Packages changed:
aaa_base (84.87+git20200206.ed897a1 -> 84.87+git20200207.27e2c61)
bash
btrfsprogs (5.4 -> 5.4.1)
c-ares (1.15.0+20191108 -> 1.15.0+20200117)
chrony
cloud-init
conmon
coreutils
cryptsetup (2.1.0 -> 2.3.0)
curl
elfutils (0.177 -> 0.178)
glib2 (2.62.4 -> 2.62.5)
glibc (2.30 -> 2.31)
gpg2
grep (3.3 -> 3.4)
grub2
installation-images-MicroOS (14.454 -> 14.456)
iproute2 (5.4 -> 5.5.0)
issue-generator (1.7 -> 1.8)
kernel-firmware (20200122 -> 20200207)
kexec-tools
libcap (2.25 -> 2.32)
libeconf (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69)
libssh
libtirpc
libxcrypt (4.4.10 -> 4.4.12)
libzypp (17.22.0 -> 17.22.1)
microos-tools (1.0+git20190812.97ca0ee -> 1.0+git20200214.c7654a7)
mozilla-nss (3.48 -> 3.49.2)
nano (4.7 -> 4.8)
ncurses (6.1 -> 6.2)
open-lldp
openssh
patterns-microos
permissions (1550_20191205 -> 1550_20200213)
podman (1.7.0 -> 1.8.0)
popt
python-decorator (4.4.0 -> 4.4.1)
python-packaging (19.2 -> 20.1)
python-pyOpenSSL (19.0.0 -> 19.1.0)
python-pyparsing (2.4.5 -> 2.4.6)
python-urllib3 (1.25.6 -> 1.25.8)
readline
rpm-config-SUSE (0.g45 -> 0.g52)
sudo (1.8.28p1 -> 1.8.31)
system-users
systemd
tallow (19+git20191106.4b071b0 -> 21+git20200213.865ec91)
tar
toolbox (1.0+git20191014.3034fbc -> 1.0+git20200217.cd18bfb)
=== Details ===
==== aaa_base ====
Version update (84.87+git20200206.ed897a1 -> 84.87+git20200207.27e2c61)
- Update to version 84.87+git20200207.27e2c61:
* change rp_filter to 2 to follow the current default (bsc#1160735)
==== bash ====
- Add official patch bash50-012
When using previous-history to go back beyond the beginning of the history list,
it's possible to move to an incorrect partial line.
- Add official patch bash50-013
Reading history entries with timestamps can result in history entries joined
by linefeeds.
- Add official patch bash50-014
If the current line is empty, using the emacs C-xC-e binding to enter the
editor will edit the previous command instead of the current (empty) one.
- Add official patch bash50-015
If alias expansion is enabled when processing the command argument to the
`-c' option, an alias is defined in that command, and the command ends with
the invocation of that alias, the shell's command parser can prematurely
terminate before the entire command is executed.
- Add official patch bash50-016
Bash waits too long to reap /dev/fd process substitutions used as redirections
with loops and group commands, which can lead to file descriptor exhaustion.
==== btrfsprogs ====
Version update (5.4 -> 5.4.1)
Subpackages: btrfsprogs-udev-rules libbtrfs0
- Update to 5.4.1
* build: fix docbook5 build
* check: do extra verification of extent items, inode items and chunks
* qgroup: return ENOTCONN if quotas not running (needs updated kernel)
* other: various test fixups
==== c-ares ====
Version update (1.15.0+20191108 -> 1.15.0+20200117)
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
ares_getaddrinfo function uses the getservbyport_r function which
requires the /etc/services file to function properly. That config
file is provided by the netcfg package. Unit tests rely on it
too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
Some packages need the cmake build files.
==== chrony ====
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
==== cloud-init ====
- Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632)
+ Increase the default length of generated passwords
- Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631)
+ Use non-deterministic generator for password generation.
- Update cloud-init-write-routes.patch (bsc#1163178)
+ Entries in the routes definition have changed causing a traceback
during rout config file writing. This patch update addresses the
issue by extracting the new entries properly.
==== conmon ====
- Update to v2.0.10 (bsc#1160460, bsc#1164390, jsc#ECO-1048,
jsc#SLE-11485, jsc#SLE-11331):
- journal logging: write to /dev/null instead of -1
- Add TimedOutMessage to config to share with go code
- Fix format string to limit the size of the string to 10
characters
- Persist oom files on cgroup v2
- Revert the check for the OOM counter on cgroups v1 before
writing OOM file
- Add --persist-dir flag to allow important container files to be
written to a persistent directory
- Check OOM counter on cgroups v1 before writing OOM file
- Use splice(2) to copy from stdin
- Kill the process group on timeout
- Add --persist-dir to allow callers to specify a directory that
conmon should mirror certain important files that should persist
reboots (right now, just the container exit file)
- Fix tight loop on OOM
- Add log level trace
- Separate handling of log reopen events and terminal resize events
- Add CONN_SOCK_BUF_SIZE to config
- Fix bug to close the sync pipe before exit command
- Set masterfd_stdout before registering ctrl_cb
- Upstream has an actual description, use it instead of just
duplicating the summary again.
- Use `%make_build` macro instead of `%{__make}`
- Use `%make_install` macro instead of `%{__make} install`
- Use `%{_bindir}` macro instead of `%{_usr}/bin`
- Change `PREFIX` to not contain `%{buildroot}` and use the
`$DESTDIR` variable
- Initial release v2.0.0
==== coreutils ====
- disable single and testsuite builds in rings/staging
- remove duplicate "coreutils" in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
==== cryptsetup ====
Version update (2.1.0 -> 2.3.0)
Subpackages: libcryptsetup12
- Update to 2.3.0 (include release notes for 2.2.0)
* BITLK (Windows BitLocker compatible) device access
* Veritysetup now supports activation with additional PKCS7 signature
of root hash through --root-hash-signature option.
* Integritysetup now calculates hash integrity size according to algorithm
instead of requiring an explicit tag size.
* Integritysetup now supports fixed padding for dm-integrity devices.
* A lot of fixes to online LUKS2 reecryption.
* Add crypt_resume_by_volume_key() function to libcryptsetup.
If a user has a volume key available, the LUKS device can be resumed
directly using the provided volume key.
No keyslot derivation is needed, only the key digest is checked.
* Implement active device suspend info.
Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
that informs the caller that device is suspended (luksSuspend).
* Allow --test-passphrase for a detached header.
Before this fix, we required a data device specified on the command
line even though it was not necessary for the passphrase check.
* Allow --key-file option in legacy offline encryption.
The option was ignored for LUKS1 encryption initialization.
* Export memory safe functions.
To make developing of some extensions simpler, we now export
functions to handle memory with proper wipe on deallocation.
* Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
* Add optional global serialization lock for memory hard PBKDF.
* Abort conversion to LUKS1 with incompatible sector size that is
not supported in LUKS1.
* Report error (-ENOENT) if no LUKS keyslots are available. User can now
distinguish between a wrong passphrase and no keyslot available.
* Fix a possible segfault in detached header handling (double free).
* Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
* The libcryptsetup now keeps all file descriptors to underlying device
open during the whole lifetime of crypt device context to avoid excessive
scanning in udev (udev run scan on every descriptor close).
* The luksDump command now prints more info for reencryption keyslot
(when a device is in-reencryption).
* New --device-size parameter is supported for LUKS2 reencryption.
* New --resume-only parameter is supported for LUKS2 reencryption.
* The repair command now tries LUKS2 reencryption recovery if needed.
* If reencryption device is a file image, an interactive dialog now
asks if reencryption should be run safely in offline mode
(if autodetection of active devices failed).
* Fix activation through a token where dm-crypt volume key was not
set through keyring (but using old device-mapper table parameter mode).
* Online reencryption can now retain all keyslots (if all passphrases
are provided). Note that keyslot numbers will change in this case.
* Allow volume key file to be used if no LUKS2 keyslots are present.
* Print a warning if online reencrypt is called over LUKS1 (not supported).
* Fix TCRYPT KDF failure in FIPS mode.
* Remove FIPS mode restriction for crypt_volume_key_get.
* Reduce keyslots area size in luksFormat when the header device is too small.
* Make resize action accept --device-size parameter (supports units suffix).
==== curl ====
Subpackages: libcurl4
- Eliminate curl-mini: The reason for this to exist was that cmake
pulled in curl into too many places, causing build cycles. A new
cmake-mini was generated, eliminating that need.
==== elfutils ====
Version update (0.177 -> 0.178)
Subpackages: libasm1 libdw1 libelf1
- Re-add libelf1 to baselibs.conf: we still generate a
libelf-devel-32bit, which is only installable if libelf1-21bit
also exists.
- Exclude debuginfod sub-packages and move them to elfutils-debuginfod.
- Avoid double-shipping libdebuginfo.so.1 in two different
subpackages. Fixup RPM group.
- Split libdebuginfod1 into libdebuginfod1 and debuginfod-client.
Add Requires for these packages.
- Rename debuginfod-client package to libdebuginfod1 in
order to fulfil SLPP violation.
- Fix variable references in specfile
- Use %fillupdir macros for proper sysconfig export.
- Update to version 0.178:
debuginfod: New server, client tool and library to index and fetch
ELF/DWARF files addressed by build-id through HTTP.
doc: There are now some manual pages for functions and tools.
backends: The libebl libraries are no longer dynamically loaded through
dlopen, but are now compiled into libdw.so directly.
readelf: -n, --notes now takes an optional "SECTION" argument.
- p and -x now also handle section numbers.
New option --dyn-sym to show just the dynamic symbol table.
libcpu: Add RISC-V disassembler.
libdw: Abbrevs and DIEs can now be read concurrently by multiple
threads through the same Dwarf handle.
libdwfl: Will try to use debuginfod when installed as fallback to
retrieve ELF and DWARF debug data files by build-id.
- remove dwelf_elf_e_machine_string.patch.
- remove unused libebl-plugins and libebl-devel subpackages
- new subpackages debuginfod-client, debuginfod-client-devel and
debuginfod added
- main package binaries are explicitely listed and man pages
for the binaries are included
- Add remove-run-large-elf-file.sh.patch in order to remove
running run-large-elf-file.sh (it hit OOM).
==== glib2 ====
Version update (2.62.4 -> 2.62.5)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.62.5:
+ Fix potential relative read when calling g_printerr(), which
could lead to a denial of service from a setuid-root process
being used to block access to the TTY for another user.
+ Fix SOCKS proxy resolver sometimes not being used when
resolving addresses via Happy Eyeballs (CVE-2020-6750).
+ Several other Happy Eyeballs fixes for address resolution.
+ Fix parsing of full Julian day range from `$TZ` environment
variable.
+ Several race condition/crash fixes.
+ Bugs fixed: glgo#GNOME/GLib#1919, glgo#GNOME/GLib#1995,
glgo#GNOME/GLib#1999, glgo#GNOME/GLib!1323,
glgo#GNOME/GLib!1331, glgo#GNOME/GLib!1352,
glgo#GNOME/GLib!1361, glgo#GNOME/GLib!1365,
glgo#GNOME/GLib!1370, glgo#GNOME/GLib!1371.
+ Updated translations.
- No longer recommend -lang: supplements are in use
==== glibc ====
Version update (2.30 -> 2.31)
Subpackages: glibc-locale glibc-locale-base
- nsswitch.conf: comment out initgroups setting, so that it defaults to
the group setting (bsc#1164075)
- fix-locking-in-_IO_cleanup.patch: update to latest version
- Update to glibc 2.31
* The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
enable features from the draft ISO C2X standard
* The <math.h> functions that round their results to a narrower type now
have corresponding type-generic macros in <tgmath.h>
* The function pthread_clockjoin_np has been added, enabling join with a
terminated thread with a specific clock
* New locale added: mnw_MM (Mon language spoken in Myanmar).
* The DNS stub resolver will optionally send the AD (authenticated data) bit
in queries if the trust-ad option is set via the options directive in
/etc/resolv.conf (or if RES_TRUSTAD is set in _res.options)
* The totalorder and totalordermag functions, and the corresponding
functions for other floating-point types, now take pointer arguments to
avoid signaling NaNs possibly being converted to quiet NaNs in argument
passing
* The obsolete function stime is no longer available to newly linked
binaries, and its declaration has been removed from <time.h>
* The gettimeofday function no longer reports information about a
system-wide time zone
* If a lazy binding failure happens during dlopen, during the execution of
an ELF constructor, the process is now terminated
- malloc-info-whitespace.patch, riscv-vfork.patch,
prefer-map-32bit-exec.patch, backtrace-powerpc.patch,
ldconfig-dynstr.patch: Removed.
- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
(bsc#1158996, BZ #25423)
- Drop support for pluggable gconv modules (bsc#1159851)
==== gpg2 ====
- Fix build with GCC-10: [bsc#1160394]
* Always use EXTERN_UNLESS_MAIN_MODULE pattern
* In GCC-10, the default option -fcommon will change to -fno-common
- Add gpg2-gcc10-build-fno-common.patch
==== grep ====
Version update (3.3 -> 3.4)
- Switch back to system regex to avoid undefined behaviour
- grep 3.4:
* new --no-ignore-case option causes grep to observe case
distinctions, overriding any previous -i (--ignore-case) option
* '.' no longer matches some invalid byte sequences in UTF-8 locales
* grep -Fw can no longer false match in non-UTF-8 multibyte locales
* The exit status of 'grep -L' is no longer incorrect when standard
output is /dev/null
* fix some performance bugs
- drop test-pcre-jitstack.diff
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Fix grub hangs after loading rogue image without valid signature for uefi
secure boot (bsc#1159102)
* grub2-verifiers-fix-system-freeze-if-verify-failed.patch
- From Stefan Seyfried <seife@novell.slipkontur.de> : Fix grub2-install fails
with "not a directory" error (boo#1161641, bsc#1162403)
* grub2-install-fix-not-a-directory-error.patch
==== installation-images-MicroOS ====
Version update (14.454 -> 14.456)
- merge gh#openSUSE/installation-images#357
- move gconv files into initrd (bsc#1161701)
- netcfg has moved files to /usr/etc
- 14.456
- merge gh#openSUSE/installation-images#356
- remove explicit dependency on openssl package
- mount /proc in chroot environment during image build (bsc#1160594)
- fix package version comparing
- 14.455
==== iproute2 ====
Version update (5.4 -> 5.5.0)
- Update to new upstream version 5.5
* bridge: support fdb get
* devlink: command line option to switch netns
* devlink: all changing netns on reload
* devlink: new timestamp format for health report dump
* ip: support for alternative device names
* ip link: support to get SR-IOV VF node GUID and port GUID
* ip neigh: support get
* rdma: relax requirement to have PID for HW objects
* rdma: stat show mr
* ss: allow dumping kTLS info
* tc: support action flags
* tc flower: support masked port destination and source match
* tc pie: add dq_rate_estimator option
* tipc: new commands to set TIPC AEAD key
* more json support
- drop patches obsoleted by version upgrade:
* ss-fix-end-of-line-printing-in-misc-ss.c.patch
* no-double-definitions.patch
* Revert-emp-fix-warning-on-deprecated-bison-directive.patch
* Revert-tc-ematch-fix-deprecated-yacc-warning.patch
- refresh
* split-link-and-compile-steps-for-binaries.patch
==== issue-generator ====
Version update (1.7 -> 1.8)
- Update to version 1.8
- Handle network interface renames
==== kernel-firmware ====
Version update (20200122 -> 20200207)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20200207 (git commit 6f89735800fe):
* rtl_nic: update firmware for RTL8153A
* rtl_bt: Update RTL8822C BT FW to V0x0998_C2B4
* linux-firmware: add firmware for MT7622
* linux-firmware: add version 2 for MT7615E
* amdgpu: update to latest navi10 firmware from 19.50
* Revert "radeon: update oland rlc microcode from amdgpu"
* amlogic: update video decoder firmwares
* amdgpu: add renoir firmware for 19.50
* amdgpu: update raven2 firmware for 19.50
* nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.12.A.13
* qca: update bluetooth firmware for QCA6174
- Update topics and alias list
==== kexec-tools ====
- Fix build errors on old distributions
* kexec-tools-video-capability.patch
* kexec-tools-SYS_getrandom.patch
==== libcap ====
Version update (2.25 -> 2.32)
- Update to version 2.32:
* Bug fix for fakeroot incompatibility (boo#1162014)
* Slight perf improvement for cap_get_bound().
* C++ support for psx header inclusion.
* Some new testing features for capsh
- Update to version 2.31:
* primarily a documentation update
* fix libpam.pc to not require libpsx.pc
* changed the text format of the default output of getpcap
- Build using -ffat-lto-objects for static library
- Update to version 2.30:
* BUGFIX: arm and i386 fixes C and Go setgroups choice - used
wrong syscall in 2.29.
* cleaned up make clean and make install to actually work as
intended
* updated Gentoo libpsx.pc file from Lars Wendler
* refactored the way libpsx linkage with libcap performed mutual
discovery.
* Previously (2.28) libpsx had an API call overridden by libcap
using weak linkage function in libpsx. In 2.30 this is reversed,
namely libpsx provides the stronger function and libcap has a
weak "no-op" version.
* a bit more consistency in handling the 'all' sets in libcap
(C) and libcap/cap (Go). Namely, they both dynamically discover
the number of capabilities named by the kernel and use this as
the definition of 'all' for the current runtime.
+ libcap (C) exports cap_max_bit() to export the number of
supported capabilities
+ libcap/cap (Go) exports cap.MaxBits() for this same value.
- For changes for older releases see:
* https://sites.google.com/site/fullycapable/release-notes-for-libcap
- Add glibc-static-devel as build requirement as tests need it
- Install libpsx.a as it seems to be needed in some cases:
* https://bugs.gentoo.org/703912
==== libeconf ====
Version update (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69)
- Update to version 0.3.5+git20200203.3144b69:
* Release version 0.3.5
* Use float.h instead of obsolete gnuism values.h
* Remove gnuism (strdupa)
* Check for empty value (NULL pointer) before calling strdup.
- Update to version 0.3.4+git20200121.febebf2:
* Release version 0.3.4
* Fix buffer overflow in econf_readDirs
* Fix parsing of quoted strings, and values starting with delimiters
* tests: add test for quoted strings
* tests: tst-configdirs5: fix config dir paths
==== libssh ====
Subpackages: libssh-config libssh4
- Drop the hack to pull curl-mini: we moved the split a bit higher
up and now have a non-curl linked variant of cmake in
openSUSE:Factory.
==== libtirpc ====
Subpackages: libtirpc-netconfig libtirpc3
- Backport upstream fix daed7ee ("Avoid multiple-definiton with gcc -fno-common")
to fix build error with gcc flag -fno-common (bsc#1160875).
Tested on gcc-9 and gcc-10.
0001-Avoid-multiple-definiton-with-gcc-fno-common.patch
- Skip unneeded autogen.sh run (configure is up-to-date), drop
dependencies: libtool, autoconf
- Replace krb5-mini-devel/krb5-devel with pkgconfig(krb5)
==== libxcrypt ====
Version update (4.4.10 -> 4.4.12)
- Update to version 4.4.12
* Another fix for GCC v10.x, which occurs on s390 architectures only.
- Update to version 4.4.11
* Fixes for GCC v10.x
* Change how the known-answer tests are parallelized
- gcc10.patch: remove
==== libzypp ====
Version update (17.22.0 -> 17.22.1)
- update translations
- Replace mongoose/webrick with nginx in test suite.
This patch makes use of nginx to replace the current WebServer
mongoose implementation. Also adds support for registering
callback functions for certain URL requests via FCGI, making it
possible to mock HTTP responses and test more complex HTTP setups.
- boost: Fix deprecated auto_unit_test.hpp includes.
- Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck.
- Fix decision whether to download ZCHUNK files.
libzypp and libsolv must both be able to read the format.
- version 17.22.1 (22)
==== microos-tools ====
Version update (1.0+git20190812.97ca0ee -> 1.0+git20200214.c7654a7)
- Update to version 1.0+git20200214.c7654a7:
* Remove btrfsQuota, snapper list provides now the same informations
* Adjust README.md
==== mozilla-nss ====
Version update (3.48 -> 3.49.2)
- update to NSS 3.49.2
Fixed bugs:
* Fix compilation problems with NEON-specific code in freebl
(bmo#1608327)
* Fix a taskcluster issue with Python 2 / Python 3 (bmo#1608895)
- update to NSS 3.49.1
3.49.1
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49.1_release_notes
* Cache the most recent PBKDF2 password hash, to speed up repeated
SDR operations, important with the increased KDF iteration counts (bmo#1606992)
3.49
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes
* The legacy DBM database, libnssdbm, is no longer built by default
when using gyp builds (bmo#1594933)
* several bugfixes
==== nano ====
Version update (4.7 -> 4.8)
- update to 4.8:
* When something is pasted into nano, suppress auto-indentation
* paste can be undone as a whole with a single M-U
* Improve handling of lock files on start-up
* Shift+Meta+letter key combos can be bound with 'bind Sh-M-letter'
* A custom nanorc file can be specified on the command line, with
- f filename or --rcfile=filename
==== ncurses ====
Version update (6.1 -> 6.2)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base
- Add ncurses patch 20200215
+ improve manual page for panel library, extending the portability
section as well as documenting error-returns.
+ show tic's version when installing terminal database in run_tic.sh
+ correct check for gcc vs other compilers used in ncurses 6.0, from
FreeBSD patch by Kyle Evans (cf: 20150725).
+ add notes for 6.2 to INSTALL.
- Update to ncurses 6.2 (patch 20200212)
* Add 20200212 6.2 release for upload to ftp.gnu.org
+ update release notes
+ minor build-fixes, mostly to test-package scripts
* Add ncurses patch20200208
+ modify check for sizeof(wchar_t) to ensure it gives useful result
when cross-compiling.
+ drop assumption in configure script that Cygwin's linker is broken.
+ define NCURSES_BROKEN_LINKER if the broken-linker feature is used,
to simplify configure-checks for ncurses-examples.
* Add ncurses patch20200202
+ reassert copyright on ncurses, per discussion in ncurses FAQ:
https://invisible-island.net/ncurses/ncurses.faq.html#relicensed
* Add ncurses patch20200201
+ modify comparison in make_hash.c to correct a special case in
collision handling for Caps-hpux11
+ add testing utility report_hashing to check hash-tables used for
terminfo and termcap names.
+ fix a missing prototype for _nc_free_and_exit().
+ update a few comments about tack 1.07
+ use an awk script to split too-long pathnames used in Ada95 sample
programs for explain.txt
- Update to tack 1.9 (patch 20200202)
* Update copyright and license. Also, portability fixes.
- Adopt patch ncurses-5.7-tack.dif
- Adopt patch ncurses-6.1.dif which is now ncurses-6.2.dif
- Add ncurses patch 20200118
+ expanded description of XM in user_caps.5
+ improve xm example for xterm+x11mouse, xterm+sm+1006 -TD
+ add history section to curs_slk.3x and curs_terminfo.3x manpages.
+ update alacritty entries for 0.4.0 (prompted by patch by
Christian Durr) -TD
+ correct spelling errors found with codespell.
+ fix for test/configure, from xterm #352.
- Add ncurses patch 20200111
+ improve configure macros which check for the X11/Intrinsic.h header,
to accommodate recent MacOS changes.
+ suppress gcc's -Winline warning; it has not been useful for some time
+ update config.guess, config.sub
==== open-lldp ====
Subpackages: liblldp_clif1
- BuildRequire pkgconfig(systemd) instead of systemd directly:
allow OBS to shortcut through the -mini flavors.
==== openssh ====
- Add patches to fix the sandbox blocking glibc on 32bit platforms
(boo#1164061):
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap
- Move fcoe-utils and irqbalance to hardware pattern, not useful
on guest install.
- Introduce MicroOS Desktop patterns [boo#1163453]
==== permissions ====
Version update (1550_20191205 -> 1550_20200213)
Subpackages: chkstat permissions-config
- Update to version 20200213:
* remove obsolete/broken entries for rcp/rsh/rlogin
* chkstat: handle symlinks in final path elements correctly
* Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
* Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
- Update to version 20200204:
* mariadb: settings for new auth_pam_tool (bsc#1160285)
* chkstat:
- add read-only fallback when /proc is not mounted (bsc#1160764)
- capability handling fixes (bsc#1161779)
- better error message when refusing to fix dir perms (#32)
- Update to version 20200127:
* fix paths of ksysguard whitelisting
* fix zero-termination of error message for overly long paths
==== podman ====
Version update (1.7.0 -> 1.8.0)
Subpackages: podman-cni-config
- Remove: 0001-clarify-container-prune-force.patch because it's now
included in the release
- Update podman to v1.8.0:
* Features
- The podman system service command has been added, providing a
preview of Podman's new Docker-compatible API. This API is
still very new, and not yet ready for production use, but is
available for early testing
- Rootless Podman now uses Rootlesskit for port forwarding,
which should greatly improve performance and capabilities
- The podman untag command has been added to remove tags from
images without deleting them
- The podman inspect command on images now displays previous
names they used
- The podman generate systemd command now supports a --new
option to generate service files that create and run new
containers instead of managing existing containers
- Support for --log-opt tag= to set logging tags has been added
to the journald log driver
- Added support for using Seccomp profiles embedded in images
for podman run and podman create via the new --seccomp-policy
CLI flag
- The podman play kube command now honors pull policy
* Bugfixes
- Fixed a bug where the podman cp command would not copy the
contents of directories when paths ending in /. were given
- Fixed a bug where the podman play kube command did not
properly locate Seccomp profiles specified relative to
localhost
- Fixed a bug where the podman info command for remote Podman
did not show registry information
- Fixed a bug where the podman exec command did not support
having input piped into it
- Fixed a bug where the podman cp command with rootless Podman
on CGroups v2 systems did not properly determine if the
container could be paused while copying
- Fixed a bug where the podman container prune --force command
could possible remove running containers if they were started
while the command was running
- Fixed a bug where Podman, when run as root, would not
properly configure slirp4netns networking when requested
- Fixed a bug where podman run --userns=keep-id did not work
when the user had a UID over 65535
- Fixed a bug where rootless podman run and podman create with
the --userns=keep-id option could change permissions on
/run/user/$UID and break KDE
- Fixed a bug where rootless Podman could not be run in a
systemd service on systems using CGroups v2
- Fixed a bug where podman inspect would show CPUShares as 0,
instead of the default (1024), when it was not explicitly set
- Fixed a bug where podman-remote push would segfault
- Fixed a bug where image healthchecks were not shown in the
output of podman inspect
- Fixed a bug where named volumes created with containers from
pre-1.6.3 releases of Podman would be autoremoved with their
containers if the --rm flag was given, even if they were
given names
- Fixed a bug where podman history was not computing image
sizes correctly
- Fixed a bug where Podman would not error on invalid values to
the --sort flag to podman images
- Fixed a bug where providing a name for the image made by
podman commit was mandatory, not optional as it should be
- Fixed a bug where the remote Podman client would append an
extra " to %PATH
- Fixed a bug where the podman build command would sometimes
ignore the -f option and build the wrong Containerfile
- Fixed a bug where the podman ps --filter command would only
filter running containers, instead of all containers, if
- -all was not passed
- Fixed a bug where the podman load command on compressed
images would leave an extra copy on disk
- Fixed a bug where the podman restart command would not
properly clean up the network, causing it to function
differently from podman stop; podman start
- Fixed a bug where setting the --memory-swap flag to podman
create and podman run to -1 (to indicate unlimited) was not
supported
* Misc
- Initial work on version 2 of the Podman remote API has been
merged, but is still in an alpha state and not ready for use.
Read more here
- Many formatting corrections have been made to the manpages
- The changes to address (#5009) may cause anonymous volumes
created by Podman versions 1.6.3 to 1.7.0 to not be removed
when their container is removed
- Updated vendored Buildah to v1.13.1
- Updated vendored containers/storage to v1.15.8
- Updated vendored containers/image to v5.2.0
==== popt ====
- fix URLs, rpm5.org is no more
==== python-decorator ====
Version update (4.4.0 -> 4.4.1)
- update to 4.4.1:
Changed the description to "Decorators for Humans" are requested by
several users. Fixed a .rst bug in the description as seen in PyPI.
==== python-packaging ====
Version update (19.2 -> 20.1)
- add issue_254.patch to fix tests under non-x86_64 pplatforms
- Update to 20.1
* Fix a bug caused by reuse of an exhausted iterator.
* Add type hints
* Add proper trove classifiers for PyPy support
* Scale back depending on ctypes for manylinux support detection
* Use sys.implementation.name where appropriate for packaging.tags
* Expand upon the API provded by packaging.tags
* Officially support Python 3.8
* Add major, minor, and micro aliases to packaging.version.Version
* Properly mark packaging has being fully typed by adding a py.typed file
==== python-pyOpenSSL ====
Version update (19.0.0 -> 19.1.0)
- Update to v19.1
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
Use the classes without the ``Type`` suffix instead.
* The minimum ``cryptography`` version is now 2.8
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated
ALPN should be used instead.
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
to complete without an application protocol.
==== python-pyparsing ====
Version update (2.4.5 -> 2.4.6)
- update to 2.4.6
* Fixed typos in White mapping of whitespace characters, to use
correct "\u" prefix instead of "u".
* fix bug in left-associative ternary operators defined using
infixNotation. First reported on StackOverflow by user Jeronimo.
* Backport of pyparsing_test namespace from 3.0.0, including
TestParseResultsAsserts mixin class defining unittest-helper
methods:
. def assertParseResultsEquals(
self, result, expected_list=None, expected_dict=None, msg=None)
. def assertParseAndCheckList(
self, expr, test_string, expected_list, msg=None, verbose=True)
. def assertParseAndCheckDict(
self, expr, test_string, expected_dict, msg=None, verbose=True)
. def assertRunTestResults(
self, run_tests_report, expected_parse_results=None, msg=None)
. def assertRaisesParseException(self, exc_type=ParseException, msg=None)
==== python-urllib3 ====
Version update (1.25.6 -> 1.25.8)
- update to 1.25.8
* Drop support for EOL Python 3.4
* Optimize _encode_invalid_chars
* Preserve chunked parameter on retries
* Allow unset SERVER_SOFTWARE in App Engine
* Fix issue where URL fragment was sent within the request target.
* Fix issue where an empty query section in a URL would fail to parse.
* Remove TLS 1.3 support in SecureTransport due to Apple removing support.
==== readline ====
- Add official patch readline80-002
When using previous-history to go back beyond the beginning of the history list,
it's possible to move to an incorrect partial line.
- Add official patch readline80-003
Reading history entries with timestamps can result in history entries joined
by linefeeds.
- Add official patch readline80-004
If writing the history file fails, and renaming the backup history file fails,
it's possible for readline's history code to return the wrong error to its
caller.
==== rpm-config-SUSE ====
Version update (0.g45 -> 0.g52)
- Update to version 0.g52:
* Make deprecated %install_info not fail when used within if/fi construct
- Update to version 0.g50:
* Add missing changelog entries and fix authors
* Add ldconfig_scriptlets macros for RH/Fedora compatibility
* move %install_info to file triggers (boo#1152105)
==== sudo ====
Version update (1.8.28p1 -> 1.8.31)
- Update to 1.8.31
Major changes between version 1.8.31 and 1.8.30:
* This version fixes a potential security issue that can lead to
a buffer overflow if the pwfeedback option is enabled in
sudoers [CVE-2019-18634] [bsc#1162202]
* The sudoedit_checkdir option now treats a user-owned directory
as writable, even if it does not have the write bit set at the
time of check. Symbolic links will no longer be followed by
sudoedit in any user-owned directory. Bug #912.
* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
at the password prompt. Bug #914.
* Fixed compilation on systems where the mmap MAP_ANON flag is
not available. Bug #915.
Major changes between version 1.8.30 and 1.8.29:
* Sudo now closes file descriptors before changing uids. This
prevents a non-root process from interfering with sudo's ability
to close file descriptors on systems that support the prlimit(2)
system call.
* Sudo now treats an attempt to run sudo sudoedit as simply
sudoedit If the sudoers file contains a fully-qualified path
to sudoedit, sudo will now treat it simply as sudoedit
(with no path). Visudo will will now treat a fully-qualified
path to sudoedit as an error. Bug #871.
* Fixed a bug introduced in sudo 1.8.28 where sudo would warn
about a missing /etc/environment file on AIX and Linux when
PAM is not enabled. Bug #907.
* Fixed a bug on Linux introduced in sudo 1.8.29 that prevented
the askpass program from running due to an unlimited stack size
resource limit. Bug #908.
* If a group provider plugin has optional arguments, the argument
list passed to the plugin is now NULL terminated as per the
documentation.
* The user's time stamp file is now only updated if both authentication
and approval phases succeed. This is consistent with the behavior
of sudo prior to version 1.8.23. Bug #910.
* The new allow_unknown_runas_id sudoers setting can be used to
enable or disable the use of unknown user or group IDs.
Previously, sudo would always allow unknown user or group IDs if
the sudoers entry permitted it, including via the ALL alias.
As of sudo 1.8.30, the admin must explicitly enable support for
unknown IDs.
* The new runas_check_shell sudoers setting can be used to require
that the runas user have a shell listed in the /etc/shells file.
On many systems, users such as bin, do not have a valid shell and
this flag can be used to prevent commands from being run as
those users.
* Fixed a problem restoring the SELinux tty context during reboot
if mctransd is killed before sudo finishes. GitHub Issue #17.
* Fixed an intermittent warning on NetBSD when sudo restores the
initial stack size limit.
Major changes between version 1.8.29 and 1.8.28p1:
* The cvtsudoers command will now reject non-LDIF input when
converting from LDIF format to sudoers or JSON formats.
* The new log_allowed and log_denied sudoers settings make it
possible to disable logging and auditing of allowed and/or
denied commands.
* The umask is now handled differently on systems with PAM or
login.conf. If the umask is explicitly set in sudoers, that
value is used regardless of what PAM or login.conf may specify.
However, if the umask is not explicitly set in sudoers, PAM or
login.conf may now override the default sudoers umask. Bug #900.
* For make install, the sudoers file is no longer checked for syntax
errors when DESTDIR is set. The default sudoers file includes the
contents of /etc/sudoers.d which may not be readable as non-root.
Bug #902.
* Sudo now sets most resource limits to their maximum value to avoid
problems caused by insufficient resources, such as an inability to
allocate memory or open files and pipes. Fixed a regression introduced
in sudo 1.8.28 where sudo would refuse to run if the parent process was
not associated with a session. This was due to sudo passing a session
ID of -1 to the plugin.
- refresh sudo-sudoers.patch
==== system-users ====
Subpackages: system-group-hardware system-group-wheel system-user-nobody
- Add tss user for TPM tools (boo#1162360).
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev
- Import commit f8adabc2b1f3e3ad150e7a3bfa88341eda5a8a57 (merge v244.2)
77c04ce5c2 hwdb: update to v245-rc1
b4eb884824 Fix typo in function name
e2d4cb9843 polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
83bfc0d8dd sd-bus: introduce API for re-enqueuing incoming messages
5926f9f172 polkit: use structured initialization
0697d0d972 polkit: on async pk requests, re-validate action/details
2589995acd polkit: reuse some common bus message appending code
5b2442d5c3 bus-polkit: rename return error parameter to ret_error
0a19ff7004 shared: split out polkit stuff from bus-util.c ? bus-polkit.c
1325dfb577 test: adapt to the new capsh format
3538fafb47 meson: update efi path detection to gnu-efi-3.0.11
3034855a5b presets: "disable" all passive targets by default
c2e3046819 shared/sysctl-util: normalize repeated slashes or dots to a single value
6f4364046f dhcp6: do not use T1 and T2 longer than one provided by the lease
0ed6cda28d network: fix implicit type conversion warning by GCC-10
f6a5c02d26 bootspec: parse random-seed-mode line in loader.conf
ddc5dca8a7 sd-boot: fix typo
2bbbe9ae41 test: Synchronize journal before reading from it
072485d661 sd-bus: fix introspection bug in signal parameter names
80af3cf5e3 efi: fix build.
[...]
- Use suse.pool.ntp.org server pool on SLE (jsc#SLE-7683)
- Drop scripts-udev-convert-lib-udev-path.sh
Nobody should need it these days.
==== tallow ====
Version update (19+git20191106.4b071b0 -> 21+git20200213.865ec91)
- Update to version 21+git20200213.865ec91:
* Add tallow.patterns man page
* Add extra path for firewall-cmd
- Drop 0001-Add-extra-path-for-firewall-cmd.patch, accepted upstream
==== tar ====
- No longer recommend -lang: supplements are in use.
==== toolbox ====
Version update (1.0+git20191014.3034fbc -> 1.0+git20200217.cd18bfb)
- Update to version 1.0+git20200217.cd18bfb:
* Multiple toolboxes, with different names
* Configure `sudo` access for an user toolbox
* Correctly setup the user
* Add -u|--user parameter
* Handle arguments with 'getopt'