Packages changed: 389-ds (1.4.2.3~git0.129914357 -> 1.4.2.4~git0.c881f6ec0) Mesa (19.2.4 -> 19.2.6) Mesa-drivers (19.2.4 -> 19.2.6) accerciser (3.34.1 -> 3.34.2) audacity (2.3.2 -> 2.3.3) bind (9.11.2 -> 9.14.8) clamav (0.101.4 -> 0.102.1) cronie epiphany (3.34.1 -> 3.34.2) exo (0.12.9 -> 0.12.10) firewalld (0.6.3 -> 0.7.2) gdm iagno (3.34.2 -> 3.34.3) libetpan (1.9.1 -> 1.9.3) libmaxminddb libnma (1.8.24 -> 1.8.26) mcelog (1.64 -> 1.66) nodejs12 (12.13.0 -> 12.13.1) perl-HTML-SimpleParse perl-MIME-Lite (3.030 -> 3.031) perl-Moose (2.2011 -> 2.2012) perl-Net-IP perl-libwww-perl (6.41 -> 6.42) polkit-default-privs (13.2+20191119.a36b458 -> 13.2+20191122.eb9cc80) psgml python-networkx (2.3 -> 2.4) rygel (0.38.2 -> 0.38.3) === Details === ==== 389-ds ==== Version update (1.4.2.3~git0.129914357 -> 1.4.2.4~git0.c881f6ec0) Subpackages: lib389 libsvrcore0 - Update to version 1.4.2.4~git0.c881f6ec0: * Bump version to 1.4.2.4 * Issue 49761 - Fix CI test suite issues * Issue 50634 - Fix CLI error parsing for non-string values * Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes * Issue 50644 - fix regression with creating sample entries * Issue 50699 - Add Disk Monitor to CLI and UI * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes * Issue 50536 - After audit log file is rotated, DS version string is logged after each update * Issue #50712 - Version comparison doesn't work correctly on git builds * Issue 50706 - Missing lib389 dependency - packaging * Issue 49761 - Fix CI test suite issues * Issue #50683 - Makefile.am contains unused RPM-related targets * Issue 50696 - Fix various UI bugs * Update based on Marks feedback * Update to mark as skipif * Ticket 50641 - Update default aci to allows users to change their own password * Ticket 50007, 50648 - improve x509 handling. * Issue 50689 - Failed db restore task does not report an error * Issue 50199 - Disable perl by default * Ticket 50633 - Add cargo vendor support for offline builds * Issue 50499 - Fix npm audit issues ==== Mesa ==== Version update (19.2.4 -> 19.2.6) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to version 19.2.6 * fixes build on PPC * couple of additional stable patches - Update to version 19.2.5 * There's a little bit over everything in here, with anv and radeonsi standing out as the two biggest components getting changes, but core mesa, core gallium, llvmpipe, nir, egl, i965, tgsi, st/mesa, spirv, and the Intel compiler also fixes in this release. - supersedes u_call-shmget-with-permission-0600-instead-of-0777.patch ==== Mesa-drivers ==== Version update (19.2.4 -> 19.2.6) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - Update to version 19.2.6 * fixes build on PPC * couple of additional stable patches - Update to version 19.2.5 * There's a little bit over everything in here, with anv and radeonsi standing out as the two biggest components getting changes, but core mesa, core gallium, llvmpipe, nir, egl, i965, tgsi, st/mesa, spirv, and the Intel compiler also fixes in this release. - supersedes u_call-shmget-with-permission-0600-instead-of-0777.patch ==== accerciser ==== Version update (3.34.1 -> 3.34.2) Subpackages: accerciser-lang - Update to version 3.34.2: + Updated translations. ==== audacity ==== Version update (2.3.2 -> 2.3.3) Subpackages: audacity-lang - Update to release 2.3.3 - For upstream changes see: http://wiki.audacityteam.org/wiki/Category:Release_Notes - Create a more suitable Group: tag. ==== bind ==== Version update (9.11.2 -> 9.14.8) Subpackages: bind-chrootenv bind-doc bind-utils python3-bind - Upgrade to version 9.14.8: * Set a limit on the number of concurrently served pipelined TCP queries. * Some other bug fixing, see CHANGES file. [CVE-2019-6477, bsc#1157051] - Upgrade to version 9.14.7 * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0, queryperf, sdb, zkt from contrib as they are not supported any more * Added support for the GeoIP2 API from MaxMind * See CHANGES file in the source RPM. [bsc#1111722, bsc#1156205, CVE-2019-6476, CVE-2019-6475, CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465, CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738, CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, configure.in.diff, bind-99-libidn.patch, perl-path.diff, bind-sdb-ldap.patch, bind-CVE-2017-3145.patch, bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch, bind-fix-fips.patch] ==== clamav ==== Version update (0.101.4 -> 0.102.1) Subpackages: libclamav9 - update to 0.102.1 * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the - -gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. - dropped clamav-fix_building_milter.patch (upstreamed) - update to 0.102.0 * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 - dropped clamav-max_patch.patch (upstreamed) - added clamav-fix_building_milter.patch to fix build of milter ==== cronie ==== Subpackages: cron - drop 'checkproc' line from the run-crons as the usage is bogus [bsc#1155929] ==== epiphany ==== Version update (3.34.1 -> 3.34.2) Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Update to version 3.34.2: + Fix bookmarks import error handling. + Prevent detaching pinned tabs. + Exclude pinned tabs from "close other tabs" and "close tabs to left/right". + Adjust icon to not use clipping masks for compatibility with KDE. + Correctly handle zero matches in find toolbar. + Fix remember passwords setting. + Updated translations. ==== exo ==== Version update (0.12.9 -> 0.12.10) Subpackages: exo-data exo-helpers exo-lang exo-tools libexo-1-0 libexo-2-0 - Update to version 0.12.10 - Fix typeahead search regression (bxo#16191) - Translation Updates ==== firewalld ==== Version update (0.6.3 -> 0.7.2) Subpackages: firewalld-lang python3-firewall - Replace incorrect usage of %_libexecdir with %_prefix/lib - rebased the original patch from revision 19 - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 - Update to version 0.7.1: * Rich Rule Priorities * Service Definition Includes - Service definitions can now include lines like: which will include all the ports, etc from the https service. * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in firewalld.conf is available. It does filtering based on RFC3964 in regards to IPv4 addresses. This functionality was traditionally in network-scripts. * FlushAllOnReload - A new option FlushAllOnReload in firewalld.conf is available. Older release retained some settings (direct rules, interface to zone assignments) during a - -reload. With the introduction of this configuration option that is no longer the case. Old behavior can be restored by setting FlushAllOnReload=no. * 15 new service definitions * fix: firewall-offline-cmd: service: use dict based APIs * fix: client: service: use dict based dbus APIs * test: dbus: coverage for new service APIs * fix: dbus: new dict based APIs for services * test: dbus: service API coverage * test: functions: add macro DBUS_INTROSPECT * test: functions: add CHOMP macro for shell output * fix: tests/functions: use gdbus instead of dbus-send * fix: dbus: add missing APIs for service includes - Remove patch for using iptables instead of nftables - we should finally switch to nftables and fix its issues properly if they occur again: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Remove patch which was released upstream: * 0002-Add-FlushAllOnReload-config-option.patch - Update to version 0.6.4: * chore: update translations * treewide: fix over indentation (flake8 E117) * test: travis: add another test matrix for omitting ip6tables * chore: travis: split test matrix by keywords * chore: tests: add AT_KEYWORDS for firewall-offline-cmd * improvement: tests: Use AT_KEYWORDS for backends * fix: tests: guard occurrences of IPv6 * fix: tests/functions: ignore warnings about missing ip6tables * test: add macro IF_IPV6_SUPPORTED ==== gdm ==== Subpackages: gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Drop gdm-disable-wayland-for-proprietary-nvidia-machines.patch: fixed upstream. ==== iagno ==== Version update (3.34.2 -> 3.34.3) Subpackages: iagno-lang - Update to version 3.34.3: + Updated translations. ==== libetpan ==== Version update (1.9.1 -> 1.9.3) - update to version 1.9.3 * Added IMAP CLIENTID / SMTP CLIENTID support * Use Cyrus SASL 2.1.27 - update to version 1.9.2 * Support of TLS SNI * LMDB for cache DB * Fixed build with recent versions of curl ==== libmaxminddb ==== - Add baselibs.conf: build libmaxminddb0-32bit, which is required by libdns1310-32bit (new dependency gained). ==== libnma ==== Version update (1.8.24 -> 1.8.26) Subpackages: libnma0 typelib-1_0-NMA-1_0 - Add virtual libnma Provides in the main lib package, make the lang package installable. - Inital packaging for openSUSE, version 1.8.26. ==== mcelog ==== Version update (1.64 -> 1.66) - Update to version 1.66 (jira SLE-10087, jira SLE-8853): * mcelog: Add support for Icelake server, Icelake-D, and Snow Ridge M email.patch -> Patched with fuzz, refresh needed - Update to version 1.65: * mcelog: Add Cascade Lake to supported models ==== nodejs12 ==== Version update (12.13.0 -> 12.13.1) Subpackages: nodejs12-devel npm12 - Update to LTS release 12.13.1: * improved experimental support for building Node.js with Python3 * ICU time zone data is updated to version 2019c - fixing TZ offset for Brazil * deps: + upgrade to libuv 1.33.1 + upgrade npm to 6.12.1 ==== perl-HTML-SimpleParse ==== - Change architecture to 'noarch' ==== perl-MIME-Lite ==== Version update (3.030 -> 3.031) - updated to 3.031 see /usr/share/doc/packages/perl-MIME-Lite/changes.pod =item Version 3.031 Add an SSL option to connect to the SMTP relay via SSL on port 465. (thanks, Max Maischein) Document some tips on using non-ASCII content with MIME::Lite (thanks, traveljury.com and Tom Hukins) ==== perl-Moose ==== Version update (2.2011 -> 2.2012) - updated to 2.2012 see /usr/share/doc/packages/perl-Moose/Changes 2.2012 2019-11-22 [TESTS] - adjust test of missing package to accomodate new diagnostic message in perl 5.31.6 (RT#130929) ==== perl-Net-IP ==== - Update spec file: * Use https and metacpan.org in URL and source * Move COPYING to the license tag * Update summary and description sections - Change architecture to 'noarch' ==== perl-libwww-perl ==== Version update (6.41 -> 6.42) - updated to 6.42 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.42 2019-11-20 17:40:52Z - Add retry handling for a stale nonce with digest authentication (marmotil and Frank Maas) (GH#40, GH#313, GH#321) - Add the patch method to LWP::UserAgent. (GH#334) (Chase Whitener) - Fix docs to match keep_alive => undef behavior, add some trivial tests (GH#333) (Ville Skyttä) - Documentation grammar fixes (GH#331) (Ville Skyttä) ==== polkit-default-privs ==== Version update (13.2+20191119.a36b458 -> 13.2+20191122.eb9cc80) - Update to version 13.2+20191122.eb9cc80: * whitelist org.freedesktop.ModemManager1.Modem.Time (bsc#1156961) ==== psgml ==== - Add psgml-texinfo-6.7.patch: Fix build with texinfo 6.7, which defaults to UTF-8 unless differently specified. ==== python-networkx ==== Version update (2.3 -> 2.4) - Drop incorrectly calculated dependency on python33 - Switch to using %pytest macro - Update to version 2.4 Highlights: * Remove deprecated code from 1.x * Support for Python 3.8 * Switched to pytest for testing * Last release to support Python 3.5 * Fifteen new fuctions, including onion decomposition and linear prufing * Three new generators, such as a directed joint degree generator - Add numpy-38-test.patch, to correct test failure under Python 3.8 - Update URL, upstream changed to tarballs from zipfiles. ==== rygel ==== Version update (0.38.2 -> 0.38.3) Subpackages: librygel-core-2_6-2 librygel-server-2_6-2 - Update to version 0.38.3: + Autotools: Dist meson build files. + Data: Remove useless Comment: from rygel.desktop.