Packages changed: boost-base ca-certificates-mozilla dracut (049+git115.c2d8d6fb -> 049+git116.e9995c78) fuse3 (3.8.0 -> 3.9.0) gcc9 (9.2.1+r275327 -> 9.2.1+r279103) gpg2 (2.2.18 -> 2.2.19) grub2 haproxy (2.0.10+git14.7caf150a -> 2.1.1+git0.4ae521379) iptables (1.8.3 -> 1.8.4) kdump ldb less libsolv (0.7.9 -> 0.7.10) libssh (0.9.2 -> 0.9.3) libxml2 libzypp (17.17.0 -> 17.20.0) lvm2 lvm2-device-mapper mokutil openssl-1_1 p11-kit patterns-base policycoreutils python-requests reg (0.16.0 -> 0.16.1) salt slirp4netns (0.4.2 -> 0.4.3) sssd xen (4.13.0_03 -> 4.13.0_04) === Details === ==== boost-base ==== Subpackages: boost-license1_71_0 libboost_thread1_71_0 - Remove hardcoded abiflags (%py3_abiflags is not available for 3 years), use python3-config instead. Fixes build with Python 3.8. ==== ca-certificates-mozilla ==== - make sure p11-kit with patches is installed on SLE (boo#1154871) ==== dracut ==== Version update (049+git115.c2d8d6fb -> 049+git116.e9995c78) Subpackages: dracut-ima - Update to version 049+git116.e9995c78: * dracut.spec: add convertfs module correctly (boo#1158777) ==== fuse3 ==== Version update (3.8.0 -> 3.9.0) - Update to version 3.9.0 * Added support for FUSE_EXPLICIT_INVAL_DATA to enable onl invalidate cached pages on explicit request. ==== gcc9 ==== Version update (9.2.1+r275327 -> 9.2.1+r279103) Subpackages: libgcc_s1 libstdc++6 - Update to gcc-9-branch head (r279103). * Includes gcc9-pr91772.patch - Refresh gcc48-remove-mpfr-2.4.0-requirement.patch to apply again. - Use new license and header also in gcc.spec.in to reduce churn with format_spec_file. - Use BuildRoot tag again for old distros (SLE-11). - Make cross-arm-gcc a gcc_icecream cross. Remove the disabling of debuginfo stripping. [bsc#1152590] ==== gpg2 ==== Version update (2.2.18 -> 2.2.19) - update to 2.2.19: * gpg: Fix double free when decrypting for hidden recipients * gpg: Use auto-key-locate for encryption even for mail addressed given with angle brackets * gpgsm: Add special case for certain expired intermediate certificates ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Correct awk pattern in 20_linux_xen (bsc#900418, bsc#1157912) - Correct linux and initrd handling in 20_linux_xen (bsc#1157912) M grub2-efi-xen-cfg-unquote.patch M grub2-efi-xen-chainload.patch M grub2-efi-xen-cmdline.patch M grub2-efi-xen-removable.patch ==== haproxy ==== Version update (2.0.10+git14.7caf150a -> 2.1.1+git0.4ae521379) - Update to version 2.1.1+git0.4ae521379: * [RELEASE] Released version 2.1.1 * BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() * BUG/MINOR: listener: fix off-by-one in state name check * BUG/MINOR: server: make "agent-addr" work on default-server line * BUG/MINOR: listener: do not immediately resume on transient error * BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers * BUG/MINOR: log: fix minor resource leaks on logformat error path * DOC: remove references to the outdated architecture.txt * DOC: proxies: HAProxy only supports 3 connection modes * BUG/MINOR: tasks: only requeue a task if it was already in the queue * DOC: listeners: add a few missing transitions - Update to version 2.1.0+git33.8e4a62508: * BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. * BUG/MAJOR: dns: add minimalist error processing on the Rx path * BUG/MEDIUM: kqueue: Make sure we report read events even when no data. * DOC: document the listener state transitions * BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() * BUG/MINOR: listener: also clear the error flag on a paused listener * BUG/MINOR: listener/threads: always use atomic ops to clear the FD events * BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state * BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted * BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added - Update to version 2.1.0+git23.e77b108cd: * BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting. * BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). ==== iptables ==== Version update (1.8.3 -> 1.8.4) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Update to release 1.8.4 * Fix for wrong counter format in `ebtables-nft-save -c` output. * Print typical iptables-save comments in arptables- and ebtables-save, too. * xt_owner: add --suppl-groups option * Remove support for /etc/xtables.conf * Restore support for "-4" and "-6" options in rule lines. ==== kdump ==== - kdump-calibrate-Update-values.patch: calibrate: Update values (bsc#1130529). - kdump-prefer-by-path-and-device-mapper.patch: Prefer by-path and device-mapper aliases over kernel device names (bsc#1101149, LTC#168532). - kdump-powerpc-no-reload-on-CPU-removal.patch: powerpc: Do not reload on CPU hot removal (bsc#1133407, LTC#176111). - kdump-Add-force-option-to-KDUMP_NETCONFIG.patch: Add ":force" option to KDUMP_NETCONFIG (bsc#1108919). - kdump-Add-fence_kdump_send-when-fence-agents-installed.patch: Add fence_kdump_send when fence-agents installed (bsc#1108919). - kdump-FENCE_KDUMP_SEND-variable.patch: Use var for path of fence_kdump_send and remove the unnecessary PRESCRIPT check (bsc#1108919). - kdump-Document-fence_kdump_send.patch: Document kdump behaviour for fence_kdump_send (bsc#1108919). - kdump-nss-modules.patch: Improve the handling of NSS (bsc#1021846). - kdump-skip-mounts-if-no-proc-vmcore.patch: Skip kdump-related mounts if there is no /proc/vmcore (bsc#1102252, bsc#1125011). - kdump-clean-up-kdump-mount-points.patch: Make sure that kdump mount points are cleaned up (bsc#1102252, bsc#1125011). - kdump-Clean-up-the-use-of-current-vs-boot-network-iface.patch: Clean up the use of current vs. boot network interface names (bsc#1094444, bsc#1116463, bsc#1141064). - kdump-Use-a-custom-namespace-for-physical-NICs.patch: Use a custom namespace for physical NICs (bsc#1094444, bsc#1116463, bsc#1141064). - kdump-preserve-white-space.patch: Preserve white space when removing kernel command line options (bsc#1117652). ==== ldb ==== - Add obsolete ldb1 directive to baselibs.conf ==== less ==== - Move lesskey* from /etc to /usr/etc ==== libsolv ==== Version update (0.7.9 -> 0.7.10) - fix solv_zchunk decoding error if large chunks are used [bnc#1159314] - build with -DENABLE_RPMDB_LIBRPM=1 on SUSE to support multiple rpm database backends - added two new function to make libzypp independent of the rpm database format - bump version to 0.7.10 ==== libssh ==== Version update (0.9.2 -> 0.9.3) Subpackages: libssh-config libssh4 - Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer - Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved for internal use. ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Build python2 and python3 bindings in separate flavors. As python3-libxml2 is a dependency of e.g. itstools and thus many other packages these packages no longer have a build dependency on python2. Breaks a build loop for python2. ==== libzypp ==== Version update (17.17.0 -> 17.20.0) - BuildRequires: libsolv-devel >= 0.7.10. - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - version 17.20.0 (20) - MediaCurl: assert cookie file has mode 0600 (bsc#1158763, CVE-2019-18900) - version 17.19.0 (12) - dup: fix removing orphaned packages dropped by to-be-installed products (bsc#1155819) - version 17.18.1 (12) - Resolver: add solution actions for SOLVER_SOLUTION_BLACK (retracted/PTF) - Solvable: add isRetracted and isPtf attributes. - version 17.18.0 (12) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - backport patches for lvm2 to avoid software abnormal work (bsc#1158861) + bug-1158861_01-config-remove-filter-typo.patch + bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch + bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch + bug-1158861_04-fix-duplicate-pv-size-check.patch + bug-1158861_05-hints-fix-copy-of-filter.patch + bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch + bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch + bug-1158861_08-hints-fix-mem-leaking-buffers.patch + bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch - backport upstream patches for passing lvm2 testsuite (bsc#1158628) + bug-1158628_01-tests-replaces-grep-q-usage.patch + bug-1158628_02-tests-fix-ra-checking.patch + bug-1158628_03-tests-simplify-some-var-settings.patch + bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_05-activation-add-synchronization-point.patch + bug-1158628_06-pvmove-add-missing-synchronization.patch + bug-1158628_07-activation-extend-handling-of-pending_delete.patch + bug-1158628_08-lv_manip-add-synchronizations.patch + bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch + bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch + bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch + bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch + bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch + bug-1158628_14-tests-add-extra-settle.patch + bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - backport patches for lvm2 to avoid software abnormal work (bsc#1158861) + bug-1158861_01-config-remove-filter-typo.patch + bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch + bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch + bug-1158861_04-fix-duplicate-pv-size-check.patch + bug-1158861_05-hints-fix-copy-of-filter.patch + bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch + bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch + bug-1158861_08-hints-fix-mem-leaking-buffers.patch + bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch - backport upstream patches for passing lvm2 testsuite (bsc#1158628) + bug-1158628_01-tests-replaces-grep-q-usage.patch + bug-1158628_02-tests-fix-ra-checking.patch + bug-1158628_03-tests-simplify-some-var-settings.patch + bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_05-activation-add-synchronization-point.patch + bug-1158628_06-pvmove-add-missing-synchronization.patch + bug-1158628_07-activation-extend-handling-of-pending_delete.patch + bug-1158628_08-lv_manip-add-synchronizations.patch + bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch + bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch + bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch + bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch + bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch + bug-1158628_14-tests-add-extra-settle.patch + bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch ==== mokutil ==== - Add build for ppc64/ppc64le ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Security fix: [bsc#1158809, CVE-2019-1551] * Overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli - Add openssl-1_1-CVE-2019-1551.patch ==== p11-kit ==== Subpackages: libp11-kit0 p11-kit-tools - Also build documentation (boo#1013125) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-minimal_base - Disable purge-kernels-service dependency for now: dracut has not yet been updated to no longer ship the service file. - Support multiversion(kernel) with purge-kernels.service separated from dracut (jsc#SLE-10162, jsc#SLE-10465). ==== policycoreutils ==== Subpackages: python3-policycoreutils - Added chcat_join.patch to prevent joining non-existing categories (bsc#1159262) ==== python-requests ==== - Remove python-urllib3, python-certifi and ca-certificates from main package BuildRequires, not required for building. - Do not require full python, (implicit) python-base is sufficient. ==== reg ==== Version update (0.16.0 -> 0.16.1) - Update to version 0.16.1 - Update vendor - Adds support for passing a context with all http requests ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Add missing bugzilla references: Properly handle colons in inline dicts with yamlloader (bsc#1095651) Fix corrupt public key with m2crypto python3 (bsc#1099323) Add missing dateutils import (bsc#1099945) Fix UnicodeDecodeError using is_binary check (bsc#1100225) Prevent payload crash on decoding binary data (bsc#1100697) Fix file.blockreplace to avoid throwing IndexError (bsc#1101812) Add API log rotation on SUSE package (bsc#1102218) Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) Handle anycast IPv6 addresses on network.routes (bsc#1114474) Crontab module fix: file attributes option missing (bsc#1114824) Add metadata to accepted keyword arguments (bsc#1122680) Bugfix: properly refresh pillars (bsc#1125015) - xfs: do not fail if type is not present (bsc#1153611) - Added: * xfs-do-not-fails-if-type-is-not-present.patch - Don't use __python indirection macros on spec file %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020); additionally, python/python3 are just binaries in the path. - Fix errors when running virt.get_hypervisor function - Added: * fix-virt.get_hypervisor-188.patch - Align virt.full_info fixes with upstream Salt - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Added: * align-virt-full-info-fixes-with-upstream-192.patch * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch - Fix StreamClosedError issue (bsc#1157479) - Added: * fix-batch_async-obsolete-test.patch * fixing-streamclosed-issue.patch ==== slirp4netns ==== Version update (0.4.2 -> 0.4.3) - Update to 0.4.3 * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Install infopipe dbus service (bsc#1106598) - Add systemd service unit files to manage socket or bus activated responders. - All responders except infopipe are also managed by a socket unit file. - Add missing post and postun hooks for libsss_certmap0 package. ==== xen ==== Version update (4.13.0_03 -> 4.13.0_04) - bsc#1159320 - Xen logrotate file needs updated logrotate.conf - Update to Xen 4.13.0 FCS release xen-4.13.0-testing-src.tar.bz2 * Core Scheduling (contributed by SUSE) * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) * Late uCode loading (contributed by Intel) * Improved live-patching build tools (contributed by AWS) * OP-TEE support (contributed by EPAM) * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) * Dom0-less passthrough and ImageBuilder (contributed by XILINX) * Support for new Hardware - Update to Xen 4.13.0 RC4 release xen-4.13.0-testing-src.tar.bz2 - Rebase libxl.pvscsi.patch