Packages changed: Mesa (20.1.3 -> 20.1.4) Mesa-drivers (20.1.3 -> 20.1.4) apparmor branding-openSUSE fftw3 ima-evm-utils (1.2.1 -> 1.3) libedit librsvg noto-coloremoji-fonts (20200408 -> 20200722) patterns-base perl-Bootloader (0.929 -> 0.931) python-rpm-macros (20200701.9f5a2f6 -> 20200714.252de1f) python38-core (3.8.3 -> 3.8.4) read-only-root-fs sysconfig (0.85.4 -> 0.85.5) === Details === ==== Mesa ==== Version update (20.1.3 -> 20.1.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.1.4 * fourth bugfix release for the 20.1 branch * just a few fixes here and there, nothing major ==== Mesa-drivers ==== Version update (20.1.3 -> 20.1.4) Subpackages: Mesa-dri Mesa-gallium - update to 20.1.4 * fourth bugfix release for the 20.1 branch * just a few fixes here and there, nothing major ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293) ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE wallpaper-branding-openSUSE - Stop building grub2-branding-openSUSE for Power architectures [boo#1171146] ==== fftw3 ==== - Add gnu compiler support up to gcc9. - Fix typo which caused issus building openmpi HPC flavors (bsc#1174329). - Add support for openmpi4 (provided by Alin Marin Elena). ==== ima-evm-utils ==== Version update (1.2.1 -> 1.3) - Use %autosetup -p1 - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500). - Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed) - Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license ==== libedit ==== - autoreconf already runs libtoolize no need to run twice ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0 - Add _constraints for PowerPC avoid "no space left on device" build error ==== noto-coloremoji-fonts ==== Version update (20200408 -> 20200722) - Update to v2020-07-22-unicode13_0 * Unicode 13.0 update. ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Stop trying to install grub2-branding on ppc64/ppc64le [boo#1171146] ==== perl-Bootloader ==== Version update (0.929 -> 0.931) - merge gh#openSUSE/perl-bootloader#129 - Check tpm.mod in the new grub2 directory (bsc#1174320) - 0.931 - merge gh#openSUSE/perl-bootloader#130 - Throw less warnings about fstab - 0.930 ==== python-rpm-macros ==== Version update (20200701.9f5a2f6 -> 20200714.252de1f) - Update to version 20200714.252de1f: * Add pyunittest and pyunittest_arch macros ==== python38-core ==== Version update (3.8.3 -> 3.8.4) - Minor spec file fixes - Fix minor issues found in the staging. - Update to 3.8.4: - Assignment expressions (PEP-572) - Positional-only parameters (PEP-570) - Parallel filesystem cache for compiled bytecode files (PYTHONPYCACHEPREFIX variable) - Debug build uses the same ABI as release build - f-strings support = for self-documenting expressions and debugging - Python Runtime Audit Hooks (PEP-578) - Python Initialization Configuration (PEP-587) - Vectorcall: a fast calling protocol for CPython (PEP-590) - Pickle protocol 5 with out-of-band data buffers (PEP-574) - Many other smaller bug fixes - Removed OBS_dev-shm.patch: contained in upstream - Removed bpo40784-Fix-sqlite3-deterministic-test.patch: contained in upstream - Changed bpo-31046_ensurepip_honours_prefix.patch: to be compatible with new version - Fix %py3_compile being incorrectly defined - Update pre_checkin.sh and regenerate - Convert few dependencies to their pkgconfig counterparts - Remove release requirement on libpython, it is not really needed to be equal as the abi changes with versions - Add provides python3-bla on all the subpkgs in case we are primary provider of the functionality - Remove unversioned files from devel subpkg too - Remove main python3 files from -base based whether we are primary interpreter or not - Fix idle to be co-installable - Add condition to be primary to provide/obsolete python3-* - Fix doc to build in versioned folder so the pythons can be installed next to each other - Revert the full versioning of calls on the macros. These are generic so they should really just call python3 X - For the doc package we can build with generic flavor, we don't need the our-interpreter based one - Add provides for pytohn3X-typing/etc to allow BR on those still to work when needed - Change macros.python3 to use full versioned 3.8 instead of just 3 for python interpreter ==== read-only-root-fs ==== - Use file requires, add sed ==== sysconfig ==== Version update (0.85.4 -> 0.85.5) Subpackages: sysconfig-netconfig - version 0.85.5 - spec: Fix Requires, use file requires (https://github.com/openSUSE/sysconfig/pull/25) - ntp: call chrony helper in background (bsc#1173391)