Packages changed: apparmor atftp cracklib cryptsetup (2.3.1 -> 2.3.3) dnsmasq (2.80 -> 2.81) epiphany (3.36.1 -> 3.36.2) exim (4.93.0.4 -> 4.94) ffmpeg-4 glabels gnome-chess (3.36.0 -> 3.36.1) gptfdisk (1.0.4 -> 1.0.5) gstreamer-plugins-bad haveged (1.9.4 -> 1.9.8) irqbalance (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) judy kcm_tablet kcmutils kdeconnect-kde kdevelop5 (5.5.1 -> 5.5.2) kirigami2 kmod (26 -> 27) less (557 -> 562) libdlm libdrm (2.4.101 -> 2.4.102) libksba (1.3.5 -> 1.4.0) libreoffice (6.4.3.2 -> 6.4.4.2) libsolv (0.7.13 -> 0.7.14) libzypp (17.23.4 -> 17.23.5) lvm2 lvm2-device-mapper mariadb-connector-c (3.1.7 -> 3.1.8) nagios (4.4.5 -> 4.4.6) nano (4.9.2 -> 4.9.3) opie osinfo-db perl-Mojolicious (8.50 -> 8.52) perl-Net-DNS (1.23 -> 1.24) perl-TimeDate (2.32 -> 2.33) psqlODBC (12.01.0000 -> 12.02.0000) rp-pppoe (3.13 -> 3.14) sonnet swig tnftp unzip vim vulkan-loader (1.2.137 -> 1.2.141) xawtv xf86-input-synaptics zstd (1.4.4 -> 1.4.5) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils pam_apparmor perl-apparmor python3-apparmor - add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff ==== atftp ==== - fix logrotate * change command to '/sbin/service atftpd restart' since there is no init script and we are using systemd - fix service file * atftpd does not create logfile when there is none, hence we create in ExecStartPre - Update sysconfig file * add ATFTPD_LOGFILE if we want to use our own logfile * add comment to ATFTPD_BIND_ADDRESSES that it is obsolete since systemd (binds to 0.0.0.0) ==== cracklib ==== Subpackages: libcrack2 - Enable translation-update-upstream on leap, to remove the use of is_opensuse (jsc#SLE-12096). - use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should contain internal binaries, not data ==== cryptsetup ==== Version update (2.3.1 -> 2.3.3) Subpackages: libcryptsetup12 libcryptsetup12-hmac - Update to 2.3.3: * Fix BitLocker compatible device access that uses native 4kB sectors * Support large IV count (--iv-large-sectors) cryptsetup option for plain device mapping * Fix a memory leak in BitLocker compatible handling * Allow EBOIV (Initialization Vector algorithm) use * LUKS2: Require both keyslot cipher and key size option, do not fail silently - includes changes from 2.3.2: * Add option to dump content of LUKS2 unbound keyslot * Add support for discards (TRIM) for standalone dm-integrity devices (Kernel 5.7) via --allow-discards, not for LUKS2 * Fix cryptsetup-reencrypt to work on devices that do not allow direct-io device access. * Fix a crash in the BitLocker-compatible code error path * Fix Veracrypt compatible support for longer (>64 bytes) passphrases ==== dnsmasq ==== Version update (2.80 -> 2.81) - Update to 2.81: * Improve cache behaviour for TCP connections * Remove the NO_FORK compile-time option, and support for uclinux * Fix line-counting when reading /etc/hosts and friends * Fix bug in DNS non-terminal code, added in 2.80, which could sometimes cause a NODATA rather than an NXDOMAIN reply. * Support TCP-fastopen (RFC-7413) on both incoming and outgoing TCP connections, if supported and enabled in the OS. * Improve kernel-capability manipulation code under Linux * Add --shared-network config. This enables allocation of addresses by the DHCP server in subnets where the server (or relay) does not have an interface on the network in that subnet. Many thanks to kamp.de for sponsoring this feature. * Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet validation check got borked in commit 2b38e382 and release 2.80. Thanks to Tomasz Szajner for spotting this. * Fix compilation against nettle version 3.5 and later. * Fix spurious DNSSEC validation failures when the auth section of a reply contains unsigned RRs from a signed zone, with the exception that NSEC and NSEC3 RRs must always be signed. Thanks to Tore Anderson for spotting and diagnosing the bug. * Add --dhcp-ignore-clid. This disables reading of DHCP client identifier option (option 61), so clients are only identified by MAC addresses. * Fix a bug which stopped --dhcp-name-match from working when a hostname is supplied in --dhcp-host. Thanks to James Feeney for spotting this. * Fix bug which caused very rarely caused zero-length DHCPv6 packets. Thanks to Dereck Higgins for spotting this. * Add --tftp-single-port option. * Enhance --conf-dir to load files in a deterministic order * Add filtering by tag of --dhcp-host directives * Remove DSA signature verification from DNSSEC, as specified in RFC 8624 * Add --script-on-renewal option. - Remove Fix-build-with-libnettle-3.5.patch - Remove 0001-fix-build-after-y2038-changes-in-glibc.patch - Remove dnsmasq-CVE-2019-14834.patch ==== epiphany ==== Version update (3.36.1 -> 3.36.2) Subpackages: gnome-shell-search-provider-epiphany - Update to version 3.36.2: + Fix non-default search engines appearing in search provider. + Set reasonable limit on address bar autocompletions. + Invert back/forward shortcuts in keyboard shortcuts dialog in RTL locales. + Fix crash in web app creation dialog. + Fix two windows opened by new window action. + Restore bookmark tag search in URL entry. + Fix bookmark lockdown enabled when current page cannot be bookmarked. + Fix crash loading about:applications. ==== exim ==== Version update (4.93.0.4 -> 4.94) - update to exim 4.94 * some transports now refuse to use tainted data in constructing their delivery location this WILL BREAK configurations which are not updated accordingly. In particular: any Transport use of $local_user which has been relying upon check_local_user far away in the Router to make it safe, should be updated to replace $local_user with $local_part_data. * Attempting to remove, in router or transport, a header name that ends with an asterisk (which is a standards-legal name) will now result in all headers named starting with the string before the asterisk being removed. ==== ffmpeg-4 ==== Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58 libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5 - libfdk-aac is now .so.2, not .so.1. ==== glabels ==== - Add glabels-externs.patch: define shared variables as extern. ==== gnome-chess ==== Version update (3.36.0 -> 3.36.1) - Update to version 3.36.1: + Fix window switching to narrow mode when opening menu. ==== gptfdisk ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 * Changed number of columns in type code output ("sgdisk -L" and equivalents in gdisk and cgdisk) from 3 to 2, since some descriptions are long enough that they are ambiguous with three columns. * You can now put the 0xEE partition last in a hybrid MBR using sgdisk. (Previously, this was possible with gdisk but not with sgdisk.) See the sgdisk man page for details. * Added numerous type codes for Container Linux, Veracrypt, and Freedesktop.org's Discoverable Partitions Specification * Partition type name searches are now case-insensitive. * It is now possible to quit out of partition type name searches by typing "q". * When changing a partition type code, the default is now the current type code, not a platform-specific type code. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add gst-plugins-bad-vkerror.patch: vulkan: Drop use of VK_RESULT_BEGIN_RANGE. ==== haveged ==== Version update (1.9.4 -> 1.9.8) Subpackages: libhavege1 - Update to version 1.9.8: * Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync [Jirka Hladky] * order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian Hesse] * use systemd security features [Christian Hesse] * do not run in container [Christian Hesse] * do not use carriage return in line break [Christian Hesse] * Fixed invalid UTF-8 codes in ChangeLog [Jirka Hladky] - Changes for version 1.9.5: * Added test for /dev/random symlink [Jirka Hladky] * Update to automake 1.16 [Jirka Hladky] * Fix segv at start [Andrew] * Fixed built issue on Cygwin [jbaker6953] * Fix segfault on arm machines (origin/pr/7) [Natanael Copa] * init.d/Makefile.am - add missing dependency [Jackie Huang] * service.redhat - update PIDFile [Pierre-Jean Texier] * Fix type mismatch in get_poolsize [Andreas Schwab] * Fixup upstream changelog [Nicolas Braud-Santoni] * Remove support for CPUID on ia64 (origin/pr/19) [Jeremy Bobbio] * Output some progress during CUSUM and RANDOM EXCURSION test [Sven Hartge] * Diagnostics capture mode now works correctly [Ethan Rahn] - Drop upstream patches: * f2193587.patch * get-poolsize.patch ==== irqbalance ==== Version update (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) Subpackages: irqbalance-ui - Update to latest git HEAD version 0348a3b. There has been no version update for quite some time, but some restructuring and fixes we want to have included. D install-man-pages.patch ==== judy ==== - run spec-cleaner ==== kcm_tablet ==== Subpackages: kcm_tablet-lang - Add patch to fix build with Qt 5.15: * 0001-Fix-build-with-Qt-5.15.patch - Spec cleanup ==== kcmutils ==== Subpackages: libKF5KCMUtils5 libKF5KCMUtils5-lang - Update Fix-crash-when-loading-external-app.patch to last version that actually was committed upstream - Add upstream patches to fix loading normal settings modules that got broken by the previous fix (kde#421898), and add unit tests: * Rename-KCModuleInfo-unittest-and-extend-it-with-fake-KCM.patch * Add-test-for-a-normal-KCM-with-desktop-file.patch * Repair-kcmshell5-after-previous-commits.patch * Port-these-two-to-KCModuleInfo_property-as-well.patch - Add Fix-crash-when-loading-external-app.patch to fix loading the Yast entry in systemsettings (boo#1171916, kde#421566) ==== kdeconnect-kde ==== Subpackages: kdeconnect-kde-lang kdeconnect-kde-zsh-completion - Add patch submitted upstream to use ecm_qt_declare_logging_category so users can easily modify the debugging configuration and use a default logging level of Warning instead of sending all debug messages to the log: * 0001-Use-ecm_qt_declare_logging_category-to-declare-the-l.patch ==== kdevelop5 ==== Version update (5.5.1 -> 5.5.2) Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform55 - Update to 5.5.2 * Remove plugin "kde repo provider" due to defunct service * Fix extra margins around config pages ==== kirigami2 ==== Subpackages: kirigami2-lang libKF5Kirigami2-5 - Add patch to fix PlaceholderMessage with Qt 5.12: * fix-import-in-PlaceholderMessage.patch ==== kmod ==== Version update (26 -> 27) Subpackages: kmod-compat libkmod2 - Update to release 27 * Link to libcrypto rather than requiring openssl. * Use PKCS#7 instead of CMS for parsing module signature to be compatible with LibreSSL and OpenSSL < 1.1.0. * Teach modinfo to parse modules.builtin.modinfo. When using Linux kernel >= v5.2~rc1, it is possible to get module information from this new file. ==== less ==== Version update (557 -> 562) - less 562: * Update unicode tables * formatting changes in man pages ==== libdlm ==== Subpackages: libdlm3 - Support uint64_t corosync ringid (bsc#1168771) * add cluster-ringid-seq.patch ==== libdrm ==== Version update (2.4.101 -> 2.4.102) Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_etnaviv1 libdrm_exynos1 libdrm_freedreno1 libdrm_nouveau2 libdrm_radeon1 libdrm_tegra0 - upgrade to version 2.4.102 * lots of FreeBSD and modetest stuff ==== libksba ==== Version update (1.3.5 -> 1.4.0) - libksba 1.4.0: * Supports ECDSA and EdDSA certificate creation and parsing. * Supports ECDH enveloped data. * Supports ECDSA and EdDSA signed data. * Supports rsaPSS signature verification. * Supports standard file descriptors in ksba_reader_read. * Allows for optional elements in keyinfo objects. * Fixes error detection in the CMS parser. * Fixes memory leak in ksba_cms_identify. * New constants KSBA_VERSION and KSBA_VERSION_NUMBER. * New API to make creation of DER objects easy. * Interface changes relative to the 1.3.5 release: KSBA_VERSION NEW. KSBA_VERSION_NUMBER NEW. KSBA_CT_SPC_IND_DATA_CTX NEW. KSBA_CLASS_* NEW. KSBA_TYPE_* NEW. ksba_der_t NEW. ksba_der_release NEW. ksba_der_builder_new NEW. ksba_der_builder_reset NEW. ksba_der_add_ptr NEW. ksba_der_add_val NEW. ksba_der_add_int NEW. ksba_der_add_oid NEW. ksba_der_add_bts NEW. ksba_der_add_der NEW. ksba_der_add_tag NEW. ksba_der_add_end NEW. ksba_der_builder_get NEW. ==== libreoffice ==== Version update (6.4.3.2 -> 6.4.4.2) Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) * bsc1146025.diff - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff - Update to 6.4.4.2: * 6.4.4 release - Remove merged patch bsc1160687-1.diff ==== libsolv ==== Version update (0.7.13 -> 0.7.14) Subpackages: libsolv-devel libsolv-tools python3-solv ruby-solv - Support blacklisted packages in solver_findproblemrule() [bnc#1172135] - Support rules with multiple negative literals in choice rule generation - bump version to 0.7.14 ==== libzypp ==== Version update (17.23.4 -> 17.23.5) - Enable zchunk on SLE-15-SP2. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - version 17.23.5 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== mariadb-connector-c ==== Version update (3.1.7 -> 3.1.8) - Update to release 3.1.8 [bsc#1171550] * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improperly * CONC-464: Fix static build for auth_gssapi_client plugin * Fixes for the following security vulnerabilities: CVE-2020-13249 - refresh absolute_path_fix.patch and private_library.patch ==== nagios ==== Version update (4.4.5 -> 4.4.6) Subpackages: nagios-www - 4.4.6 * Fixed Map display in Internet Explorer 11 (#714) * Fixed duplicate properties appearing in statusjson.cgi (#718) * Fixed NERD not building when enabled in ./configure (#723) * Fixed build process when using GCC 10 (#721) * Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-1408) * When using systemd, configuration will be verified before reloading (#715) * Fixed HARD OK states triggering on the maximum check attempt (#757) ==== nano ==== Version update (4.9.2 -> 4.9.3) - GNU nano 4.9.3: * fix a crash when the terminal screen is resized while at a lock-file prompt ==== opie ==== - allso apply permissions macros to /etc/opiekeys ==== osinfo-db ==== - bsc#1172008 - osinfo-db: Add support for openSUSE Leap 15.2 add-opensuse-leap-15.2-support.patch ==== perl-Mojolicious ==== Version update (8.50 -> 8.52) - updated to 8.52 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.52 2020-06-01 - Updated project metadata. - Fixed a bug in Mojo::Asset::Memory where the upgrade event could not change the temporary directory. updated to 8.51 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.51 2020-05-30 - Improved map efficiency in Mojo::Promise. (mst) - Improved more tests to use subtests. (veesh) - Improved .perltidyrc with more modern settings. ==== perl-Net-DNS ==== Version update (1.23 -> 1.24) updated to 1.24 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== perl-TimeDate ==== Version update (2.32 -> 2.33) updated to 2.33 see /usr/share/doc/packages/perl-TimeDate/ChangeLog 2.33 -- Wed May 19 11:34:00 MT 2020 * Remove PAX Headers in tarball using GNU tar ==== psqlODBC ==== Version update (12.01.0000 -> 12.02.0000) - Update to 12.02.0000: * Add a new *Display Optional Error Message* option. This option allows to display error messages other than primary one. Also add documentaition about the option and * Numeric as* option. * Handle notice messages in libpq_bind_and_exec(). Sets and resets a notify receiver around PQexecParams() or PQexecPrepared(). * Ignore PQtransactionStatus PQTRANS_ACTIVE in LIBPQ_update_transaction_status(). PQTRANS_ACTIVE isn't a transaction status. * Improve execution of parameterized SQL statements with arrays of parameters by sending chunks of SQL statements. If SQL_ATTR_CURSOR_TYPE of an statement is SQL_CURSOR_FORWARD_ONLY, SQL_ATTR_CONCURRENCY is SQL_CONCUR_READ_ONLY and extended protocol isn't used, the batch execution of the statement is possible. A new option Batch Size was introduced for such cases. Batch Size: Split an array (of parameters) into chunks of Batch Size to execute statements. The last chunk may contain less than Batch Size elements. Setting 1 to this option forces the current one by one execution. Also turn off use_server_side_prepare option temporarily when batch executuion is possible. * Change SC_execute() so that it returns a return code which is not affetced by the preceding results. It's necessary for batch execution with arrays of parameters. * Add a new option IgnoreTimeout. * Some tools issue issue SQLSetStmtAttr(.., SQL_ATTR_QUERY_TIMEOUT,,) internally and sometimes it's difficult for users to change the timeout value. You can disable the timeout by turning on this option. * An improvement for psqlodbc developpers. Make it possible to call some shell scripts from other directories. - Update psqlODBC-internal.patch ==== rp-pppoe ==== Version update (3.13 -> 3.14) - Refresh spec-file via spec-cleaner and manual optimisations. * Add make_build and autopatch macros. * Remove group tag and obsoleted conditions. - Refresh and rename patches: * docdir.diff to rp-pppoe-3.14-docdir.patch * nonrfc-modems.diff to rp-pppoe-3.14-nonrfc-modems.patch * release-buildsystem.diff to rp-pppoe-3.14-release-buildsystem.patch * resolve-conf.diff to rp-pppoe-3.14-resolve-conf.patch * rp-pppoe-3.10-config.patch to rp-pppoe-3.14-config.patch * rp-pppoe-3.10-init.patch to rp-pppoe-3.14-init.patch * rp-pppoe-pie.patch to rp-pppoe-3.14-pie.patch * strip.diff to rp-pppoe-3.14-strip.patch - Update to 3.14 * Add -H and -M options for sending HURL and MOTM packets respectively. * Change VERSION macro to RP_VERSION to avoid conflict with pppd macro. ==== sonnet ==== Subpackages: libKF5SonnetCore5 libKF5SonnetCore5-lang libKF5SonnetUi5 - Support spell checking for Finnish using Voikko in the sonnet-voikko package (boo#1172245) ==== swig ==== - Revert last change, drop 0005-disable_li_std_wstring.patch - ruby-std-wstring-byte-order.patch: fix wstring encoding boo#1171368 ==== tnftp ==== - tnftp ssl client should validate hostnames and certificates, so for example tnftp -d https://revoked.badssl.com/example fails to connect. (tnftp-verify_hostname.patch), There are at least two reports about this misbehaviour online but it has never been fixed. Patch targets openSSL 1.1.x and later so specify requirement in spec file. ==== unzip ==== Subpackages: unzip-doc - Change unzip-doc to noarch ==== vim ==== Subpackages: gvim vim-data vim-data-common - apparmor.vim: update from latest AppArmor 2.13 branch: - allow alias rules with leading whitespace - allow 'include if exists' rules ==== vulkan-loader ==== Version update (1.2.137 -> 1.2.141) - Update to release 1.2.141 * loader: Preload ICDs to speed up common path ==== xawtv ==== Subpackages: pia tv-common v4l-conf - add gcc-10.patch: fixes multiple definitions of global variables across the code. These cause errors with new major gcc 10 version. - v4l-conf: add v4l-conf-fix-CVE-2020-13696.patch: fix security issue in setuid-root program that allows for arbitrary file existence tests and open() with O_RDWR (bsc#1171655, CVE-2020-13696) ==== xf86-input-synaptics ==== - devel package: removed requires to main package, since it's not required at all for development (boo#1172153) ==== zstd ==== Version update (1.4.4 -> 1.4.5) Subpackages: libzstd-devel libzstd1 - Update to version 1.4.5 * perf: Improved decompression speed (x64 >+5%, ARM >+15%) * perf: Automatically downsizes ZSTD_DCtx when too large for too * perf: Improved fast compression speed on aarch64 (#2040, ~+3%) * perf: Small level 1 compression speed gains (depending on compiler) * fix: Compression ratio regression on huge files (> 3 GB) using high levels (--ultra) and multithreading * api: ZDICT_finalizeDictionary() is promoted to stable * api: new experimental parameter ZSTD_d_stableOutBuffer * cli: New --patch-from command, create and apply patches from files * cli: --filelist= : Provide a list of files to operate upon from a file * cli: -b can now benchmark multiple files in decompression mode * cli: New --no-content-size command * cli: New --show-default-cparams command * misc: new diagnosis tool, checked_flipped_bits, in contrib/ * misc: Extend largeNbDicts benchmark to compression * misc: experimental edit-distance match finder in contrib/