Packages changed: aaa_base (84.87+git20200116.59482ba -> 84.87+git20200206.ed897a1) conmon (2.0.9 -> 2.0.10) dracut (049+git118.a6090e2f -> 049.1+git120.dbfbfcb8) fuse-overlayfs (0.7.5 -> 0.7.6) gcc9 (9.2.1+r280037 -> 9.2.1+git1022) gettext-runtime gmp gnutls (3.6.11.1 -> 3.6.12) health-checker (1.3 -> 1.3.1) hwdata (0.331 -> 0.332) kdump libsepol libtasn1 (4.15.0 -> 4.16.0) makedumpfile (1.6.6 -> 1.6.7) nano (4.6 -> 4.7) netcfg open-iscsi openldap2 (2.4.48 -> 2.4.49) openssl-1_1 python-setuptools (41.6.0 -> 44.0.0) rakkess (0.4.1 -> 0.4.3) rebootmgr shadow (4.8 -> 4.8.1) socat sqlite3 vim (8.2.0119 -> 8.2.0200) === Details === ==== aaa_base ==== Version update (84.87+git20200116.59482ba -> 84.87+git20200206.ed897a1) - Update to version 84.87+git20200206.ed897a1: * get_kernel_version: fix for current kernel on s390x (from azouhr) - Update to version 84.87+git20200206.8d74b0b: * Fix services entry in /etc/nsswitch.conf [bsc#1162916] - Make sure glibc is recent enough else nsswitch.conf update will fail - Adjust Requires/Requires(pre)/Requires(post) - Update to version 84.87+git20200128.8a17290: * Move chkconfig to insserv-compat, as most functionality isn't supported anymore since we have different solutions with systemd. * Remove /usr/bin/mkinfodir, not used anywhere anymore ==== conmon ==== Version update (2.0.9 -> 2.0.10) - Update to v2.0.10: - journal logging: write to /dev/null instead of -1 ==== dracut ==== Version update (049+git118.a6090e2f -> 049.1+git120.dbfbfcb8) Subpackages: dracut-ima - Update to version 049.1+git120.dbfbfcb8: * 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352) - Update to version 049.1+git119.abf1a408: * 30convertfs: adopt for SUSE (boo#1158777) ==== fuse-overlayfs ==== Version update (0.7.5 -> 0.7.6) - Update to v0.7.6 - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO ==== gcc9 ==== Version update (9.2.1+r280037 -> 9.2.1+git1022) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to releases/gcc-9 head (83f65674e78d97d27537361de1a9d74067ff228d). * Includes fix for [gcc#92692] ==== gettext-runtime ==== Subpackages: libtextstyle0 - Don't disable openmp with qemu, the emulation works now ==== gmp ==== - Remove broken packaged libgmp.a just containing LTO bytecode. ==== gnutls ==== Version update (3.6.11.1 -> 3.6.12) - gnutls 3.6.12 * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) to identify sessions that client request OCSP status request (#829). * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 signature algorithm (RFC 8032) under TLS (#86). * libgnutls: Added the default-priority-string option to system configuration; it allows overriding the compiled-in default-priority-string. * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-07). By default this ciphersuite is disabled. It can be enabled by adding +GOST to priority string. In the future this priority string may enable other GOST ciphersuites as well. Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. * libgnutls: added priority shortcuts for different GOST categories like CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. * libgnutls: Reject certificates with invalid time fields. That is we reject certificates with invalid characters in Time fields, or invalid time formatting To continue accepting the invalid form compile with --disable-strict-der-time * libgnutls: Reject certificates which contain duplicate extensions. We were previously printing warnings when printing such a certificate, but that is not always sufficient to flag such certificates as invalid. Instead we now refuse to import them (#887). * libgnutls: If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level prior to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). * libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. * libgnutls: The stapled OCSP certificate verification adheres to the convention used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. * libgnutls: On client side only send OCSP staples if they have been requested by the server, and on server side always advertise that we support OCSP stapling * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible with gnutls_ocsp_req_t but const. * certtool: Added the --verify-profile option to set a certificate verification profile. Use '--verify-profile low' for certificate verification to apply the 'NORMAL' verification profile. * certtool: The add_extension template option is considered even when generating a certificate from a certificate request. ==== health-checker ==== Version update (1.3 -> 1.3.1) Subpackages: health-checker-plugins-MicroOS health-checker-plugins-kubic - Update to version 1.3.1 * Support multiple menuentries in GRUB configuration [gh#kubic-project/health-checker#5] ==== hwdata ==== Version update (0.331 -> 0.332) - Update to version 0.322: * Updated pci, usb and vendor ids. ==== kdump ==== - kdump-activate-udev-rules-late-during-boot.patch: Activate kdump udev rules late during boot (bsc#1154837) ==== libsepol ==== - Add fnocommon.patch to prevent build failures on gcc10 and remove_cil_mem_error_handler.patch to prevent build failures due to leftovers from the removal of cil_mem_error_handler (bsc#1160874) ==== libtasn1 ==== Version update (4.15.0 -> 4.16.0) Subpackages: libtasn1-6 - libtasn1 4.16.0: * asn1_decode_simple_ber: added support for constructed definite octet strings * asn1_get_object_id_der: enhance the range of decoded OIDs * asn1_object_id_der: New function ==== makedumpfile ==== Version update (1.6.6 -> 1.6.7) - makedumpfile-PN_XNUM.patch: Define PN_XNUM if missing. - Update to version 1.6.7: + Makefile: remove -lebl from LIBS when no libebl.a. + Fix compilation warnings on 32-bit system. + Support newer kernels up to v5.4. - Drop makedumpfile-Increase-SECTION_MAP_LAST_BIT-to-4.patch: fixed upstream. - Drop libebl-devel BuildRequires: ebl is being absorbed by libdw. ==== nano ==== Version update (4.6 -> 4.7) - update to 4.7: * A will indent a marked region only when mark/cursor diff * Two indentations are considered the same when they look the same * When using ^J, a line will nver be broken in leading whitespace ==== netcfg ==== - Require libnss_usrfiles2 for /usr/etc [bnc#1162666] ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Bug fixes, including addig support for "-fno-common" compiler option, 586 bug fixes, a bug fix for SHA1 handling, and other needed but small fixes (bsc#1160287), updating: * open-iscsi-SUSE-latest.diff.bz2 ==== openldap2 ==== Version update (2.4.48 -> 2.4.49) - updated to 2.4.49 - removed obsolete back-port patches: * 0013_openldap-its9124_fix_crash_with_cancel_exop.patch - removed obsolete source file DB_CONFIG OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document "tls none" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065) ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch - Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our layered FIPS initialization (bsc#1161789) * openssl-fips-ignore_broken_atexit_test.patch - Import FIPS patches from SLE-15 * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_mode.patch * openssl-ship_fips_standalone_hmac.patch * openssl-fips-clearerror.patch * openssl-fips-selftests_in_nonfips_mode.patch - Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392) * add openssl-fips-run_selftests_only_when_module_is_complete.patch - Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553) * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch - keep EVP_KDF functions at version 1.1.1d for backward compatibility * add openssl-keep_EVP_KDF_functions_version.patch - Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861] - Add patches: * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch * openssl-s390xcpuid.pl-fix-comment.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch * openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch * openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch * openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch * openssl-Fix-9bf682f-which-broke-nistp224_method.patch ==== python-setuptools ==== Version update (41.6.0 -> 44.0.0) - update to 44.0.0 - last version with python2 support - add testdata.tar.gz -> missing data for testsuite * Drop support for Python 3.4. * include pyproject.toml in source distribution by default. Projects relying on the previous behavior where pyproject.toml * Setuptools once again declares 'setuptools' in the build-system.requires and adds PEP 517 build support by declaring itself as the build-backend * Fix support for easy_install's find-links option in setup.cfg * Build dependencies (setup_requires and tests_require) now install transitive dependencies indicated by extras. * Mark the easy_install script and setuptools command as deprecated, and use pip when available to fetch/build wheels for missing setup_requires/tests_require requirements, with the following differences in behavior: + support for python_requires + better support for wheels (proper handling of priority with respect to PEP 425 tags) + PEP 517/518 support + eggs are not supported + no support for the allow_hosts easy_install option (index_url/find_links are still honored) + pip environment variables are honored (and take precedence over easy_install options) * Removed the "upload" and "register" commands in favor of twine. * Add support for the license_files option in setup.cfg to automatically include multiple license files in a source distribution. * Update handling of wheels compatibility tags: * add support for manylinux2010 * fix use of removed 'm' ABI flag in Python 3.8 on Windows * Fix empty namespace package installation from wheel. * Setuptools now exposes a new entry point hook "setuptools.finalize_distribution_options", enabling plugins like setuptools_scm to configure options on the distribution at finalization time. ==== rakkess ==== Version update (0.4.1 -> 0.4.3) - Update to version 0.4.3 - Changes in build process - bug fixes - Refresh vendor.tar.xz ==== rebootmgr ==== - Disable ectd support (no current etcd C-library available) ==== shadow ==== Version update (4.8 -> 4.8.1) - Update to 4.8.1: * selinux: include stdio * man: don't suggest making groupmems user-writeable * Makefile: bail out on error in for loops * Adding logging of SSH_ORIGINAL_COMMAND to nologin * add new HOME_MODE login.defs option * Add tty logging to useradd * Useradd: make non-executable shell check only a warning * Update Dutch translation * user_busy: Do not mistake a regular user process for a namespaced one * Revert "Honor --sbindir and --bindir for binary installation" - Remove shadow-4.8-shell-check.patch: included - Remove shadow-4.8-selinux-include.patch: upstreamed ==== socat ==== - socat-common-fixes.patch: include tcpd.h where needed to fix - fno-common bsc#1160293 ==== sqlite3 ==== - Fix a regression on ppc64be and s390x, found by the fuzzing tests, add 04885763c4cd00cb-s390-compatibility.patch. - Adapt some FTS tests to work on big endian archs: b20503aaf5b6595a-adapt-FTS-tests-for-big-endian.patch ==== vim ==== Version update (8.2.0119 -> 8.2.0200) Subpackages: vim-data-common - Refreshed disable-unreliable-tests.patch and vim-7.3-help_tags.patch - Updated to version 8.2.0200, fixes the following problems * Message test fails on some platforms. (Elimar Riesebieter) * virtcol() does not check arguments to be valid, which may lead to a crash. * filter() and map() on blob don't work. * complete_info() does not work when CompleteDone is triggered. * Compiler warnings for variable types. * :mode no longer works for any system. * Textprop test fails. * Some buffer commands work in a popup window. * Cannot list options one per line. * Python3 ranges are not tested. * Command line is not cleared when switching tabs and the command line height differs. * Script may be re-used when deleting and creating a new one. * Invalid memory access with search command. * Some map functionality not covered by tests. * Bracketed paste can still cause invalid memory access. (Dominique Pelle) * Stray ch_logfile() call. * Crash when using win_execute() from a new tab. * Memory leak when starting a job fails. * No swift filetype detection. * Possible to enter popup window with CTRL-W p. (John Devin) * Coverity warning for possible use of NULL pointer. * Some mapping code is not fully tested. * Using #error for compilation errors should be OK now. * Wrong indent when 'showbreak' and 'breakindent' are set and 'briopt' includes "sbr". * Block Visual mode operators not correct when 'linebreak' set. * Mapping related function in wrong source file. * Maintaining a Vim9 branch separately is more work. * Cannot define python function when using :execute. (Yasuhiro Matsumoto) * Detecting a script was already sourced is unreliable. * Restoring ctrl_x_mode is not needed. * Warning shows when listing version info. * Reallocating the list of scripts is inefficient. * Warnings from MinGW compiler. (John Marriott) Json test fails when building without +float feature. * Various typos in source files and tests. * Vim9 script files not in list of distributed files. * Triggering CompleteDone earlier is not backwards compatible. (Daniel Hahler) * Non-materialized range() list causes problems. (Fujiwara Takuya) * Range test fails. * Not recognizing .gv file as dot filetype. * Balloon test fails in the GUI. * Test hangs on MS-Windows console. * Test_alot takes too long. * Coverity warning for using NULL pointer. * Coverity warning for using uninitialized variable. * Coverity warning for ignoring return value. * Coverity warning for assigning NULL to an option. * Coverity warning for dead code. * Coverity warning for ignoring return value. * Coverity warning for using uninitialized buffer. * Coverity warning for not restoring character. * Various commands not completely tested. * Crash when removing list element in map(). * Generating os headers does not work for Swedish. * Memory leak in get_tags(). * With VTP the screen may not be restored properly. * Still a few places where range() does not work. * Test for wrapmargin fails if terminal is not 80 columns. * Problems parsing :term arguments. * Min() and max() materialize a range() list. * Tests fail when the float feature is disabled. * Blob test fails. * Vim9 script: cannot use "if has()" to skip lines. * A couple of tests may fail when features are missing. * Reduntant code. * Check commands don't work well with Vim9 script. * cd() with NULL argument crashes. * Kotlin files are not recognized. * Cannot put a terminal in a popup window. * Build failure without +terminal feature. * Still build failure without +terminal feature. * Some commands can cause problems in terminal popup. * Some tests fail when run in the GUI. * Blocking commands for a finished job in a popup window. * Some Ex commands not sufficiently tested. * No tests for y/n prompt.