Packages changed: apparmor augeas binutils chrony coreutils (8.30 -> 8.31) dhcp drbd drbd-utils (9.6.0 -> 9.8.0) ftgl gnu-unifont-bitmap-fonts (11.0.03 -> 12.0.01) gvfs (1.38.1 -> 1.38.2) hplip installation-images-Kubic (14.411 -> 14.415) jasper kernel-source (4.20.13 -> 5.0.1) krusader kvm_stat (4.20.4 -> 5.0.1) libXdamage (1.1.4 -> 1.1.5) libaio libreoffice (6.2.1.2 -> 6.2.2.1) libstorage-ng (4.1.96 -> 4.1.98) libvoikko (4.1.1 -> 4.2) multipath-tools (0.7.9+111+suse.b4232b7 -> 0.7.9+139+suse.ed9d450) nasm (2.13.03 -> 2.14.02) ntp (4.2.8p12 -> 4.2.8p13) obs-service-tar_scm (0.10.5.1551309990.79898c7 -> 0.10.6.1551887937.e42c270) okteta (0.25.5 -> 0.26.0) openblas_pthreads openssh os-prober ovmf (2019+git1550452308.c417c1b33d06 -> 2019+git1552059899.89910a39dcfd) perl-Encode (3.00 -> 3.01) perl-IO-Socket-SSL (2.062 -> 2.066) perl-Net-SSLeay (1.85 -> 1.86_07) plasma-browser-integration (5.15.2 -> 5.15.3) plymouth (0.9.4+git20181219.c8f1256 -> 0.9.4+git20190304.ed9f201) polkit-default-privs (13.2+20190226.f884108 -> 13.2+20190306.b56445c) postfix python-M2Crypto (0.31.0 -> 0.32.0) re2c (1.0.3 -> 1.1.1) remmina (1.3.3 -> 1.3.4) rubygem-actioncable-5.2 (5.2.2 -> 5.2.2.1) rubygem-actionmailer-5.2 (5.2.2 -> 5.2.2.1) rubygem-actionpack-5.2 (5.2.2 -> 5.2.2.1) rubygem-actionview-5.2 (5.2.2 -> 5.2.2.1) rubygem-activejob-5.2 (5.2.2 -> 5.2.2.1) rubygem-activemodel-5.2 (5.2.2 -> 5.2.2.1) rubygem-activerecord-5.2 (5.2.2 -> 5.2.2.1) rubygem-activestorage-5.2 (5.2.2 -> 5.2.2.1) rubygem-activesupport-5.2 (5.2.2 -> 5.2.2.1) rubygem-lightbox2 (2.10.0 -> 2.10.0.2) rubygem-rails-5.2 (5.2.2 -> 5.2.2.1) rubygem-railties-5.2 (5.2.2 -> 5.2.2.1) samba (4.9.4+git.126.aa8e79e6e87 -> 4.9.4+git.138.e50f45d83ad) sqlite3 (3.26.0 -> 3.27.2) strace systemd (239 -> 241) systemd-rpm-macros tlp (1.1 -> 1.2) totem-pl-parser (3.26.2 -> 3.26.3) vim (8.1.0892 -> 8.1.1005) xdg-desktop-portal-kde (5.15.2 -> 5.15.3) xen (4.12.0_02 -> 4.12.0_04) xmlto yast2 (4.1.61 -> 4.1.65) yast2-bootloader (4.1.21 -> 4.1.22) yast2-http-server (4.1.3 -> 4.1.4) yast2-installation (4.1.41 -> 4.1.43) yast2-nis-client (4.1.0 -> 4.1.1) yast2-trans (84.87.20190302.e4560c38a8 -> 84.87.20190309.125b762b7d) yast2-users (4.1.10 -> 4.1.11) ypserv (4.0 -> 4.1) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877) ==== augeas ==== Subpackages: augeas-lenses libaugeas0 - Add gcc9-disable-broken-test.patch in order to address bsc#1120894. ==== binutils ==== Subpackages: binutils-devel - Add binutils.keyring and verify signature. ==== chrony ==== - Update testsuite to version 58c5e8b ==== coreutils ==== Version update (8.30 -> 8.31) Subpackages: coreutils-lang - Update to 8.31: * Noteworthy changes in release 8.31 (2019-03-10) [stable] * * Bug fixes 'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'. [bug introduced in coreutils-5.3.0] When B already exists, 'cp -il A B' no longer immediately fails after asking the user whether to proceed. [This bug was present in "the beginning".] df no longer corrupts displayed multibyte characters on macOS. [bug introduced with coreutils-8.18] seq no longer outputs inconsistent decimal point characters for the last number, when locales are misconfigured. [bug introduced in coreutils-7.0] shred, sort, and split no longer falsely report ftruncate errors when outputting to less-common file types. For example, the shell command 'sort /dev/null -o /dev/stdout | cat' no longer fails with an "error truncating" diagnostic. [bug was introduced with coreutils-8.18 for sort and split, and (for shared memory objects only) with fileutils-4.1 for shred] sync no longer fails for write-only file arguments. [bug introduced with argument support to sync in coreutils-8.24] 'tail -f file | filter' no longer exits immediately on AIX. [bug introduced in coreutils-8.28] 'tail -f file | filter' no longer goes into an infinite loop if filter exits and SIGPIPE is ignored. [bug introduced in coreutils-8.28] * * Changes in behavior cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink, uptime, users, whoami, yes: now always process --help and --version options, regardless of any other arguments present before any optional '--' end-of-options marker. nohup now processes --help and --version as first options even if other parameters follow. 'yes a -- b' now outputs 'a b' instead of including the end-of-options marker as before: 'a -- b'. echo now always processes backslash escapes when the POSIXLY_CORRECT environment variable is set. When possible 'ln A B' now merely links A to B and reports an error if this fails, instead of statting A and B before linking. This uses fewer system calls and avoids some races. The old statting approach is still used in situations where hard links to directories are allowed (e.g., NetBSD when superuser). ls --group-directories-first will also group symlinks to directories. 'test -a FILE' is not supported anymore. Long ago, there were concerns about the high probability of humans confusing the -a primary with the -a binary operator, so POSIX changed this to 'test -e FILE'. Scripts using it were already broken and non-portable; the -a unary operator was never documented. wc now treats non breaking space characters as word delimiters unless the POSIXLY_CORRECT environment variable is set. * * New features id now supports specifying multiple users. 'date' now supports the '+' conversion specification flag, introduced in POSIX.1-2017. printf, seq, sleep, tail, and timeout now accept floating point numbers in either the current or the C locale. For example, if the current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1' now mean the same thing. Previously, these commands accepted only C-locale syntax with '.' as the decimal point. The new behavior is more compatible with other implementations in non-C locales. test now supports the '-N FILE' unary operator (like e.g. bash) to check whether FILE exists and has been modified since it was last read. env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and '--block-signal[=SIG], to setup signal handling before executing a program. env now supports '--list-signal-handling' to indicate non-default signal handling before executing a program. * * New commands basenc is added to complement existing base64,base32 commands, and encodes and decodes printable text using various common encodings: base64,base64url,base32,base32hex,base16,base2,z85. * * Improvements ls -l now better aligns abbreviated months containing digits, which is common in Asian locales. stat and tail now know about the "sdcardfs" file system on Android. stat -f -c%T now reports the file system type, and tail -f uses inotify. stat now prints file creation time when supported by the file system, on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11. - Refresh patches (line number changes only): * coreutils-disable_tests.patch * coreutils-i18n.patch * coreutils-misc.patch * coreutils-remove_hostname_documentation.patch * coreutils-remove_kill_documentation.patch * coreutils-skip-gnulib-test-tls.patch * coreutils-tests-shorten-extreme-factor-tests.patch - coreutils.spec: * Version: bump version. * URL: Use https scheme. * %description: Add 'basenc' tool. * Change gitweb to cgit URL with https in a comment. - coreutils.keyring: * Update for added section headers ('GPG keys of '). ==== dhcp ==== Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server - Drop use of $FIRST_ARG in .spec The use of $FIRST_ARG was probably required because of the %service_* rpm macros were playing tricks with the shell positional parameters. This is bad practice and error prones so let's assume that no macros should do that anymore and hence it's safe to assume that positional parameters remains unchanged after any rpm macro call. ==== drbd ==== - bsc#1118732, split brain handles malfunction when 2 primaries. - Add patch rely-on-sb-handlers.patch ==== drbd-utils ==== Version update (9.6.0 -> 9.8.0) - Update to 9.8.0 * i18n: use propper po files * v9,stacked: allow node-id in stacked section but one should not use stacked with v9 anyways * dry run: remove trailing white space This eases test integration. Mentioned here because strictly speaking output changed. * regression tests: if at ./configure time "clitest" is detected, one can run tests via "make test". Target is a noop otherwise. * drbdsetup,v9: fix wait-for (same patch as in 9.7.1) * doc,v9: require-drbd-module-version-*, events2 --now --poll * drbdadm,v9: allow stacked-on-top-of sections without address * drbdadm,v9: bring up only the correct paths in multi-site scenaios. * drbdadm,v9: fix parser segfault if node-id is missing. * tests: require that they pass on release. * drbdsetup,v9: fix key collision in show --json. - bsc#1121794, use drbd9 man pages. - Update to 9.7.0 * drbdadm,v9,v84: fix resync-after * drbd.ocf: connect_only_after_promote, require kernel version * drbdmon: display resync progress * parser,v9: require-drbd-module-version * windrbd: add WinDRBD support ==== ftgl ==== - Add conditional for html docs, SLE_12 has no epstopdf ==== gnu-unifont-bitmap-fonts ==== Version update (11.0.03 -> 12.0.01) - unifont 12.0.01: * Support for Unicode 12.0.0 * Upper font has now reached 11,000 Unicode Plane 1 glyphs * Add new Unicode script ranges from Unicode 12.0.0 ==== gvfs ==== Version update (1.38.1 -> 1.38.2) Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - Update to version 1.38.2: + mtp: Don't retry reading an event after failure. + admin: Prevent access if any authentication agent isn't available (CVE-2019-3827). + udisks2: Restore support of comment=x-gvfs-* option. + common: Prevent crashes on invalid autorun file. + Several smaller bugfixes. + Updated translations. - Drop gvfs-CVE-2019-3827.patch: Fixed upstream. ==== hplip ==== Subpackages: hplip-hpijs hplip-sane - don't mark /usr/lib/udev/rules.d/56-hpmud.rules as config file, fixes rpmlint warning (override it by copying it to /etc/udev/rules.d). - Fix hp-toolbox exiting after 10s under GNOME (bsc#1112331) * removed ui5-systemtray.py-make-children-exit-if-no-systray-f.patch Patch "ui5-systemtray-wait-only-10s-for-system-tray.patch" is sufficient to fix the logout problem (bsc#1112331, lp#1721534) ==== installation-images-Kubic ==== Version update (14.411 -> 14.415) - merge gh#openSUSE/installation-images#300 - adjust EFI boot setup to also include RPi firmware files (jsc:SLE-4394) - 14.415 - add raspberry pi firmware files - merge gh#openSUSE/installation-images#299 - bash is really in /usr/bin, do not rely in symlink in /bin - 14.414 - do not build for s390 (32 bit) - merge gh#openSUSE/installation-images#298 - bash has been moved to /usr/bin - systemd branding for Kubic is now MicroOS - 14.413 - Kubic: replace CAASP systemd branding with MicroOS - merge gh#openSUSE/installation-images#297 - Add nvme-cli package (bsc#1127815) - 14.412 ==== jasper ==== - bsc#1117511 CVE-2018-19539: * Add jasper-CVE-2018-19539.patch ==== kernel-source ==== Version update (4.20.13 -> 5.0.1) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms kernel-vanilla - Linux 5.0.1 (bnc#1012628). - exec: Fix mem leak in kernel_read_file (bnc#1012628). - Bluetooth: Fix locking in bt_accept_enqueue() for BH context (bnc#1012628). - Bluetooth: btrtl: Restore old logic to assume firmware is already loaded (bnc#1012628). - selftests: firmware: fix verify_reqs() return value (bnc#1012628). - Revert "selftests: firmware: remove use of non-standard diff - Z option" (bnc#1012628). - Revert "selftests: firmware: add CONFIG_FW_LOADER_USER_HELPER_FALLBACK to config" (bnc#1012628). - USB: serial: cp210x: fix GPIO in autosuspend (bnc#1012628). - gnss: sirf: fix premature wakeup interrupt enable (bnc#1012628). - xtensa: fix get_wchan (bnc#1012628). - aio: Fix locking in aio_poll() (bnc#1012628). - MIPS: irq: Allocate accurate order pages for irq stack (bnc#1012628). - alpha: wire up io_pgetevents system call (bnc#1012628). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012628). - usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI (bnc#1012628). - xhci: tegra: Prevent error pointer dereference (bnc#1012628). - tracing: Fix event filters and triggers to handle negative numbers (bnc#1012628). - x86/boot/compressed/64: Do not read legacy ROM on EFI system (bnc#1012628). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012628). - tipc: fix RDM/DGRAM connect() regression (bnc#1012628). - team: Free BPF filter when unregistering netdev (bnc#1012628). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012628). - sctp: call iov_iter_revert() after sending ABORT (bnc#1012628). - qmi_wwan: Add support for Quectel EG12/EM12 (bnc#1012628). - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012628). - net: sched: put back q.qlen into a single location (bnc#1012628). - net: mscc: Enable all ports in QSGMII (bnc#1012628). - net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family (bnc#1012628). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (bnc#1012628). - net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework (bnc#1012628). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012628). - staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held (bnc#1012628). - staging: android: ashmem: Don't call fallocate() with ashmem_mutex held (bnc#1012628). - staging: android: ion: fix sys heap pool's gfp_flags (bnc#1012628). - staging: wilc1000: fix to set correct value for 'vif_num' (bnc#1012628). - staging: comedi: ni_660x: fix missing break in switch statement (bnc#1012628). - staging: erofs: fix illegal address access under memory pressure (bnc#1012628). - staging: erofs: fix race of initializing xattrs of a inode at the same time (bnc#1012628). - staging: erofs: fix memleak of inode's shared xattr array (bnc#1012628). - staging: erofs: fix fast symlink w/o xattr when fs xattr is on (bnc#1012628). - driver core: Postpone DMA tear-down until after devres release (bnc#1012628). - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bnc#1012628). - USB: serial: cp210x: add ID for Ingenico 3070 (bnc#1012628). - USB: serial: option: add Telit ME910 ECM composition (bnc#1012628). - binder: create node flag to request sender's security context (bnc#1012628). - staging: erofs: fix mis-acted TAIL merging behavior (bnc#1012628). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012628). - commit 47a2a02 - KMPs: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - commit 5568093 - Revert "Drop multiversion(kernel) from the KMP template (fate#323189)" (bsc#1109137). This reverts commit 71504d805c1340f68715ad41958e5ef35da2c351. - commit adade9f - config: disable BPFILTER_UMH on non-x86 architectures (bsc#1127188) CONFIG_BPFILTER_UMH depends on ability to compile and link a userspace binary so that it currently doesn't work in our kbuild check setups using a cross compiler. Disable the option on architectures where cross compiler is used (i.e. all except x86_64 and i386). - commit cfb8371 - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - commit 821419f - Update to 5.0 final - Refresh configs - commit 8f71df2 ==== krusader ==== Subpackages: kio_iso - Add Prefer-to-find-oktetapart-by-desktop-file.patch to make it compatible with the upcoming okteta 0.26 release ==== kvm_stat ==== Version update (4.20.4 -> 5.0.1) - Add python3 tweak to be compatible with v5.0 kernel source (bsc#1116822) + 0050-tools-kvm_stat-switch-python-reference-again.patch ==== libXdamage ==== Version update (1.1.4 -> 1.1.5) Subpackages: libXdamage1 libXdamage1-32bit - Update to version 1.1.5: * autogen: add default patch prefix * autogen.sh: Implement GNOME Build API * autogen.sh: use quoted string variables * autogen.sh: use exec instead of waiting for configure to finish * Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS * configure: Remove AM_MAINTAINER_MODE * Use Xfree rather than XFree for consistency * Update README for gitlab migration ==== libaio ==== Subpackages: libaio-devel libaio1 - riscv-support.patch: Add support for RISC-V ==== libreoffice ==== Version update (6.2.1.2 -> 6.2.2.1) Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 6.2.2.1 bsc#1128845: * bundle of 6.2 series fixes - Remove merged patches: * 0001-Speed-up-languagepack-installation.patch * kde5-32bit-build-fix.patch ==== libstorage-ng ==== Version update (4.1.96 -> 4.1.98) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#628 - handle topology for Partition and Luks - added unit test for bsc#1121129 - improved calculation of usable size for LVM PVs (bsc#1121129) - 4.1.98 - merge gh#openSUSE/libstorage-ng#625 - moved topology from PartitionableImpl to BlkDeviceImpl - added get_sysfs_file to BlkDeviceImpl - use new get_sysfs_file - added save_to_string to XmlFile (for debugging) - read pe_start from pvs command - coding style - enable logging - added pe_start to LvmPvImpl - added get_usable_size() to LvmPv - added unit test for LvmPv::get_usable_size() - updated hyper link - added documentation - preparations for bsc#1121129 - 4.1.97 ==== libvoikko ==== Version update (4.1.1 -> 4.2) - Update to version 4.2 * Support for Malaga dictionary format removed * hfst-ospell dependency updated * Java, Python, Javascript wrapper improvements - Drop libvoikko-hfst-namespace.patch ==== multipath-tools ==== Version update (0.7.9+111+suse.b4232b7 -> 0.7.9+139+suse.ed9d450) Subpackages: kpartx - Update to version 0.7.9+139+suse.ed9d450: * multipath-tools: Build: properly parse systemd's version - Add kmod(xyz) style dependencies for SLE15-SP1 (jsc#SLE-3853, fate#326579, bsc#1119414) - Update to version 0.7.9+138+suse.0edd0a2: - Include reviewed fixes from upstream * libmutipath: continue to use old state on PATH_PENDING * libmultipath: disable user_friendly_names for NetApp * multipath: blacklist zram devices * various fixes for martinal path code - Bug fixes: * multipathd: Fix miscounting active paths (bsc#1125043) * multipathd: avoid null pointer dereference in LOG_MSG (bsc#1127873) * minor fixes suggested by coverity (bsc#1127879) ==== nasm ==== Version update (2.13.03 -> 2.14.02) - Update to version 2.14.02: * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. - Drop no longer needed 9f45a77f4.patch - Enable LTO - Cleanup spec file ==== ntp ==== Version update (4.2.8p12 -> 4.2.8p13) Subpackages: ntp-doc - Update ro 4.2.8p13 * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in authenticated mode 6 packet. * Fix several bugs in the BANCOMM reclock driver. * Fix ntp_loopfilter.c snprintf compilation warnings. * Fix spurious initgroups() error message. * Fix STA_NANO struct timex units. * Fix GPS week rollover in libparse. * Fix incorrect poll interval in packet. * Add a missing check for ENABLE_CMAC. - Drop use of $FIRST_ARG in ntp.spec The use of $FIRST_ARG was probably required because of the %service_* rpm macros were playing tricks on the shell positional parameters. This is bad practice and error prones so let's assume that no macros should do that anymore and hence it's safe to assume that positional parameters remains unchanged after any rpm macro call. ==== obs-service-tar_scm ==== Version update (0.10.5.1551309990.79898c7 -> 0.10.6.1551887937.e42c270) Subpackages: obs-service-obs_scm obs-service-obs_scm-common - Update to version 0.10.6.1551887937.e42c270: * Require packages to get the en_US.UTF-8 locales - Update to version 0.10.6.1551448746.2759df2: * enforce bytes for cpio file list * fixes boo#1127907 ==== okteta ==== Version update (0.25.5 -> 0.26.0) Subpackages: okteta-lang - Update to 0.26.0 * New: context menu available in byte array views, in the program, in the KParts plugin and and in the hex editing widgets from LibOktetaGui * New: qmake pri files and pkg-config pc files installed for the OktetaCore & OktetaGui libraries (_not_ for any Kasten ones) * Changed: ABI-breaking and software-incompatible clean-up of API and installed headers of the Okteta & Kasten libraries * Fixed: the metadata desktop file for the KParts plugin oktetapart is installed again, so it can be found and selected as viewer via its metadata - Split out the libs and KParts plugin to separate packages as upstream recommends, move designer plugin to the devel package ==== openblas_pthreads ==== - Reduce _constraints to a reasonable size, the old constraints were probably necessary pre multibuild. - Enable DYNAMIC_ARCH for aarch64, available since 0.3.4 ==== openssh ==== Subpackages: openssh-helpers - Minor clean-up of the fips patches, modified openssh-7.7p1-fips.patch openssh-7.7p1-fips_checks.patch - Fix two race conditions in sshd relating to SIGHUP (bsc#1119183) * 0001-upstream-Fix-two-race-conditions-in-sshd-relating-to.patch ==== os-prober ==== - Update URL to current development project in Debian Salsa server. - Update the Source0 to use local compressed archive since the remote URL is not reliable to access, causing trouble to the factory-auto checker reporting error as not valid one. * os-prober.spec - os-prober isn't compatible with transactional update (boo#1125729) * os-prober-use-tmp-over-var-lib-for-transient-files.patch ==== ovmf ==== Version update (2019+git1550452308.c417c1b33d06 -> 2019+git1552059899.89910a39dcfd) Subpackages: qemu-ovmf-x86_64 - Update to 2019+git1552059899.89910a39dcfd (edk2-stable201903) + MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed (bsc#1128503, CVE-2018-12181) + MdeModulePkg/HiiDatabase: Fix potential integer overflow (bsc#1128503, CVE-2018-12181) + UefiCpuPkg/Microcode.c: Add verification before calculate CheckSum32 + UefiCpuPkg/Microcode: Fix InComplete CheckSum32 issue + UefiCpuPkg: restore strict page attributes via #DB in nonstop mode only + IntelFrameworkModulePkg/FwVolDxe: Ensure FfsFileHeader 8 bytes aligned (bsc#1127822, CVE-2018-3630) + MdeModulePkg/DxeCore: Ensure FfsFileHeader 8 bytes aligned (bsc#1127822, CVE-2018-3630) + MdeModulePkg/PeiCore: Ensure FfsFileHeader 8 bytes aligned (bsc#1127822, CVE-2018-3630) + NetworkPkg: Add WiFi Connection Manager to NetworkPkg + UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM + MdePkg/BaseLib: Add Shadow Stack Support for X86 + NetworkPkg/DnsDxe: Check the received packet size before parsing the message (bsc#1127821, CVE-2018-12178) + MdeModulePkg/RamDiskDxe: Restrict on RAM disk size (bsc#1127820, CVE-2018-12180) + MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR (bsc#1127820, CVE-2018-12180) + ArmVirtPkg/PlatformBootManagerLib: display boot option loading/starting + ArmVirtPkg/ArmVirtQemu*: enable minimal Status Code Routing in DXE + OvmfPkg/PlatformBootManagerLib: display boot option loading/starting + OvmfPkg: add library to track boot option loading/starting on the console + MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage status code rep + MdeModulePkg/AhciPei: Add AHCI mode ATA device support in PEI + MdeModulePkg: Add definitions for EDKII PEI ATA PassThru PPI + MdeModulePkg: Add definitions for ATA AHCI host controller PPI + MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path + UefiCpuPkg/Microcode: Fix incorrect checksum issue for extended table + SecurityPkg/TcgConfigDxe: Allow enabling TPM 1.2 device from disabled state + UefiCpuPkg/SecCore: Wrong Debug Information for SecCore + Various bug fixes in BaseTools + DynamicTablesPkg: Dynamic Tables Framework + MdeModulePkg: Remove EmuVariableRuntimeDxe + UefiCpuPkg/MtrrLib: Fix a bug that may wrongly set memory <1MB to UC + MdeModulePkg/BmBoot: Report status when fail to load/start boot option + MdeModulePkg/ReportStatusCodeLib: Avoid using AllocatePool if possible + NetworkPkg/Ip6Dxe: Clean the invalid IPv6 configuration during driver start ==== perl-Encode ==== Version update (3.00 -> 3.01) - updated to 3.01 see /usr/share/doc/packages/perl-Encode/Changes ==== perl-IO-Socket-SSL ==== Version update (2.062 -> 2.066) - updated to 2.066 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.066 - fix test t/verify_partial_chain.t by using the newly exposed function can_partial_chain instead of guessing (wrongly) if the functionality is available - updated to 2.065 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.065 - make sure that Net::SSLeay::CTX_get0_param is defined before using X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with LibreSSL 2.7.4 but not the first https://rt.cpan.org/Ticket/Display.html?id=128716 - prefer AES for server side cipher default since it is usually hardware-accelerated - updated to 2.064 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.064 - make algorithm for fingerprint optional, i.e. detect based on length of fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773 - fix t/sessions.t and improve stability of t/verify_hostname.t on windows - use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set - update fingerprints for live tests 2.063 - support for both RSA and ECDSA certificate on same domain - update PublicSuffix - Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but then linked against another API-incompatible version (ie. more than just the patchlevel differs). ==== perl-Net-SSLeay ==== Version update (1.85 -> 1.86_07) - Update to 1.86_07 1.86_07 2018-12-13 - Net::SSLeay::RSA_generate_key() now prefers using RSA_generate_key_ex. This avois deprecated RSA_generate_key and allows removing the only Android specific code in SSLeay.xs. Fixes RT#127593. Thanks to Rouven Weiler. - SSL_CTX_get0_param, SSL_CTX_get0_param, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip and X509_VERIFY_PARAM_set1_ip_asc added in 1.83 for OpenSSL 1.0.2 and later are now available with LibreSSL 2.7.0 and later. - get_keyblock_size() now gets the MAC secret size from the cipher on LibreSSL 2.7.0 and later, rather than reaching into libssl internals. This effectively takes the OpenSSL 1.1 code path for LibreSSL 2.7.0 instead of the OpenSSL 1.0 code path. Thanks to Alexander Bluhm. - get_client_random and get_server_random now use API functions supported by LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm. - Add X509_check_host(), X509_check_email(), X509_check_ip(), and X509_check_ip_asc() for LibreSSL 2.5.0 and later. Thanks to Alexander Bluhm. - OpenSSL_version() and OpenSSL_version_num() are available with LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm. - Use OPENSSL_cleanse() instead of memset(). Fixes RT#116599. Thanks to A. Sinan Unur. 1.86_06 2018-09-29 - Net::SSLeay::read() and SSL_peek() now check SSL_get_error() for SSL_ERROR_ZERO_RETURN for return values <= 0 to make Net::SSLeay::read() behave more like underlying OpenSSL function SSL_read(). Convenience function ssl_read_all() now does an automatic retry when ERROR_WANT_READ or ERROR_WANT_WRITE is returned with Net::SSLeay::read(). Convenience function ssl_read_until() now uses Net::SSLeay::ssl_read_all() instead of Net::SSLeay::read(). Tests 07_sslecho.t and 36_verify.t were also updated to use ssl_read_all() and ssl_write_all(). The tests now also disable TLSv1.3 session tickets and ignore SIGPIPE to avoid this signal when the client has finished before server has sent session tickets and called Net::SSLeay::accept(). Thanks to Petr Pisar and Sebastian Andrzej Siewior for the patches (in #RT125218). - Fix a memory leak in cb_data_advanced_put. Fixes RT#127131. Noticed, investigated and patched by Paul Evans. Thanks! - Enable OpenSSL 1.1.1-pre9 with Travis CI. - Add SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets, SSL_set_num_ticket and SSL_get_num_tickets for controlling the number of TLSv1.3 session tickets that are issued. Add tests in 44_sess.t. Parts taken from a larger patch by Petr Pisar of RedHat. - Add SSL_CTX_set_ciphersuites and SSL_set_ciphersuites for configuring the available TLSv1.3 ciphersuites. Add tests in 43_misc_functions.t and clarify SSL_client_version tests. - Add SSL_CTX_set_security_level, SSL_CTX_get_security_level, SSL_set_security_level and SSL_get_security_level. Add new test file 65_security_level.t. All courtesy of Damyan Ivanov of Debian project. - Fix export_keying_material return value check and context handling. SSL_export_keying_material use_context is now correctly set to non-zero value when context is an empty string. This affects values exported with TLSv1.2 and earlier. Update documentation in NetSSLeay.pod and add tests in t/local/45_export.t. - Add RAND_priv_bytes. Add new test file t/local/10_rand.t for RAND_bytes, RAND_pseudo_bytes, RAND_priv_bytes, RAND_status, RAND_poll, RAND_file_name and RAND_load_file. - Update documentation for RAND_*bytes return values and RAND_file_name behaviour with LibreSSL. - Add SSL_SESSION_is_resumable. Add and update tests in 44_sess.t. - Set OpenSSL security level to 1 in tests that use the test suite's (1024-bit) RSA keys, which allows the test suite to pass when Net-SSLeay is built against an OpenSSL with a higher default security level. Fixes RT#126987. Thanks to Petr Pisar (in RT#126270) and Damyan Ivanov (in RT#126987) for the reports and patches, and to Damyan Ivanov for the preferred patch. - Add SSL_CTX_sess_set_new_cb and SSL_CTX_sess_set_remove_cb. Add new test file 44_sess.t for these and future session related tests for which no specific test file is needed. - Add SSL_get_version, SSL_client_version and SSL_is_dtls. - Add SSL_peek_ex, SSL_read_ex, SSL_write_ex and SSL_has_pending. Add tests in t/local/11_read.t - Add SSL_CTX_set_post_handshake_auth contributed by Paul Howarth. Add SSL_set_post_handshake_auth, SSL_verify_client_post_handshake and constant SSL_VERIFY_POST_HANDSHAKE. - Applied a patch to set_cert_and_key() from Damyan Ivanov, Debian Perl Group. This function now returns errors from library's error stack only when an underlying routine fails. Unrelated errors are now skipped. Fixes RT#126988. - Add support for TLSv1.3 via $Net::SSLeay::ssl_version. - Enhance t/local/43_misc_functions.t get_keyblock_size test to work better with AEAD ciphers. - Add constants SSL_OP_ENABLE_MIDDLEBOX_COMPAT and SSL_OP_NO_ANTI_REPLAY for TLSv1.3 - Fix compile time DEFINE=-DSHOW_XS_DEBUG to work with non-threaded Perls. Fixes RT#127027. Thanks to SREZIC for the report. Also fix other minor compile warnings. 1.86_05 2018-08-22 - Net-SSLeay now requires at least Perl 5.8.1. This is a formalisation of what has been the de facto case for some time, as the distribution hasn't compiled and passed its tests on Perl 5.005 for several years. - Increment Net::SSLeay::Handle's version number to keep it in sync with Net::SSLeay's, thus satisfying Kwalitee's consistent_version metric. - Re-enable the d2i_X509_bio() test in t/local/33_x509_create_cert.t for LibreSSL. Thanks to Alexander Bluhm. - Automatically detect new library names on Windows for OpenSSL 1.1.0 onwards (libcrypto, libssl). Fixes part of RT#121084. Thanks to Jean-Damien Durand. - Fix a typo preventing OpenSSL libraries built with the VC compiler (i.e. ones with a ".lib" suffix) from being automatically detected on Windows. Fixes part of RT#121084. Thanks to Jean-Damien Durand. - Add missing call to va_end() following va_start() in TRACE(). Fixes RT#126028. Thanks to Jitka Plesnikova. - Added SSL_in_init() and the related functions for all libraries and their versions. All return 0 or 1 as documented by OpenSSL 1.1.1. Use of these functions is recommended over using constants returned by get_state() and state(). New constants TLS_ST_*, used by OpenSSL 1.1.0 and later, will not be made available by Net::SSLeay. 1.86_04 2018-07-30 - Re-add SSLv3_method() for OpenSSL 1.0.2 and above. Fixes RT#101484. - Don't expose ENGINE-related functions when building against OpenSSL builds without ENGINE support. Fixes RT#121538. Thanks to Paul Green. - Automatically detect OpenSSL 1.0.x on VMS, and update VMS installation instructions to reflect removal of Module::Install from the build system. Fixes RT#124388. Thanks to Craig A. Berry. - Prevent memory leak in OCSP_cert2ids() and OCSP_response_verify(). Fixes RT#125273. Thanks to Steffen Ullrich. 1.86_03 2018-07-19 - Convert packaging to ExtUtils::MakeMaker. Thanks to mohawk2. - Module::Install is no longer a prerequisite when building from the reposistory. - Re-apply patch from ETJ permitting configure and build in places with a space in the name. 1.86_02 2018-07-06 - Removed inc/ from repository. Module::Install is now a prerequisite when building from the repository. This allowed also removing "." from Makefile.PL lib path which was added in version 1.81. These updates require no changes when building from release packages. They also help AppVeyor builds to work better with old Perls. - Added CONTRIBUTING.md, reformatted the previous Changes entry to use CPAN::Changes::Spec guidelines and removed unused version control tags from comments. 1.86_01 2018-07-04 [Version control system change] - Chris Novakovic did a full conversion from the old Debian hosted SVN repository to git. - Fixes to commit metadata, branches and tags that git-svn couldn't handle or had no way of handling, were done manually or semi-automatically afterwards. For instance, the "git-svn-id:" lines that git-svn appends to commit messages were kept because Mike used SVN revision numbers in RT replies to indicate when bugs had been fixed/patches applied (which may be useful for future reference). - All commits were replayed onto a single master branch rather than having separate dead-end branches for the old SVN version tags (as this seems more "git-like"). - New lightweight tags were created for each public release going back as far as the start of the SVN repository using data from MetaCPAN (cross-referencing with the changelog when it wasn't clear when a release was cut from the SVN repo). - Florian's and Mike's email addresses were mapped to git author/committer IDs [Continuous integration] - Travis CI configuration was added for automated testing on Linux using 64 bit Ubuntu Trusty. Build matrix dimensions are: Perl 5.8 - 5.26 x OpenSSL 0.9.8zh - 1.1.0h. Only the currently latest version for each major Perl and OpenSSL release is chosen. - AppVeyor configuration was added for automated testing on Windows. Build matrix dimensions are: Perl 5.8 - 5.26 x 32bit and 64bit Perl environment x Windows Server 2012R2 and Windows Server 2016. The Perl environment is Strawberry Perl and its OpenSSL is used with builds. Only the latest major versions are used, similarly to Travis CI. Net-SSLeay PPM and PPD files are made available as artifacts. - Added README.md with link to master branch build and test status. Did minor updates to README and other misc files. [Release packaging] - Files t/local/43_misc_functions.t and t/local/65_ticket_sharing_2.t were missing from MANIFEST. - Updated inc/ directory with Module::Install 1.19. Updated Makefile.PL author and resource information. Synced SSLeay.pm under ext/ with the latest changes under inc/. Reordered use imports so that META.yml gets correctly regenerated. More Module::Install related changes will follow. [Repository amd maintainer change] - Net::SSLeay functionality was not changed in this release. Work was done to switch version contorol systems, add automated testing, update module packaging and change the primary maintainer. This coincided with the decommission of previous code repository service on alioth.debian.org. - The module is now primarily maintained by Tuure Vartiainen and Heikki Vatiainen of Radiator Software. The new repository location is https://github.com/radiator-software/p5-net-ssleay - Dropped patches merged upstream: * Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch * Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch * Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch * Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch ==== plasma-browser-integration ==== Version update (5.15.2 -> 5.15.3) Subpackages: plasma-browser-integration-lang - Update to 5.15.3 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.15.3.php - No code changes since 5.15.2 ==== plymouth ==== Version update (0.9.4+git20181219.c8f1256 -> 0.9.4+git20190304.ed9f201) Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-script plymouth-plugin-two-step plymouth-scripts - Update to version 0.9.4+git20181219.c8f1256: * ply-pixel-buffer: Fix right and bottom edge rendering of scaled buffers. * Add support for translating the user visible strings in some themes * Prefix Title and Subtitle theme config keywords with an underscore * Add new reboot and system-upgrade modes * main: Remove private ply_mode_t * two-step: Make ProgressBarShowPercentComplete a per mode setting * plymouthd.defaults: Change default ShowDelay to 0 * ply-boot-splash: Do not add ply_boot_splash_update_progress timeout multiple times * logging: Minor log-message fixes. Improve logging format. * themes: Update spinner and bgrt theme offline updates mode * two-step: Add a per mode setting to suppress messages. Add progress-bar support. Add MessageBelowAnimation option. Add per mode settings. Drop background_is_bgrt view_t member * ply-progress-bar: Allow caller to specify the widgets width and height. Allow choosing fore- and back-ground color. Redraw on percentage update. * boot-server: fix type confusion when allocating connection object * ply-device-manager: Handle change events for monitor hotplugging. Consume all events in one go. * drm: Stop limiting preferred-mode picking to UEFI systems. Reset mode on display-port connected outputs with a bad link-status. Implement handle_change_event. Ensure heads are mapped before flushing them. Allow calling create_heads_for_active_connectors multiple times. Allow calling ply_renderer_head_add_connector with existing connector_id. Limit backend->resources lifetime to within query_device. Store and keep all the outputs in the backend. Add get_output_info helper function Stop storing a pointer to drmModeConnector in ply_output_t Stop keeing a drmModeConnector instance around. Refactor ply_renderer_head_add_connector and ply_renderer_head_new - Rebase 0002-Install-label-ft-plugin-into-initrd-if-available.patch ==== polkit-default-privs ==== Version update (13.2+20190226.f884108 -> 13.2+20190306.b56445c) - Update to version 13.2+20190306.b56445c: * whitelisting: systemd org.freedesktop.hostname1.get-product-uuid ==== postfix ==== Subpackages: postfix-doc - postfix-linux45.patch: support also newer kernels -- pretend we are still at kernel 3. Note that there are no conditionals for LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the code which caused build failures. ==== python-M2Crypto ==== Version update (0.31.0 -> 0.32.0) Subpackages: python2-M2Crypto python3-M2Crypto - Fix for compatibility with OpenSSL 1.1.0h by adding the patch 0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch - Update to 0.32.0: * 471582f - setup.py: use ${CPP} as path to cpp * efb1580 - Bump pipeline OpenSSL from 1.1.0i to 1.1.0j * 35bb71b - Stub wchar_t helpers and ignore unused WCHAR defs * effc7be - Add type comment to setup.py ==== re2c ==== Version update (1.0.3 -> 1.1.1) - Update re2c to 1.1.1 * Fixed bug #211 re2c '-V' throws 'std::out_of_range' (version to vernum conversion). * Replaced Kuklewicz POSIX disambiguation algorithm with Okui algorithm. * Optimized GOR1 algorithm (computation of tagged epsilon-closure). * Added option "--conditions" (an alias for "-c" and "--start-conditions"). * Fixed bug #201 Bugs with option: 're2c:flags:no-debug-info'. * Reworked first part of TDFA paper. ==== remmina ==== Version update (1.3.3 -> 1.3.4) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp - Update to new upstream release 1.3.4 * Updated to use core18 and gnome-3-28-1804 !1797 * Snap: Build snap in CI and publish to the edge channel for builds against master !1810 * Resolve "SSH public key cannot be imported: Access denied for 'none'. Authentication that can continie: publickey" !1811 * snap: Ensure the icon is installed !1812 ==== rubygem-actioncable-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-actionmailer-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-actionpack-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-actionview-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-activejob-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-activemodel-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-activerecord-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-activestorage-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-activesupport-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== rubygem-lightbox2 ==== Version update (2.10.0 -> 2.10.0.2) - Update to version 2.10.0.2 * Fix: Wrong version of jquery-rails was required within the gemspec file * Fix(introduced in 2.10.0.1): Fixes an issue when lightbox2 is being used in combination with turbolinks ==== rubygem-rails-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 ==== rubygem-railties-5.2 ==== Version update (5.2.2 -> 5.2.2.1) - update to version 5.2.2.1: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 - rb_build_ruby_abi needs to be rb_build_ruby_abis - limit to ruby 2.5 and above for 42.3/sle12 ==== samba ==== Version update (4.9.4+git.126.aa8e79e6e87 -> 4.9.4+git.138.e50f45d83ad) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-libs-python samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). - Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377); - LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758); - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); ==== sqlite3 ==== Version update (3.26.0 -> 3.27.2) Subpackages: libsqlite3-0 libsqlite3-0-32bit - SQLite 3.27.2: * Add the VACUUM INTO command * Issue an SQLITE_WARNING message on the error log if a double-quoted string literal is used * Add the remove_diacritics=2 option to FTS3 and FTS5. * Add the SQLITE_PREPARE_NO_VTAB option to sqlite3_prepare_v3(). Use that option to prevent circular references to shadow tables from causing resource leaks. * Enhancements to the sqlite3_deserialize() interface * Enhancements to the CLI, mostly to support testing and debugging of the SQLite library itself * Increased robustness against malicious SQL that is run against a maliciously corrupted database - drop sqlite3-btree02-100.patch ==== strace ==== - disable test failing with kernel 5.0 ==== systemd ==== Version update (239 -> 241) Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-logger systemd-sysvinit udev - Stop installing macros.systemd There're no points in installing this file if we remove it right after. - Make sure systemd-network.rules take precedence over our polkit-default-privs (bsc#1125438) - Include the SUSE version along with the major version of systemd $ systemctl --version systemd 241 (+suse.42.g15a1b4d58) Note that the SUSE version format maybe subject to change and as such scripts should not try to parse it. - systemd-mini: explicitly disable some of the systemd components For some reasons, some build requirements get pulled in for the mini variant now, enabling some parts of the code that were expected to be turned OFF. - Upgrade to v241 (commit 15a1b4d58f1d2bc9c21c7cbab6fe63b58e48bda1) ==== systemd-rpm-macros ==== - $1 can never be empty or it's an rpm bug - Get rid of $FIRST_ARG $FIRST_ARG was probably introduced because the %service_* macros were playing tricks on the shell positional parameters. This is bad practice and error prone so let's assume that no macros should do that anymore and hence it's safe to assume that positional parameters remains unchanged after any rpm macro call. All users of $FIRST_ARG should have been fixed by now and in most cases the use of the variable was unneeded (since the macros don't change the shell parameters) and thus confusing. 'net-snmp' has a different use of FIRST_ARG though as it tried to fake an update during a package installation. Fortunately this could have been fixed too. ==== tlp ==== Version update (1.1 -> 1.2) Subpackages: tlp-rdw - Update to version 1.2: * Disc drives: - Support for NVMe devices. - Support for removable drives e.g. USB / IEE1394 devices. - Improve support for multi queue I/O schedulers (blk-mq). * General: - tlp bat/ac: Keep manual power settings until tlp start (gh#linrunner/TLP#349). - Remove all pm-utils scripts (gh#linrunner/TLP#363). - tlp/tlp-stat: Temporarily overwrite configuration for one programme invocation only: -- PARAM=value ... - Document intrinsic defaults in config file (gh#linrunner/TLP#353). - Code verified with ShellCheck. * Graphics: - INTEL_GPU_MIN_FREQ_ON_AC/BAT, INTEL_GPU_MAX_FREQ_ON_AC/BAT, INTEL_GPU_BOOST_FREQ_ON_AC/BAT: Intel GPU frequency limits. * Radio Devices: - tlp-rdw: New command to disable RDW actions temporarily (until reboot). - Support ThinkPad Pro Dock CS18 (17ef:306f). - USB_BLACKLIST_WWAN: Disable by default. - Retire compatibility with Network Manager 0.9.8. * PCI(e) devices: - RUNTIME_PM_BLACKLIST: Add mei_me, pcieport. * ThinkPad Battery: - New native kernel API for battery features "natacpi", requires kernel 4.17; enabled by default (gh#linrunner/TLP#321). - NATACPI_ENABLE, TPACPI_ENABLE, TPSMAPI_ENABLE: Make all battery feature drivers switchable. - tlp discharge/recalibrate: Exclude multiple simultaneous invocations. - Support ThinkPad 25, *80 (Coffee Lake) and all newer models. * tlp-stat: - Check systemd-rfkill.socket masked status. - Drives: Show all configured devices (consider default). - Intel GPU: Show frequency limits and available frequencies. - Rename "Suggestions" section to "Recommendations". - Remove invocation via "tlp stat". * USB: - Exclude scanners managed by libsane from autosuspend. - Remove long deprecated level/autosuspend attributes. * Bugfixes - Do not try to start NetworkManager (systemd) (gh#linrunner/TLP#193). - get_disk_dev logic is not compatible with NVMe devices (gh#linrunner/TLP#319). - AC mode not detected with USB charger (gh#linrunner/TLP#320). - Process "/usr/bin/tlp auto" failed with exit code 4 (gh#linrunner/TLP#331). - zsh parse error in tlp diskid (gh#linrunner/TLP#332). - Circumvent broken AC/charger detection (gh#linrunner/TLP#343, gh#linrunner/TLP#362, gh#linrunner/TLP#375). - Keep ASPM default to enable deeper C-states on AC (gh#linrunner/TLP#344). - Fix writing sequence for start/stop charge thresholds (gh#linrunner/TLP#356). - Recognise Think*p*ad P50 (gh#linrunner/TLP#368). - tlp-stat: filter HWP lines from x86_energy_perf_policy output ==== totem-pl-parser ==== Version update (3.26.2 -> 3.26.3) Subpackages: libtotem-plparser-mini18 libtotem-plparser18 totem-pl-parser-lang typelib-1_0-TotemPlParser-1_0 - Update to version 3.26.3: + Atom parsing bug fixes. ==== vim ==== Version update (8.1.0892 -> 8.1.1005) Subpackages: gvim vim-data vim-data-common - Updated to version 8.1.1005, fixes the following problems - vim-8.1.0297-dump3.patch - disabled another flakky test * Failure when closing a window when location list is in use. * Terminal test is a bit flaky. * Tests for restricted mode no run for MS-Windows GUI. * Can modify a:000 when using a reference. * A messed up rgb.txt can crash Vim. (Pavel Cheremushkin) * No need to check restricted mode for setwinvar(). * Index in getjumplist() may be wrong. (Epheien) * Incomplete set of assignment operators. * Struct uses more bytes than needed. * USE_LONG_FNAME never defined. * Complicated regexp causes a crash. (Kuang-che Wu) * Using clumsy way to get console window handle. * CI tests on AppVeyor are failing. * Can't handle large value for %{nr}v in regexp. (Kuang-che Wu) * Crash with tricky search pattern. (Kuang-che Wu) * Tag line with Ex command cannot have extra fields. * CI crashes when running out of memory. * Code related to findfile() is spread out. * fsync() may not work properly on Mac. * With Python 3.7 "find_module" is not made available. * Double free when running out of memory. * Compiler warnings. * In Terminal-Normal mode job output messes up the window. * Terminal test sometimes fails; using memory after free. * Terminal scrollback test is flaky. * Terminal dump diff swap does not update file names. * Terminal scrollback test still flaky. * Terminal scrollback test still still flaky. * No test for :wnext, :wNext and :wprevious. * USE_CR is never defined. * Stray log function call. * No error when requesting ConPTY but it's not available. * Typo in Makefile. * vtp_working included in GUI build but unused. * Farsi support is outdated and unused. * When using VTP scroll region isn't used properly. * Invalid memory access in search pattern. (Kuang-che Wu) * Old regexp engine may use invalid buffer for 'iskeyword' or uninitialized buffer pointer. (Kuang-che Wu) * May leak memory when using 'vartabstop'. (Kuang-che Wu) * Invalid memory access in search pattern. (Kuang-che Wu) * Background color is wrong in MS-Windows console when not using VTP. * No completion for sign group names. * Options window still checks for the multi_byte feature. * Still a trace of Farsi support. * Format of nbdbg() arguments is not checked. * Internal error when using pattern with NL in the range. * Coveralls is not very useful. * When built without +eval "Vim --clean" produces errors. (James McCoy) * Using :python sets 'pyxversion' even when not executed. * Compilation warnings when building the MS-Windows installer. * A very long file is truncated at 2^31 lines. * Arguments of semsg() and siemsg() are not checked. * Matchit autoload directory not in installer. (Chris Morgan) * Using context:0 in 'diffopt' does not work well. * Compiling weird regexp pattern is very slow. * Sorting large numbers is not tested and does not work properly. * When using ConPTY garbage collection has undefined behavior. * Building with MinGW and static libs doesn't work. (Salman Halim) * Illegal memory access when using 'incsearch'. * Cannot see in CI why a screenshot test failed. * Search test fails. * One terminal test is flaky. * Stray dependency in test Makefile. * Crash when using search pattern \%Ufffffc23. * Message written during startup is truncated. * Text properties test fails when 'encoding' is not utf-8. * Failure for selecting quoted text object moves cursor. * Cannot switch from terminal window to next tabpage. * Pattern with syntax error gives threee error messages. (Kuang-che Wu) * Cannot switch from terminal window to previous tabpage. * Using STRNCPY() wrongly. Warning for uninitialized variable. * Dosinstall still has buffer overflow problems. * Blob not tested with Ruby. * Blob not tested with Perl. * Compiler warning for unused functions. (Yasuhiro Matsumoto) * extend() insufficiently tested. * Pasting in terminal insufficiently tested. * update_cursor() called twice in :shell. * Checking __CYGWIN32__ unnecessarily. * Unnecessary #ifdefs. * Crash with large number in regexp. (Kuang-che Wu) * rename() is not propertly tested. * Unnecessary condition in #ifdef. * Deleting a location list buffer breaks location list window functionality. * Various small code ugliness. * Floating point exception with "%= 0" and "/= 0". * Cannot build with FEAT_EVAL defined and FEAT_SEARCH_EXTRA undefined, and with FEAT_DIFF defined and FEAT_EVAL undefined. * A :normal command while executing a register resets the reg_executing() result. * ch_read() may return garbage if terminating NL is missing. * Relative cursor position is not calculated correctly. * A getchar() call while executing a register resets the reg_executing() result. * A few screendump tests fail because of scrolling. * Using GUI colors in vim.exe when 'termguicolors' is off. * getcurpos() unexpectedly changes "curswant". * Use register one too often and not properly tested. * Indenting is off. * Visual area not correct when using 'cursorline'. * "gf" does not always work when URL has a port number. (Jakob Schöttl) * Playing back recorded key sequence mistakes key code. * Function "luaV_setref()" not covered with tests. * Test fails because t_F2 is not set. ==== xdg-desktop-portal-kde ==== Version update (5.15.2 -> 5.15.3) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.15.3 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.15.3.php - Changes since 5.15.2: * Use high dpi pixmaps (kde#405160) * [File Chooser Portal] Confirm overwrite on saving (kde#404719) ==== xen ==== Version update (4.12.0_02 -> 4.12.0_04) Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1127620 - Documentation for the xl configuration file allows for firmware=pvgrub64 but we don't ship pvgrub64. Create a link from grub.xen to pvgrub64 xen.spec - Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Tarball also contains additional post RC4 security fixes for Xen Security Advisories 287, 288, and 290 through 294. - Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 ==== xmlto ==== - Simplify spec file ==== yast2 ==== Version update (4.1.61 -> 4.1.65) Subpackages: yast2-logs - Fixed evaluating the base product, the same products with the available and selected status must be treated as duplicate products (bsc#1129257) - 4.1.65 - Process the "specialproduct" value like a linuxrc parameter (ignore "-_." characters, ignore case) (bsc#1128901) - 4.1.64 - Fix how a product features is read in a running system. - Update default path for base product licenses (fate#324053, jsc#SLE-4173). - 4.1.63 - Fixed product filtering in product_reader.rb, fixes problem when upgrading SLE15-SP1 to SLE15-SP1 (usually used to fix a broken system) (bsc#1128459) - 4.1.62 ==== yast2-bootloader ==== Version update (4.1.21 -> 4.1.22) - Added tag smt to *.rnc file (bsc#1128707). - 4.1.22 ==== yast2-http-server ==== Version update (4.1.3 -> 4.1.4) - bnc#1119455 - updated list of known modules to guarantee correct load order - 4.1.4 ==== yast2-installation ==== Version update (4.1.41 -> 4.1.43) - Update the hard-coded fallback path for licenses directory (fate#324053, jsc#SLE-4173) - 4.1.43 - Fix patterns and packages selection when going back to the system role selection (bsc#1126517). - 4.1.42 ==== yast2-nis-client ==== Version update (4.1.0 -> 4.1.1) - Prevent UI syntax error due to nil in widget term (bsc#1126515) - 4.1.1 ==== yast2-trans ==== Version update (84.87.20190302.e4560c38a8 -> 84.87.20190309.125b762b7d) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en yast2-trans-en_GB yast2-trans-en_US yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20190309.125b762b7d: * New POT for text domain 'packager'. * New POT for text domain 'base'. * New POT for text domain 'storage'. * New POT for text domain 'snapper'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'users'. * New POT for text domain 'storage'. * New POT for text domain 'base'. * Translated using Weblate (Finnish) * New POT for text domain 'snapper'. * New POT for text domain 'base'. * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'base'. * Translated using Weblate (Japanese) * Translated using Weblate (French) * storage-ng removed * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Danish) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Spanish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Korean) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Danish) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Finnish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Lithuanian) * Translated using Weblate (Spanish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Danish) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Dutch) * Translated using Weblate (Danish) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Finnish) * Translated using Weblate (Spanish) * Translated using Weblate (Korean) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Korean) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Lithuanian) * Translated using Weblate (Japanese) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Spanish) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Finnish) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Lithuanian) * Translated using Weblate (Japanese) * Translated using Weblate (Finnish) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Lithuanian) * Translated using Weblate (Albanian) * Translated using Weblate (Japanese) * Added translation using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) ==== yast2-users ==== Version update (4.1.10 -> 4.1.11) - Added tag home_btrfs_subvolume to *.rnc file (bsc#1128707) - Improved error message layout while creating btrfs subvolumes. - 4.1.11 ==== ypserv ==== Version update (4.0 -> 4.1) - Update to version 4.1 - minor bugfix release - ypserv-4.1.diff: replaced ypserv-2.32.diff - 0001-use-_PATH_VARRUN-from-paths.h.patch: integrated upstream - drop SuSEfirewall2 support