Packages changed: bind (9.16.5 -> 9.16.6) festival libverto (0.2.6 -> 0.3.1) permissions (1550_20200811 -> 1550_20200826) suse-module-tools (15.3.3 -> 15.3.4) systemd xdm xfce4-screensaver zlib === Details === ==== bind ==== Version update (9.16.5 -> 9.16.6) Subpackages: bind-chrootenv bind-doc bind-utils libbind9-1600 libdns1605 libirs1601 libisccc1600 libisccfg1600 python3-bind - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. - Upgrade to version 9.16.6 Fixes five vilnerabilities: 5481. [security] "update-policy" rules of type "subdomain" were incorrectly treated as "zonesub" rules, which allowed keys used in "subdomain" rules to update names outside of the specified subdomains. The problem was fixed by making sure "subdomain" rules are again processed as described in the ARM. (CVE-2020-8624) [GL #2055] 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet. (CVE-2020-8623) [GL #2037] 5479. [security] named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled. (CVE-2020-8621) [GL #1997] 5478. [security] It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message. (CVE-2020-8620) [GL #1996] 5476. [security] It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request. (CVE-2020-8622) [GL #2028] For the less severe bugs fixed, see the CHANGES file. [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621, CVE-2020-8620, CVE-2020-8622] ==== festival ==== - Removed unnecessary and unexpected "_link". - Updated .spec file according to the Tumbleweed's change (%{_libexecdir} was changed from /usr/lib to /usr/libexec). ==== libverto ==== Version update (0.2.6 -> 0.3.1) Subpackages: libverto1 libverto1-32bit - update to 0.3.1: * Fix rare leak of DSO in module_load * Turn off -Wcast-function-type * Work around libev not being c89-compliant * Minor release bumps for verto_cleanup() * Leak fixes * Enforce strict c89 compliance for portability * Many warning fixes * Fix memleak in libverto:vfree * Update mutex usage to improve debugging * Add verto_cleanup() to free loaded_modules * Make C99 requirement explicit ==== permissions ==== Version update (1550_20200811 -> 1550_20200826) Subpackages: chkstat permissions-config permissions-doc - Update to version 20200826: * mtr-packet: stop requiring dialout group * etc/permissions: fix mtr permission * list_permissions: improve output format * list_permissions: support globbing in --path argument * list_permissions: implement simplifications suggested in PR#92 * list_permissions: new tool for better path configuration overview ==== suse-module-tools ==== Version update (15.3.3 -> 15.3.4) - Update to version 15.3.4: * spec: rework dependencies ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-doc systemd-lang systemd-logger systemd-sysvinit udev - Adjust %pre and %post for the restoration of upstream tmp.mount (boo#1175779) - Import commit a4e393eecb9dbe140a6c7d57419c291d786155cf d8e3bd4e22 Revert "core: don't send SIGKILL to user@.service immediatly during shutdown" - Drop requirement on 'sysvinit-tools' It was used to workaround bug #886599 by explicitly calling vhangup(8) from getty@.service so when this service was stopped a virtually hangup on the specified terminal when were stopped to give the shell a few seconds to save its history. But this workaround was dropped since it had no effect (SLE12-GM was released with it but was still suffering from the bug) and was replaced by commit e9db43d5910717a108, which was released from v226 and backported to SLE12/SLE12-SP1. ==== xdm ==== Subpackages: xdm-xsession - Require /sbin/startproc: with systemd no longer pulling in sysvinit-tools. we are responsible for our own deps. /sbin/pidof and /sbin/startproc both were presented by sysvinit-tools. but the sole presence of the /sbin/pidof dep is not sufficient, as this can be provided by various packages (e.g. busybox-sysvinit-tools, which then does not provide startproc). Spelling the deps out ensures that we get the right package set installed. - Drop insserv-compat dependency when display-manager.service is used insserv-compat is going to be dropped soon or later on systems with systemd as init system. It was only needed by /usr/lib/X11/display-manager script that uses rc_status to pretty print the status of a command. Since this script is intended to be used by display-manager.service and not called directly by users and systemd has already its own mechanism to report status, the use of rc_status doesn't seem to be useful. The exit failure status for each command has been preserved. - Drop commands in /usr/lib/X11/display-manager that are never used by systemd Assuming that this script is only called from display-manager.service unit, some commands of the scripts are either never used or redundant with systemd functionalities. More specifically, there's no need to redefine a "stop" command as this is one basic command that systemd implements already. Also convert "reload" to make use of $MAINPID exported by systemd which should be slighly more reliable and hence stop relying on killproc that might be removed in the future. - Replace /var/run with /run as /var/run is obsolete since quite some time now. ==== xfce4-screensaver ==== - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== zlib ==== Subpackages: libminizip1 libz1 libz1-32bit zlib-devel - Add patch to fix compression level switching bsc#1175811 bsc#1175830 bsc#1175831 * zlib-compression-switching.patch - Set -DDFLTCC_LEVEL_MASK=0x7e on s390/s390x jsc#13776