Packages changed: aaa_base (84.87+git20190418.d83e9d6 -> 84.87+git20190718.ce933cb) bzip2 (1.0.7 -> 1.0.8) e2fsprogs glib2 (2.60.5 -> 2.60.6) haveged installation-images-MicroOS (14.427 -> 14.431) iputils kernel-source (5.2.3 -> 5.2.5) krb5 openldap2 (2.4.47 -> 2.4.48) parted patterns-containers perl-Bootloader (0.923 -> 0.925) pinentry shadow sysuser-tools (2.0 -> 3.0) wpa_supplicant yast2 (4.2.3 -> 4.2.17) zlib zstd (1.4.1 -> 1.4.2) === Details === ==== aaa_base ==== Version update (84.87+git20190418.d83e9d6 -> 84.87+git20190718.ce933cb) - Drop /bin/login requirement - Update to version 84.87+git20190718.ce933cb: * Make systemd detection cgroup oblivious (bsc#1140647) ==== bzip2 ==== Version update (1.0.7 -> 1.0.8) - Update to version 1.0.8: * Accept as many selectors as the file format allows. This relaxes the fix for CVE-2019-12900 from 1.0.7 so that bzip2 allows decompression of bz2 files that use (too) many selectors again. * Fix handling of large (> 4GB) files on Windows. * Cleanup of bzdiff and bzgrep scripts so they don't use any bash extensions and handle multiple archives correctly. - remove (applied upstream) * bzip2-1.0.6-fix-bashisms.patch * bzip2-1.0.6-bzgrep_return_value.patch - use a new Source url ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - Fix build with gettext 0.20: * Add e2fsprogs-1.45.2-gettext.patch. * Exclude in-sources intl/ directory from build. - Fix install_info_delete usage: It must be called in preun. ==== glib2 ==== Version update (2.60.5 -> 2.60.6) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.60.6: + Fix various bugs with use of the `GKeyfileSettingsBackend` within flatpaks (glgo#GNOME/GLib!984, glgo#GNOME/GLib!985, glgo#GNOME/GLib#1825). + Bugs fixed: glgo#GNOME/GLib!993, glgo#GNOME/GLib!984, glgo#GNOME/GLib!985. - Drop glib2-keyfile-handle-filename-being-null.patch: Fixed upstream. ==== haveged ==== Subpackages: libhavege1 - get-poolsize.patch: Fix type mismatch in get_poolsize that breaks error checking (bsc#1111047) ==== installation-images-MicroOS ==== Version update (14.427 -> 14.431) - merge gh#openSUSE/installation-images#326 - merge branch master - data/root/etc/xorg.conf.template: disable acceleration for modeset driver - xorg.conf.template: disable acceleration for modeset driver - 14.431 - merge gh#openSUSE/installation-images#325 - allow explicit setting of product name - 14.430 - add 'Conflicts: rescue-server' to skelcd-installer-* - merge gh#openSUSE/installation-images#322 - aarch64: fix kernel and initrd location in grub config (bsc#1141038) - 14.429 - Complete the tftpboot subpackage rename for the Kubic flavor: also rename the directory inside tftpboot-installation, matching the package name. - merge gh#openSUSE/installation-images#320 - remove SuSEfirewall2 dependency that was introduced in bnc#887406 - 14.428 - Rename the tftpboot subpackage for Kubic to be kubic relevant, not using the generic MicroOS name. ==== iputils ==== - Set caps for clockdiff (boo#1140994), based on change in permissions package https://github.com/openSUSE/permissions/commit/5da6a81e38bb74f2090d73208b1a0101a0c5b73b - With new permissions package both clockdiff and ping have capabilities cap_net_raw+p instead of cap_net_raw+ep (boo#1140993), also ping6 does not try to set permissions on links (boo#1140991) - Pass -DNO_SETCAP_OR_SUID=true (don't run setcap via distro script build-aux/setcap-setuid.sh, we set capabilities with rpm) ==== kernel-source ==== Version update (5.2.3 -> 5.2.5) Subpackages: kernel-debug kernel-default - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207 bsc#1142857 bsc#1123959). - commit 79b6a9c - Update config files: ARCH_HAS_DMA_MMAP_PGPROT is now selected - commit 0a5eef3 - Linux 5.2.5 (bnc#1012628). - io_uring: don't use iov_iter_advance() for fixed buffers (bnc#1012628). - io_uring: fix counter inc/dec mismatch in async_list (bnc#1012628). - io_uring: ensure ->list is initialized for poll commands (bnc#1012628). - io_uring: add a memory barrier before atomic_read (bnc#1012628). - access: avoid the RCU grace period for the temporary subjective credentials (bnc#1012628). - drm/i915: Make the semaphore saturation mask global (bnc#1012628). - structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK (bnc#1012628). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bnc#1012628). - libnvdimm/region: Register badblocks before namespaces (bnc#1012628). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bnc#1012628). - drivers/base: Introduce kill_device() (bnc#1012628). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bnc#1012628). - iommu/iova: Remove stale cached32_node (bnc#1012628). - iommu/vt-d: Don't queue_iova() if there is no flush queue (bnc#1012628). - io_uring: fix the sequence comparison in io_sequence_defer (bnc#1012628). - powerpc/pmu: Set pmcregs_in_use in paca when running as LPAR (bnc#1012628). - powerpc/tm: Fix oops on sigreturn on systems without TM (bnc#1012628). - powerpc/mm: Limit rma_size to 1TB when running without HV mode (bnc#1012628). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bnc#1012628). - powerpc/dma: Fix invalid DMA mmap behavior (bnc#1012628). - ALSA: hda - Add a conexant codec entry to let mute led work (bnc#1012628). - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips (bnc#1012628). - ALSA: pcm: Fix refcount_inc() on zero usage (bnc#1012628). - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bnc#1012628). - ALSA: ac97: Fix double free of ac97_codec_device (bnc#1012628). - drm/panel: Add support for Armadeus ST0700 Adapt (bnc#1012628). - hpet: Fix division by zero in hpet_time_div() (bnc#1012628). - eeprom: make older eeprom drivers select NVMEM_SYSFS (bnc#1012628). - mei: me: add mule creek canyon (EHL) device ids (bnc#1012628). - fpga-manager: altera-ps-spi: Fix build error (bnc#1012628). - binder: prevent transactions to context manager from its own process (bnc#1012628). - binder: Set end of SG buffer area properly (bnc#1012628). - x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user() (bnc#1012628). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bnc#1012628). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (bnc#1012628). - selinux: check sidtab limit before adding a new entry (bnc#1012628). - btrfs: inode: Don't compress if NODATASUM or NODATACOW set (bnc#1012628). - media: videodev2.h: change V4L2_PIX_FMT_BGRA444 define: fourcc was already in use (bnc#1012628). - KVM: PPC: Book3S HV: XIVE: fix rollback when kvmppc_xive_create fails (bnc#1012628). - KVM: PPC: Book3S HV: Save and restore guest visible PSSCR bits on pseries (bnc#1012628). - KVM: PPC: Book3S HV: Always save guest pmu for guest capable of nesting (bnc#1012628). - KVM: X86: Fix fpu state crash in kvm guest (bnc#1012628). - usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port (bnc#1012628). - Revert "usb: usb251xb: Add US port lanes inversion property" (bnc#1012628). - Revert "usb: usb251xb: Add US lanes inversion dts-bindings" (bnc#1012628). - usb: pci-quirks: Correct AMD PLL quirk detection (bnc#1012628). - usb: wusbcore: fix unbalanced get/put cluster_id (bnc#1012628). - usb-storage: Add a limitation for blk_queue_max_hw_sectors() (bnc#1012628). - xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT) (bnc#1012628). - locking/lockdep: Hide unused 'class' variable (bnc#1012628). - mm, swap: fix race between swapoff and some swap operations (bnc#1012628). - mm: use down_read_killable for locking mmap_sem in access_remote_vm (bnc#1012628). - locking/lockdep: Fix lock used or unused stats error (bnc#1012628). - proc: use down_read_killable mmap_sem for /proc/pid/maps (bnc#1012628). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bnc#1012628). - proc: use down_read_killable mmap_sem for /proc/pid/map_files (bnc#1012628). - proc: use down_read_killable mmap_sem for /proc/pid/clear_refs (bnc#1012628). - proc: use down_read_killable mmap_sem for /proc/pid/pagemap (bnc#1012628). - proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup (bnc#1012628). - mm/mmu_notifier: use hlist_add_head_rcu() (bnc#1012628). - memcg, fsnotify: no oom-kill for remote memcg charging (bnc#1012628). - mm/gup.c: remove some BUG_ONs from get_gate_page() (bnc#1012628). - mm/gup.c: mark undo_dev_pagemap as __maybe_unused (bnc#1012628). - mm/mincore.c: fix race between swapoff and mincore (bnc#1012628). - 9p: pass the correct prototype to read_cache_page (bnc#1012628). - mm/kmemleak.c: fix check for softirq context (bnc#1012628). - sh: prevent warnings when using iounmap (bnc#1012628). - nvme: fix NULL deref for fabrics options (bnc#1012628). - block/bio-integrity: fix a memory leak bug (bnc#1012628). - platform/x86: Fix PCENGINES_APU2 Kconfig warning (bnc#1012628). - powerpc/eeh: Handle hugepages in ioremap space (bnc#1012628). - dlm: check if workqueues are NULL before flushing/destroying (bnc#1012628). - mailbox: handle failed named mailbox channel request (bnc#1012628). - f2fs: avoid out-of-range memory access (bnc#1012628). - f2fs: fix to avoid long latency during umount (bnc#1012628). - rds: Accept peer connection reject messages due to incompatible version (bnc#1012628). - block: init flush rq ref count to 1 (bnc#1012628). - powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h (bnc#1012628). - powerpc/irq: Don't WARN continuously in arch_local_irq_restore() (bnc#1012628). - nvme-tcp: set the STABLE_WRITES flag when data digests are enabled (bnc#1012628). - io_uring: fix io_sq_thread_stop running in front of io_sq_thread (bnc#1012628). - nvme-tcp: don't use sendpage for SLAB pages (bnc#1012628). - nvme-pci: limit max_hw_sectors based on the DMA max mapping size (bnc#1012628). - nvme-pci: check for NULL return from pci_alloc_p2pmem() (bnc#1012628). - RDMA/core: Fix race when resolving IP address (bnc#1012628). - perf intel-bts: Fix potential NULL pointer dereference found by the smatch tool (bnc#1012628). - PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB (bnc#1012628). - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bnc#1012628). - perf hists browser: Fix potential NULL pointer dereference found by the smatch tool (bnc#1012628). - perf annotate: Fix dereferencing freed memory found by the smatch tool (bnc#1012628). - perf map: Fix potential NULL pointer dereference found by smatch tool (bnc#1012628). - perf session: Fix potential NULL pointer dereference found by the smatch tool (bnc#1012628). - perf trace: Fix potential NULL pointer dereference found by the smatch tool (bnc#1012628). - perf top: Fix potential NULL pointer dereference detected by the smatch tool (bnc#1012628). - rseq/selftests: Fix Thumb mode build failure on arm32 (bnc#1012628). - perf stat: Fix use-after-freed pointer detected by the smatch tool (bnc#1012628). - perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning (bnc#1012628). - PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions (bnc#1012628). - PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers (bnc#1012628). - kallsyms: exclude kasan local symbols on s390 (bnc#1012628). - PCI: mobiveil: Fix the Class Code field (bnc#1012628). - PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows (bnc#1012628). - KVM: nVMX: Stash L1's CR3 in vmcs01.GUEST_CR3 on nested entry w/o EPT (bnc#1012628). - arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS (bnc#1012628). - IB/ipoib: Add child to parent list only if device initialized (bnc#1012628). - powerpc/mm: Handle page table allocation failures (bnc#1012628). - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bnc#1012628). - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races (bnc#1012628). - serial: sh-sci: Terminate TX DMA during buffer flushing (bnc#1012628). - RDMA/i40iw: Set queue pair state when being queried (bnc#1012628). - powerpc/mm: mark more tlb functions as __always_inline (bnc#1012628). - powerpc/4xx/uic: clear pending interrupt after irq type/pol change (bnc#1012628). - powerpc: silence a -Wcast-function-type warning in dawr_write_file_bool (bnc#1012628). - f2fs: fix is_idle() check for discard type (bnc#1012628). - um: Silence lockdep complaint about mmap_sem (bnc#1012628). - mm/swap: fix release_pages() when releasing devmap pages (bnc#1012628). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bnc#1012628). - mfd: arizona: Fix undefined behavior (bnc#1012628). - mfd: core: Set fwnode for created devices (bnc#1012628). - mfd: madera: Add missing of table registration (bnc#1012628). - mfd: cros_ec: Register cros_ec_lid_angle driver when presented (bnc#1012628). - recordmcount: Fix spurious mcount entries on powerpc (bnc#1012628). - fixdep: check return value of printf() and putchar() (bnc#1012628). - powerpc/rtas: retry when cpu offline races with suspend/migration (bnc#1012628). - powerpc/xmon: Fix disabling tracing while in xmon (bnc#1012628). - powerpc/cacheflush: fix variable set but not used (bnc#1012628). - dt-bindings: backlight: lm3630a: correct schema validation (bnc#1012628). - iio: iio-utils: Fix possible incorrect mask calculation (bnc#1012628). - PCI: xilinx-nwl: Fix Multi MSI data programming (bnc#1012628). - phy: meson-g12a-usb3-pcie: disable locking for cr_regmap (bnc#1012628). - genksyms: Teach parser about 128-bit built-in types (bnc#1012628). - kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS (bnc#1012628). - i2c: stm32f7: fix the get_irq error cases (bnc#1012628). - PCI: sysfs: Ignore lockdep for remove attribute (bnc#1012628). - phy: renesas: rcar-gen3-usb2: fix imbalance powered flag (bnc#1012628). - serial: mctrl_gpio: Check if GPIO property exisits before requesting it (bnc#1012628). - drm/msm: Depopulate platform on probe failure (bnc#1012628). - powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bnc#1012628). - drm/msm/adreno: Ensure that the zap shader region is big enough (bnc#1012628). - kvm: vmx: segment limit check: use access length (bnc#1012628). - KVM: nVMX: Intercept VMWRITEs to GUEST_{CS,SS}_AR_BYTES (bnc#1012628). - mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width (bnc#1012628). - kvm: vmx: fix limit checking in get_vmx_mem_address() (bnc#1012628). - usb: dwc3: Fix core validation in probe, move after clocks are enabled (bnc#1012628). - usb: gadget: Zero ffs_io_data (bnc#1012628). - tty: serial_core: Set port active bit in uart_port_activate (bnc#1012628). - serial: uartps: Use the same dynamic major number for all ports (bnc#1012628). - serial: imx: fix locking in set_termios() (bnc#1012628). - iio: adxl372: fix iio_triggered_buffer_{pre,post}enable positions (bnc#1012628). - platform/x86: asus-wmi: Increase input buffer size of WMI methods (bnc#1012628). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bnc#1012628). - dma-remap: Avoid de-referencing NULL atomic_pool (bnc#1012628). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bnc#1012628). - drm/bridge: tfp410: fix use of cancel_delayed_work_sync (bnc#1012628). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (bnc#1012628). - drm/amd/display: fix compilation error (bnc#1012628). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bnc#1012628). - drm/amd/display: set link->dongle_max_pix_clk to 0 on a disconnect (bnc#1012628). - drm/virtio: Add memory barriers for capset cache (bnc#1012628). - drm/amd/display: Update link rate from DPCD 10 (bnc#1012628). - drm/amd/display: Always allocate initial connector state state (bnc#1012628). - PCI: endpoint: Allocate enough space for fixed size BAR (bnc#1012628). - serial: 8250: Fix TX interrupt handling condition (bnc#1012628). - tty: serial: msm_serial: avoid system lockup condition (bnc#1012628). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bnc#1012628). - memstick: Fix error cleanup path of memstick_init (bnc#1012628). - drm/omap: don't check dispc timings for DSI (bnc#1012628). - mm/hmm: fix use after free with struct hmm in the mmu notifiers (bnc#1012628). - i2c: nvidia-gpu: resume ccgx i2c client (bnc#1012628). - drm/vkms: Forward timer right after drm_crtc_handle_vblank (bnc#1012628). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bnc#1012628). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bnc#1012628). - gpu: host1x: Increase maximum DMA segment size (bnc#1012628). - f2fs: Lower threshold for disable_cp_again (bnc#1012628). - f2fs: Fix accounting for unusable blocks (bnc#1012628). - drm/amd/display: Increase Backlight Gain Step Size (bnc#1012628). - drm/amd/display: CS_TFM_1D only applied post EOTF (bnc#1012628). - drm/amd/display: Reset planes for color management changes (bnc#1012628). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bnc#1012628). - drm/bridge: tc358767: read display_props in get_modes() (bnc#1012628). - staging: kpc2000: report error status to spi core (bnc#1012628). - PCI: Return error if cannot probe VF (bnc#1012628). - tools: PCI: Fix broken pcitest compilation (bnc#1012628). - drm/edid: Fix a missing-check bug in drm_load_edid_firmware() (bnc#1012628). - drm/amdkfd: Fix sdma queue map issue (bnc#1012628). - drm/amdkfd: Fix a potential memory leak (bnc#1012628). - drm/amd/display: Disable ABM before destroy ABM struct (bnc#1012628). - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bnc#1012628). - f2fs: fix to avoid deadloop if data_flush is on (bnc#1012628). - drm/amdgpu: Reserve shared fence for eviction fence (bnc#1012628). - drm/amd/display: Fill plane attrs only for valid pxl format (bnc#1012628). - drm/amd/display: Disable cursor when offscreen in negative direction (bnc#1012628). - drm/msm/a6xx: Avoid freeing gmu resources multiple times (bnc#1012628). - drm/amd/display: fix multi display seamless boot case (bnc#1012628). - drm/amd/display: Fill prescale_params->scale for RGB565 (bnc#1012628). - ipmi_ssif: fix unexpected driver unregister warning (bnc#1012628). - drm/msm/a6xx: Check for ERR or NULL before iounmap (bnc#1012628). - f2fs: fix to check layout on last valid checkpoint park (bnc#1012628). - tty: serial: cpm_uart - fix init when SMC is relocated (bnc#1012628). - pinctrl: rockchip: fix leaked of_node references (bnc#1012628). - tty: max310x: Fix invalid baudrate divisors calculator (bnc#1012628). - usb: core: hub: Disable hub-initiated U1/U2 (bnc#1012628). - drm/bochs: Fix connector leak during driver unload (bnc#1012628). - staging: vt6656: use meaningful error code during buffer allocation (bnc#1012628). - ipmi_si: fix unexpected driver unregister warning (bnc#1012628). - staging: kpc2000: added missing clean-up to probe_core_uio (bnc#1012628). - drm/virtio: set seqno for dma-fence (bnc#1012628). - iio: adc: stm32-dfsdm: missing error case during probe (bnc#1012628). - iio: adc: stm32-dfsdm: manage the get_irq error case (bnc#1012628). - drm/panel: simple: Fix panel_simple_dsi_probe (bnc#1012628). - drm/lima: handle shared irq case for lima_pp_bcast_irq_handler (bnc#1012628). - btrfs: shut up bogus -Wmaybe-uninitialized warning (bnc#1012628). - media: drivers: media: coda: fix warning same module names (bnc#1012628). - regulator: 88pm800: fix warning same module names (bnc#1012628). - commit b607c27 - Linux 5.2.4 (bnc#1012628). - net: sched: verify that q!=NULL before setting q->flags (bnc#1012628). - block: Limit zone array allocation size (bnc#1012628). - sd_zbc: Fix report zones buffer allocation (bnc#1012628). - Revert "kvm: x86: Use task structs fpu field for user" (bnc#1012628). - KVM: nVMX: Clear pending KVM_REQ_GET_VMCS12_PAGES when leaving nested (bnc#1012628). - KVM: nVMX: do not use dangling shadow VMCS after guest reset (bnc#1012628). - ext4: allow directory holes (bnc#1012628). - ext4: use jbd2_inode dirty range scoping (bnc#1012628). - jbd2: introduce jbd2_inode dirty range scoping (bnc#1012628). - mm: add filemap_fdatawait_range_keep_errors() (bnc#1012628). - ext4: enforce the immutable flag on open files (bnc#1012628). - ext4: don't allow any modifications to an immutable file (bnc#1012628). - perf/core: Fix race between close() and fork() (bnc#1012628). - perf/core: Fix exclusive events' grouping (bnc#1012628). - perf script: Assume native_arch for pipe mode (bnc#1012628). - MIPS: lb60: Fix pin mappings (bnc#1012628). - gpio: davinci: silence error prints in case of EPROBE_DEFER (bnc#1012628). - gpiolib: of: fix a memory leak in of_gpio_flags_quirks() (bnc#1012628). - Revert "gpio/spi: Fix spi-gpio regression on active high CS" (bnc#1012628). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bnc#1012628). - dma-buf: balance refcount inbalance (bnc#1012628). - mlxsw: spectrum: Do not process learned records with a dummy FID (bnc#1012628). - net/mlx5: E-Switch, Fix default encap mode (bnc#1012628). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bnc#1012628). - bnxt_en: Fix VNIC accounting when enabling aRFS on 57500 chips (bnc#1012628). - net/mlx5e: Fix error flow in tx reporter diagnose (bnc#1012628). - net/mlx5e: Fix return value from timeout recover function (bnc#1012628). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bnc#1012628). - net/mlx5e: Fix port tunnel GRE entropy control (bnc#1012628). - net/tls: reject offload of TLS 1.3 (bnc#1012628). - net/tls: fix poll ignoring partially copied records (bnc#1012628). - selftests: txring_overwrite: fix incorrect test of mmap() return value (bnc#1012628). - netrom: hold sock when setting skb->destructor (bnc#1012628). - netrom: fix a memory leak in nr_rx_frame() (bnc#1012628). - macsec: fix checksumming after decryption (bnc#1012628). - macsec: fix use-after-free of skb during RX (bnc#1012628). - net: bridge: stp: don't cache eth dest pointer before skb pull (bnc#1012628). - net: bridge: don't cache ether dest pointer on input (bnc#1012628). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (bnc#1012628). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (bnc#1012628). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (bnc#1012628). - vrf: make sure skb->data contains ip header to make routing (bnc#1012628). - tcp: Reset bytes_acked and bytes_received when disconnecting (bnc#1012628). - tcp: fix tcp_set_congestion_control() use from bpf hook (bnc#1012628). - tcp: be more careful in tcp_fragment() (bnc#1012628). - sky2: Disable MSI on ASUS P6T (bnc#1012628). - sctp: not bind the socket in sctp_connect (bnc#1012628). - sctp: fix error handling on stream scheduler initialization (bnc#1012628). - rxrpc: Fix send on a connected, but unbound socket (bnc#1012628). - r8169: fix issue with confused RX unit after PHY power-down on RTL8411b (bnc#1012628). - nfc: fix potential illegal memory access (bnc#1012628). - net/tls: make sure offload also gets the keys wiped (bnc#1012628). - net: stmmac: Re-work the queue selection for TSO packets (bnc#1012628). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (bnc#1012628). - net: phy: sfp: hwmon: Fix scaling of RX power (bnc#1012628). - net: openvswitch: fix csum updates for MPLS actions (bnc#1012628). - net: neigh: fix multiple neigh timer scheduling (bnc#1012628). - net: make skb_dst_force return true when dst is refcounted (bnc#1012628). - net: dsa: mv88e6xxx: wait after reset deactivation (bnc#1012628). - net: bcmgenet: use promisc for unsupported filters (bnc#1012628). - ipv6: Unlink sibling route in case of failure (bnc#1012628). - ipv6: rt6_check should return NULL if 'from' is NULL (bnc#1012628). - ipv4: don't set IPv6 only flags to IPv4 addresses (bnc#1012628). - igmp: fix memory leak in igmpv3_del_delrec() (bnc#1012628). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (bnc#1012628). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (bnc#1012628). - bnx2x: Prevent load reordering in tx completion processing (bnc#1012628). - commit d795a82 - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - commit f97ca49 - scripts/run_oldconfig.sh: Fix update-vanilla When CC is set we want to use it for native only. Cross-compilation still needs the crosscompilers. - commit 3b9fcdb ==== krb5 ==== - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html ==== openldap2 ==== Version update (2.4.47 -> 2.4.48) - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html - Update to upstream release 2.4.48 with security fixes: * CVE-2019-13057 (ITS#9038): rootdn of any db can assert any identity * CVE-2019-13565 (ITS#9052): Unauthorized access caused by incorrect handling of SASL SSF values - Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream (see also bsc#1073313, comment #36) - Removed obsolete patches: * 0002-openldap-its8727-plug-ber-leaks.patch * 0017-Fix-segfault-in-nops.patch OpenLDAP 2.4.48 (2019/07/24) Added libldap OpenSSL Elliptic Curve support (ITS#7595) Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671) Added slapd-monitor support for slapd-mdb (ITS#7770) Fixed liblber leaks (ITS#8727) Fixed liblber with partial flush (ITS#8864) Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980) Fixed libldap ASYNC connections with Solaris 10 (ITS#8968) Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585) Fixed libldap to be able to unset syncrepl TLS options (ITS#7042) Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450) Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674) Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754) Fixed libldap to correctly close TLS connection (ITS#8755) Fixed libldap with non-blocking TLS and referals (ITS#8167) Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353) Fixed liblunicode case correspondance (ITS#8508) Fixed slapd with an idletimeout of less than four seconds (ITS#8952) Fixed slapd config parser variable for Windows64 (ITS#9012) Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015) Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999) Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037) Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038) Fixed slapd to initialize SASL SSF per connection (ITS#9052) Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990) Fixed slapd-ldap starttls connections timeout behavior (ITS#8963) Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997) Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743) Fixed slapd-meta assertion when network interface goes down (ITS#8841) Fixed slapd-mdb fix bitshift integer overflow (ITS#8989) Fixed slapd-mdb index cleanup with cn=config (ITS#8472) Fixed slapd-mdb to improve performance with alias deref (ITS#7657) Fixed slapo-accesslog possible assert with exops (ITS#8971) Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637) Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799) Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663) Fixed slapo-memberof for group name change to itself (ITS#9000) Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349) Fixed slapo-rwm to not free original filter (ITS#8964) Fixed slapo-syncprov contextCSN generation (ITS#9015) Build Environment Fixed slapd to only link to BDB libraries with static build (ITS#8948) Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794) Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041) Documentation General - Fixed minor typos (ITS#8764, ITS#8761) admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031) slapd.access(5) - Note MDB is the primary backend (ITS#8881) slapd.backends(5) - Note MDB is the recommended backend (ITS#8771) slapd-ldap(5) - Document starttls parameter (ITS#8693) Contrib Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721) ==== parted ==== Subpackages: libparted0 - changed: parted-fix-crash-due-to-improper-partition-number-in.patch Changed the patch to behave in the same way like before last change for numbers with leading zeroes. ==== patterns-containers ==== - Add kail to kubernetes_utilities - Add weave-k8s-yaml to kubeadm pattern ==== perl-Bootloader ==== Version update (0.923 -> 0.925) - merge gh#openSUSE/perl-bootloader#122 - Replace --suse-signed-grub by --suse-force-signed to follow update from boo#1136601 - 0.925 - merge gh#openSUSE/perl-bootloader#121 - Fix secureboot on aarch64 (boo#1136601) - [RFC] Fix secureboot on aarch64 (boo#1136601) - 0.924 ==== pinentry ==== - Fix a dangling pointer in qt/main.cpp [bsc#1141883] * Added pinentry-qt-Fix-use-of-dangling-pointer.patch - Updated spec file with spec-cleaner ==== shadow ==== - Fix incorrect variable name in usermod (shadow-usermod-variable.patch). - shadow-login_defs-comments.patch: * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs. * Add missing LASTLOG_UID_MAX. * Refresh shadow-login_defs-suse.patch. - Port shadow-login_defs-check.sh to match the current spec file and login.defs. - Provide "useradd_or_adduser_dep" for sysuser-shadow - shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to "yes" (bsc#353876#c7). - Fix comment about patch in spec file ==== sysuser-tools ==== Version update (2.0 -> 3.0) - Use suggests shadow to prefer that over busybox in normal systems - Add support for busybox adduser/addgroup - Change requirements from shadow to useradd_or_adduser_dep ==== wpa_supplicant ==== - Refresh spec-file via spec-cleaner and manual optimizations. * Change URL and Source0 to actual project homepage. * Remove macro %{?systemd_requires} and rm (not needed). * Add %autopatch macro. * Add %make_build macro. - Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1). - Changed service-files for start after network (systemd-networkd). ==== yast2 ==== Version update (4.2.3 -> 4.2.17) - Allow to know if there is a forced base product (bsc#1124590, bsc#1143943). - 4.2.17 - Add a dependency on hostname, as it is needed by the Hostname module (boo#1142595). - 4.2.16 - Stop "ls: write error: Broken pipe" messages (bsc#1128032) - 4.2.15 - Release the sources to avoid using up all server connections (bsc#1141127) - 4.2.14 - Fixed evaluating the base products to avoid the "No base product found" error message at upgrade, for reading the product data prefer the new products (bsc#1142522) - 4.2.13 - fixed symlink creation in jenkins - Infer the right module name from desktop files (bsc#1140233). - 4.2.12 - bsc#1138668 - Fixed failing old testsuite in yast2-dns-server package: do not depend on the environment, skip bind absence in Mode.test() - 4.2.11 - deprecate Arch.ia64 and drop all support for ia64 (last seen in SLE 11) - bsc#1137992 - PackageSystem.Installed: Fixed typo when passing the allowed return codes to Execute. - 4.2.10 - bsc#1137992 - PackageSystem.Installed: Use Yast::Execute instead of SCR to avoid false positives. - 4.2.9 - Slideshow: Flag for switching on/off release notes tab. (bsc#1136708) - 4.2.8 - bsc#1137992 - PackageSystem.Installed: Increase the logs details. - 4.2.7 - bsc#1086454 - Recognize IB interfaces based on IPOIB_MODE ifcfg attribute - 4.2.6 - Use new schema of desktop files (boo#1084864) - Clean up spec - Rename desktop files - 4.2.5 - Drop old testsuite - Convert from autotools to rake based installation - create log directory with control.xml and merged installation.xml - 4.2.4 ==== zlib ==== - Update the s390 patchset bsc#1137624: * 410.patch ==== zstd ==== Version update (1.4.1 -> 1.4.2) - Add disk _constraints to fix ppc64le build - Update to version 1.4.2: * bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696) * bug: Fix seekable decompression in-memory API by @iburinoc (#1695) * bug: Close minor memory leak in CLI by @LeeYoung624 (#1701) * misc: Validate blocks are smaller than size limit by @vivekmig (#1685) * misc: Restructure source files by @ephiepark (#1679)