Packages changed: apparmor atftp cracklib dnsmasq (2.80 -> 2.81) epiphany (3.36.1 -> 3.36.2) glabels gnome-chess (3.36.0 -> 3.36.1) gstreamer-plugins-bad kcm_tablet less (557 -> 562) libksba (1.3.5 -> 1.4.0) nagios (4.4.5 -> 4.4.6) nano (4.9.2 -> 4.9.3) osinfo-db perl-Mojolicious (8.51 -> 8.52) psqlODBC (12.01.0000 -> 12.02.0000) swig unzip vim vulkan-loader (1.2.137 -> 1.2.141) xen (4.13.0_12 -> 4.13.1_02) zstd (1.4.4 -> 1.4.5) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff ==== atftp ==== - fix logrotate * change command to '/sbin/service atftpd restart' since there is no init script and we are using systemd - fix service file * atftpd does not create logfile when there is none, hence we create in ExecStartPre - Update sysconfig file * add ATFTPD_LOGFILE if we want to use our own logfile * add comment to ATFTPD_BIND_ADDRESSES that it is obsolete since systemd (binds to 0.0.0.0) ==== cracklib ==== Subpackages: libcrack2 libcrack2-32bit - Enable translation-update-upstream on leap, to remove the use of is_opensuse (jsc#SLE-12096). - use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should contain internal binaries, not data ==== dnsmasq ==== Version update (2.80 -> 2.81) - Update to 2.81: * Improve cache behaviour for TCP connections * Remove the NO_FORK compile-time option, and support for uclinux * Fix line-counting when reading /etc/hosts and friends * Fix bug in DNS non-terminal code, added in 2.80, which could sometimes cause a NODATA rather than an NXDOMAIN reply. * Support TCP-fastopen (RFC-7413) on both incoming and outgoing TCP connections, if supported and enabled in the OS. * Improve kernel-capability manipulation code under Linux * Add --shared-network config. This enables allocation of addresses by the DHCP server in subnets where the server (or relay) does not have an interface on the network in that subnet. Many thanks to kamp.de for sponsoring this feature. * Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet validation check got borked in commit 2b38e382 and release 2.80. Thanks to Tomasz Szajner for spotting this. * Fix compilation against nettle version 3.5 and later. * Fix spurious DNSSEC validation failures when the auth section of a reply contains unsigned RRs from a signed zone, with the exception that NSEC and NSEC3 RRs must always be signed. Thanks to Tore Anderson for spotting and diagnosing the bug. * Add --dhcp-ignore-clid. This disables reading of DHCP client identifier option (option 61), so clients are only identified by MAC addresses. * Fix a bug which stopped --dhcp-name-match from working when a hostname is supplied in --dhcp-host. Thanks to James Feeney for spotting this. * Fix bug which caused very rarely caused zero-length DHCPv6 packets. Thanks to Dereck Higgins for spotting this. * Add --tftp-single-port option. * Enhance --conf-dir to load files in a deterministic order * Add filtering by tag of --dhcp-host directives * Remove DSA signature verification from DNSSEC, as specified in RFC 8624 * Add --script-on-renewal option. - Remove Fix-build-with-libnettle-3.5.patch - Remove 0001-fix-build-after-y2038-changes-in-glibc.patch - Remove dnsmasq-CVE-2019-14834.patch ==== epiphany ==== Version update (3.36.1 -> 3.36.2) Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Update to version 3.36.2: + Fix non-default search engines appearing in search provider. + Set reasonable limit on address bar autocompletions. + Invert back/forward shortcuts in keyboard shortcuts dialog in RTL locales. + Fix crash in web app creation dialog. + Fix two windows opened by new window action. + Restore bookmark tag search in URL entry. + Fix bookmark lockdown enabled when current page cannot be bookmarked. + Fix crash loading about:applications. ==== glabels ==== Subpackages: glabels-lang - Add glabels-externs.patch: define shared variables as extern. ==== gnome-chess ==== Version update (3.36.0 -> 3.36.1) Subpackages: gnome-chess-lang - Update to version 3.36.1: + Fix window switching to narrow mode when opening menu. ==== gstreamer-plugins-bad ==== Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add gst-plugins-bad-vkerror.patch: vulkan: Drop use of VK_RESULT_BEGIN_RANGE. ==== kcm_tablet ==== Subpackages: kcm_tablet-lang - Add patch to fix build with Qt 5.15: * 0001-Fix-build-with-Qt-5.15.patch - Spec cleanup ==== less ==== Version update (557 -> 562) - less 562: * Update unicode tables * formatting changes in man pages ==== libksba ==== Version update (1.3.5 -> 1.4.0) - libksba 1.4.0: * Supports ECDSA and EdDSA certificate creation and parsing. * Supports ECDH enveloped data. * Supports ECDSA and EdDSA signed data. * Supports rsaPSS signature verification. * Supports standard file descriptors in ksba_reader_read. * Allows for optional elements in keyinfo objects. * Fixes error detection in the CMS parser. * Fixes memory leak in ksba_cms_identify. * New constants KSBA_VERSION and KSBA_VERSION_NUMBER. * New API to make creation of DER objects easy. * Interface changes relative to the 1.3.5 release: KSBA_VERSION NEW. KSBA_VERSION_NUMBER NEW. KSBA_CT_SPC_IND_DATA_CTX NEW. KSBA_CLASS_* NEW. KSBA_TYPE_* NEW. ksba_der_t NEW. ksba_der_release NEW. ksba_der_builder_new NEW. ksba_der_builder_reset NEW. ksba_der_add_ptr NEW. ksba_der_add_val NEW. ksba_der_add_int NEW. ksba_der_add_oid NEW. ksba_der_add_bts NEW. ksba_der_add_der NEW. ksba_der_add_tag NEW. ksba_der_add_end NEW. ksba_der_builder_get NEW. ==== nagios ==== Version update (4.4.5 -> 4.4.6) Subpackages: nagios-www - 4.4.6 * Fixed Map display in Internet Explorer 11 (#714) * Fixed duplicate properties appearing in statusjson.cgi (#718) * Fixed NERD not building when enabled in ./configure (#723) * Fixed build process when using GCC 10 (#721) * Fixed postauth vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-1408) * When using systemd, configuration will be verified before reloading (#715) * Fixed HARD OK states triggering on the maximum check attempt (#757) ==== nano ==== Version update (4.9.2 -> 4.9.3) Subpackages: nano-lang - GNU nano 4.9.3: * fix a crash when the terminal screen is resized while at a lock-file prompt ==== osinfo-db ==== - bsc#1172008 - osinfo-db: Add support for openSUSE Leap 15.2 add-opensuse-leap-15.2-support.patch ==== perl-Mojolicious ==== Version update (8.51 -> 8.52) - updated to 8.52 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.52 2020-06-01 - Updated project metadata. - Fixed a bug in Mojo::Asset::Memory where the upgrade event could not change the temporary directory. ==== psqlODBC ==== Version update (12.01.0000 -> 12.02.0000) - Update to 12.02.0000: * Add a new *Display Optional Error Message* option. This option allows to display error messages other than primary one. Also add documentaition about the option and * Numeric as* option. * Handle notice messages in libpq_bind_and_exec(). Sets and resets a notify receiver around PQexecParams() or PQexecPrepared(). * Ignore PQtransactionStatus PQTRANS_ACTIVE in LIBPQ_update_transaction_status(). PQTRANS_ACTIVE isn't a transaction status. * Improve execution of parameterized SQL statements with arrays of parameters by sending chunks of SQL statements. If SQL_ATTR_CURSOR_TYPE of an statement is SQL_CURSOR_FORWARD_ONLY, SQL_ATTR_CONCURRENCY is SQL_CONCUR_READ_ONLY and extended protocol isn't used, the batch execution of the statement is possible. A new option Batch Size was introduced for such cases. Batch Size: Split an array (of parameters) into chunks of Batch Size to execute statements. The last chunk may contain less than Batch Size elements. Setting 1 to this option forces the current one by one execution. Also turn off use_server_side_prepare option temporarily when batch executuion is possible. * Change SC_execute() so that it returns a return code which is not affetced by the preceding results. It's necessary for batch execution with arrays of parameters. * Add a new option IgnoreTimeout. * Some tools issue issue SQLSetStmtAttr(.., SQL_ATTR_QUERY_TIMEOUT,,) internally and sometimes it's difficult for users to change the timeout value. You can disable the timeout by turning on this option. * An improvement for psqlodbc developpers. Make it possible to call some shell scripts from other directories. - Update psqlODBC-internal.patch ==== swig ==== - Revert last change, drop 0005-disable_li_std_wstring.patch - ruby-std-wstring-byte-order.patch: fix wstring encoding boo#1171368 ==== unzip ==== Subpackages: unzip-doc - Change unzip-doc to noarch ==== vim ==== Subpackages: gvim vim-data vim-data-common - apparmor.vim: update from latest AppArmor 2.13 branch: - allow alias rules with leading whitespace - allow 'include if exists' rules ==== vulkan-loader ==== Version update (1.2.137 -> 1.2.141) - Update to release 1.2.141 * loader: Preload ICDs to speed up common path ==== xen ==== Version update (4.13.0_12 -> 4.13.1_02) Subpackages: xen-libs xen-tools xen-tools-domU - Update to Xen 4.13.1 bug fix release (bsc#1027519) xen-4.13.1-testing-src.tar.bz2 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch - Drop patches contained in new tarball 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch ==== zstd ==== Version update (1.4.4 -> 1.4.5) Subpackages: libzstd-devel libzstd1 libzstd1-32bit - Update to version 1.4.5 * perf: Improved decompression speed (x64 >+5%, ARM >+15%) * perf: Automatically downsizes ZSTD_DCtx when too large for too * perf: Improved fast compression speed on aarch64 (#2040, ~+3%) * perf: Small level 1 compression speed gains (depending on compiler) * fix: Compression ratio regression on huge files (> 3 GB) using high levels (--ultra) and multithreading * api: ZDICT_finalizeDictionary() is promoted to stable * api: new experimental parameter ZSTD_d_stableOutBuffer * cli: New --patch-from command, create and apply patches from files * cli: --filelist= : Provide a list of files to operate upon from a file * cli: -b can now benchmark multiple files in decompression mode * cli: New --no-content-size command * cli: New --show-default-cparams command * misc: new diagnosis tool, checked_flipped_bits, in contrib/ * misc: Extend largeNbDicts benchmark to compression * misc: experimental edit-distance match finder in contrib/