Packages changed: PackageKit bcache-tools chrony container-selinux (2.145.0 -> 2.150.0) gcc10 (10.2.1+git583 -> 10.2.1+git872) glibc hplip ima-evm-utils (1.3.1 -> 1.3.2) installation-images-MicroOS (16.25 -> 16.26) kernel-firmware (20201005 -> 20201023) libqt5-qtbase libxml2 libyui-ncurses (2.57.1 -> 2.57.2) microos-tools (2.6 -> 2.7) mpc (1.2.0 -> 1.2.1) openpgm osinfo-db (20200813 -> 20201015) pciutils perl (5.30.3 -> 5.32.0) python-cryptography (3.0 -> 3.2.1) qpdf (10.0.1 -> 10.0.3) selinux-policy (20201016 -> 20201029) systemd-default-settings (0.2 -> 0.4) timezone (2020a -> 2020d) transactional-update (2.28 -> 2.28.2) vulkan-loader (1.2.154 -> 1.2.154.1) xen (4.14.0_08 -> 4.14.0_10) === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18 - Add PackageKit-bsc1169739.patch: main: notify the service manager when it's beginning to shutdown (gh#/hughsie/PackageKit/commit/d8dd484d, bsc#1169739). - Replace $DISABLE_RESTART_ON_UPDATE=yes with %service_del_postun_without_restart Use of $DISABLE_RESTART_ON_UPDATE is deprecated. ==== bcache-tools ==== - Remove dependence of smartcols bcache-tools.spec, bcache-tools code doesn't need it now. (jsc#SLE-9807) - Remove 1001-udev-do-not-rely-on-DRIVER-variable.patch because we have 0013-bcache-tools-Export-CACHED_UUID-and-CACHED_LABEL.patch to provide static UUIDs. (jsc#SLE-9807) - bcache-tools: add man page bcache-status.8 (jsc#SLE-9807) 0017-bcache-tools-add-man-page-bcache-status.8.patch - bcache-tools: add bcache-status (jsc#SLE-9807) 0016-bcache-tools-add-bcache-status.patch - bcache-tools: make: permit only one cache device to be specified (jsc#SLE-9807) 0015-bcache-tools-make-permit-only-one-cache-device-to-be.patch - bcache-tools: Remove the dependency on libsmartcols (jsc#SLE-9807) 0014-bcache-tools-Remove-the-dependency-on-libsmartcols.patch - bcache-tools: Export CACHED_UUID and CACHED_LABEL (jsc#SLE-9807) 0013-bcache-tools-Export-CACHED_UUID-and-CACHED_LABEL.patch - bcache-tools: Fix potential coredump issues (jsc#SLE-9807) 0012-bcache-tools-Fix-potential-coredump-issues.patch - bcache-tools: add print_cache_set_supported_feature_sets() in lib.c (jsc#SLE-9807) 0011-bcache-tools-add-print_cache_set_supported_feature_s.patch - bcache-tools: add large_bucket incompat feature (jsc#SLE-9807) 0010-bcache-tools-add-large_bucket-incompat-feature.patch - bcache-tools: upgrade super block versions for feature sets (jsc#SLE-9807) 0009-bcache-tools-upgrade-super-block-versions-for-featur.patch - bcache-tools: define separated super block for in-memory and on-disk format (jsc#SLE-9807) 0008-bcache-tools-define-separated-super-block-for-in-mem.patch - bcache-tools: add to_cache_sb() and to_cache_sb_disk() (jsc#SLE-9807) 0007-bcache-tools-add-to_cache_sb-and-to_cache_sb_disk.patch - bcache-tools: list.h: only define offsetof() when it is undefined (jsc#SLE-9807) 0006-bcache-tools-list.h-only-define-offsetof-when-it-is-.patch - bcache-tools: bitwise.h: more swap bitwise for different CPU endians (jsc#SLE-9807) 0005-bcache-tools-bitwise.h-more-swap-bitwise-for-differe.patch - bcache-tools: add struct cache_sb_disk into bcache.h (jsc#SLE-9807) 0004-bcache-tools-add-struct-cache_sb_disk-into-bcache.h.patch - bcache-tools: convert writeback to writethrough mode for zoned backing device (jsc#SLE-9807) 0003-bcache-tools-convert-writeback-to-writethrough-mode-.patch - bcache-tools: add is_zoned_device() (jsc#SLE-9807) 0002-bcache-tools-add-is_zoned_device.patch - bcache-tools: set zoned size aligned data_offset on backing device for zoned devive (jsc#SLE-9807) 0001-bcache-tools-set-zoned-size-aligned-data_offset-on-b.patch ==== chrony ==== Subpackages: chrony-pool-openSUSE - By default we don't write log files but log to journald, so only recommend logrotate. ==== container-selinux ==== Version update (2.145.0 -> 2.150.0) - Update to version 2.150.0 - Add additional allow rules for kvm based containers using virtiofsd. ==== gcc10 ==== Version update (10.2.1+git583 -> 10.2.1+git872) Subpackages: cpp10 libgcc_s1 libgomp1 libstdc++6 - Update to gcc-10 branch head (a78cd759754c92cecbf235ac9b), git872. - Build complete set of multilibs for arm-none target [bsc#1106014] * Fixes inadvertant mixture of ARM and Thumb instructions in linker output ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Use --enable-cet on x86_64 to instrument glibc for indirect branch tracking and shadow stack use. Enable indirect branch tracking and shadow stack in the dynamic loader. [jsc#PM-2110] [bsc#1175154] ==== hplip ==== - Fixed bugzilla link (bsc#1177527) ==== ima-evm-utils ==== Version update (1.3.1 -> 1.3.2) Subpackages: evmctl libimaevm2 - Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim) ==== installation-images-MicroOS ==== Version update (16.25 -> 16.26) - merge gh#openSUSE/installation-images#435 - don't forget .lib*.hmac files (bsc#1178208) - 16.26 ==== kernel-firmware ==== Version update (20201005 -> 20201023) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20201023 (git commit dae4b4cd0841): * cypress: add Cypress firmware and clm_blob files * rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E * ath10k: add SDIO firmware for QCA9377 WiFi * ice: update package file to 1.3.16.0 * mediatek: separate venc service thread * QCA : Updated firmware file for WCN3991 * iwlwifi: update and add new FWs from core56-54 release * iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares * i915: Add DG1 DMC v2.02 * qcom : updated venus firmware files for v5.4 - Add _constraints to fix the build error (bsc#1178242) ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Disable -reduce-relocations for now (boo#1175278, QTBUG-86173) ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66 ==== libyui-ncurses ==== Version update (2.57.1 -> 2.57.2) - Explicitly set item and line index in NCMultiSelectionBox and NCSelectionBox (bsc#1177982, bsc#1177985) - 2.57.2 ==== microos-tools ==== Version update (2.6 -> 2.7) - Update to version 2.7 - Add workaround if /.autorelabel is used, don't ignore it - Rename tmp.conf to microos-tmp.conf on SUSE MicroOS - Fix building on SUSE MicroOS ==== mpc ==== Version update (1.2.0 -> 1.2.1) - mpc 1.2.1: * Fix an incompatibility problem with GMP 6.0 and before * Fix an intermediate overflow in asin - express build dependencies explicitly to match the versions required by configue, so that the OBS scheduler is aware of them - move texinfo requirements to -devel package where they are are actually used - package license in every subpackage and mark as license - run spec-cleaner ==== openpgm ==== - Always pretend we do not have ftime(3), function is deprecated and absent from next glibc release. ==== osinfo-db ==== Version update (20200813 -> 20201015) - Update database to version 20201015 osinfo-db-20201015.tar.xz ==== pciutils ==== - Add decode support for RCECs - added patches https://github.com/pciutils/pciutils/commit/e12bd01eea67ca8cf539263124843ba281eb6ecc + pciutils-add-decode-support-for-RCECs.patch ==== perl ==== Version update (5.30.3 -> 5.32.0) Subpackages: perl-base - update to perl-5.32.0 * new experimental infix "isa" operator * support of unicode 13.0 * chained comparisons capability - updated patches: * perl-HiRes.t-timeout.diff * posix-sigaction.patch * perl-fix2020.patch * perl-reproducible2.patch * perl_skip_flaky_tests_powerpc.patch ==== python-cryptography ==== Version update (3.0 -> 3.2.1) - update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. - update to 3.2: * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.1.1: * wheels compiled with OpenSSL 1.1.1h. - update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of ``cryptography`` will drop support for it. * Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. ==== qpdf ==== Version update (10.0.1 -> 10.0.3) - Update to version 10.0.3 * Fixes a regression introduced in 10.0.2 - Update to version 10.0.2 * Bug fixes and performance improvements * See http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes for a complete changelog. ==== selinux-policy ==== Version update (20201016 -> 20201029) Subpackages: selinux-policy-targeted - wicked.fc: add libexec directories - Update to version 20201029 - update container policy ==== systemd-default-settings ==== Version update (0.2 -> 0.4) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - rpm file lists are now generated from the spec file. - Make sure the release number between the main and the branding packages match - Import 0.3 d299248 List drop-in directories in SUSE.list exclusively e4651a7 Disable memory accounting by default for all distros (jsc#PM-2229 jsc#PM-2230) ==== timezone ==== Version update (2020a -> 2020d) - Add fat.patch to generate "fat" timezone files (was default before 2020b). - Adjust timezone-java.spec.in to avoid build failures when running pre_checkin.sh - timezone update 2020d * Palestine ends DST earlier than predicted, on 2020-10-24. - timezone update 2020c * Fiji starts DST later than usual, on 2020-12-20. - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. - Rebased timezone-2018f-bsc1112310.patch ==== transactional-update ==== Version update (2.28 -> 2.28.2) Subpackages: transactional-update-zypp-config - Version 2.28.2 - SELinux: Exclude security.selinux attribute from rsyncing (again) - Version 2.28.1 - SELinux: Fixed changing the wrong grub configuration file - SELinux: Move /.autorelabel file to writeable location ==== vulkan-loader ==== Version update (1.2.154 -> 1.2.154.1) - Update to release 1.2.154.1 * Fix some issues when EnumerateAdapterPhysicalDevices is available ==== xen ==== Version update (4.14.0_08 -> 4.14.0_10) - Upstream bug fixes (bsc#1027519) 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch 5f5b6b7a-hypfs-fix-custom-param-writes.patch 5f607915-x86-HVM-more-consistent-IO-completion.patch 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch 5f71a21e-x86-S3-fix-shadow-stack-resume.patch 5f76ca65-evtchn-Flask-prealloc-for-send.patch 5f76caaf-evtchn-FIFO-use-stable-fields.patch 5f897c25-x86-traps-fix-read_registers-for-DF.patch 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch - Renamed patches 5f560c42-x86-PV-64bit-segbase-consistency.patch Replaces 5f5b6951-x86-PV-64bit-segbase-consistency.patch 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch Replaces 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch Replaces 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch Replaces 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch 5f6a008e-x86-MSI-drop-read_msi_msg.patch Replaces 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch Replaces 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch 5f6a00c4-evtchn-relax-port_is_valid.patch Replaces 5f6a062c-evtchn-relax-port_is_valid.patch 5f6a00df-x86-PV-avoid-double-exception-injection.patch Replaces 5f6a065c-pv-Avoid-double-exception-injection.patch 5f6a00f4-evtchn-add-missing-barriers.patch Replaces 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch Replaces 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch Replaces 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch Replaces 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a0178-evtchn-address-races-with-evtchn_reset.patch Replaces 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch Replaces 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch Replaces 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch - bsc#1177409 - VUL-0: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch - bsc#1177412 - VUL-0: xen: Race condition in Xen mapping code (XSA-345) 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch - bsc#1177413 - VUL-0: xen: undue deferral of IOMMU TLB flushes (XSA-346) 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch - bsc#1177414 - VUL-0: xen: unsafe AMD IOMMU page table updates (XSA-347) 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch - Update libxc.sr.superpage.patch set errno in x86_hvm_alloc_4k (bsc#1177112)