Packages changed: Mesa (20.0.4 -> 20.0.5) Mesa-drivers (20.0.4 -> 20.0.5) accerciser (3.36.0 -> 3.36.1) alsa alsa-ucm-conf alsa-utils dconf-editor (3.36.0 -> 3.36.2) file-roller (3.36.1 -> 3.36.2) gdm gnome-mahjongg (3.36.1 -> 3.36.2) iagno (3.36.0 -> 3.36.2) kbd kdiagram (2.6.3 -> 2.7.0) kismet (2020_04_R1 -> 2020_04_R2) libqt5-qtwebengine libupnp (1.10.1 -> 1.12.1) live555 mozc newt (0.52.20 -> 0.52.21) openssl (1.1.1f -> 1.1.1g) openssl-1_1 (1.1.1f -> 1.1.1g) perl-Bootloader (0.926 -> 0.927) plasma5-desktop python (2.7.17 -> 2.7.18) python-base (2.7.17 -> 2.7.18) python-pybind11 quadrapassel (3.36.00 -> 3.36.02) rubygem-actioncable-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-actionmailbox-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-actionmailer-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-actionpack-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-actiontext-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-actionview-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-activejob-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-activemodel-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-activerecord-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-activestorage-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-activesupport-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-autoprefixer-rails (9.7.4 -> 9.7.6) rubygem-loofah (2.4.0 -> 2.5.0) rubygem-method_source (0.9.2 -> 1.0.0) rubygem-public_suffix (4.0.3 -> 4.0.4) rubygem-rails-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-railties-6.0 (6.0.2.1 -> 6.0.2.2) rubygem-sassc (2.2.1 -> 2.3.0) rubygem-tzinfo-1.2 (1.2.6 -> 1.2.7) rubygem-zeitwerk (2.2.2 -> 2.3.0) shared-python-startup shotwell vala (0.48.3 -> 0.48.5) wpa_supplicant xkeyboard-config (2.27 -> 2.29) zlib === Details === ==== Mesa ==== Version update (20.0.4 -> 20.0.5) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to Mesa 20.0.5 * pretty big release with AMD and Intel drivers receiving the majority of the work. - supersedes U_EGL-Add-eglSetDamageRegionKHR-to-GLVND-dispatch-list.patch - supersedes n_opencl_dep_libclang.patch - Disable LTO on armv6 to fix build ==== Mesa-drivers ==== Version update (20.0.4 -> 20.0.5) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to Mesa 20.0.5 * pretty big release with AMD and Intel drivers receiving the majority of the work. - supersedes U_EGL-Add-eglSetDamageRegionKHR-to-GLVND-dispatch-list.patch - supersedes n_opencl_dep_libclang.patch - Disable LTO on armv6 to fix build ==== accerciser ==== Version update (3.36.0 -> 3.36.1) Subpackages: accerciser-lang - Update to version 3.36.1: + Fix python console with IPython 7. + Updated translations. ==== alsa ==== Subpackages: libasound2 libasound2-32bit libatopology2 - Backport recent upstream fixes: topology API fix, UCM fixes/improvements, config fixes, chmap support in route plugin, timestamp type fix for dmix: 0006-topology-add-back-asrc-to-widget_map-in-dapm.c.patch 0007-ucm-clarify-the-index-syntax-for-the-device-names.patch 0008-ucm-fix-uc_mgr_scan_master_configs.patch 0009-namehint-remember-the-direction-from-the-upper-level.patch 0010-conf-fix-namehint-for-pcm.front-and-pcm.iec958.patch 0011-pcm-add-chmap-option-to-route-plugin.patch 0012-usecase-allow-indexes-also-for-modifier-names.patch 0013-ucm-fix-the-device-remove-operation.patch 0014-ucm-fix-copy-n-paste-typo-RemoveDevice-list.patch 0015-pcm-dmix-fix-sw_params-handling-of-timestamp-types-i.patch 0016-conf-USB-Audio-Fix-S-PDIF-output-of-ASUS-Xonar-AE.patch ==== alsa-ucm-conf ==== - Backport upstream fixes: HDA SOF DSP support, Intel Atom profiles, etc 0004-hda-dsp-add-basic-ucm-config.patch 0005-update-README-files.patch 0006-bytcr-rt5651-Fix-dmic-check-in-HiFi-Components.conf.patch 0007-chtrt5645-Add-ASUSTeKCOMPUTERINC.-T100HAN-1.0-symlin.patch 0008-chtrt5645-Add-MEDION-E1239TMD60568-0.1-Wingman.conf-.patch 0009-chtrt5645-Remove-bogus-JackHWMute-settings.patch 0010-sof-hda-dsp-change-Headphones2-to-Mic2.patch ==== alsa-utils ==== - Backport upstream fixes for alsactl: 0002-alsactl-don-t-exit-on-EINTR-from-epoll_wait.patch 0003-alsactl-avoid-needless-wakeups-in-monitor-loop.patch 0004-alsactl-fix-error-handling-for-sched_setscheduler-ca.patch ==== dconf-editor ==== Version update (3.36.0 -> 3.36.2) Subpackages: dconf-editor-lang - Update to version 3.36.2: + Some fixes for the now HC theme. + Updated translations. ==== file-roller ==== Version update (3.36.1 -> 3.36.2) Subpackages: file-roller-lang - Update to version 3.36.2: + Bugs fixed: - libarchive: . Do not follow external links when extracting files. . Overwrite symbolic links as well if requested by the user. - Help: Update steps to create a new archive to 3.34 UI. + Updated translations. ==== gdm ==== Subpackages: gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Burnish gdm-look-for-session-based-on-pid-first.patch according to the upstream change (bsc#1159950, glgo#GNOME/gdm#526). - Disable gnome-initial-setup under gdm mode in Leap and SLE (jsc#SLE-11856). - Add gdm-Use-pkg-config-for-keyutils.patch: configure: Use pkg-config to look for keyutils. Following this, replace keyutils-devel pkgconfig(libkeyutils) BuildRequires. - Rebase/refresh patches with quilt. ==== gnome-mahjongg ==== Version update (3.36.1 -> 3.36.2) Subpackages: gnome-mahjongg-lang - Update to version 3.36.2: + help: Remove now unused localized screenshots for moves-left.png. + Updated translations. ==== iagno ==== Version update (3.36.0 -> 3.36.2) Subpackages: iagno-lang - Update to version 3.36.2: + Adapt to new HC theme. + Updated translations. ==== kbd ==== Subpackages: kbd-legacy - drop broken kbd command as well as guess_encoding (boo#1170067) - don't use subdirectory for legacy keymaps (boo#1166423) - use fdupes ==== kdiagram ==== Version update (2.6.3 -> 2.7.0) Subpackages: libKChart2 libKGantt2 libkchart-lang libkgantt-lang - Update to 2.7.0 * KGantt: + Add timeline and a settings dialog to enable user control + Let the selectionmodel control the selection of items + Fix crash when setGraphicsView() is called * KChart: + Fix Bug 420180 - Gaps not respected when x-axis is reversed (kde#420180) + Legend: Add new paint method + Give Rulerattributes a ruler pen + Don't hardcode default text color but use the palette + Fix build issues when qreal == float - Install license file ==== kismet ==== Version update (2020_04_R1 -> 2020_04_R2) Subpackages: kismet-capture-freaklabs-zigbee kismet-capture-linux-bluetooth kismet-capture-linux-wifi kismet-capture-nrf-51822 kismet-capture-nrf-mousejack kismet-capture-sdr-rtl433 kismet-capture-sdr-rtladsb kismet-capture-sdr-rtlamr kismet-capture-ti-cc2540 kismet-logtools - Update to version 2020-04-R2 * Bugfix release ==== libqt5-qtwebengine ==== - Add icu-v67.patch to fix compilation with icu v67, this is a backport of https://github.com/v8/v8/commit/3f8dc4b2e5baf77b463334c769af85b79d8c1463 ==== libupnp ==== Version update (1.10.1 -> 1.12.1) - Update to version 1.12.1: * #129: Remove and replace the list.h file * Reduce spurious HTTP 416 errors due to ill-defined bytes header * #138: Use stdbool.h instead of BOOL typedef and defines * #140: Remove IN, OUT and INOUT defines * #129: Remove and replace the list.h file * and many more, see ChangeLog - Bump libpnpn defines to 16 following upstream changes (also in baselibs.conf). - ChangeLog installed with devel package, not libXY ones ==== live555 ==== Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock8 libliveMedia79 - Added pkgconfig(openssl) as a requirement for the devel package: iveMedia/TLSState.hh #includes openssl/ssl.h. ==== mozc ==== Subpackages: fcitx-mozc ibus-mozc ibus-mozc-candidate-window mozc-gui-tools - Update mozc.spec: Drop the is_opensuse macro to eliminate in behavior in between SLE-15 and openSUSE Leap (jsc#SLE-11737). ==== newt ==== Version update (0.52.20 -> 0.52.21) - Update to version 0.52.21: * define env NEWT_NOFLOWCTRL to disable flow control (Robert Gill) * don't leak memory on errors in dialogboxes * fix radio button selection check in snack * fix plural forms in Lithuanian translation (#1568999) * fix parallel build (Émeric Dupont) * allow python versions to be specified with --with-python option ==== openssl ==== Version update (1.1.1f -> 1.1.1g) - Update to 1.1.1g release ==== openssl-1_1 ==== Version update (1.1.1f -> 1.1.1g) Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - Update to 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - refresh patches: * openssl-1.1.1-fips.patch * openssl-1.1.1-fips-crng-test.patch ==== perl-Bootloader ==== Version update (0.926 -> 0.927) - merge gh#openSUSE/perl-bootloader#126 - always install EFI fallback boot for aarch64 (bsc#1167015) - 0.927 ==== plasma5-desktop ==== Subpackages: plasma5-desktop-emojier - Add patch to fix GTK2 application appearance (kde#412331, boo#1169968): * 0001-krdb-Drop-GTK2-colour-exporting.patch ==== python ==== Version update (2.7.17 -> 2.7.18) - Use python3-Sphinx on anything more recent than SLE-15 (inclusive). - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro :c:macro:`PY_SSIZE_T_CLEAN` is not defined. ==== python-base ==== Version update (2.7.17 -> 2.7.18) Subpackages: libpython2_7-1_0 - Use python3-Sphinx on anything more recent than SLE-15 (inclusive). - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro :c:macro:`PY_SSIZE_T_CLEAN` is not defined. ==== python-pybind11 ==== - On devel files you need the pybind too to compile anything ==== quadrapassel ==== Version update (3.36.00 -> 3.36.02) Subpackages: quadrapassel-lang - Update to version 3.36.02: + Updated translations. ==== rubygem-actioncable-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-actionmailbox-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-actionmailer-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-actionpack-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-actiontext-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-actionview-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - updated to version 6.0.2.2 * Fix possible XSS vector in escape_javascript helper (CVE-2020-5267, bsc#1167240) Aaron Patterson ==== rubygem-activejob-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-activemodel-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-activerecord-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-activestorage-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-activesupport-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 no changes ==== rubygem-autoprefixer-rails ==== Version update (9.7.4 -> 9.7.6) - updated to version 9.7.6 * Revert -webkit-stretch fix. ==== rubygem-loofah ==== Version update (2.4.0 -> 2.5.0) - updated to version 2.5.0 [#]## Features * Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @JuanitoFatas!) [#]## Fixes * Remove comments from `Loofah::HTML::Document`s that exist outside the `html` element. [#80] [#]## Other changes * Gem metadata being set [#181] (Thanks, @JuanitoFatas!) * Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and @greysteil!) ==== rubygem-method_source ==== Version update (0.9.2 -> 1.0.0) - updated to version 1.0.0 * Added Ruby 2.7 support ==== rubygem-public_suffix ==== Version update (4.0.3 -> 4.0.4) - updated to version 4.0.4 [#] Changed * Updated definitions ==== rubygem-rails-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Update Rails to version 6.0.2.2 Changes are in Rails's modules. Release Blog entry: https://weblog.rubyonrails.org/2020/3/19/Rails-6-0-2-2-and-5-2-4-2-has-been-released/ ==== rubygem-railties-6.0 ==== Version update (6.0.2.1 -> 6.0.2.2) - Updated to version 6.0.2.2 * no changes ==== rubygem-sassc ==== Version update (2.2.1 -> 2.3.0) - updated to version 2.3.0 * [Fix rake gem:native task](https://github.com/sass/sassc-ruby/pull/196) * [disable lto flag for darwin + nix](https://github.com/sass/sassc-ruby/pull/166) * [Sort input file list](https://github.com/sass/sassc-ruby/pull/178) * [Set appropriate encoding for source_map](https://github.com/sass/sassc-ruby/pull/152) * [allow passing functions directly](https://github.com/sass/sassc-ruby/pull/162) * [always dispose data context](https://github.com/sass/sassc-ruby/pull/161) * [Update libsass to 3.6.3](https://github.com/sass/sassc-ruby/pull/164) * [Restore strip symbols](https://github.com/sass/sassc-ruby/pull/184) * [Default --march-tune-native to false](https://github.com/sass/sassc-ruby/pull/158) * [Fix compile issue on Mac OS X](https://github.com/sass/sassc-ruby/pull/174) * [Test on TruffleRuby in TravisCI](https://github.com/sass/sassc-ruby/pull/171) * [Use RbConfig::MAKEFILE_CONFIG['DLEXT'] instead of hardcoding extensions](https://github.com/sass/sassc-ruby/pull/173) - Drop reproducible.patch (implemented in version 2.3.0 already) ==== rubygem-tzinfo-1.2 ==== Version update (1.2.6 -> 1.2.7) - updated to version 1.2.7 * Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114. * Fixed warnings when running on Ruby 2.8. #112. ==== rubygem-zeitwerk ==== Version update (2.2.2 -> 2.3.0) - updated to version 2.3.0 * Adds support for collapsing directories. For example, if `booking/actions/create.rb` is meant to define `Booking::Create` because the subdirectory `actions` is there only for organizational purposes, you can tell Zeitwerk with `collapse`: ```ruby loader.collapse("booking/actions") ``` The method also accepts glob patterns to support standardized project structures: ```ruby loader.collapse("*/actions") ``` Please check the documentation for more details. * Eager loading is idempotent, but now you can eager load again after reloading. ==== shared-python-startup ==== - Correct suse_version value for SLE-12 ==== shotwell ==== Subpackages: shotwell-lang - Add shotwell-Make_fatal-warnings_an_option.patch: Make fatal-warnings an option ==== vala ==== Version update (0.48.3 -> 0.48.5) Subpackages: libvala-0_48-0 - Update to version 0.48.5: + Regression and bug fixes: - Revert "vala: Set default_construction_method in semantic-analyzer check if required". - tests: Fix make dist. - Update to version 0.48.4: + Various improvements and bug fixes: - codegen: . Fix binary 'in' operator on array with boxed value-typed needle . Use get_value_*_function() in GSignalModule.generate_marshaller() . Correctly handle signals returning real non-nullable struct . Use specified indices to access multidimensional array constants . Fix base-access to non-abstract/non-virtual properties . Fix default of CCode.pos for parameters in async methods - vala: . Set default_construction_method in semantic-analyzer check if required . Fix cleaning of output in CodeContext.pkg_config_modversion() . Don't use possibly uninitialized backing field of package_name . Add SourceReference.contains() and SourceLocation.to_string() . Check assigned handler of dynamic signal before proceeding further . Don't perform version check on internal lambda method . Perform version check for types of non-external variable declarations . Quote symbol on report by version attribute check . Ensure non-empty argument list for "disconnect" before accessing it - girparser: . Move special handling for certain parameters to process_callable() . Drop special handling of GLib.Data, GLib.PtrArray and GLib.String . Improve detection of AsyncReadyCallback/AsyncResult parameters - parser: Handle incomplete expression statements + Bindings: - gio-2.0: Add "async_result_pos" attributes to * .call_with_unix_fd_list() - glib-2.0: . Fix Filename.canonicalize() binding of g_canonicalize_filename . Guard Pid.to_string() with GLIB_2_50 to deal with G_PID_FORMAT - gstreamer-app-1.0: Don't merge Src.push_buffer_*() signal with its method - gstreamer-1.0: Don't skip GST_*_FORMAT strings - gtk4: Update to 3.98.3 - vapi: Update GIR-based bindings ==== wpa_supplicant ==== Subpackages: wpa_supplicant-gui - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934) ==== xkeyboard-config ==== Version update (2.27 -> 2.29) Subpackages: xkeyboard-config-lang - Update to version 2.29 ==== zlib ==== Subpackages: libminizip1 libz1 libz1-32bit zlib-devel - Update 410.patch to contain latest fixes from IBM bsc#1166260 * The build behaviour changed