Packages changed: aaa_base (84.87+git20200128.8a17290 -> 84.87+git20200206.ed897a1) dracut (049.1+git119.abf1a408 -> 049.1+git120.dbfbfcb8) fuse-overlayfs (0.7.5 -> 0.7.6) gnutls (3.6.11.1 -> 3.6.12) hwdata (0.331 -> 0.332) kernel-source (5.4.14 -> 5.5.1) libtasn1 (4.15.0 -> 4.16.0) netcfg open-iscsi python-setuptools (41.6.0 -> 44.0.0) rakkess (0.4.1 -> 0.4.3) socat vim (8.2.0119 -> 8.2.0200) === Details === ==== aaa_base ==== Version update (84.87+git20200128.8a17290 -> 84.87+git20200206.ed897a1) - Update to version 84.87+git20200206.ed897a1: * get_kernel_version: fix for current kernel on s390x (from azouhr) - Update to version 84.87+git20200206.8d74b0b: * Fix services entry in /etc/nsswitch.conf [bsc#1162916] - Make sure glibc is recent enough else nsswitch.conf update will fail ==== dracut ==== Version update (049.1+git119.abf1a408 -> 049.1+git120.dbfbfcb8) Subpackages: dracut-ima - Update to version 049.1+git120.dbfbfcb8: * 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352) ==== fuse-overlayfs ==== Version update (0.7.5 -> 0.7.6) - Update to v0.7.6 - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO ==== gnutls ==== Version update (3.6.11.1 -> 3.6.12) - gnutls 3.6.12 * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) to identify sessions that client request OCSP status request (#829). * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 signature algorithm (RFC 8032) under TLS (#86). * libgnutls: Added the default-priority-string option to system configuration; it allows overriding the compiled-in default-priority-string. * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-07). By default this ciphersuite is disabled. It can be enabled by adding +GOST to priority string. In the future this priority string may enable other GOST ciphersuites as well. Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. * libgnutls: added priority shortcuts for different GOST categories like CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. * libgnutls: Reject certificates with invalid time fields. That is we reject certificates with invalid characters in Time fields, or invalid time formatting To continue accepting the invalid form compile with --disable-strict-der-time * libgnutls: Reject certificates which contain duplicate extensions. We were previously printing warnings when printing such a certificate, but that is not always sufficient to flag such certificates as invalid. Instead we now refuse to import them (#887). * libgnutls: If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level prior to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). * libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. * libgnutls: The stapled OCSP certificate verification adheres to the convention used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. * libgnutls: On client side only send OCSP staples if they have been requested by the server, and on server side always advertise that we support OCSP stapling * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible with gnutls_ocsp_req_t but const. * certtool: Added the --verify-profile option to set a certificate verification profile. Use '--verify-profile low' for certificate verification to apply the 'NORMAL' verification profile. * certtool: The add_extension template option is considered even when generating a certificate from a certificate request. ==== hwdata ==== Version update (0.331 -> 0.332) - Update to version 0.322: * Updated pci, usb and vendor ids. ==== kernel-source ==== Version update (5.4.14 -> 5.5.1) - btrfs: do not zero f_bavail if we have available space (bnc#1162471). - commit efe8ca5 - Linux 5.5.1 (bnc#1012628). - power/supply: ingenic-battery: Don't change scale if there's only one (bnc#1012628). - Revert "um: Enable CONFIG_CONSTRUCTORS" (bnc#1012628). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (bnc#1012628). - crypto: pcrypt - Fix user-after-free on module unload (bnc#1012628). - crypto: caam - do not reset pointer size from MCFGR register (bnc#1012628). - crypto: vmx - reject xts inputs that are too short (bnc#1012628). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bnc#1012628). - rsi: fix non-atomic allocation in completion handler (bnc#1012628). - rsi: fix memory leak on failed URB submission (bnc#1012628). - rsi: fix use-after-free on probe errors (bnc#1012628). - rsi: fix use-after-free on failed probe and unbind (bnc#1012628). - rxrpc: Fix use-after-free in rxrpc_receive_data() (bnc#1012628). - net: include struct nhmsg size in nh nlmsg size (bnc#1012628). - mlxsw: minimal: Fix an error handling path in 'mlxsw_m_port_create()' (bnc#1012628). - udp: segment looped gso packets correctly (bnc#1012628). - net: socionext: fix xdp_result initialization in netsec_process_rx (bnc#1012628). - net: socionext: fix possible user-after-free in netsec_process_rx (bnc#1012628). - net_sched: walk through all child classes in tc_bind_tclass() (bnc#1012628). - net_sched: fix ops->bind_class() implementations (bnc#1012628). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (bnc#1012628). - mvneta driver disallow XDP program on hardware buffer management (bnc#1012628). - zd1211rw: fix storage endpoint lookup (bnc#1012628). - rtl8xxxu: fix interface sanity check (bnc#1012628). - brcmfmac: fix interface sanity check (bnc#1012628). - ath9k: fix storage endpoint lookup (bnc#1012628). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bnc#1012628). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bnc#1012628). - CIFS: Fix task struct use-after-free on reconnect (bnc#1012628). - crypto: chelsio - fix writing tfm flags to wrong place (bnc#1012628). - driver core: Fix test_async_driver_probe if NUMA is disabled (bnc#1012628). - iio: st_gyro: Correct data for LSM9DS0 gyro (bnc#1012628). - iio: adc: stm32-dfsdm: fix single conversion (bnc#1012628). - mei: me: add jasper point DID (bnc#1012628). - mei: me: add comet point (lake) H device ids (bnc#1012628). - mei: hdcp: bind only with i915 on the same PCH (bnc#1012628). - binder: fix log spam for existing debugfs file creation (bnc#1012628). - component: do not dereference opaque pointer in debugfs (bnc#1012628). - debugfs: Return -EPERM when locked down (bnc#1012628). - serial: imx: fix a race condition in receive path (bnc#1012628). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bnc#1012628). - staging: vt6656: Fix false Tx excessive retries reporting (bnc#1012628). - staging: vt6656: use NULLFUCTION stack on mac80211 (bnc#1012628). - staging: vt6656: correct packet types for CTS protect, mode (bnc#1012628). - staging: wlan-ng: ensure error return is actually returned (bnc#1012628). - staging: most: net: fix buffer overflow (bnc#1012628). - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (bnc#1012628). - usb: typec: wcove: fix "op-sink-microwatt" default that was in mW (bnc#1012628). - usb: dwc3: turn off VBUS when leaving host mode (bnc#1012628). - USB: serial: ir-usb: fix IrLAP framing (bnc#1012628). - USB: serial: ir-usb: fix link-speed handling (bnc#1012628). - USB: serial: ir-usb: add missing endpoint sanity check (bnc#1012628). - usb: host: xhci-tegra: set MODULE_FIRMWARE for tegra186 (bnc#1012628). - usb: dwc3: pci: add ID for the Intel Comet Lake -V variant (bnc#1012628). - rsi_91x_usb: fix interface sanity check (bnc#1012628). - orinoco_usb: fix interface sanity check (bnc#1012628). - Bluetooth: btusb: fix non-atomic allocation in completion handler (bnc#1012628). - commit d3e7b7d - config: armv7lpae: Update to 5.5 - commit 74459b2 - config: armv7hl: Update to 5.5 - commit ae8d01e - config: armv6hl: Update to 5.5 - commit edbc4d9 - x86/KVM: Clean up host's steal time structure (bcs#1161154, CVE-2019-3016). - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (bcs#1161154, CVE-2019-3016). - x86/kvm: Cache gfn to pfn translation (bcs#1161154, CVE-2019-3016). - x86/kvm: Introduce kvm_(un)map_gfn() (bcs#1161154, CVE-2019-3016). - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (bcs#1161154, CVE-2019-3016). - commit 77cf1f3 - x86/KVM: Clean up host's steal time structure (bcs#1161154, CVE-2019-3016). - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (bcs#1161154, CVE-2019-3016). - x86/kvm: Cache gfn to pfn translation (bcs#1161154, CVE-2019-3016). - x86/kvm: Introduce kvm_(un)map_gfn() (bcs#1161154, CVE-2019-3016). - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (bcs#1161154, CVE-2019-3016). - commit 7e57096 - update upstream references - update upstream status (in mainline now): patches.suse/ALSA-hda-Apply-aligned-MMIO-access-only-conditionall.patch patches.suse/hwrng-iproc-rng200-add-support-for-bcm2711.patch - commit f202425 - update upstream reference - update upstream status (in mainline now): patches.suse/ASoC-SOF-Introduce-state-machine-for-FW-boot.patch - commit 86483c3 - Update patch tag for upstreamed rtw88 patch - commit 1507410 - ASoC: SOF: core: release resources on errors in probe_continue (bsc#1161246). - ASoC: SOF: core: free trace on errors (bsc#1161246). - ASoC: SOF: Introduce state machine for FW boot (bsc#1161246). - commit ef0a514 - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - commit eecbd97 - Update to 5.5 final - refresh configs - commit 002fd1a - config: refresh Only update headers. - commit 7193c66 ==== libtasn1 ==== Version update (4.15.0 -> 4.16.0) Subpackages: libtasn1-6 - libtasn1 4.16.0: * asn1_decode_simple_ber: added support for constructed definite octet strings * asn1_get_object_id_der: enhance the range of decoded OIDs * asn1_object_id_der: New function ==== netcfg ==== - Require libnss_usrfiles2 for /usr/etc [bnc#1162666] ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Bug fixes, including addig support for "-fno-common" compiler option, 586 bug fixes, a bug fix for SHA1 handling, and other needed but small fixes (bsc#1160287), updating: * open-iscsi-SUSE-latest.diff.bz2 ==== python-setuptools ==== Version update (41.6.0 -> 44.0.0) - update to 44.0.0 - last version with python2 support - add testdata.tar.gz -> missing data for testsuite * Drop support for Python 3.4. * include pyproject.toml in source distribution by default. Projects relying on the previous behavior where pyproject.toml * Setuptools once again declares 'setuptools' in the build-system.requires and adds PEP 517 build support by declaring itself as the build-backend * Fix support for easy_install's find-links option in setup.cfg * Build dependencies (setup_requires and tests_require) now install transitive dependencies indicated by extras. * Mark the easy_install script and setuptools command as deprecated, and use pip when available to fetch/build wheels for missing setup_requires/tests_require requirements, with the following differences in behavior: + support for python_requires + better support for wheels (proper handling of priority with respect to PEP 425 tags) + PEP 517/518 support + eggs are not supported + no support for the allow_hosts easy_install option (index_url/find_links are still honored) + pip environment variables are honored (and take precedence over easy_install options) * Removed the "upload" and "register" commands in favor of twine. * Add support for the license_files option in setup.cfg to automatically include multiple license files in a source distribution. * Update handling of wheels compatibility tags: * add support for manylinux2010 * fix use of removed 'm' ABI flag in Python 3.8 on Windows * Fix empty namespace package installation from wheel. * Setuptools now exposes a new entry point hook "setuptools.finalize_distribution_options", enabling plugins like setuptools_scm to configure options on the distribution at finalization time. ==== rakkess ==== Version update (0.4.1 -> 0.4.3) - Update to version 0.4.3 - Changes in build process - bug fixes - Refresh vendor.tar.xz ==== socat ==== - socat-common-fixes.patch: include tcpd.h where needed to fix - fno-common bsc#1160293 ==== vim ==== Version update (8.2.0119 -> 8.2.0200) Subpackages: vim-data-common - Refreshed disable-unreliable-tests.patch and vim-7.3-help_tags.patch - Updated to version 8.2.0200, fixes the following problems * Message test fails on some platforms. (Elimar Riesebieter) * virtcol() does not check arguments to be valid, which may lead to a crash. * filter() and map() on blob don't work. * complete_info() does not work when CompleteDone is triggered. * Compiler warnings for variable types. * :mode no longer works for any system. * Textprop test fails. * Some buffer commands work in a popup window. * Cannot list options one per line. * Python3 ranges are not tested. * Command line is not cleared when switching tabs and the command line height differs. * Script may be re-used when deleting and creating a new one. * Invalid memory access with search command. * Some map functionality not covered by tests. * Bracketed paste can still cause invalid memory access. (Dominique Pelle) * Stray ch_logfile() call. * Crash when using win_execute() from a new tab. * Memory leak when starting a job fails. * No swift filetype detection. * Possible to enter popup window with CTRL-W p. (John Devin) * Coverity warning for possible use of NULL pointer. * Some mapping code is not fully tested. * Using #error for compilation errors should be OK now. * Wrong indent when 'showbreak' and 'breakindent' are set and 'briopt' includes "sbr". * Block Visual mode operators not correct when 'linebreak' set. * Mapping related function in wrong source file. * Maintaining a Vim9 branch separately is more work. * Cannot define python function when using :execute. (Yasuhiro Matsumoto) * Detecting a script was already sourced is unreliable. * Restoring ctrl_x_mode is not needed. * Warning shows when listing version info. * Reallocating the list of scripts is inefficient. * Warnings from MinGW compiler. (John Marriott) Json test fails when building without +float feature. * Various typos in source files and tests. * Vim9 script files not in list of distributed files. * Triggering CompleteDone earlier is not backwards compatible. (Daniel Hahler) * Non-materialized range() list causes problems. (Fujiwara Takuya) * Range test fails. * Not recognizing .gv file as dot filetype. * Balloon test fails in the GUI. * Test hangs on MS-Windows console. * Test_alot takes too long. * Coverity warning for using NULL pointer. * Coverity warning for using uninitialized variable. * Coverity warning for ignoring return value. * Coverity warning for assigning NULL to an option. * Coverity warning for dead code. * Coverity warning for ignoring return value. * Coverity warning for using uninitialized buffer. * Coverity warning for not restoring character. * Various commands not completely tested. * Crash when removing list element in map(). * Generating os headers does not work for Swedish. * Memory leak in get_tags(). * With VTP the screen may not be restored properly. * Still a few places where range() does not work. * Test for wrapmargin fails if terminal is not 80 columns. * Problems parsing :term arguments. * Min() and max() materialize a range() list. * Tests fail when the float feature is disabled. * Blob test fails. * Vim9 script: cannot use "if has()" to skip lines. * A couple of tests may fail when features are missing. * Reduntant code. * Check commands don't work well with Vim9 script. * cd() with NULL argument crashes. * Kotlin files are not recognized. * Cannot put a terminal in a popup window. * Build failure without +terminal feature. * Still build failure without +terminal feature. * Some commands can cause problems in terminal popup. * Some tests fail when run in the GUI. * Blocking commands for a finished job in a popup window. * Some Ex commands not sufficiently tested. * No tests for y/n prompt.