Packages changed: accountsservice enchant gdm gnome-session gnome-shell ilmbase (2.4.0 -> 2.4.1) iso-codes (4.1 -> 4.4) libsecret (0.20.1 -> 0.20.3) libssh (0.9.3 -> 0.9.4) libtirpc (1.2.5 -> 1.2.6) noto-coloremoji-fonts (20191119 -> 20200408) open-iscsi openexr (2.4.0 -> 2.4.1) patterns-microos perl-libwww-perl (6.43 -> 6.44) podman (1.8.2 -> 1.9.0) poppler (0.86.1 -> 0.87.0) poppler-qt5 (0.86.1 -> 0.87.0) systemd (244 -> 245) webkit2gtk3 (2.28.0 -> 2.28.1) xen (4.13.0_11 -> 4.13.0_12) xfsprogs (5.5.0 -> 5.6.0) === Details === ==== accountsservice ==== Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Apply as-fate318433-prevent-same-account-multi-logins.patch to Leap. ==== enchant ==== Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Enable aspell support on SLE to synchronize with Leap. ==== gdm ==== Subpackages: gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Add gdm-look-for-session-based-on-pid-first.patch: Look for session based on pid first, then fall back to the uid based approach (bsc#1159950, glgo#GNOME/gdm#526). ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-default-session - Add gnome-session-error-numbers-wrong.patch: Remove erron in log 'gnome-session-c[4905]: Error creating FIFO: File exists' (bsc#1169165 glgo!GNOME/gnome-session#42). ==== gnome-shell ==== - Update gnome-shell-disable-ibus-when-not-installed.patch: Remove error in journal log(bsc#1169029). ==== ilmbase ==== Version update (2.4.0 -> 2.4.1) Subpackages: libHalf-2_4-24 libIex-2_4-24 libIlmThread-2_4-24 - version update to 2.4.1 * Various fixes for memory leaks and invalid memory accesses * Various fixes for integer overflow with large images. * Various cmake fixes for build/install of python modules. * ImfMisc.h is no longer installed, since it's a private header. - deleted patches - Fix-the-symlinks-creation.patch (upstreamed) ==== iso-codes ==== Version update (4.1 -> 4.4) - Update to version 4.4: * Plenty of changes - see provided ChangeLog.md for details - Update source url ==== libsecret ==== Version update (0.20.1 -> 0.20.3) - Update to version 0.20.3: + secret-file-backend: Fix use-after-free in flatpak. + docs: Add man subdir only if manpage is enabled. - Update to version 0.20.2: + secret-file-collection: force little-endian in GVariant. + Prefer g_info() over g_message(). + meson: Don't specify shared_library(). + docs: Make sure to set install: true. - Rename sub-package libsecret-tools to secret-tool: Align with the actual binary provided and remove a rpmlint warning. Add Provides and Obsoletes to ease upgrades for our end-users. - Drop Group tag from spec. ==== libssh ==== Version update (0.9.3 -> 0.9.4) Subpackages: libssh-config libssh4 - Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ ==== libtirpc ==== Version update (1.2.5 -> 1.2.6) Subpackages: libtirpc-netconfig libtirpc3 - Update to libtirpc 1.2.6 - Drop patches all patches backported from this release (0001-Add-authdes_seccreate-stub.patch, 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch) ==== noto-coloremoji-fonts ==== Version update (20191119 -> 20200408) - Update to v2020-04-08-unicode12_1 * Emoji 12.1 svg & png files ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated service_del_preun and service_del_postun for iscsi and iscsiuio packges in SPEC file, so that services get started/ stopped in the correct order, and changed systemd macros so that iscsi login service iscsi.service is not restarted during package upgrade (bsc#1166650) ==== openexr ==== Version update (2.4.0 -> 2.4.1) - version update to 2.4.1 * Various fixes for memory leaks and invalid memory accesses * Various fixes for integer overflow with large images. * Various cmake fixes for build/install of python modules. * ImfMisc.h is no longer installed, since it's a private header. - deleted patches - Fix-the-symlinks-creation.patch (upstreamed) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Install branding-openSUSE meta package - Put apparmor-utils only on DVD, but don't install by default (follow Tumbleweed) ==== perl-libwww-perl ==== Version update (6.43 -> 6.44) - updated to 6.44 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.44 2020-04-14 19:37:45Z - Support basic authentication charset per RFC 7617 (GH#339) (Ville Skytt) - Fixed POD mistake. (GH PR#338. Sebastian Paaske Tørholm) ==== podman ==== Version update (1.8.2 -> 1.9.0) Subpackages: podman-cni-config - Switched to simple `make binaries` for building podman - Update podman to v1.8.2: * Features - Experimental support has been added for podman run - -userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 ==== poppler ==== Version update (0.86.1 -> 0.87.0) - Update to version 0.87.0: + core: - Fix crashes due to inconsistent vtables for Clang builds - Fix leak in broken files - Internal code improvements + qt5: - Add option to get form choice for export value - ArthurOutputDev: Avoid division by zero in updateLineDash + glib: Internal code improvements + utils: pdftohtml: Fix memory leak in HtmlOutputDev::getLinkDest - Bump poppler_sover following upstream changes. ==== poppler-qt5 ==== Version update (0.86.1 -> 0.87.0) - Update to version 0.87.0: + core: - Fix crashes due to inconsistent vtables for Clang builds - Fix leak in broken files - Internal code improvements + qt5: - Add option to get form choice for export value - ArthurOutputDev: Avoid division by zero in updateLineDash + glib: Internal code improvements + utils: pdftohtml: Fix memory leak in HtmlOutputDev::getLinkDest - Bump poppler_sover following upstream changes. ==== systemd ==== Version update (244 -> 245) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Switch back to the hybrid hierarchy Unfortunately Kubernetes and runc are not yet ready for cgroupsv2. Let's reconsider the unified hierarchy in a couple of months. - Import commit c5aa158173ced05201182d1cc18632a25cf43b94 (merge v245.4) - Add 0001-meson-fix-build-of-udev-path_id_compat-builtin-with-.patch - Import commit 31f82b39c811b4f731c80c2c2e7c56a0ca924a5b (merge v245.2) d1d3f2aa15 docs: Add syntax for templated units to systemd.preset man page 3c69813c69 man: add a tiny bit of markup bf595e788c home: fix segfault when parsing arguments in PAM module e110f4dacb test: wait a bit after starting the test service e8df08cfdb fix journalctl regression (#15099) eb3a38cc23 NEWS: add late note about job trimming issue 405f0fcfdd systemctl: hide the 'glyph' column when --no-legend is requested 1c7de81f89 format-table: allow hiding a specific column b7f2308bda core: transition to FINAL_SIGTERM state after ExecStopPost= 2867dfbf70 journalctl: show duplicate entries if they are from the same file (#14898) [...] - Upgrade to v245 (commit 74e2e834b4282c9bbdc12014f6ccf8d86e542b8d) See https://github.com/openSUSE/systemd/blob/SUSE/v245/NEWS for details. The new tools provided by systemd repart, userdb, homed, fdisk, pwquality, p11kit feature have been disabled for now as they require reviews first. Default to the "unified" cgroup hierarchy. Indeed most prominent users of cgroup (such as libvirt, kubic) should be ready for such change. It's still possible to switch back to the old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0" option to the kernel command line though. Added 0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch: upstream commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533 has been reverted for now on as it introduced a behavior change which has impacted plymouth at least. - add systemd-network-generator.service file together with systemd-network-generator binary ==== webkit2gtk3 ==== Version update (2.28.0 -> 2.28.1) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.28.1 (boo#1169658): + Fix position of default option element popup windows under Wayland. + Fix rendering after a cross site navigation with PSON enabled and hardware acceleration forced. + Fix a crash in nested wayland compositor when closing a tab with PSON enabled. + Update Chrome and Firefox versions in user agent quirks. + Fix a crash with bubblewrap sandbox enabled. + Fix a crash in JavaScriptCore in ppc64el. + Fix the build with GStreamer 1.12. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-11793. - Drop webkit2gtk3-gstreamer-build-fix.patch: Fixed upstream. - Add webkit2gtk3-gstreamer-build-fix.patch: fix build with gstreamer 1.12 (webkit#209296). - Rebase webkit-process.patch. - Use WebKit defaults for ENABLE_JIT and USE_SYSTEM_MALLOC, except for aarch64. WebKit now sets reasonable defaults based on architecture. Disable on aarch64 in case a user is still using the kernel-64kb package. - Use bubblewrap, xdg-dbus-proxy, wpe, and wpebackend-fdo on 15.2; they had been unintentionally excluded. - Increase mem_per_process; otherwise fails on SLE/Leap. ==== xen ==== Version update (4.13.0_11 -> 4.13.0_12) - bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch - bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch - bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing memory barriers in read-write unlock paths 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch - bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error path in GNTTABOP_map_grant 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch - bsc#1167152 - L3: Xenstored Crashed during VM install Need Core analyzed 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch - Drop for upstream solution (bsc#1165206) 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch - Upstream bug fixes (bsc#1027519) 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch ==== xfsprogs ==== Version update (5.5.0 -> 5.6.0) - update to v5.6.0: * xfs_scrub: don't set WorkingDirectory in systemd job * xfsprogs: fix silently broken option parsing * xfsprogs: various minor Coverity fixes * xfs_repair: fix dir_read_buf use of libxfs_da_read_buf * libxfs: check retval of device flush when closing * xfs_io: set exitcode on failure appropriately * libxfs changes merged from kernel 5.6