locale as it's failing to build - rollback parallelize locale build because it breaks bookmarks (boo#1167976) - preserve original default bookmark file during langpack build (boo#1167976) - add some ccache output during build - Use new memoryperjob _constraints instead of %limit_build macro. - use ccache for build - replace versioned RPM deps with requires_ge - parallelize locale build - Change *.appdata.xml location to latest AppStream standard ==== ark ==== Subpackages: ark-lang libkerfuffle20 - Add patch to prevent path traversal (boo#1175857, CVE-2020-24654): * 0001-Pass-the-ARCHIVE_EXTRACT_SECURE_SYMLINKS-flag-to-lib.patch ==== autoyast2 ==== Version update (4.3.35 -> 4.3.43) Subpackages: autoyast2-installation - Recognize installed_product and installed_product_version as legal elements of rules.xml files (boo#1176089). - 4.3.43 - Add to erb templates more helpers (bsc#1175735) - Use <script> elements instead of <listentry> when exporting the <postpartitioning-scripts> section (related to bsc#1175714). - Saving log files of postpartitioning-scripts (bsc#1145269) (schubi@suse.de). - 4.3.42 - Fix the AutoYaST storage UI (related to bsc#1175680). - 4.3.41 - Unify profile element paths (bsc#1175680). - 4.3.40 - bnc#1174133 - do not crash with internal error when the profile contains corrupted signature_handling option - 4.3.39 - Add ability to use erb template as dynamic autoyast profile (bsc#1175735) - 4.3.38 - Speed up finding the "autoyast()" supplements by filtering packages directly on the lilbzypp level (bsc#1175317, related to bsc#1146494) - 4.3.37 - Reporting an error if an corrupted AY configuration file has been read (bsc#160975). - 4.3.36 ==== ceph ==== Version update (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) Subpackages: librados2 librbd1 - Update to 16.0.0-4862-g8ac6038555: + rebase on tip of upstream "master" branch, SHA1 46c912978aa6a0b0f67094a27933c7bea829e6c9 - checkin.sh: build only one frontend language (English) by default, to speed up tarball generation - Update to 15.2.4-822-g24d833526b + rebase on tip of upstream "octopus" branch, SHA1 0887d548597b9d2381de42c1cc8a5c01d264ae8b - Update to 15.2.4.557+g4ac763f0b3 + rebase on tip of upstream "octopus" branch, SHA1 96411838ef6fef9a5285ca4d5c0708e6a599632e - Update to 15.2.4-511-g40953bf9d6 + rebase on tip of upstream "octopus" branch, SHA1 f3b8bc0d11ca4f8167615007645759e905b1ada5 - Update to 15.2.4-465-g5e8d9ae6bd + rebase on tip of upstream "octopus" branch, SHA1 213e2c803b4f68c9f0b33119c64638a6813d2692 - Update to 15.2.4-381-g734ae877b4: + rebase on tip of upstream "octopus" branch, SHA1 d0da4070a19a55ebe9c55904d6da2ad38833aae0 - Update to 15.2.4-342-g6987dec446: + cmake: add empty RPATH to ceph-diff-sorted - Update to 15.2.4-337-g55cec95eaf: + rebase on tip of upstream "octopus" branch, SHA1 405556b2629d8274dea2e14ee017c70a7dfb24a1 + Monitoring: Use downstream container images ==== corosync ==== Subpackages: libcfg6 libcmap4 libcorosync_common4 libcpg4 libquorum5 - Stop mangling libexecdir: it's not needed at all. ==== dracut ==== Version update (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) - Update to version 050+suse.75.g266a76d9: * net-lib.sh: support infiniband network mac addresses (bsc#996146) * 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) * 95nfs: use ip_params_for_remote_addr() (bsc#1167494) * dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) - Update to version 050+suse.71.g390f4d72: * 01fips: modprobe failures during manual module loading is not fatal (bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828) * 95iscsi: fix ipv6 target discovery (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file (bsc#1172807) ==== fetchmail ==== Subpackages: fetchmailconf - De-hardcode /usr/lib path for launch executable (bsc#1174075) - Spec file cleanups ==== gstreamer-plugins-base ==== Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Do not recommend PackageKit-gstreamer-plugin: that package already supplements the combination of gstreamer-plugins-base and packagekit. ==== intel-vaapi-driver ==== - version 2.4.1 needed for jira#SLE/SLE-12712 ==== libdrm ==== Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 - version 2.4.102 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 ==== libglvnd ==== Subpackages: libglvnd-32bit - version 1.3.2 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 ==== libmfx ==== - version 20.2.1 needed for jira#SLE/SLE-12712 ==== libmysofa ==== Version update (1.0 -> 1.1) - update to 1.1: * Support the change of the reference implementation to version 1.1.1 * Fixing the problem of left / right confusion common in many old SOFA files * Support many more HDF features which are used in recent implementations of netcdf ==== libqmi ==== Version update (1.24.14 -> 1.26.4) Subpackages: libqmi-glib5 libqmi-tools - update to 1.26.4: * Added new message collections support, so that users can select which messages to include in the built library during configure with the - -enable-collection option. Three predefined sets are given: * * minimal: the bare minimum messages required to control connectivity. * * basic: all messages and indications that ModemManager requires. * * full: all supported messages and indications. Users can install custom collections under data/ and reference them in the same way as the predefined sets. E.g. installing a new data/qmi-collection-custom.json set can be enabled during configure with - -enable-collection=custom. * Added new GObject Introspection support in the library * Implemented new QRTR backend support, disabled by default. This new backend allows to perform QMI operations on systems with the Qualcomm IPC router * Added 5GNR radio access technology support, with new enum values in both the DMS and NAS services. * New services: * * New 'GMS' (Telit General Modem Service) service, for now just implementing basic test get/set value commands. * * New 'DSD' (Data System Determination) service, implementing methods to get and set default bearer APN settings. * New request/response/indications: * * dms: implement "Get MAC Address" request/response. * * dms: renamed "Dell Get Firmware Version" to "Foxconn Get Firmware Version" as the command applies not only to the Dell-branded variant, but also to the generic Foxconn-branded models. The old APIs are kept available but flagged as deprecated. * * loc: implement "Set NMEA Types" request/response. * * loc: implement "Get NMEA Types" request/response. * * uim: implement "Switch Slot" request/response. * * uim: implement "Get Slot Status" request/response. * * uim: implement "Slot Status" indication. * * voice: implement "Indication Register" request/response. * * voice: implement "Originate USSD" request/response. * * voice: implement "Answer USSD" request/response. * * voice: implement "Cancel USSD" request/response. * * voice: implement "Release USSD" request/response. * * voice: implement "USSD" indication. * * voice: implement "Originate USSD No Wait" request/response. * * voice: implement "Originate USSD No Wait" indication. * New TLVs supported in existing messages: * * nas: added 'Extended List' and 'Bandwidth List' in "Get RF Band Information". * * wda: added 'Endpoint Info' in "Get Data Format". ==== libstorage-ng ==== Version update (4.3.39 -> 4.3.40) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#767 - removed some unnecessary null pointer checks - 4.3.40 ==== libteam ==== Version update (1.29 -> 1.31) - update to 1.31: * teamd: fix build error in expansion of macro teamd_log_dbgx * teamd/lacp: fix segfault due to NULL pointer dereference * teamd: fix possible race in master ifname callback * Fix ifinfo_link_with_port race condition with newlink * Skip setting the same hwaddr to a lag port if not needed * teamd/lacp: silence ignore none LACP frames ==== libva ==== Subpackages: libva-drm2 libva-x11-2 libva2 - version 2.8.0 needed for jira#SLE/SLE-12712 ==== libva-gl ==== Subpackages: libva-glx2 libva-wayland2 - version 2.8.0 needed for jira#SLE/SLE-12712 - update to 2.8.0: * trace: enable return value trace for successful function call * trace: divide va_TraceEndPicture to two seperate function * trace: add support for VAProfileHEVCSccMain444_10 * fix:Fixes file descriptor leak * add fourcc code for P012 format * travis: Add a test that code files don't have the exec bit set * Remove the execute bit from all source code files * meson: Allow for libdir and includedir to be absolute paths * trace: Fix format string warnings * fix:Fix clang warning (reading garbage) * add definition to enforce both reflist not empty * trace: List correct field names in va_TraceVAPictureParameterBufferHEVC * change the return value to be UNIMPLEMENTED when the function pointer is NULL * remove check of vaPutSurface implementation * Add new slice structure flag for CAPS reporting * VA/X11: VAAPI driver mapping for iris DRI driver * VA/X11: enable driver candidate selection for DRI2 * Add SCC flags to enable/disable features * fix: Fix HDR10 MaxCLL and MaxFALL documentation * Add VAProfileHEVCSccMain444_10 for HEVC * change the compatible list to be dynamic one * trace:Convert VAProfileAV1Profile0 VAProfileAV1Profile1 to string ==== libyui-ncurses ==== Version update (2.56.1 -> 2.56.2) - Fix changing a single cell in a sorted table (bsc#1165388, bsc#1174615) - 2.56.2 ==== libzypp ==== Version update (17.24.1 -> 17.24.2) - VendorAttr: Const-correct API and let Target provide its settings (bsc#1174918) - Support buildnr with commit hash in purge-kernels (bsc#1175342) This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. - Improve Italian traslation of the "breaking dependencies" message (bsc#1173529) - Make sure reading from lsof does not block forever (bsc#1174240) - Just collect details for the signatures found (fixes #229) - version 17.24.2 (22) ==== mlterm ==== Version update (3.8.9 -> 3.9.0) Subpackages: mlterm-canna mlterm-ibus mlterm-scim mlterm-wnn - version update to 3.9.0 * Support CSI>4;1m. * Support uniscribe for libotl on win32. * Support SCP by Shift+DnD on HaikuOS. * Support xdg-shell on wayland. * Support DEC Technical character set. * Support input of unicode characters on mlterm-fb. * Support ormode of Sixel Graphics. * Update unicode property table (generated from UnicodeData.txt and EastAsianWidth.txt) to version 12.1.0. * Mlconfig configures files in ~/.mlterm directly if it starts without options or with --file option. * Change DA1 response. \x1b[?63;1;2;3;4;7;29c -> \x1b[?63;1;2;3;4;6;7;15;18;22;29c * geometry / -g option works on HaikuOS. * Add vte 0.60 API symbols to libvte compatible library. * Merge patches: https://sourceforge.net/p/mlterm/bugs/78/ https://sourceforge.net/p/mlterm/patches/25/attachment/typos.diff * Bug fixes: Fix a bug which disabled to change the value of "logsize" option from "0" to "unlimited". Fix segfault when "snapshot" command of OSC 5379 is executed. Fix mouse tracking position if "use_ot_layout = true". Fix segfault when mlterm-sdl2 starts with -im=uim option. Fix a bug which makes mlterm-sdl2 on win32 stop starting mlconfig. Fix compiling error on HaikuOS + gcc-x86. Fix http://twitter.com/hamano/status/1177087752208183296 Fix a bug which disabled clipping of DECDHL in cairo. (Enbugged at 3.8.6) - deleted patches - mlterm-cast.patch (upstreamed) ==== mozilla-nspr ==== Version update (4.26 -> 4.27) - update to version 4.27 * the macOS platform code for shared library loading was changed to support macOS 11. If the absolute path parameter given to PR_LoadLibrary begins with either /System/ or /usr/lib/ then no test is performed if the library exists at a file. * An include statement for a Windows system library header was added ==== mozilla-nss ==== Version update (3.54 -> 3.55) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. ==== mozjs68 ==== - reset memoryperjob for PowerPC avoid dispatcher to not find worker and still use %limit_build macro for them. ==== open-vm-tools ==== Version update (11.1.0 -> 11.1.5) Subpackages: libvmtools0 open-vm-tools-desktop - Update to 11.1.5 (build 16724464) (boo#1175573) + This source release rolls up the SDMP fixes release post 11.1.0. + Fix serveral Coverity reported issues. + Address github issues: https://github.com/vmware/open-vm-tools/issues/451 https://github.com/vmware/open-vm-tools/issues/429 https://github.com/vmware/open-vm-tools/issues/428 - Drop unnecessary patch: - gcc10-warning.patch - sdmp-get-version.patch - sdmp-netstat-to-ss.patch - sdmp-warnings.patch ==== openvpn ==== - Modernize openvpn.service * /var/run has been obsoleted since a long time. * on reload, send HUP signal directly rather than relying on killproc to look for the main process. - Explicitly requires sysvinit-tools as some of the tools shipped by this package are used in various places regardless of whether openvpn is built for systemd or non systemd systems. For the context: sysvinit-tools was pulled in by systemd since 2014 but it's no longer the case so better to be safe than sorry. ==== perl-HTML-Parser ==== Version update (3.72 -> 3.75) - updated to 3.75 see /usr/share/doc/packages/perl-HTML-Parser/Changes - updated to 3.73 see /usr/share/doc/packages/perl-HTML-Parser/Changes ==== procps ==== Subpackages: libprocps8 - Enable pidof by default ==== python-sip ==== Version update (4.19.19 -> 4.19.24) Subpackages: python-sip-common python3-sip - Update to 4.19.24 * Added support for Python v3.9. * %InstanceCode is now used to provide the default result of virtual handlers that return a class or mapped type by value. * 'android_abi' can now be used in a configuration file when building the sip module using qmake. This is required when using Qt v5.14 or later on Android. - all intermediate versions are tagged "minor bug-fix release" - refresh disable-strip.diff ==== python3-qt5 ==== Version update (5.13.2 -> 5.15.0) - Update update-timeline.patch - Update to 5.15.0 * Added support for Qt v5.15.0. * Added the QtQuick3D module. * Added a callStaticMethod() overload to QAndroidJniObject that takes a QJsonDocument as the method argument and returns another QJsonDocument. * Added the missing QMultimedia control classes. * pyuic5 now supports QUndoView. - v5.14.2 3rd April 2020 * Added the missing QTextCodec.convertFromUnicode(). * Added the OpenGL ES bindings. * Added QFlags.__index__(). - v5.14.1 6th January 2020 * This is a bug fix release. - v5.14.0 18th December 2019 * Added support for Qt v5.14.0. - Source URL moved to PyPI - refresh 0001-Use-a-noarch-wrapper-for-dbus-mainloop-integration.patch ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-guest-agent qemu-hw-display-qxl qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-ui-spice-app qemu-vgabios qemu-vhost-user-gpu qemu-x86 - For SLE15-SP3, note that this update to v5.1.0 is a step towards fulfilling jsc#SLE-13689, which asks for qemu v5.2.0 or higher - Fix some shell syntax in update_git.sh, esp. an issue exposed by the most recent patch added - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) usb-fix-setup_len-init-CVE-2020-14364.patch - Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, JIRA, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 * bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384 bsc#1172386 bsc#1172495 bsc#1172710 * Patches dropped (SLE) (included in current release tarball): exec-set-map-length-to-zero-when-returni.patch i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch megasas-use-unsigned-type-for-reply_queu.patch ==== syslogd ==== Subpackages: klogd syslog-service - Set permission also in file list for /etc/syslog.conf ==== tracker ==== Version update (2.3.4 -> 2.3.5) Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 tracker-lang typelib-1_0-Tracker-2_0 typelib-1_0-TrackerControl-2_0 - Update to version 2.3.5: + Add 'tracker export' subcommand to ease migration to 3.x. + Use correct signature for DBusSignalCallback. + Get the systemd user unit dir from pkg-config. + Replace sensitive terms. + Updated translations. - Drop tracker-Use-correct-signature.patch: Fixed upstream. ==== tracker-miners ==== Version update (2.3.3 -> 2.3.4) Subpackages: tracker-miner-files tracker-miners-lang - Update to version 2.3.4: + Block image/ktx files in 90-gstreamer-image-generic.rule. + Set a deadline of 30 seconds for extraction tasks. + Remove generic gstreamer-based image extraction codepath. + Several fixes to libav-based extractor. + Replace sensitive words. + Get the systemd user unit dir from pkg-config. + Updated translations. ==== xfce4-notifyd ==== Version update (0.6.1 -> 0.6.2) Subpackages: xfce4-notifyd-lang - Update to 0.6.2 * Switch to new app icon and rDNS icon name * Default to session autostart instead of DBus (gxo#apps/xfce4-notifyd#27) * Add configurable log size limit (default: 100) * Make buttons on non-1st notifications work * panel-plugin: Add option to hide "Clear log" dialog * log: properly handle iso8601 timestamps * log: Use SHA-1 data hash in icon cache paths (bxo#16825) * log: Improve performance of adding notifications (bxo#14865) * log: Refactor log keyfile element insertion into a separate function * Fix GTimeVal deprecation (bxo#16805) * Remove unused expire_timeout variable * Fix memory leaks * settings: Switch to symbolic close icon * Translation Updates ==== xorg-x11-server ==== Version update (1.20.8+0 -> 1.20.9) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk xorg-x11-server-wayland - Update to version 1.20.9: * Fix XRecordRegisterClients() Integer underflow * Fix XkbSelectEvents() integer underflow * Fix XIChangeHierarchy() integer underflow * Correct bounds checking in XkbSetNames() * linux: Fix platform device probe for DT-based PCI * linux: Fix platform device PCI detection for complex bus topologies * linux: Make platform device probe less fragile * fix for ZDI-11426 * xfree86: add drm modes on non-GTF panels * present: Check valid region in window mode flips * xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp * xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip * doc: Update URLs in Xserver-DTrace.xml * xwayland: Use a fixed DPI value for core protocol * xwayland: only use linux-dmabuf if format/modifier was advertised * hw/xfree86: Avoid cursor use after free * Update URL's in man pages * xwayland: Disable the MIT-SCREEN-SAVER extension when rootless * xwayland: Hold a pixmap reference in struct xwl_present_event * randr: Check rrPrivKey in RRHasScanoutPixmap() * modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation * xwayland: Store xwl_tablet_pad in its own private key * xwayland: Initialise values in xwlVidModeGetGamma() * xwayland: Fix crashes when there is no pointer * xwayland: Clear private on device removal * xwayland: Free all remaining events in xwl_present_cleanup * xwayland: Always use xwl_present_free_event for freeing Present events * present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip * present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip * xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only * xwayland: Fix infinite loop at startup * modesetting: Disable pageflipping when using a swcursor * dix: do not send focus event when grab actually does not change - Drop patches fixed upstream: * U_0001-Correct-bounds-checking-in-XkbSetNames.patch * U_0002-Fix-XIChangeHierarchy-integer-underflow.patch * U_0003-Fix-XkbSelectEvents-integer-underflow.patch * U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch * U_FixForZDI-11426.patch - U_0001-Correct-bounds-checking-in-XkbSetNames.patch * Correct bounds checking in XkbSetNames() [CVE-2020-14345 / ZDI 11428, boo#1174635] - U_0002-Fix-XIChangeHierarchy-integer-underflow.patch * Fix XIChangeHierarchy() integer underflow [CVE-2020-14346 / ZDI-CAN-11429, boo#1174638] - U_0003-Fix-XkbSelectEvents-integer-underflow.patch * Fix XkbSelectEvents() integer underflow [CVE-2020-14361 / ZDI-CAN 11573, boo#1174910] - U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch * Fix XRecordRegisterClients() Integer underflow [CVE-2020-14362 / ZDI-CAN-11574, boo#1174913] ==== yast2 ==== Version update (4.3.19 -> 4.3.24) Subpackages: yast2-logs - Fixed accidentaly broken dependencies (related to bsc#1175317) - 4.3.24 - Yet another unit test architecture fix :-( (related to bsc#1175317) - 4.3.23 - Fix for the previous change: fixed unit test failure on non x86_64 archs (related to bsc#1175317) - 4.3.22 - Y2Packager::Resolvable.find(): improved error handling, added more unit tests (related to bsc#1175317) - 4.3.21 - Unify profile element paths (bsc#1175680). - 4.3.20 ==== yast2-network ==== Version update (4.3.15 -> 4.3.17) - Unify profile element paths (bsc#1175680). - 4.3.17 - AutoYaST: Added supplements: autoyast(host,networking,remote) into the spec file in order to install this packages if the section has been defined in the AY configuration file (bsc#1146494). - 4.3.16 ==== yast2-online-update-configuration ==== Version update (4.3.1 -> 4.3.2) - Set X-SuSE-YaST-AutoInstClient in desktop file (bsc#1175516). - 4.3.2 ==== yast2-pkg-bindings ==== Version update (4.2.9 -> 4.3.0) - Improved Pkg::Resolvables() call to allow filtering by RPM dependencies (provides, obsoletes,...) (related to bsc#1175317) - 4.3.0 ==== yast2-services-manager ==== Version update (4.3.4 -> 4.3.5) - Re-enable service table sorting (bsc#1165388, bsc#1174615). - 4.3.5 ==== yast2-storage-ng ==== Version update (4.3.14 -> 4.3.15) - Unify profile element paths (bsc#1175680). - 4.3.15 ==== zypper ==== Version update (1.14.37 -> 1.14.38) Subpackages: zypper-log zypper-needs-restarting - Directly list subcommands in 'zypper help' (bsc#1165424) - man: enhance description of the global package cache (bsc#1175592) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks (bsc#1174561) - Fix help command for list-patches - man: Point out that plain rpm packages are not downloaded to the global package cache (bsc#1173273) - version 1.14.38