Packages changed: ImageMagick (7.0.8.66 -> 7.0.8.68) MozillaFirefox (69.0.1 -> 69.0.2) MozillaThunderbird (68.1.0 -> 68.1.1) apparmor bash binutils branding-openSUSE (84.87.20180403 -> 84.87.20191004) diffutils dracut (049+git112.fe41ccd9 -> 049+git114.058e566c) drbd (9.0.19~1+git.8e93a5d9 -> 9.0.20~1+git.7dce3c8b) enchant-1 fwupd (1.2.10 -> 1.3.1) gcab (1.2 -> 1.3) gstreamer (1.16.0 -> 1.16.1) gstreamer-editing-services (1.16.0 -> 1.16.1) gstreamer-plugins-bad (1.16.0 -> 1.16.1) gstreamer-plugins-base (1.16.0 -> 1.16.1) gstreamer-plugins-good (1.16.0 -> 1.16.1) gstreamer-plugins-libav (1.16.0 -> 1.16.1) gstreamer-plugins-ugly (1.16.0 -> 1.16.1) gstreamer-rtsp-server (1.16.0 -> 1.16.1) gstreamer-validate (1.16.0 -> 1.16.1) latex2html libical libopenmpt (0.4.6 -> 0.4.9) libpcap (1.9.0 -> 1.9.1) libyui-ncurses (2.52.1 -> 2.53.0) linux-glibc-devel (5.2 -> 5.3) multipath-tools (0.8.2+27+suse.3ff280b -> 0.8.3+9+suse.f6f2a52) ncurses net-tools nodejs12 (12.10.0 -> 12.11.1) openafs (1.8.4~pre2 -> 1.8.4) opensuse-welcome (0.1.6 -> 0.1.7.1) osinfo-db (20190905 -> 20190920) perl-Sub-Name (0.21 -> 0.26) perl-XML-Parser (2.44 -> 2.46) permissions phonon4qt5 (4.11.0 -> 4.11.1) polkit poppler poppler-qt5 pulseaudio python-gst (1.16.0 -> 1.16.1) python-numpy (1.17.1 -> 1.17.2) python-packaging (19.1 -> 19.2) python-qt5 ruby-common schily screen (4.6.2 -> 4.7.0) simple-scan (3.32.2.1 -> 3.34.1) spice-gtk subversion tcpdump (4.9.2 -> 4.9.3) tcsh virtualbox === Details === ==== ImageMagick ==== Version update (7.0.8.66 -> 7.0.8.68) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick - version update to 7.0.8.68 * Support animated WebP encoding/decoding (reference https://github.com/ImageMagick/ImageMagick/pull/1708). * Text stroke cut off (reference https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=36829). * Adds support for lossless JPEG1 recompression (reference https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=36828). * line endings renedered as empty boxes (reference https://github.com/ImageMagick/ImageMagick/issues/1704). ==== MozillaFirefox ==== Version update (69.0.1 -> 69.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 69.0.2 * Fixed a crash when editing files on Office 365 websites (bmo#1579858) * Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bmo#1582222) - updated supported locale list - Allow to build without profile guided optimizations (boo#1040589) (contributed by Bernhard Wiedemann) - Make build verbose (contributed by Martin Li?ka) - remove obsolete kde.js setting (boo#1151186) and related patch firefox-add-kde.js-in-order-to-survive-PGO-build.patch - update create-tar.sh to latest revision and adjusted tar_stamps - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO) - extension preferences moved from branding package to core package (packaging but not branding specific) ==== MozillaThunderbird ==== Version update (68.1.0 -> 68.1.1) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 68.1.1 Bugfixes * Issues with attachments in IMAP messages * Gmail accounts ignored a non-standard trash folder selection * Entering/pasting lists of recipients into the addressing widget or mailing list not working reliably, especially when lists contained multiple commas or semicolons * Edit mailing list not working * Various theme fixes, especially dark theme improvements for Calendar * Contrast between tag label and background not optimal * Account Central pane always loaded at start-up * "Config Editor" button not removed if blocked by policy * Calendar: Free/busy information in attendees dialog not scrolled correctly. Note: Scroll arrows still not behaving correctly MFSA 2019-32 * CVE-2019-11755 (bmo#1240290, boo#1152375) Spoofing a message author via a crafted S/MIME message - require nodejs8 instead of generic nodejs for better cross-distribution support - call desktop database update on install - updated translations-other locale list - build correct ICU for Big Endian - remove kde.js since disabling instantApply breaks extensions and is obsolete with the move to HTML views for preferences (boo#1151186) - update create-tar.sh to latest revision and adjust tar_stamps - added platform patches from Firefox 68esr mozilla-bmo1005535.patch mozilla-bmo1463035.patch mozilla-bmo1504834-part1.patch mozilla-bmo1504834-part2.patch mozilla-bmo1504834-part3.patch mozilla-bmo1511604.patch mozilla-bmo1554971.patch mozilla-bmo1573381.patch mozilla-cubeb-noreturn.patch mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch mozilla-fix-aarch64-libopus.patch mozilla-fix-top-level-asm.patch mozilla-nestegg-big-endian.patch mozilla-ntlm-full-path.patch mozilla-openaes-decl.patch mozilla-ppc-altivec_static_inline.patch mozilla-reduce-rust-debuginfo.patch mozilla-s390-bigendian.patch mozilla-s390-context.patch mozilla-bmo1512162.patch thunderbird-broken-locales-build.patch - removed renamed patches fix-missing-return-warning.patch fix-top-level-asm-issue.patch thunderbird-locale-build.patch - repack the lightning xpi with all available locales (boo#939153) (lp#545778) - Add fix-top-level-asm-issue.patch in order to fix LTO build. - Enable LTO on TW on x86_64. - Use GCC. - added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218) ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162) ==== bash ==== Subpackages: bash-doc bash-lang - Do not recommend lang package. The lang package already has a supplements. ==== binutils ==== Subpackages: binutils-devel - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses. [bsc#1152590] ==== branding-openSUSE ==== Version update (84.87.20180403 -> 84.87.20191004) Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE systemd-icon-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Remove symlinks for grub2 - Update requirements for distribution-logos - Removed fix-parallel-build.patch - was applied upstream - Removed xfce4-splash-branding - Splash was dropped in Xfce 4.14 ==== diffutils ==== Subpackages: diffutils-lang - Do not recommend lang package. The lang package already has a supplements. ==== dracut ==== Version update (049+git112.fe41ccd9 -> 049+git114.058e566c) - Update to version 049+git114.058e566c: * 35network-legacy: only skip waiting for interfaces if netroot is set (bsc#1152006) * fixup "Dracut: only login to one target at a time" (bsc#1152650) ==== drbd ==== Version update (9.0.19~1+git.8e93a5d9 -> 9.0.20~1+git.7dce3c8b) Subpackages: drbd-kmp-default - Update to drbd-9.0.20-1 * fix a case of false split brain detection if a diskless node promotes multiple times, by aligning the rules for generating a new current-UUID on a diskless nodes with them on a node with disk * check if we still have quorum by exchanging a drbd-ping with peers before creating new current UUID after loosing one peer * fix after weak handling to not interfere with reconciliation resyncs * retry connect when one of the relevant flags changes during UUID exchange * fix reconciliation resync if one of the secondary got an current-UUID update * fix resync to make progress after it was paused by an other resync operation * fix false split-brains when a resync source changes current-UUID during resync operation * fix restore of D_OUTDATED when the resource first only attached and then the peer objects are created (in contrast to the usual, new-peer, attach, connect) * abort creating new current-UUID when writing to meta-data fails in the moment where the new-current-UUID should be written * removed DRBD marking itself as read-only when secondary; this flag was exposed using the BLKROGET ioctl; that should be left to user-land use; recent KVM checks that flag, and does not dare auto-promote when set by DRBD * fix a small memory-leak when creating peer devices * fix a possible information leak of kernel memory that pads net-link packets * completing implications of "allow-remote-read=no"; i.e. when not to create a new-current-UUID as read-write access to the data set was lost; also fail both reads and writes if reads are no longer possible * new option value "rr-conflict=retry-connect"; that helps in scenarios with quorum where stopping a service takes longer than a temporarily network outage and DRBD's reconnect * code cleanups, introduced enums for remaining magic numbers * new kernel-backward-compatibility framework based on spatch/coccinelle, replacing an unmaintainable moloch of C preprocessor hell; Merged the complete kernel-compat submodule * ships with pre-computed compat-patches for main distros' kernels; in case an other kernel is found it tries to use local spatch, if that is not installed the build process tries to use a LINBIT hosted web service to create the compat patch ("spatch-as-a-service"). * compat with up to Linux-5.3-rc2 - Modify patch suse-coccinelle.patch to adopt spaas ==== enchant-1 ==== Subpackages: enchant-1-backends libenchant1 - Make enchant-1-backend-voikko require enchant-1-backends (boo#1141993). ==== fwupd ==== Version update (1.2.10 -> 1.3.1) Subpackages: fwupd-lang libfwupd2 - Update to version 1.3.1: * Allow disabling all plugins * trivial: Specify the tpm2-tss-devel version in the example spec file * Move to CI Fedora 30 * modem-manager: Fix two build warnings on Fedora 30 * synapticsmst: Add another name quirk for the ThinkPad USB-C Dock * Re-introduce GUID support to fwupdmgr and fwupdtool * uefi-recovery: Add a plugin to add a fake ESRT entry for device recovery * Add a DMI quirk for the Minnowboard Turbot * trivial: Make it easy to disable or enable libflashrom for distros * trivial: Don't use Recommends for RHEL 7 * unifying: fix timeout metadata * ci: arch: minor improvements * unifying: fix timeout * Allow disabling SSL strict mode for broken corporate proxies * trivial: Allow ignoring the daemon version check by using --force * Try to only show DMI product name once * trivial: fu-util-common: Show unknown devices as interesting devices * dell: Use TSS to query and build TPM vendor strings for GUIDs * trivial: dell: show reasons for lack of updates in `UpdateError` * fu-util-common: strip all trailing whitespace in XML description * trivial: fu-common: match all whitespace not just ' ' in `fu_common_strstrip` * fu-util: show release output in get-details again * unifying: use fu_firmware_strparse_uint16 to read be 16bit values * unifying: fix incomplete hex file parsing * fu-util/fu-tool: Print devices, remotes, releases using a tree * Add aliases for `get-upgrades` and `upgrade` * trivial: UEFI skip self tests if library fails to initialize * libfwupd: Add a new private function `fwupd_remote_set_remotes_dir` * trivial: add libtss2-dev into debian/control (Closes: #1324) * trivial: Fix up the GtkDoc Since lines for API only available in 1.3.x * trivial: Post branch version bump * thunderbolt: Add support for kernel safety checks (Fixes: #1312) * Include the kernel release as a runtime version * trivial: fu-util: Drop GUID support from get-devices * synapticsmst: Partially rewrite the plugin (Fixes #1105) * Remove replug flag after the device comes back from reboot * trivial: Fix running the tests on devices with the TPM in v1.2 mode * trivial: fu-util-common: more cleanup related to topology * trivial: fu-util: cleanup fwupdmgr get-details output * trivial: Don't use topology printing in --verbose mode * Make get-devices and get-topology aliases for one another * trivial: Adjust daemon device sorting * Make get-topology more useful by showing all information * trivial: Fix fu_common_string_append_kv() to align properly with idx > 0 * trivial: dell-dock: correct an error preventing write_size from being set * trivial: Do not warn about deprecated declarations * trivial: Update BRs for the example Fedora package * uefi: add test for TPM 2.0 PCR read function * uefi: use tpm2-tss library to read PCR values * fu-common: Use environment variables for systemd managed directories * Use more systemd directives for directories * trivial: fu-util: fix debug output for devices * Allow turning off the timestamp prefix for debugging * Add a ->udev_device_changed plugin vfunc * Add fu_device_rescan() and a FuDevice->rescan() vfunc * Remove the duplicate files in meson.build * Hash the source files when generating the daemon hash * Split up source files in the build script * uefi: add support for tpm2-tools 4.X * trivial: plugins: clarify stance on afuefi.efi * trivial: plugins/: Update README * trivial: disable gtkdoc by default * trivial: update references of hughsie/fwupd to fwupd/fwupd * Publish docs to fwupd.github.io using CircelCI * Add support to integrate into the motd (Fixes: #1270) * Simplify get-devices output to not show un-useful fields * fu-engine/fu-config: Reload metadata store when configuration changes * trivial: If no devices support updates, show messaging (Closes: #1295) * trivial: uefi: set vendor name for system firwmare from DMI data * unifying: update Solaar url * thunderbolt: Fix logic to work properly with ICL thunderbolt controller * Add fu_udev_device_get_device_file() helper * trivial: Fix regression when using fu_device_incorporate() * trivial: Fix a potential crash when using FuPlugin in the self tests * synapticsmst: Make FuSynapticsmstConnection an actual GObject * synapticsmst: Use the same style as other plugins * trivial: Add some helper functions for GByteArray * Do not use FuDevice metadata for the physical and logical IDs * Use fu_common_string_append_kv() in subclassed device * synapticsmst: Use G_DECLARE_FINAL_TYPE to simplify the object * synapticsmst: Add a SynapticsMSTBoardID for another Lenovo dock * trivial: remove unnecessary CUSTOMERID_DELL define * synapticsmst: Add a SynapticsMSTBoardID for a Lenovo dock * synapticsmst: Display the board ID in non-hex form in the error message * synapticsmst: Use a more suitable icon for the device * trivial: Remove unused variable * Never use memcpy() in a possibly unsafe way * Add a ->to_string() vfunc to FuFirmware * Use FuFirmware as a container for firmware images * Allow filtering devices when using the command line tools * Be more accepting when trying to recover a failed database migration * trivial: Add translation for X-ThunderboltController * trivial: fixup standalone installer * modem-manager: add counterpart GUID for the DW5821e * solokey: Release the interface and rebind the kernel driver on close * fu-tool: Port ability to update a single device from fwupdmgr * uefi: Actually write the new device path if different than before * Allow setting custom flags when using fwupdate * trivial: Do not show a critical warning if no firmware is specified * trivial: Fix overzealous search-replace action in user string * Verify we don't break the ABI * Fix a crash when stopping the fwupd service * Relax the certificate time checks in the self tests for the legacy certificate * trivial: add cache directory into systemd unit rw paths * Never show AppStream markup on the console * Do not segfault when trying to quit the downgrade selection * trivial: Update icons for Thunderbolt and MST devices * Add support for the SoloKey Secure * trivial: Allow a device to *clear* a firmware version * trivial: debian: For signed package fill out Built-Using (Closes: #932757) * Allow specifying GUID to check any version exists * trivial: post release version bump * Release fwupd 1.2.10 * Disable the flashrom plugin by default * trivial: thunderbolt: catch failure setting up device * dell-esrt: Improve the experience for the plugin (Closes: #1245) * fu-util: When unlocking prompt for reboot if applicable * remove those PIDs with Bluetooth interface, Wacom updater doesn't support updating from Bluetooth interface * flashrom: Only show DEBUG and DEBUG2 output if using --plugin-verbose=flashrom * flashrom: Only call flashrom_programmer_init() on whitelisted boards * flashrom: Fix no version format set * fu-util: Show devices with an UpdateError in get-devices output * trivial: uefi: use UEFI-dummy for device ID instead of just uefi * trivial: fix error handling for non UEFI case (#1220) * Add a specific error code for the low battery case * Fix Fedora docker build missing directory: dist * uefi: Determine whether running in legacy mode or not (Fixes: #1220) * trivial: ci: debian: Only turn on flashrom when running CI * trivial: Fix typos in error messages * Allow client code to construct objects from GVariant blobs * Export functionality to build an array of objects * flashrom: Use libflashrom * trivial: Fix the version script to pick up boxed types * trivial: Correctly order the map entries according to vercmp rules * trivial: Fix pylint issue in the version script * Add meson target to fix translations * Add support for 8bitdo USB Retro Receiver * Use the newer features of GRWLock rather than reinventing it * Revert "Allow SuperIO updates to be done live" * uefi: Try to find a duplicate using the loadopt name * uefi: Provide a quirk to disable the use of the UX capsule * trivial: uefi: use the path for efibootmgr that was detected * synaptics-prometheus: Fix installing CONFIG firmware updates * synaptics-prometheus: Set the install duration from a quirk * synaptics-prometheus: Don't emit critial warning when updating config firmware * synaptics-prometheus: Fix missing field in the IOTA reply struct * Create SECURITY.md * redfish: Never set NULL device name * modem-manager: Never set NULL device name * ata: Never set NULL device name * trivial: Add some parameter guards to FuDevice * trivial: snap: make polkit directories if they don't exist (Fixes: #1205) * trivial: fu-main: clarify missing PK file error * synapticsmst: fix GUID generation (Closes: #1207) * Lite Mk II flag for use-shim-unique * trivial: circleci: try to fix automatic snap deployment * Allow SuperIO updates to be done live * fu-util-common: Support empty proxy strings (Fixes: #1199) * trivial: uefi: clarify error message * trivial: Fix non-systemd build * trivial: Sync example spec file with downstream * trivial: post release version bump - Drop fwupd-bsc1143905-hash-the-source-files.patch: Applied upstream. - Add pkgconfig(tss2-esys) BuildRequires: New dependency. - Add gtk-doc BuildRequires and pass gtkdoc=true to meson, build api docs even when using source service. ==== gcab ==== Version update (1.2 -> 1.3) Subpackages: gcab-lang libgcab-1_0-0 - Update to version 1.3: + New Features: Installed test support. + Bugfixes: - Fix file corruption on LZX extract. - build-sys fixes. + Updated translations. ==== gstreamer ==== Version update (1.16.0 -> 1.16.1) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.16.1: + GStreamer-vaapi: fix green frames and decoding artefacts in some cases. + OpenGL: fix wayland event source burning CPU in certain circumstances. + Memory leak fixes and memory footprint improvements. + Performance improvements. + Stability and security fixes. + Fix enum for GST_MESSAGE_DEVICE_CHANGED which is technically an API break, but this is only used internally in GStreamer and duplicated another message enum. + hls: Make crypto dependency optional when hls-crypto is auto. + player: fix switching back and forth between forward and reverse playback. + decklinkaudiosink: Drop late buffers. + openh264enc: Fix compilation with openh264 v2.0. + wasapisrc: fix segtotal value being always 2. ==== gstreamer-editing-services ==== Version update (1.16.0 -> 1.16.1) Subpackages: libges-1_0-0 typelib-1_0-GES-1_0 - Update to version 1.16.1: + See main gstreamer package for changelog. ==== gstreamer-plugins-bad ==== Version update (1.16.0 -> 1.16.1) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Update to version 1.16.1: + See main gstreamer package for changelog. - Drop upstream fixed patches: + fix-Werror=return-type.patch. + gst-bad-Fix-compilation-with-openh264-v2.0.patch. + gst-plugins-bad-do-not-retry-downloads-during-shutdown.patch. - Following the above, drop libtool BuildRequires and autoreconf call, no longer needed. ==== gstreamer-plugins-base ==== Version update (1.16.0 -> 1.16.1) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.16.1: + See main gstreamer package for changelog. - Drop upstream fixed patches: + gst-plugins-base-doc-build-fix.patch. + gstreamer-plugins-base-arm-neon-configuration.patch. ==== gstreamer-plugins-good ==== Version update (1.16.0 -> 1.16.1) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml - Update to version 1.16.1: + See main gstreamer package for changelog. - Drop gstreamer-plugins-good-fix-glibc-incompat.patch: Fixed upstream. ==== gstreamer-plugins-libav ==== Version update (1.16.0 -> 1.16.1) - Update to version 1.16.1: + See main gstreamer package for changelog. ==== gstreamer-plugins-ugly ==== Version update (1.16.0 -> 1.16.1) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.16.1: + See main gstreamer package for changelog. ==== gstreamer-rtsp-server ==== Version update (1.16.0 -> 1.16.1) - Update to version 1.16.1: + See main gstreamer package for changelog. ==== gstreamer-validate ==== Version update (1.16.0 -> 1.16.1) Subpackages: libgstvalidate-1_0-0 typelib-1_0-GstValidate-1_0 - Update to version 1.16.1: + See main gstreamer package for changelog. ==== latex2html ==== - texlive-preview was mistakenly added as build dependency, it should have been runtime dependency [bsc#1150208] - Drop log files to make package build reproducible (boo#1047218) ==== libical ==== - Use proper grammar in description. - Build glib and gobject-introspection bindings separately in order to avoid build cycle. - Move gobject-introspection bindings into their own packages. - Move libical gir into libical-glib-devel. - Enable libical-glib, required by evolution-data-server 3.33+ - Add rpmlintrc to filter typelib warnings ==== libopenmpt ==== Version update (0.4.6 -> 0.4.9) Subpackages: libmodplug1 libopenmpt0 - Update to version 0.4.9 bsc#1153102 CVE-2019-17113 * [Sec] libmodplug: C API: Limit the length of strings copied to the output buffer of ModPlug_InstrumentName() and ModPlug_SampleName() to 32 bytes (including terminating null) as is done by original libmodplug. This avoids potential buffer overflows in software relying on this limit instead of querying the required buffer size beforehand. libopenmpt can return strings longer than 32 bytes here beacuse the internal limit of 32 bytes applies to strings encoded in arbitrary character encodings but the API returns them converted to UTF-8, which can be longer. (reported by Antonio Morales Maldonado of Semmle Security Research Team) (r12129) * [Sec] libmodplug: C++ API: Do not return 0 in CSoundFile::GetSampleName() and CSoundFile::GetInstrumentName() when a null output pointer is provided. This behaviour differed from libmodplug and made it impossible to determine the required buffer size. (r12130) - Update to version 0.4.8: * [Sec] Possible crash due to out-of-bounds read when playing an OPL note with active filter in S3M or MPTM files (r12118). - Update to version 0.4.7: * J2B: Ignore notes with non-existing instrument (fixes Ending.j2b) ==== libpcap ==== Version update (1.9.0 -> 1.9.1) - Update to 1.9.1 * Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165 * Fixes for CVE-2018-16301, errors in pcapng reading. * Mention pcap_get_required_select_timeout() in the main pcap man page * Fix pcap-usb-linux.c build on systems with musl * Fix assorted man page and other documentation issues * Plug assorted memory leaks * Documentation changes to use https: * Changes to how time stamp calculations are done * Lots of tweaks to make newer compilers happier and warning-free and to fix instances of C undefined behavior * Warn if AC_PROG_CC_C99 can't enable C99 support * Rename pcap_set_protocol() to pcap_set_protocol_linux(). * Align pcap_t private data on an 8-byte boundary. * Fix various error messages * Use 64-bit clean API in dag_findalldevs() * Fix cleaning up after some errors * Work around some ethtool ioctl bugs in newer Linux kernels * Add backwards compatibility sections to some man pages * Fix autotool configuration on AIX and macOS * Don't export bpf_filter_with_aux_data() or struct bpf_aux_data; they're internal-only and subject to change * Fix pcapng block size checking * Fix reading of capture statistics for Linux USB * Fix packet size values for Linux USB packets * Check only VID in VLAN test in filterss * Fix pcap_list_datalinks on 802.11 devices on macOS * Fix overflows with very large snapshot length in pcap file * Improve parsing of rpcapd configuration file * Handle systems without strlcpy() or strlcat() better * Fix crashes and other errors with invalid filter expressions * Fix use of uninitialized file descriptor in remote capture * Fix some CMake issues * Fix some divide-by-zero issues with the filter compiler * Work around a GNU libc bug in pcap_nametonetaddr() * Add support for DLT_LINUX_SLL2 * Fix handling of the packet-count argument for Myricom SNF devices * Fix --disable-rdma in configure script * Fix compilation of TurboCap support * Constify first argument to pcap_findalldevs_ex() * Fix a number of issues when running rpcapd as an inetd-style daemon * Fix CMake issues with D-Bus libraries * In rpcapd, clean up termination of a capture session * Redo remote capture protocol negotiation * In rpcapd, report the same error for "invalid user name" and "invalid password", to make brute-forcing harder * For remote captures, add an error code for "the server requires TLS" * Fix building as part of Npcap * Allow rpcapd to rebind more rapidly * Fix building shared libpcap library on midipix (midipix.org) * Fix hack to detect UTF-16LE adapter names on Windows not to go past the end of the string * Have pcap_dump_open_append() create the dump file if it doesn't exists * Fix the maxmum snapshot length for DLT_USBPCAP * Use -fPIC when building for 64-bit SPARC on Linux * Fix CMake 64-bit library installation directory on some Linux distributions * Boost the TPACKET_V3 timeout to the maximum if a timeout of 0 was specified * PCAPNG reader applies some sanity checks before doing malloc(). - Drop patch fixed upstream: * Check-only-VID-in-VLAN-test-issue-461.patch - Rebase patch: * libpcap-1.0.0-ppp.patch ==== libyui-ncurses ==== Version update (2.52.1 -> 2.53.0) - Implemented ItemSelector widget (bsc#1084674) - 2.53.0 ==== linux-glibc-devel ==== Version update (5.2 -> 5.3) - Update to kernel headers 5.3 - Make it arch dependent due to difference in installed headers ==== multipath-tools ==== Version update (0.8.2+27+suse.3ff280b -> 0.8.3+9+suse.f6f2a52) Subpackages: kpartx libmpath0 - Update to version 0.8.3+9+suse.f6f2a52 - Minor upstream improvements and bug fixes * libmultipath: EMC PowerMax NVMe device config ==== ncurses ==== Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen - Add ncurses patch 20190928 + amend the ncurse*-config and pc-files to take into account the rpath hack which differed between those files. + improve -L option filtering in ncurses*-config + improve recovery from error when reading command-character in test/ncurses.c, showing the relevant error message and not exiting on EINTR (cf: 20180922) - Add library path for pkgconfig of ncurses5 as well - Add ncurses patch 20190921 + add a note in resizeterm manpage about top-level windows which touch the screen's borders. + modify configure-checks for gnat to identify each of the tools path and version. - Add ncurses patch 20190914 + build-fixes for Ada95 configure-script and corresponding test package ==== net-tools ==== Subpackages: net-tools-lang - Do not recommend lang package. The lang package already has a supplements. ==== nodejs12 ==== Version update (12.10.0 -> 12.11.1) Subpackages: nodejs12-devel npm12 - Update to 12.11.1: * build: fixed building * deps: Updated small-icu data to support "unit" style in the Intl.NumberFormat API - Update to 12.11.0: * crypto: Add oaepLabel option * deps: updated V8 to 7.7.299.11 + More efficient memory handling + Stack trace serialization got faster + The Intl.NumberFormat - API gained new functionality + more information: https://v8.dev/blog/v8-release-77 * events: Add support for EventTarget in once * fs: Expose memory file mapping flag UV_FS_O_FILEMAP * inspector: New API - Session.connectToMainThread * process: Initial SourceMap support via env.NODE_V8_COVERAGE * stream: Make _write() optional when _writev() is implemented * tls: Add option to override signature algorithms * util: Add encodeInto to TextEncoder * worker: The worker_thread module is now stable - versioned.patch: refreshed - Fix build with OpenSSL 1.1.1d (bsc#1149792) * https://github.com/nodejs/node/pull/29550 * add fix_build_with_openssl_1.1.1d.patch ==== openafs ==== Version update (1.8.4~pre2 -> 1.8.4) Subpackages: openafs-client openafs-kmp-default - update to official version 1.8.4 - support Linux-kernel 5.3 - Avoid non-dir ENOENT errors in afs_lookup - fix parsing of fileservers with -vlruthresh, etc. - other bugfixes ==== opensuse-welcome ==== Version update (0.1.6 -> 0.1.7.1) Subpackages: opensuse-welcome-lang - Update to 0.1.7.1 - Way more translations have been added. - The available translations are now: * Catalan * Chinese (China) * Czech * Dutch * French * German * Italian [45.1%] * Japanese * Polish * Portuguese (Brazil) * Russian [51.2%] - Spanish ==== osinfo-db ==== Version update (20190905 -> 20190920) - Update database to version 20190920 osinfo-db-20190920.tar.xz ==== perl-Sub-Name ==== Version update (0.21 -> 0.26) - updated to 0.26 see /usr/share/doc/packages/perl-Sub-Name/Changes 0.26 2019-10-05 22:23:12Z - no changes since 0.25 0.25 2018-04-21 14:38:45Z (TRIAL RELEASE) - fix "Undefined symbol "DPPP_my_croak_xs_usage"" error on some perls (RT#125158) 0.24 2018-04-21 08:15:30Z (TRIAL RELEASE) - small internal changes to bring implementation in line with changes to Sub::Util (Graham Knop) 0.23 2016-10-23 04:33:37Z (TRIAL RELEASE) - test for renaming lexical subs, which should work on perl 5.22+. (PR#10, Graham Knop) 0.22 2016-10-17 01:41:42Z (TRIAL RELEASE) - %DB::sub is now populated correctly for sub names with wide characters or nulls. (PR#9: Graham Knop, Leon Timmermans, Reini Urban) - better perl 5.6 compatibility by lowering prereqs of core modules ==== perl-XML-Parser ==== Version update (2.44 -> 2.46) - Fix syntax for patch in cpanspec.yml - updated to 2.46 see /usr/share/doc/packages/perl-XML-Parser/Changes ==== permissions ==== Subpackages: chkstat permissions-config permissions-doc - Add || exit 0 on the scriptlet as it can actually fail in rootless containers with podman. This makes sure the zypper does not abort the container creation. * the actual error looks like: /dev/zero: chown: Operation not permitted ==== phonon4qt5 ==== Version update (4.11.0 -> 4.11.1) Subpackages: libphonon4qt5 phonon4qt5-lang phononsettings phononsettings-lang - Update to 4.11.1: * ECMGeneratePriFile now correctly uses KDE_USE_QT_SYS_PATHS * Include directory in the pri file is now using the correct path - Drop 0001-Remove-phonon-from-the-include-directory.patch, merged upstream - Use %lang_package macro and provide phonon4qt5 to fulfill its dependencies ==== polkit ==== Subpackages: libpolkit0 typelib-1_0-Polkit-1_0 - polkit-keyinit.patch: add pam_keyinit to the polkit configuration (bsc#1144053) ==== poppler ==== Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler91 poppler-tools - Avoid unconditional dependency on boost_headers when using the (private) splash headers. Depending on the used classes (e.g. SplashXPathScanner), the boost headers may still be needed, add + 0001-Include-SplashMath.h-only-where-needed.patch + 0002-Move-the-non-trivial-part-of-the-clip-test-to-the-im.patch - Define %cmake_build for Leap 15.0. ==== poppler-qt5 ==== - Avoid unconditional dependency on boost_headers when using the (private) splash headers. Depending on the used classes (e.g. SplashXPathScanner), the boost headers may still be needed, add + 0001-Include-SplashMath.h-only-where-needed.patch + 0002-Move-the-non-trivial-part-of-the-clip-test-to-the-im.patch - Define %cmake_build for Leap 15.0. ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion - Update pulseaudio-gdm-hooks.tmpfiles to use the same ownership and permissions as in specfile for pulseaudio files. - Update default.pa-for-gdm to not load bluetooth support in pulseaudio gdm instance. This ensure headset are not stolen by gdm instance instead of user instance. Idea from ArchLinux. - Update pulseaudio-old-systemd-workaround.patch to disable LockPersonality also on Leap 15.x. - Pass --disable-running-from-build-tree to configure for improving build reproducibility. - Add pulseaudio-rpmlintrc: Filter out false positive warnings about hidden files in pulseaudio-gdm-hooks. ==== python-gst ==== Version update (1.16.0 -> 1.16.1) - Update to version 1.16.1: + See main gstreamer package for changelog. ==== python-numpy ==== Version update (1.17.1 -> 1.17.2) - Force cythonization to ensure build under different versions of python - disable tests TestF77ReturnCharacter and TestF90ReturnCharacter for s390x https://github.com/numpy/numpy/issues/11831 to make the package build. * s390x.patch - Update to 1.17.2: * #14418: BUG: Fix aradixsort indirect indexing. * #14420: DOC: Fix a minor typo in dispatch documentation. * #14421: BUG: test, fix regression in converting to ctypes * #14430: BUG: Do not show Override module in private error classes. * #14432: BUG: Fixed maximum relative error reporting in assert_allclose. * #14433: BUG: Fix uint-overflow if padding with linear_ramp and negative... * #14436: BUG: Update 1.17.x with 1.18.0-dev pocketfft.py. - Add dep on pytest-xdist and use threaded tests execution shaving around 400s on local build ==== python-packaging ==== Version update (19.1 -> 19.2) Subpackages: python2-packaging python3-packaging - Update to 19.2: * Many buildsystem tweaks to accomodate for distribution shipping - Remove all the merged patches: * 0001-Fix-test-failures-test_linux_platforms_manylinux-for.patch * 0002-Fix-check-for-64-bit-OS.patch * 0003-Add-additional-test-to-get-100-branch-coverage.patch * 0004-Fix-test_macos_version_detection-failure-on-32-bit-L.patch * 0005-Drop-dependency-on-attrs.patch ==== python-qt5 ==== Subpackages: python-qt5-utils python3-qt5 - Add _constraints file for ppc64/ppc64le to avoid build failure on power8-06 that ran out of disk space ==== ruby-common ==== - fix build for SLE 12 / Leap 42 * add define _rpmmacrodir /etc/rpm ==== schily ==== Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind3_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star - Update to release 2019.10.07 * Fixed infinite recursion of following symlinks in libschily/resolvepath.c. * smake: The error message for failed shell commands has been modified to "Code %d (%s) from command line..." in order to cause less confusion with the text printed by smake. * bosh: introduced shared memory to be able to forward the special exit cause (NOTFOUND or NOEXEC) to the parent even in case it used fork() instead of vfork(). * bosh: Added support for a new automatic parameter "$/" to complement the existing parameter "$?". * star: The option -no-secure-links now may be configured as a global default via the tag STAR_SECURE_LINKS= in the file /etc/default/star and as a private default via an environment of the same name. ==== screen ==== Version update (4.6.2 -> 4.7.0) - GNU Screen 4.7.0: * Adds support for SGR (1006) mouse mode * Adds support for OSC 11 * Updates Unicode ambiguous and wide tables to 12.1.0 * Fix: cross-compilation support (bug #43223) * Fix: a lot of manpage fixes and cleanups ==== simple-scan ==== Version update (3.32.2.1 -> 3.34.1) Subpackages: simple-scan-lang - Update to version 3.34.1: + libwepmix: Fix use of possibly unassigned local variable 'data'. + Updated translations. - Drop simple-scan-Fix-use-unassigned-local-variable.patch: Fixed upstream. - Add simple-scan-Fix-use-unassigned-local-variable.patch: libwepmix: Fix use of possibly unassigned local variable 'data'. - Update to version 3.34.0: + Updated translations. - Update to version 3.33.92: + Updated translations. - Changes from version 3.33.91: + Updated translations. - Changes from version 3.33.90: + Change (user visible) name to "Document Scanner". + Updated icon. - Changes from version 3.33.4: + Reinstate shortcut keys that stopped working in 3.32. + Fix page delay preferences not working correctly. - Changes from version 3.33.3: + Updated translations. - Changes from version 3.33.2: + Make icon landscape. - Changes from version 3.33.1: + Use new app icon. ==== spice-gtk ==== Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 - added "BuildRequires: pkgconfig(libdrm)" in order to fix build with upcoming changes in libglvnd/Mesa ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - Enable build and check with swig-3: * Only enable subversion-1.12.0-swig-4.patch for Tumbleweed * 'make check-swig-py' doesn't pass with swig-4 - Enable 'make check-swig-rb' everywhere again ==== tcpdump ==== Version update (4.9.2 -> 4.9.3) - Update to 4.9.3 * Fix buffer overflow/overread vulnerabilities: - CVE-2017-16808 (AoE) - CVE-2018-14468 (FrameRelay) - CVE-2018-14469 (IKEv1) - CVE-2018-14470 (BABEL) - CVE-2018-14466 (AFS/RX) - CVE-2018-14461 (LDP) - CVE-2018-14462 (ICMP) - CVE-2018-14465 (RSVP) - CVE-2018-14881 (BGP) - CVE-2018-14464 (LMP) - CVE-2018-14463 (VRRP) - CVE-2018-14467 (BGP) - CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) - CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) - CVE-2018-14880 (OSPF6) - CVE-2018-16451 (SMB) - CVE-2018-14882 (RPL) - CVE-2018-16227 (802.11) - CVE-2018-16229 (DCCP) - CVE-2018-16301 (was fixed in libpcap) - CVE-2018-16230 (BGP) - CVE-2018-16452 (SMB) - CVE-2018-16300 (BGP) - CVE-2018-16228 (HNCP) - CVE-2019-15166 (LMP) - CVE-2019-15167 (VRRP) * Fix for cmdline argument/local issues: - CVE-2018-14879 (tcpdump -V) - Drop patches fixed upstream: * tcpdump-CVE-2017-16808.patch * tcpdump-CVE-2019-1010220.patch * tcpdump-ikev2pI2.patch ==== tcsh ==== Subpackages: tcsh-lang - Add patch tcsh-6.18.01-history-stderror-jmp.patch to restore cleanup routines in case of an error (bsc#1151630) ==== virtualbox ==== Subpackages: virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default - added "BuildRequires: pkgconfig(xdamage)" in order to fix build with upcoming changes in libglvnd/Mesa - Rework "fixes_for_5.4.patch" to unconditionally remove set_pages_nx() and set_pages_x() as these changes are backported to Kernel:HEAD:KMP. - Update file "fixes_for_5.4.patch" to handle removal of DRIVER_PRIME and rework of struct ttm_buffer_object. - Remove BuildRequires for device-mapper as workarounds for OBS bugs are not allowed. - Added file "set_graphics_type.patch" to set graphics adapter type to VBoxVGA boo#1151896 - Add BuildRequires for device-mapper - Add file "fixes_for_5.4.patch" to handle API changes in kernel 5.4