Packages changed: bcm43xx-firmware cryptsetup (2.1.0 -> 2.3.0) kexec-tools libgphoto2 libgpod man-pages perl-CGI (4.45 -> 4.46) perl-DBD-Pg (3.10.3 -> 3.10.4) postfix (3.4.8 -> 3.4.9) pulseaudio python-urwid (2.0.1 -> 2.1.0) re2c (1.2.1 -> 1.3) rpm-config-SUSE (0.g45 -> 0.g52) schily system-users tar tlp (1.3.0 -> 1.3.1) tpm2-0-tss virglrenderer xkeyboard-config === Details === ==== bcm43xx-firmware ==== - just depend on splitted brcm firmware package and not all ==== cryptsetup ==== Version update (2.1.0 -> 2.3.0) Subpackages: libcryptsetup12 libcryptsetup12-32bit libcryptsetup12-hmac - Update to 2.3.0 (include release notes for 2.2.0) * BITLK (Windows BitLocker compatible) device access * Veritysetup now supports activation with additional PKCS7 signature of root hash through --root-hash-signature option. * Integritysetup now calculates hash integrity size according to algorithm instead of requiring an explicit tag size. * Integritysetup now supports fixed padding for dm-integrity devices. * A lot of fixes to online LUKS2 reecryption. * Add crypt_resume_by_volume_key() function to libcryptsetup. If a user has a volume key available, the LUKS device can be resumed directly using the provided volume key. No keyslot derivation is needed, only the key digest is checked. * Implement active device suspend info. Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags that informs the caller that device is suspended (luksSuspend). * Allow --test-passphrase for a detached header. Before this fix, we required a data device specified on the command line even though it was not necessary for the passphrase check. * Allow --key-file option in legacy offline encryption. The option was ignored for LUKS1 encryption initialization. * Export memory safe functions. To make developing of some extensions simpler, we now export functions to handle memory with proper wipe on deallocation. * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. * Add optional global serialization lock for memory hard PBKDF. * Abort conversion to LUKS1 with incompatible sector size that is not supported in LUKS1. * Report error (-ENOENT) if no LUKS keyslots are available. User can now distinguish between a wrong passphrase and no keyslot available. * Fix a possible segfault in detached header handling (double free). * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. * The libcryptsetup now keeps all file descriptors to underlying device open during the whole lifetime of crypt device context to avoid excessive scanning in udev (udev run scan on every descriptor close). * The luksDump command now prints more info for reencryption keyslot (when a device is in-reencryption). * New --device-size parameter is supported for LUKS2 reencryption. * New --resume-only parameter is supported for LUKS2 reencryption. * The repair command now tries LUKS2 reencryption recovery if needed. * If reencryption device is a file image, an interactive dialog now asks if reencryption should be run safely in offline mode (if autodetection of active devices failed). * Fix activation through a token where dm-crypt volume key was not set through keyring (but using old device-mapper table parameter mode). * Online reencryption can now retain all keyslots (if all passphrases are provided). Note that keyslot numbers will change in this case. * Allow volume key file to be used if no LUKS2 keyslots are present. * Print a warning if online reencrypt is called over LUKS1 (not supported). * Fix TCRYPT KDF failure in FIPS mode. * Remove FIPS mode restriction for crypt_volume_key_get. * Reduce keyslots area size in luksFormat when the header device is too small. * Make resize action accept --device-size parameter (supports units suffix). ==== kexec-tools ==== - Fix build errors on old distributions * kexec-tools-video-capability.patch * kexec-tools-SYS_getrandom.patch ==== libgphoto2 ==== Subpackages: libgphoto2-6 libgphoto2-6-lang - No longer recommend -lang: supplements are in use. ==== libgpod ==== Subpackages: libgpod-lang libgpod-tools libgpod4 - No longer recommend -lang: supplements are in use. ==== man-pages ==== - added patches [bsc#1162464] + man-pages-somaxconn-default-value.patch ==== perl-CGI ==== Version update (4.45 -> 4.46) - updated to 4.46 see /usr/share/doc/packages/perl-CGI/Changes 4.46 2020-02-03 [ DOCUMENTATION ] - Document support for SameSite=None cookies (GH #238) ==== perl-DBD-Pg ==== Version update (3.10.3 -> 3.10.4) - updated to 3.10.4 see /usr/share/doc/packages/perl-DBD-Pg/Changes Version 3.10.4 (released February 3, 2020) - Allow localtime from Time::Piece to be used directly as a bind value again. This applies to all "magical" arrays. [Greg Sabino Mullane] [Github issue #63] - Force tests to NOT run in parallel. [Greg Sabino Mullane] [RT #130834] ==== postfix ==== Version update (3.4.8 -> 3.4.9) - bsc#1162891 server:mail/postfix: cond_slp bug on TW after moving /etc/services to /usr/etc/services - bsc#1160413 postfix fails with -fno-common - Update to 3.4.9: * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. * Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance. ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion - No longer recommend -lang: supplements are in use. ==== python-urwid ==== Version update (2.0.1 -> 2.1.0) - update to 2.1.0 * Add support for Python 3.7 and 3.8, drop support for Python 3.3 * Add 24-bit (true color) support. * Fix crash on click-Esc & Esc-click * Break rather than raising exception on shard calculation bug. * Fix EOF detection for the Terminal widget on Python 3 * Many more features and fixes ==== re2c ==== Version update (1.2.1 -> 1.3) - Update to version 1.3: * Added option: ``--stadfa``. * Added warning: ``-Wsentinel-in-midrule``. * Added generic API primitives: + ``YYSTAGPD`` + ``YYMTAGPD`` * Added configurations: + ``re2c:sentinel = 0;`` + ``re2c:define:YYSTAGPD = "YYSTAGPD";`` + ``re2c:define:YYMTAGPD = "YYMTAGPD";`` * Worked on reproducible builds ==== rpm-config-SUSE ==== Version update (0.g45 -> 0.g52) - Update to version 0.g52: * Make deprecated %install_info not fail when used within if/fi construct - Update to version 0.g50: * Add missing changelog entries and fix authors * Add ldconfig_scriptlets macros for RH/Fedora compatibility * move %install_info to file triggers (boo#1152105) ==== schily ==== Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind4_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star - Set -fcommon [boo#1160291]. ==== system-users ==== Subpackages: system-group-hardware system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-games system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-tftp system-user-upsd system-user-uucp system-user-wwwrun - Add tss user for TPM tools (boo#1162360). ==== tar ==== Subpackages: tar-lang tar-rmt - No longer recommend -lang: supplements are in use. ==== tlp ==== Version update (1.3.0 -> 1.3.1) Subpackages: tlp-rdw - Update to 1.3.1 * default CPU_ENERGY_PERF_POLICY_ON_BAT=power too aggressive (issue#460) ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-sys0 - Use system-users for tss user creation (boo#1162360). ==== virglrenderer ==== - Avoid potential DoS in texture allocation (CVE-2020-8003 boo#1162521) vrend-Don-t-free-resource-struct-in-_resource_alloca.patch - Avoid potential DoS if grid launched without prior Compute Shader (CVE-2020-8002 boo#1162519) vrend-Don-t-try-launching-a-grid-if-no-CS-is-availab.patch - Avoid deleting wrong object, in use by others vrend-Use-the-original-context-to-delete-objects.patch - Avoid potential use after free when deleting context vrend-Don-t-switch-to-ctx0-when-deleting-ctx0.patch ==== xkeyboard-config ==== Subpackages: xkeyboard-config-lang - No longer recommend -lang: supplements are in use.