Packages changed: dbus-1 (1.12.16 -> 1.12.20) dbus-1-x11 (1.12.16 -> 1.12.20) exiv2 (0.27.2 -> 0.27.3) fuse (2.9.8 -> 2.9.9) fuse-overlayfs (1.1.0 -> 1.1.2) irqbalance (1.6.0+git20200317.0348a3b -> 1.7.0) less (562 -> 563) libical (3.0.7 -> 3.0.8) liblrdf (0.5.0 -> 0.6.1) libraw1394 (2.1.1 -> 2.1.2) libressl (3.1.3 -> 3.1.4) libsmbios (2.4.2 -> 2.4.3) libvpx (1.8.2 -> 1.9.0) libyaml (0.2.4 -> 0.2.5) openldap2 osinfo-db (20200529 -> 20200804) rsync (3.2.2 -> 3.2.3) sqlite3 (3.32.3 -> 3.33.0) === Details === ==== dbus-1 ==== Version update (1.12.16 -> 1.12.20) Subpackages: libdbus-1-3 - Update to 1.12.20 * On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) - From 1.12.18 * CVE-2020-12049: If a message contains more file descriptors than can be sent, close those that did get through before reporting error. Previously, a local attacker could cause the system dbus-daemon (or another system service with its own DBusServer) to run out of file descriptors, by repeatedly connecting to the server and sending fds that would get leaked. Thanks to Kevin Backhouse of GitHub Security Lab. (dbus#294, GHSL-2020-057; Simon McVittie) * Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) * The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 (fd.o #48816, dbus!115; Chris Morin) * Fix a wrong environment variable name in dbus-daemon(1) (dbus#275, dbus!122; Mubin, Philip Withnall) * Fix formatting of dbus_message_append_args example (dbus!126, Felipe Franciosi) * Avoid a test failure on Linux when built in a container as uid 0, but without the necessary privileges to increase resource limits (dbus!58, Debian #908092; Simon McVittie) * When building with CMake, cope with libX11 in a non-standard location (dbus!129, Tuomo Rinne) - Run spec-cleaner - Move generation of API docs to a separate package, avoid doxygen dependency for building main package. - Build x11 and devel-doc (API doc) using _multibuild. - Drop no longer required call to autoreconf, remove obsolete BuildRequires for libtool and autoconf-archive. ==== dbus-1-x11 ==== Version update (1.12.16 -> 1.12.20) - Update to 1.12.20 * On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) - From 1.12.18 * CVE-2020-12049: If a message contains more file descriptors than can be sent, close those that did get through before reporting error. Previously, a local attacker could cause the system dbus-daemon (or another system service with its own DBusServer) to run out of file descriptors, by repeatedly connecting to the server and sending fds that would get leaked. Thanks to Kevin Backhouse of GitHub Security Lab. (dbus#294, GHSL-2020-057; Simon McVittie) * Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) * The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 (fd.o #48816, dbus!115; Chris Morin) * Fix a wrong environment variable name in dbus-daemon(1) (dbus#275, dbus!122; Mubin, Philip Withnall) * Fix formatting of dbus_message_append_args example (dbus!126, Felipe Franciosi) * Avoid a test failure on Linux when built in a container as uid 0, but without the necessary privileges to increase resource limits (dbus!58, Debian #908092; Simon McVittie) * When building with CMake, cope with libX11 in a non-standard location (dbus!129, Tuomo Rinne) - Run spec-cleaner - Move generation of API docs to a separate package, avoid doxygen dependency for building main package. - Build x11 and devel-doc (API doc) using _multibuild. - Drop no longer required call to autoreconf, remove obsolete BuildRequires for libtool and autoconf-archive. - Remove left overs from blocking restart on update from May 29th 2019 - Use sysusers.d to create messagebus user ==== exiv2 ==== Version update (0.27.2 -> 0.27.3) - Update to 0.27.3: * Bug and security fixes * UNIX suppport * Support for building with C++11 and C++14 * Revised build and test environments * Revised documentation * Improved charset handling in UserComment * Other improvements ==== fuse ==== Version update (2.9.8 -> 2.9.9) - update to 2.9.9: * Added OpenAFS to whitelist (so users can now mount FUSE filesystems on mountpoints within OpenAFS filesystems). * Added a test of seekdir to test_syscalls. * Fixed readdir bug when non-zero offsets are given to filler and the filesystem client, after reading a whole directory, re-reads it from a non-zero offset e. g. by calling seekdir followed by readdir. ==== fuse-overlayfs ==== Version update (1.1.0 -> 1.1.2) - udpate to 1.1.2 - fix build issues with libmusl. - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. ==== irqbalance ==== Version update (1.6.0+git20200317.0348a3b -> 1.7.0) - update to 1.7.0: * Strlen checking for IRQBALANCE_BANNED_CPU env var * Typo cleanup in SOCKET_TMPFS * consolidation of numa node creation on non-numa systems * fix uninitialized use of package_mask in affinity setup * use num_online_cpus instead of core_count * fix a null ptr crash in do_one_cpu * make list searching common from glib * fix a calloc parameter bug * remove some unused variables * use g_list_free_full * remove redundant call to free_cl_opts * fix some resource leaks in main() * fix some use after free issues in check_for_irq_ban * fix resource leaks in irqballance-ui, and in add_one_node - remove Correct-capitalizing-in-service-file.patch: upstream ==== less ==== Version update (562 -> 563) - update to 563: * Update Unicode tables. * Treat Hangul Jamo medial vowels and final consonants as zero width. * Display error message immediately when -o is toggled and input is not a pipe. * Fix regression: make screen repaint when "squished" and a no-movement command is given. * Fix erroneous EOF calculation when F command is interrupted. * Make WIN32C version include this fix from 551: Don't count lines in initial screen if using -X with -F. * Fix display bug in WIN32C version. * Fix memory corruption when built with libtermcap. * Support libtinfow. ==== libical ==== Version update (3.0.7 -> 3.0.8) - Update to version 3.0.8: * Fix for icalattach_new_from_data() and the 'free_fn' argument. * Fix if recurrencetype contains both COUNT and UNTIL (only output UNTIL in the RRULE). - Replace gcc-c++ with generic c++_compiler BuildRequires. - Use cmake_build macro, forcing single thread building is no longer needed. This breaks support for SLE12SP4, but that one is superseeded by SP5 anyway. ==== liblrdf ==== Version update (0.5.0 -> 0.6.1) - update to 0.6.1: - resolve license and build issues ==== libraw1394 ==== Version update (2.1.1 -> 2.1.2) - update to 2.1.2 - Fix build with some alternative C libraries and with some older build environments. No functional changes. ==== libressl ==== Version update (3.1.3 -> 3.1.4) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.1.4 * TLS 1.3 client improvements: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. ==== libsmbios ==== Version update (2.4.2 -> 2.4.3) - update to 2.4.3 * Fixes for WMI based communications * Fixes for battery controls * Fixes for some segfaults and error handling ==== libvpx ==== Version update (1.8.2 -> 1.9.0) - Update to 1.9.0 This release adds support for NV12, a separate library for rate control, as well as incremental improvements. - Upgrading: NV12 support is added to this release. A new interface is added for VP9 rate control. The new library libvp9rc.a must be linked by applications. Googletest is updated to v1.10.0. simple_encode.cc is compiled into a new library libsimple_encode.a with CONFIG_RATE_CTRL. - Enhancement: Various changes to improve VP9 SVC, rate control, quality and speed to real time encoding. - Bug fixes: Fix key frame update refresh simulcast flexible svc. Fix to disable_16x16part speed feature for real time encoding. Fix some signed integer overflows for VP9 rate control. Fix initialization of delta_q_uv. Fix condition in regulate_q for cyclic refresh. Various fixes to dynamic resizing for VP9 SVC. ==== libyaml ==== Version update (0.2.4 -> 0.2.5) - update to 0.2.5: * Allow question marks in plain scalars in flow collections * Emitter: Don't output trailing space for empty scalar nodes * Emitter: Output space after an alias mapping key * Add -h and --flow (on|off|keep) to run-*-test-suite * Remove unnecessary include and malloc * Add specific files back to .gitignore * Output error position in run-parser-test-suite.c * A couple patches to improve test suite support ==== openldap2 ==== - Drop obsolete, not working DB_CONFIG - Remove init.d header from start script, does not work - Use bash for start script as syntax is not POSIX sh supported - Remove UPDATE_NEEDED section in start script, does never match - Remove remaining rc.status usage in start script ==== osinfo-db ==== Version update (20200529 -> 20200804) - Update database to version 20200804 - Drop patches included in new tarball add-opensuse-leap-15.2-support.patch add-sle15sp2-support.patch ==== rsync ==== Version update (3.2.2 -> 3.2.3) - Updated to version 3.2.3 * Fixes a memory usage regression introduced in 3.2.2 * Too many changes to list, see included NEWS.md file. - acls.diff, time-limit.diff and xattrs.diff are now upstream. - Drop rsync-add_back_use_slp_directive.patch, included in upstream slp.diff - Add BR on c++_compiler needed for SIMD support - Add --enable-simd configure option on x86_64 - Change BR on xxhash-devel to pkgconfig(libxxhash) and depend on xxhash >= 0.8.0 since this is needed for XXH3 - Use xxhash only on suse_version >= 1550 since xxhash 0.8.0 is not available elsewhere. ==== sqlite3 ==== Version update (3.32.3 -> 3.33.0) - SQLite 3.33.0: * Support for UPDATE FROM following the PostgreSQL syntax * Increase the maximum size of database files to 281 TB * Extend the PRAGMA integrity_check statement so that it can optionally be limited to verifying just a single table and its indexes, rather than the entire database file. * Add the decimal extension for doing arbitrary-precision decimal arithmetic * Enhancements to the ieee754 extension for working with IEEE 754 binary64 numbers * cli: Add four new output modes: "box", "json", "markdown", and "table" * cli: The "column" output mode automatically expands columns to contain the longest output row and automatically turns ".header" on if it has not been previously set * cli: The "quote" output mode honors ".separator" * cli: The decimal extension and the ieee754 extension are built-in to the CLI * multiple query planner improvements