Packages changed: elfutils installation-images-MicroOS (14.443 -> 14.447) ncurses open-lldp (1.0.1+56.cb81e95 -> 1.0.1+102.4c7fcc3) openssl (1.1.1c -> 1.1.1d) openssl-1_1 (1.1.1c -> 1.1.1d) ucode-intel (20191112 -> 20191115) yast2 (4.2.30 -> 4.2.34) === Details === ==== elfutils ==== Subpackages: libasm1 libdw1 libebl-plugins libelf1 - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead - dwelf_elf_e_machine_string.patch: Avoid spurious failure ==== installation-images-MicroOS ==== Version update (14.443 -> 14.447) - merge gh#openSUSE/installation-images#343 - Revert "Include KacstOne font for Persian (boo#1092920)" - Use Noto Naskh Arabic instead of KacstBook (boo#1092920) - another attempt to fix fonts - 14.447 - merge gh#openSUSE/installation-images#344 - Added linuxrc reboot_timeout option (bsc1122493) - 14.446 - merge gh#openSUSE/installation-images#342 - Include KacstOne font for Persian (boo#1092920) - 14.445 ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Do not add has size to linker flags of any pkg-config - Add ncurses patch 20191109 + add warning-check in tic for terminals with parm_dch vs parm_ich. + drop ich1 from rxvt-basic, Eterm and mlterm to improve compatibility with old non-curses programs -TD + reviewed st 0.8.2, updated some details -TD + use ansi+rep several places -TD + corrected tic's check for ich1 (report by Sebastian J. Bronner, cf: 20020901). - Add ncurses patch 20191102 + check parameter of set_escdelay, return ERR if negative. + check parameter of set_tabsize, return ERR if not greater than zero (report/patch by Anthony Sottile). + revise CF_ADD_LIBS macro to prepend rather than append libraries. + add "xterm-mono" to help packagers (report by Sven Joachim) -TD ==== open-lldp ==== Version update (1.0.1+56.cb81e95 -> 1.0.1+102.4c7fcc3) Subpackages: liblldp_clif1 - Update to version v1.0.1+102.4c7fcc3: * l2_packet: Guard ETH_P_LLDP define * lldp_mand: retrieve permanent mac address in get_mac() * lldp_util: use netlink to fetch mac address * lldp_util: drop get_macstr() * linux/if_link.h: Update and add bonding netlink definitions - Update to version v1.0.1+95.3168e11: * Test with newer GCC 8 and 9 versions * RPM build is broken, so skip * Place the tarball in the right place * A tarball needs to be built after bootstrap.sh for use with RPM * Added missing steps for building an RPM * Finish off with testing building the RPM * Test package installation as well * Test under multiple GCC releases * Drop requirement for Travis CI testing with Clang * Support checking build with Travis CI * vdp-netlink: account for sizes properly * qbg: avoid warning for extra parens * qbg: port name is always a valid pointer * dcbx-nl: drop run_cmd * ecp: allow for failure to create * lldp_util: allow for null ifa_addr element * lldpad: Do not enable port if already enabled * Silent -Werror=address-of-packed-member warnings. * Come up with STRNCPY_TERMINATED (#25). * vdptool: fixed compile error for getline() * Fix #23 by off by one strncpy value. * 8021qaz: Block lldptool set operations if read only mode is on * 8021qaz: Add read only option for 8021qaz module * lldp: Allow lldptool to modify optional TLV's content * 8021qaz: Print dscp2prio map * autoconf: Add systemd support in configure.ac * rpm-spec: Add vdp22 man files to lldpad.spec.in ==== openssl ==== Version update (1.1.1c -> 1.1.1d) - Update to 1.1.1d release ==== openssl-1_1 ==== Version update (1.1.1c -> 1.1.1d) Subpackages: libopenssl1_1 - Merged upstream changes to allow NULL salt values in EVP_PBE_scrypt(). * Revealed by nodejs12 during bsc#1149572. * Modified openssl-jsc-SLE-8789-backport_KDF.patch - openssl-jsc-SLE-8789-backport_KDF.patch: retain old behaviour of EVP_PBE_scrypt. When key output buffer is not provided, only check if the input parameters are in valid range and ignore passphrase/salt fields as they are only used in the actual calculation. - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch - To avoid seperate certification of openssh server / client move the SSH KDF (Key Derivation Function) into openssl. * jsc#SLE-8789 * Sourced from commit 8d76481b189b7195ef932e0fb8f0e23ab0120771#diff-a9562bc75317360a2e6b8b0748956e34 in openssl master (introduce the SSH KDF) and commit 5a285addbf39f91d567f95f04b2b41764127950d in openssl master (backport EVP/KDF API framework) * added openssl-jsc-SLE-8789-backport_KDF.patch ==== ucode-intel ==== Version update (20191112 -> 20191115) - Updated to 20191115 release (bsc#1157004) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- updated platforms ------------------------------------ - SKL-U/Y D0 6-4e-3/c0 000000d4->000000d6 Core Gen6 Mobile - SKL-U23e K1 6-4e-3/c0 000000d4->000000d6 Core Gen6 Mobile - SKL-H/S/E3 N0/R0/S0 6-5e-3/36 000000d4->000000d6 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000c6->000000ca Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000c6->000000ca Core Gen7 Mobile - KBL-U23e J1 6-8e-9/c0 000000c6->000000ca Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000c6->000000ca Core Gen8 Mobile - KBL-R U Y0 6-8e-a/c0 000000c6->000000ca Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000c6->000000ca Core Gen8 Mobile - AML-Y42 V0 6-8e-c/94 000000c6->000000ca Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000c6->000000ca Core Gen8 Mobile - CML-U42 V0 6-8e-c/94 000000c6->000000ca Core Gen10 Mobile - KBL-G/H/S/X/E3 B0 6-9e-9/2a 000000c6->000000ca Core Gen7 Desktop, Mobile, Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000c6->000000ca Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000c6->000000ca Core Gen8 - CFL-S P0 6-9e-c/22 000000c6->000000ca Core Gen9 Desktop - CFL-H/S/E3 R0 6-9e-d/22 000000c6->000000ca Core Gen9 Desktop, Mobile, Xeon E - CML-U62 A0 6-a6-0/80 000000c6->000000ca Core Gen10 Mobile - Updated to 20191113 release - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- updated platforms ------------------------------------ - CFL-S P0 6-9e-c/22 000000a2->000000c6 Core Gen9 Desktop ==== yast2 ==== Version update (4.2.30 -> 4.2.34) - Fix crash in upgrade caused by wrong parameter to snapper (bsc#1156819) - 4.2.34 - Use new snapper machine-readable output to retrieve snapshots information (related to bsc#1149322). - 4.2.33 - Add linuxrc option "reboot_timeout" to configure the timeout before reboot (bsc#1122493) - 4.2.32 - Network: During an installation, check which backend is in use when Systemd is running. (bsc#1151291) - 4.2.31