Packages changed: Mesa Mesa-drivers bash ca-certificates-mozilla (2.50 -> 2.52) cogl e2fsprogs elfutils filesystem gawk gtk4 ldb (2.3.0 -> 2.4.0) libsolv (0.7.19 -> 0.7.20) libsoup2 lz4 mozilla-nss (3.69.1 -> 3.70) samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) tar timezone (2021a -> 2021c) transactional-update (3.5.5 -> 3.5.6) u-boot-rpiarm64 (2021.07 -> 2021.10) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== bash ==== - Install bash_builtins manpage under the correct name ==== ca-certificates-mozilla ==== Version update (2.50 -> 2.52) - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA - remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021. (bsc#1190858) ==== cogl ==== Subpackages: libcogl-pango20 libcogl20 - Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2: Fix undefined references. Following this, add libtool BuildRequires and pass autoreconf call before configure as the patch touches the buildsystem. - Add patches from fedora that should have gone upstream: + 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch: egl: Use eglGetPlatformDisplay not eglGetDisplay. + 0002-add-GL_ARB_shader_texture_lod-support.patch: Add GL_ARB_shader_texture_lod support. + 0003-texture-support-copy_sub_image.patch: texture: Support copy_sub_image. ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - quota-Add-support-to-version-0-quota-format.patch: quota: Add support to version 0 quota format (jsc#SLE-17360) quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360) quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360) tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota files (jsc#SLE-17360) e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not trash user limits when processing orphan list (jsc#SLE-17360) debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota commands (jsc#SLE-17360) quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360) - add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships with them ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) SLE bug (for tracking the above) bsc#1191310 ==== filesystem ==== - don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on file trigger compat mode in that case and do it posttrans (boo#1189788). - generic %ghost handling instead of hardcoding ==== gawk ==== - remove update-alternatives support, as on linux systems GNU software (i.e. gawk in this case) is usually considered the default implementation. - use %make macros ==== gtk4 ==== Subpackages: gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0 - Fix a syntax error in the gtk4_immodule_postun RPM macro ==== ldb ==== Version update (2.3.0 -> 2.4.0) - Update to version 2.4.0 + Improve calculate_popt_array_length() + Use C99 initializers for builtin_popt_options[] + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + pyldb: fix a typo + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests + Add missing break in switch statement ==== libsolv ==== Version update (0.7.19 -> 0.7.20) - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest [bsc#1190465] - fix compatibility with Python 3.10 - new SOLVER_EXCLUDEFROMWEAK job type - support for environments in comps parser - bump version to 0.7.20 - Disable python2 usage on suse_version >= 1550 by default (still possible to use osc build --with=python). ==== libsoup2 ==== Subpackages: libsoup-2_4-1 typelib-1_0-Soup-2_4 - Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840) ==== lz4 ==== - version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438] ==== mozilla-nss ==== Version update (3.69.1 -> 3.70) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - required for Firefox 93 ==== samba ==== Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs - Adjust spec to use pam macros; (bsc#1191046). - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. - Add missing build dependency on bison when building with the embedded Heimdal Kerberos - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed - Update to 4.14.7 * smbd panic on force-close share during offload write; (bso#14769); * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK; (bso#12033); * Fix returned attributes on fake quota file handle and avoid hitting the VFS; (bso#14731); * vfs_shadow_copy2 fix inodes not correctly updating inode numbers; (bso#14756); * Fix build on Solaris; (bso#14774); * Make dos attributes available for unreadable files; (bso#14654); * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7; (bso#14607); * Start the SMB encryption as soon as possible; (bso#14793); ==== tar ==== - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131 * bsc#1120610 ==== timezone ==== Version update (2021a -> 2021c) - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. ==== transactional-update ==== Version update (3.5.5 -> 3.5.6) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.6 - tukit: Add S/390 bootloader support [bsc#1189807] - t-u: support purge-kernels with t-u patch [bsc#1190788] ==== u-boot-rpiarm64 ==== Version update (2021.07 -> 2021.10) Subpackages: u-boot-rpiarm64-doc - Update to 2021.10 Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222). Enable BTRFS for Risc-V. Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0013-riscv-enable-CMD_BTRFS.patch 0014-Disable-timer-check-in-file-loading.patch - Update to 2021.10-rc5 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped (upstreamed): 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch - Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64 - Add sifiveunmatched flavor - Update to 2021.10-rc4 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped: 0014-btrfs-Use-default-subvolume-as-file.patch