Packages changed: PackageKit appstream-glib (0.7.17 -> 0.7.18) at-spi2-core (2.36.0 -> 2.36.1) branding-openSUSE busybox-links clutter conmon (2.0.20 -> 2.0.21) dracut (050+suse.75.g266a76d9 -> 050+suse.226.gb86d9bcf) glib2 (2.64.4 -> 2.64.5) glib2-branding-openSUSE gnome-desktop (3.36.5 -> 3.36.6) gnome-settings-daemon gnome-shell gsettings-desktop-schemas harfbuzz (2.6.8 -> 2.7.2) installation-images-MicroOS (16.16 -> 16.18) json-glib (1.4.4 -> 1.6.0) kaccounts-integration kio-extras5 ldb (2.1.4 -> 2.2.0) libiptcdata (1.0.4 -> 1.0.5) libproxy libqt5-qtbase libsolv (0.7.14 -> 0.7.15) libssh (0.9.4 -> 0.9.5) libzypp (17.24.2 -> 17.25.0) mozilla-nss (3.55 -> 3.56) openSUSE-build-key pango (1.46.1 -> 1.46.2) perl-libwww-perl (6.47 -> 6.49) pipewire (0.3.10 -> 0.3.11) samba (4.12.5+git.168.88cc07e6cbf -> 4.13.0+git.138.ff2d5480c67) snapper (0.8.13 -> 0.8.14) sysconfig (0.85.5 -> 0.85.6) tracker2 (2.3.5 -> 2.3.6) vim (8.2.1551 -> 8.2.1719) webkit2gtk3 (2.28.4 -> 2.30.0) wpa_supplicant xen (4.14.0_06 -> 4.14.0_08) yast2 (4.3.27 -> 4.3.29) zypper (1.14.38 -> 1.14.39) === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18 - Add PackageKit-zypp-set-PATH.patch: zypp: Set PATH variable (gh#/hughsie/PackageKit/commit/2fb7fc6e, bsc#1175315). ==== appstream-glib ==== Version update (0.7.17 -> 0.7.18) Subpackages: libappstream-glib8 - Update to version 0.7.18: * Don't ignore localized strings that are the same as original * Croatian translation 2nd attempt (#373) * Test launchable tags in validation * Add missing dependency to the readme * as-app: Don't initialize mutex twice * as-content-rating: Expand translator comments to link to OARS website * as-content-rating: Lower the OARS/CSM mapping of sex-homosexuality/intense * po: Import gs-content-rating.c translations from gnome-software * po: Update po files * as-content-rating: Add content rating system APIs from gnome-software * Allow timestamp in the future in validate-relax * Fix crash with invalid children of <ul/> * as-app: Properly initialize unique_id_mutex * The AppData files now go to /usr/share/metainfo * util: Complete new validate-version command * util: Add "validate-version" command * trivial: Actually use the correct NEWS contents * trivial: post release version bump - Drop patch as-glib-PR359.patch (fixed upstream) - Run spec-cleaner * Remove rpm groups ==== at-spi2-core ==== Version update (2.36.0 -> 2.36.1) Subpackages: libatspi0 typelib-1_0-Atspi-2_0 - Update to version 2.36.1: + meson: De-duplicate deps of 'Requires' in pkgconfig file + Make at-spi-dbus-bus.desktop Validat + Fix ucs2keysym line for Euro sign + Fix Qt annotations in DBus xml files + constants: Fix typos in two _COUNT constants + Fix a couple of memory leaks. + Fix use after free when a device listener is destroyed. + Fix use after free when an event listener is destroyed. - Run spec-cleaner + Remove rpm groups ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE wallpaper-branding-openSUSE - Update branding-tumbleweed.zip: Rebrand all components of SLES/D in boot progress (jsc#SLE-14772). ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-psmisc busybox-xz - Add post/postun requires for busybox to busybox-sh (/usr/bin/ash is a symlink to busybox) ==== clutter ==== - Make documentation build reproducible ==== conmon ==== Version update (2.0.20 -> 2.0.21) - Update to version 2.0.21: * bump to v2.0.21 * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building ==== dracut ==== Version update (050+suse.75.g266a76d9 -> 050+suse.226.gb86d9bcf) Subpackages: dracut-ima - Update to version 050+suse.226.gb86d9bcf: We are now tracking the master branch, preparing for a 051 release within the next weeks. (the list includes changes previously backported) * 01fips: modprobe failures during manual module loading is not fatal * 01fips: turn info calls into fips_info calls * 04watchdog: split the watchdog module install * 35network-legacy: simplify fallback dhcp setup * 51-dracut-rescue.install: Don't use BLS fragment shipped by kernel package * 90crypt: make `rd.luks.key` usable with encrypted keydev. * 90crypt/module-setup.sh: try to catch kernel config changes * 90kernel-modules: add pci_hyperv * 90kernel-modules/module-setup.sh: add sg kernel module * 90kernel-modules: remove nfit from static module list * 90lvm: do not add newline to cmdline * 90nvdimm: include nvdimm keys in initrd * 90ppcmac: respect DRACUT_ARCH, don't exclude ppcle * 91zipl: parse-zipl.sh: honor SYSTEMD_READY * 95cifs: install new softdeps (sha512, gcm, ccm, aead2) * 95cifs: pass rootflags to mount * 95dcssblk: fix script permissions * 95fcoe: default rd.nofcoe to false * 95iscsi: fix ipv6 target discovery * 95iscsi: fix missing space when compiling cmdline args * 95iscsi: use ip_params_for_remote_addr() * 95nfs: only install rpc services for NFS < 4 when hostonly is strict * 95nfs: use ip_params_for_remote_addr() * 95nvmf: add module for NVMe-oF * 95nvmf: add NVMe over TCP support * 95nvmf: fix typo in the example documentation * 95resume: Do not resume on iSCSI, FCoE or NBD * 95zfcp_rules/parse-zfcp.sh: remove rule existence check * 95znet: Add a rd.znet_ifname= option * 99base: Remove duplicate nfsroot_to_var from dracut-lib.sh * 99memstrack: hook script should not call exit * 99memstrack: Only start tracking service when rd.memdebug=4|5 * 99squash: Don't hardcode the squash sub directories * 99squash: improve pre-requirements check * 99squash: simplify the code * Add 99memstrack module * Adding a bug report template * Adding a feature request template * Adding a pull request template * Adding code of conduct * Adding documentation template * Adding security policy * Adding the labels file for master * Adding the labels file for the RHEL-6 branch * Adding the labels file for the RHEL-7 branch * Adding the labels file for the RHEL-8 branch * Adding the labels trigger file for the Master branch * Adding the labels trigger file for the RHEL-6 branch * Adding the labels trigger file for the RHEL-7 branch * Adding the labels trigger file for the RHEL-8 branch * Add module "90nvdimm" for NVDIMM support * Add --version to man page * Allow $DRACUT_INSTALL to be not an absolute path * Always pull in machinery to read ifcfg files * As of v246 of systemd "syslog" and "syslog-console" switches have been deprecated * btrfs: force preload btrfs module * busybox: simplify listing of supported utilities * Change the order of NFS servers during the boot NFS server provided by DHCP in next-server option has higher priority than DHCP-server itself * CI: remove Fedora 30, add Fedora 32 * cms: regenerate NetworkManager connections * cryptroot-ask: no warn if /run/cryptsetup exist * dasd: only install /etc/dasd.conf if present * dhclient-script: Fix typo in output of BOUND & BOUND6 cases * dmsquash-live-root: Remove obsolete osmin.img processing. * Document initqueue/online hook * Do not start inside container * don't prefer $TMPDIR over --tmpdir * dracut.cmdline.7.asc: clarify usage of `rd.lvm.vg` and `rd.lvm.lv` * dracut.cmdline.7.asc: fix typo * dracut.conf.5.asc: document how to config --no-compress in the config * dracut-functions: add ip_params_for_remote_addr() helper * dracut-functions: fix find_binary() to return full path * dracut-initqueue: Print more useful info in case of timeout * dracut-lib.sh: quote variables in parameter expansion patterns * dracut.modules.7.asc: fix another typo * dracut.modules.7.asc: fix reference to insmodpost module * dracut.sh: add check for invalid configuration files * dracut.sh: Add --version * dracut.sh: don't call fsfreeze on subvol of root file system * dracut.sh: FIPS workaround for openssl-libs on Fedora/RHEL * dracut.sh: fix early microcode detection logic * dracut.sh: fix errors pointed out by shellcheck. * dracut.sh: fix ia32 detection for uefi executables * dracut.sh: fix some indentation. * dracut.sh: Move the library workaround after squash * dracut.spec: add 90nvdimm * dracut.spec: add version check for deprecated files * Fix CI badges in README.md and fix dracut description * Fix CoC URL * fix graphics startup failure with the rhgb paramter in CentOS8.2 * Fix pre-trigger stage by replacing exit with return in lldpad.sh * Fix test in lsinitrd * Fix Unicode * Fix Unicode and dracut install labeler * github actions: use test container directly * .github: fix path to label workflow mapping file * i18n: Always install /etc/vconsole.conf * install: also install post weak dependencies of kernel modules * Install crypto modules in 90kernel-modules * install dependant libs too * lvm: fix removal of pvscan from udev rules * lvm: remove unnecessary ${initdir} from lvm_scan.sh * Make externally defined CFLAGS work * Makefile: fix VERSION again * Makefile: merge main-version and git-version earlier * Makefile: really make externally defined CFLAGS work * match simplified rd.zfcp format too * match the whole string * mkinitrd-dracut.sh: use vmlinux regex for ppc*, vmlinuz for i686 * mkinitrd-suse.sh: Fix i586 platform detection * mount-root.sh: fix writing fstab file with missing fsck flag * multipath: add automatic configuration for multipath * net-lib.sh: support infiniband network mac addresses * network: fix glob matching ipv6 addresses * network-manager: ensure that nm-run.sh is executed when needed * network-manager: install libnss DNS and mDNS plugins * network-manager: move connection generation to a lib file * network-manager: set kernel hostname from the command line * New labels file * New label trigger file * README.md: fix github action badge links * Remove cleanup_trace_mem calls * Remove memtrace-ko and rd.memdebug=4 support in dracut * Remove stratis module * Removing dracut entry not compat with new plugin * Switching label triggers from pull requests to cron * systemd: skip dependency add for non-existent units * TEST-03-USR-MOUNT/test.sh: increase loglevel * TEST-12-RAID-DEG/create-root.sh: more udevadm settle * TEST-41-NBD-NM/Makefile: should be based on TEST-40-NBD not TEST-20-NFS * TEST-99: exclude /etc/dnf/* from check * test/TEST-35-ISCSI-MULTI: bump disk space * test: use dd from /dev/zero, instead of creating files with a hole * .travis.yml: reformat * UEFI Mode: only write kernel cmdline to UEFI binary * Update master-labels.yml * url-lib: drop NSS if it's not in curl --version * Use TMPDIR if available ==== glib2 ==== Version update (2.64.4 -> 2.64.5) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.64.5: + Fix deadlock in `g_subprocess_communicate_async()`. + Bugs fixed: glgo#GNOME/GLib!1519, glgo#GNOME/GLib!1520, glgo#GNOME/GLib!1565, glgo#GNOME/GLib!1608, glgo#GNOME/GLib!1618, glgo#GNOME/GLib!1621. ==== glib2-branding-openSUSE ==== - Update .gschema.override.in (jsc#SLE-14772): * add different key for screenlock * update background color for SLE. ==== gnome-desktop ==== Version update (3.36.5 -> 3.36.6) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Add gnome-desktop-invalid-size-crash.patch: fix a crash caused by a malformed background xml file (bsc#1176596 glgo#GNOME/gnome-desktop#169). - Update to version 3.36.6: + No changes, version bump only. ==== gnome-settings-daemon ==== - fix build on s390x (wacom=false but wayland=true) ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Update gnome-shell-fate324570-Make-GDM-background-image-configurable.patch: Bring noise-texture.png back which will be used as the default value of org.gnome.desktop.background.lockdialog picture-uri (boo#1176418). ==== gsettings-desktop-schemas ==== - Update gsettings-desktop-schemas-fate324570-Add-key-for-GDM-background-configuration.patch: Set noise-texture.png as the default value of picture-uri to avoid failed to load background error (boo#1176418). ==== harfbuzz ==== Version update (2.6.8 -> 2.7.2) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to 2.7.2: - Fix a regression in the previous release that caused a crash with Kaithi. - More OOM fixes. - ot-funcs now handles variable empty glyphs better when hvar/vvar isn't present. - Reverted a GDEF processing regression. - A couple of fixes to handle OOM better. - Use an implementation for round that always rounds up, some minor fluctuations are expected on var font specially when hb-ot callback is used. - Fix an AAT's `kerx` issue on broken rendering of Devanagari Sangam MN. - Remove AAT's `lcar` table support from _get_ligature_carets API, not even much use on macOS installed fonts (only two files). GDEF support is the recommended one and expected to work properly after issues fixed two releases ago. - Minor memory fixes to handle OOM better specially in hb-ft. - Minor .so files versioning scheme change and remove stable/unstable scheme differences, was never used in practice (always default to stable scheme). - We are now suggesting careful packaging of the library using meson, https://github.com/harfbuzz/harfbuzz/wiki/Notes-on-migration-to-meson for more information. - Distribution package URL is changed, either use GitHub generated tarballs, `https://github.com/harfbuzz/harfbuzz/archive/$pkgver.tar.gz` or, even more preferably use commit hash of the release and git checkouts like, `git+https://github.com/harfbuzz/harfbuzz#commit=$commit` ==== installation-images-MicroOS ==== Version update (16.16 -> 16.18) - merge gh#openSUSE/installation-images#422 - prevent cross-filesystem relative symlinks to kmod in initrd (bsc#1169094) - 16.18 - merge gh#openSUSE/installation-images#421 - plymouthd.defaults will be moved to branding package (jsc#SLE-11637) - 16.17 ==== json-glib ==== Version update (1.4.4 -> 1.6.0) Subpackages: libjson-glib-1_0-0 typelib-1_0-Json-1_0 - Update to version 1.6.0: + docs: Add missing index for 1.6 symbols. + Updated translations. - Add gtk-doc BuildRequires and build gtk-doc api documentation and manpages via passing man=true and gtk_doc=enabled to meson. - Add check section and run meson_test macro during build. - Drop obsolete nuking of .la files, no longer needed. - Update to version 1.5.2: + Add getters with default fallback for JsonObject. + Clarify some expections of the json_object_get_*_member APIs. + Fix getting immutable root nodes from empty input. + Add `--output` option to json-glib-format. + Support loading files via memory mapping. + Add a symbol version to all exported symbols. - Pass -Dgtk_doc=disabled to meson: keep the gtk-doc disabled for now. ==== kaccounts-integration ==== - The -devel package needs intltool - Don't hardcode sover everywhere - Mention the sover in %files ==== kio-extras5 ==== Subpackages: libkioarchive5 - Remove obsolete build dependencies: openslp, KDELibs4Support, KHtml, exiv2 ==== ldb ==== Version update (2.1.4 -> 2.2.0) Subpackages: libldb2 python3-ldb - Release ldb 2.2.0 + Fix memory leak in ldb_kv_index_dn_ordered(); (bso#14299) + Fix off-by-one increment in lldb_add_msg_attr; (bso#14413) ==== libiptcdata ==== Version update (1.0.4 -> 1.0.5) Subpackages: libiptcdata0 - update to 1.0.5: * Omnibus python3 update * Modernize autoconf/automake init * Update to latest gtk-doc * Fix python3 module init ==== libproxy ==== - Build with KDE on Tumbleweed, Leap and SLE releases greater than SLE-15-SP2 (jsc#SLE-12256). ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Revert commit to fix screen geometry on startup (boo#1176750, QTBUG-86604): * 0001-Revert-Emit-QScreen-availableG-g-eometryChanged-on-l.patch ==== libsolv ==== Version update (0.7.14 -> 0.7.15) - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function - bump version to 0.7.15 - Enable zstd compression support for sle15 - Enable zstd compression support for sle15-sp2 ==== libssh ==== Version update (0.9.4 -> 0.9.5) Subpackages: libssh-config libssh4 - Add missing BR for openssh needed for tests - update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite ==== libzypp ==== Version update (17.24.2 -> 17.25.0) - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken "suse,opensuse" equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) - BuildRequires: libsolv-devel >= 0.7.15. - version 17.25.0 (22) ==== mozilla-nss ==== Version update (3.55 -> 3.56) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - Update nss-fips-approved-crypto-non-ec.patch to match RC2 code being moved to deprecated/. - Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made obsolete by upstream changes. - update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting "all" as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 - do not hard require mozilla-nss-certs-32bit via baselibs (boo#1176206) ==== openSUSE-build-key ==== - the container keys for openSUSE and SUSE Linux Enterprise are actually not the build keys. (bsc#1176818) - build@suse.de key for SLE12 was extended. (bsc#1176759) ==== pango ==== Version update (1.46.1 -> 1.46.2) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Update to version 1.46.2: + Fix pango_win32_font_map_load_font with falback families. + Fix an assertion in pango_language_get_scripts. + Fix a crash in get_items_log_attrs. + Fix attribute iterators with overlapping attributes. + Fix rendering of Emoji keycap sequences. + ci: Run the testsuite under asan and fix all reported issues. + build: Make libthai, cairo, xft, fontconfig, freetype dependencies meson features. ==== perl-libwww-perl ==== Version update (6.47 -> 6.49) - updated to 6.49 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.49 2020-09-24 00:27:56Z - Require network testing enabled for t/redirect.t (GH#351) (Olaf Alders) - updated to 6.48 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.48 2020-09-20 15:25:51Z - Support 308 Permanent Redirect (GH#349) (Galen Huntington) ==== pipewire ==== Version update (0.3.10 -> 0.3.11) Subpackages: libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.11: * PipeWire improvements + Properly cleanup the mixer structures when a port is removed, this should fix client crashes related to port config changes and other random crashes. + Optimize the preferred formats in the audio converter. Higher quality formats with higher performance are chosen first. + Make sure the time reported by pw_stream is always increasing, even when the driver and clock changes. + There is now also a system service and socket that can be used to enable PipeWire systemwide. This is however not recommended and disabled by default. + Fix channelmixer 5.1 to stereo mix matrix. It was not reading the conversion matrix correctly and cause channels to be dropped. The channelmixer will now also normalize the volume, like what pulseaudio does. + The channelmixer will now just copy channels when no layout has been given. It has also optimized paths for this. This makes it possible for apps to request > 8 channels from the alsa plugin (ardour). + Port, Node and Link will now also emit an error on the resources in addition to updating the error in the info. This would make it easier to track negotiation errors in the session manager later. + many small fixes and cleanups. + Fix compatibility: - DOSBox: fix crash because of double free in pw_stream * Session manager improvements + The session manager will now try to configure the client to the channel configuration of the sink/source. It will only do this for downmixing, never for upmixing and also never when the client has the dont-remix property set. It will also renegotiate the channel layout when moving a stream to a new sink/source. + Configuration state is now saved in XDG_CONFIG_HOME. Previously it was saved in $HOME/.pipewire-media-session/ You can migrate the state by moving the files to $XDG_CONFIG_HOME/pipewire-media-session (or $HOME/.config/pipewire-media-session as a fallback when XDG_CONFIG_HOME is not set). * Device support + Bluetooth sources and sinks should work better now. + There is now also a new bluetooth backend using hsphfpd. + fix the ALSA UCM Off profile for alsa pcm devices + improve ALSA port and profile switching. The ACP device will now switch to the best port and profile when availability changes. * PulseAudio layer improvements + Implement some more callbacks. The pulse layer will now also notify applications of stream moved, started and latency changes. + Fix error code when an object was not found. We now return PA_ERR_NOENTITY instead of PA_ERR_INVALID. + Add some support for loading new null sinks. Applications such as pulseeffects use this. Note that pulseeffects does not yet work reliably but can start now. + Improve handling of profile and port updates, it should work much more reliable now. Apps should now also again receive volume updates from sinks/sources. + Fix compatibility: - openal-soft 1.20 - pavucontrol (checks PA_ERR_NOENTITY) * JACK layer improvements + improve default source and sink handling. It was not updated correctly in all cases. + add samplerate and period to the pw-jack wrapper to easily configure the desired samplerate and perdiod for the app. * ALSA plugin improvements + Add a mixer entry in the alsa config file. + Implement support for planar types, rework the processing function to make it more robust. + refuse to load the alsa plugin when linked against 0.2. This catches some old apps linked against 0.2 that want to use the alsa plugin. + Fix compatibility: - linphone (ALSA SIGFPE when _status() is called before _prepare()). - Add patch from upstream to fix audio stutters in discord and probably other applications when using alsa directly. * 0001-alsa-dont-change-the-resampler-delay-value.patch ==== samba ==== Version update (4.12.5+git.168.88cc07e6cbf -> 4.13.0+git.138.ff2d5480c67) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428) - Update to samba 4.12.7 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.12.6 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403). + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424). + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450). + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426). + PANIC: Assert failed in get_lease_type(); (bso#14428). + util: Fix build on AIX by fixing the order of replace.h include; (bso#14422). + srvsvc_NetFileEnum asserts with open files; (bso#14355). + KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it; (bso#14354). + s3:smbd: Make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427). + PANIC: Assert failed in get_lease_type(); (bso#14428). + docs: Fix documentation for require_membership_of of pam_winbind.conf; (bso#14358). + ctdb-scripts: Use nfsconf utility for variable values in CTDB NFS scripts; (bso#14444). + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425). ==== snapper ==== Version update (0.8.13 -> 0.8.14) Subpackages: libsnapper5 - added option to cleanup to make requested free space available (jsc#SLE-15765) - version 0.8.14 ==== sysconfig ==== Version update (0.85.5 -> 0.85.6) Subpackages: sysconfig-netconfig - version 0.85.6 - netconfig: execute chrony/helper in /usr/libexec with fallback to it's previous location in /usr/lib (boo#1176285) - netconfig: only write files like /etc/resolv.conf on content change to avoid that e.g. dnsmasq (if running) re-reads the /etc/resolv.conf and re-initializes itself (bsc#1176325) ==== tracker2 ==== Version update (2.3.5 -> 2.3.6) Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 - Update to version 2.3.6: + Do not autostart tracker-store. + Updated translations. - Rename to tracker2: compatibility package while the world moves to Tracker 3. - Provide/Obsolete tracker and tracker-lang from the main package, and tracker-devel from tracker2-devel. ==== vim ==== Version update (8.2.1551 -> 8.2.1719) Subpackages: vim-data-common vim-small - Updated to version 8.2.1719, fixes the following problems * Vim9: error for argument type does not mention the number. * Warnings from asan with clang-11. (James McCoy) * Crash in edit test. * Crash in normal test. * Not all tests are executed on Github Actions. * Cursorline highlighting always overrules sign highlighting. * Crash in :vimgrep when started as "vim -n". (Raul Segura) * Signs test fails. * s390x tests work again. * Using NULL pointers in some code. (James McCoy) * Using NULL pointers in fold code. * Vim9: error when using "%" where a buffer is expected. * Vim9: error when using '%" with setbufvar() or getbufvar(). * A few remaining errors from ubsan. * Spellfile test sometimes fails. * Not all Bazel files are recognized. * No example to use ubsan with clang. * prop_find() skips properties in the same line if "skipstart" is used. * Vim9: fixes for functions not tested; failure in getchangelist(). * Configure check for dirfd() does not work on HPUX. (Michael Osipov) * Vim9: count() third argument cannot be "true". * Vim9: expand() does not take "true" as argument. * Vim9: getreg() does not take "true" as argument. * Vim9: glob() doesnot take "true" as argument. * Vim9: globpath() doesnot take "true" as argument. * Vim9: index() does not take "true" as argument. * Vim9: hasmapto(), mapcheck() and maparg() do not take "true" as argument. * Vim9: popup_clear() does not take "true" as argument. * Reports from asan are not optimal. * Wildmenu does not work properly. * Using line() for global popup window doesn't work. * The channel log does not show typed text. * Vim9: cannot use "true" for "skipstart" in prop_find(). * Messages in globals.h not translated, xgettext on MS-Windows not fully supported. * :resize command not fully tested. * Loop for handling keys for the command line is too long. * Cannot read back the prompt of a prompt buffer. * Term_start() options for size are overruled by 'termwinsize'. (Sergey Vlasov) * Vim9: bufnr() doesn't take "true" argument. * Using winheight('.') in tests works but is wrong. * Vim9: passing "true" to char2nr() fails. * Tests do not check the error number properly.0 * Pull requests on github do not notify a maintainer. * Cannot easily see what Vim sends to the terminal. * Using win_screenpos('.') in tests works but is wrong. * The channel source file is too big. * Starting a hidden terminal resizes the current window. * Missing line end when skipping a long line with :cgetfile. * Vim9: cannot use "true" with deepcopy(). * Vim9: cannot use 'true" with garbagecollect(). * Vim9: cannot use 'true" with getbufinfo(). * Vim9: cannot use "true" with getchar(). * Vim9: cannot use "true" with getcompletion(). * Vim9: cannot use "true" with has(). * Vim9: getchar() test fails with GUI. * Vim9: test fails when build without +channel. * Vim9: cannot pass "true" to list2str() and str2list(). * Vim9: cannot pass "true" to nr2char(). * Vim9: cannot pass "true" to prop_remove(). * Vim9: cannot pass "true" to prop_type_add(). * Vim9: cannot pass "true" to searchcount(). * Vim9: cannot pass "true" to searchdecl(). * Vim9: cannot pass "true" to synID(). * Vim9: cannot pass "true" to win_splitmove(). * Vim9: cannot pass "true" to setloclist(). * Vim9: cannot pass "true" to spellsuggest(). * searchcount() test fails. * Crash when using submatch(0, 1) in substitute(). * Loop to handle keys for the command line is too long. * Vim9: using :call where it is not needed. * Vim9: cannot pass "true" to split(), str2nr() and strchars(). * Compiler warning for use of fptr_T. * Test for strchars() fails with different error number. * Vim9: cannot pass "true" to submatch(), term_gettty() and term_start() * Vim9: cannot pass "true" to timer_paused(). * Test fails without terminal feature. * Terminal test fails. * test_fails() does not check the context of the line number. * Not checking the context of test_fails(). * Some error messages are internal but do not use iemsg(). * Loop to handle keys for the command line is too long. * No digraph for 0x2022 BULLET. * Get stuck if a popup filter causes an error. * Vim9: :put ={expr} does not work inside :def function. * Leaking memory when popup filter function can't be called. * Options window cannot be translated. * Amiga: missing header for getgrgid(). * Vim9: cannot use 0 or 1 where a bool is expected. * Otions test fails. * Vim9: :defcompile compiles dead functions. * Vim9: cannot assign 1 and 0 to bool at script level. * GTK3: icons become broken images when resized. * Vim9: result of expression with && and || cannot be assigned to a bool variable. * Amiga: no common build file for Amiga (-like) systems. * GTK3: using old file chooser. * Vim9: result of && and || expression cannot be assigned to a bool at the script level. * Spellfile code not completely tested. * Cannot translate lines in the options window. * Expand('<stack>') does not include the final line number. * When job writes to hidden buffer current window has display errors. (Johnny McArthur) * Cannot build with Strawberry Perl 5.32.0. * Vim9: callstack wrong if :def function calls :def function. * Vim9: no proper error for nested ":def!". * Expand('<stack>') has trailing "..". * Spellfile code not completely tested. * Assert functions require passing expected result as the first argument, which isn't obvious. * Cannot connect to 127.0.0.1 for host with only IPv6 addresses. * :mksession does not restore shared terminal buffer properly. * Options window entries cannot be translated. * Memory leak when using :mkview with a terminal buffer. * Cannot do fuzzy string matching. * The initial value of 'backupskip' can have duplicate items. * Local function name cannot shadow a global function name. * Vim9: not accepting 0 or 1 as bool when type is any. * Vim9: memory leak when storing a value fails. * A couple of gcc compiler warnings. * Vim9: stray error for missing white space. * v_lock is used when it is not initialized. (Yegappan Lakshmanan) * complete_info() selected index has an invalid value. (Ben Jackson) * Vim9: internal error when using variable that was not set. * MinGW: testdir makefile deletes non-existing file. * Compiler warnings for function typecast. * Memory access errors when calling setloclist() in an autocommand. * Crash when using ":set" after ":ownsyntax". (Dhiraj Mishra) * Vim9: ":*" is not recognized as a range. * Vim9: line number for compare error is wrong. * Vim9: unnessary :call commands in tests. * Vim9: const works in an unexpected way. * Vim9: assignment test fails. * "gF" does not use line number after file in Visual mode. * Vim9: cannot declare a constant value. * Vim9: "const!" not sufficiently tested. * Vim9: out of bounds error. * Increment/decrement removes text property. * 'colorcolumn' doesn't show in indent. * Text properties not adjusted for "I" in Visual block mode. * Vim9: list<any> is not accepted where list<number> is expected. * Build fails because TTFLAG_STATIC is missing. * "hi def" does not work for cleared highlight. * Compiler warning for loss if data. * Vim9: crash when using varargs type "any". * Unused (duplicate) macros. * Inconsistent capitalization of error messages. * Cannot lock a variable in legacy Vim script like in Vim9. * Build failure due to missing error message. * Vim9: try/catch causes wrong value to be returned. * Vim9: sort("i") does not work. * Crash when using undo after deleting folded lines. * ":highlight clear" does not restore default link. * Vim9: crash in for loop when autoload script has an error. * "verbose hi Name" reports incorrect info after ":hi clear". * Vim9: crash after running into the "Multiple closures" error. * Small inconsitency in highlight test. * Vim9: error message for function has unpritable characters. * Vim9: memory leak when using multiple closures. * Vim9: list of list type can be wrong. * Vim9: leaking memory when using partial. * Vim9: leaking memory when calling a lambda. * Motif GUI: crash when setting menu colors. (Andrzej Bylicki) * Text properties corrupted with substitute command. (Filipe Brandenburger) * Motif GUI: commented out code missed {}. * Options window has duplicate translations. * Vim9: :def function disallows "firstline" and "lastline" argument names for no good reason. ==== webkit2gtk3 ==== Version update (2.28.4 -> 2.30.0) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.30.0: + Fix NTLM authentication. + Don't try to use SHM on wayland with older wpebackend-fdo. + Fix the build due to seccomp.h header not found. - Drop seccomp-build-fix.patch and wpe-shm-check.patch: fixed upstream. - Add wpe-shm-check.patch: make SHM initialization fail for wpebackend-fdo < 1.7.0. - Add seccomp-build-fix.patch: pass seccomp include directory to g++. - Re-enable bubblewrap sandbox for SLE-15-SP2 and Tumbleweed. - Update to version 2.29.92: + Fix user agent header after a redirect when a new quirk is required. + Stop using firefox user agent quirk for google docs. + Fix rendering frames timeline panel in web inspector. + Fix per-thread cpu usage in web inspector. + Fix several crashes and rendering issues. - Changes from version 2.29.91: + Fix a web process crash introduced in 2.29.90. - Changes from version 2.29.90: + Fix font variation settings when font smoothing setting is also present. + Fix HTML drag and drop operations. + Fix argument order for clone syscall seccomp filter on s390x. + Fix a crash when selecting text. + Fix several crashes and rendering issues. - Changes from version 2.29.4: + Add support for backdrop filters. + Add support for text-underline-offset and text-decoration-thickness. + Add OpenCDM and AV1 support to media backend. + Add new API to get ITP data summary. + Use mobile user-agent on tablets. + Fix several crashes and rendering issues. - Changes from version 2.29.3: + Add webkit_authentication_request_get_security_origin. + Change the cookies accept policy to always when no-third-party is set and ITP is enabled. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Add support for sndio to bubblewrap sandbox. + Also handle dark themes when the name ends with -Dark. + Fix a race condition causing a crash in media player. + Fix several crashes and rendering issues. - Changes from version 2.29.2: + Add Intelligent Tracking Prevention (ITP) support. + Add support for video formats in img elements. + Add API to handle video autoplay policy that now defaults to disallow autoplay videos with audio. + Add API to mute a web view. + Add API to allow applications to handle the HTTP authentication credential storage. + Add a WebKitSetting to set the media content types requiring hardware support. + Fix a crash during drag an drop due to a bug introduced in 2.29.1. + Do not start page load during animation in back/forward gesture. + Fix several crashes and rendering issues. - Changes from version 2.29.1: + Stop using GTK theming to render form controls. + Add API to disable GTK theming for scrollbars too. + Fix several race conditions and threading issues in the media player. + Add USER_AGENT_BRANDING build option. + Add paste as plain text option to the context menu for rich editable content. + Fix several crashes and rendering issues. + Updated translations. - Rebase webkit2gtk3-fdo-soname.patch. - Add pkgconfig(libsystemd) BuildRequires: new dependency. ==== wpa_supplicant ==== - Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build - Enable SAE support(jsc#SLE-14992). ==== xen ==== Version update (4.14.0_06 -> 4.14.0_08) - bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch - bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in XENMEM_acquire_resource error path (XSA-334) 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch - bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch - bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code reading back hardware registers (XSA-337) 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch - bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event channels may not turn invalid (XSA-338) 5f6a062c-evtchn-relax-port_is_valid.patch - bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) 5f6a065c-pv-Avoid-double-exception-injection.patch - bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier barriers when accessing/allocating an event channel (XSA-340) 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch - bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch - bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with evtchn_reset() (XSA-343) 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch - bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch - Upstream bug fix (bsc#1027519) 5f5b6951-x86-PV-64bit-segbase-consistency.patch - Fix problems in xen.spec with building on aarch64 - Make use of %service_del_postun_without_restart while preserving the old behavior for older distros. - In %post tools, remove unnecessary qemu symlinks. - Fix error in xen-tools %post when linking pvgrub64.bin - Make paths below libexec more explicit - Create symlink also for pvgrub32.bin ==== yast2 ==== Version update (4.3.27 -> 4.3.29) - Added "--plain" and "--full" options for the "systemctl" calls, these are recommended when processing the output by scripts (bsc#1176714) - 4.3.29 - Decrease error logging to avoid false positives in the y2log (bsc#1176653) - 4.3.28 ==== zypper ==== Version update (1.14.38 -> 1.14.39) Subpackages: zypper-needs-restarting - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) - version 1.14.39