Packages changed: cloud-init cyrus-sasl gpg2 (2.2.17 -> 2.2.18) hwdata (0.329 -> 0.330) libnftnl (1.1.4 -> 1.1.5) libsolv (0.7.7 -> 0.7.9) libxml2 (2.9.9 -> 2.9.10) libxslt (1.1.33 -> 1.1.34) libzypp (17.15.0 -> 17.17.0) nano (4.5 -> 4.6) openssl perl permissions (1550_20191118 -> 1550_20191205) python-PyYAML (5.1.2 -> 5.2) read-only-root-fs (1.0+git20191112.42add9e -> 1.0+git20191203.3f7cc07) sssd (2.2.0 -> 2.2.2) tallow (19+git20191104.5dfb982 -> 19+git20191106.4b071b0) transactional-update (2.17 -> 2.20) vim (8.1.2233 -> 8.1.2383) zypper (1.14.32 -> 1.14.33) === Details === ==== cloud-init ==== - Add cloud-init-proper-ipv6-setting.patch (bsc#1156139) + Set proper IPv6 interface variable in ifcfg file ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - added backport-patch cyrus-sasl-bug587.patch which fixes off-by-one error in _sasl_add_string function (see https://github.com/cyrusimap/cyrus-sasl/issues/587) ==== gpg2 ==== Version update (2.2.17 -> 2.2.18) - Update to 2.2.18 [bsc#1157900, CVE-2019-14855] * gpg: Changed the way keys are detected on a smartcards; this allows the use of non-OpenPGP cards. In the case of a not very likely regression the new option --use-only-openpgp-card is available. [#4681] * gpg: The commands --full-gen-key and --quick-gen-key now allow direct key generation from supported cards. [#4681] * gpg: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. [#4755,CVE-2019-14855] * gpg: Improve performance for import of large keyblocks. [#4592] * gpg: Implement a keybox compression run. [#4644] * gpg: Show warnings from dirmngr about redirect and certificate problems (details require --verbose as usual). * gpg: Allow to pass the empty string for the passphrase if the '--passphase=' syntax is used. [#4633] * gpg: Fix printing of the KDF object attributes. * gpg: Avoid surprises with --locate-external-key and certain - -auto-key-locate settings. [#4662] * gpg: Improve selection of best matching key. [#4713] * gpg: Delete key binding signature when deletring a subkey. [#4665,#4457] * gpg: Fix a potential loss of key sigantures during import with self-sigs-only active. [#4628] * gpg: Silence "marked as ultimately trusted" diagnostics if option --quiet is used. [#4634] * gpg: Silence some diagnostics during in key listsing even with option --verbose. [#4627] * gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652] * gpgsm: Support AES-256 keys. * gpgsm: Fix a bug in triggering a keybox compression run if - -faked-system-time is used. * dirmngr: System CA certificates are no longer used for the SKS pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594] * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces to avoid long timeouts. [#4165] * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio Shield and Trustica Cryptoucan work. [#4654,#4566] * wkd: gpg-wks-client --install-key now installs the required policy file. - Rebase patches: * gnupg-2.2.8-files-are-digests.patch * gnupg-add_legacy_FIPS_mode_option.patch ==== hwdata ==== Version update (0.329 -> 0.330) - Update to version 0.330: * Updated pci, usb and vendor ids. ==== libnftnl ==== Version update (1.1.4 -> 1.1.5) - Update to release 1.1.5 * flowtable: add support for handle attribute * obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data() ==== libsolv ==== Version update (0.7.7 -> 0.7.9) - support conda constrains dependencies - bump version to 0.7.9 - support arch<->noarch package changes when creating patch conflicts from the updateinfo data - support for SOLVER_BLACKLIST jobs that block the installation of matched packages unless they are directly selected by an SOLVER_INSTALL job - libsolv now also parses the patch status in the updateinfo parser - new solvable_matchessolvable() function - bump version to 0.7.8 ==== libxml2 ==== Version update (2.9.9 -> 2.9.10) Subpackages: libxml2-2 libxml2-tools - Since libxml2-2.9.10 perl-XML-LibXSLT fails to build: [bsc#1157450] * Revert upstream commit to make xmlFreeNodeList non-recursive https://github.com/GNOME/libxml2/commit/0762c9b69ba01628f72eada1c64ff3d361fb5716 - Add patch libxml2-xmlFreeNodeList-recursive.patch - Version update to 2.9.10: * Portability: + Fix exponent digits when running tests under old MSVC + Work around buggy ceil() function on AIX + Don't call printf with NULL string in runtest.c + Switched from unsigned long to ptrdiff_t in parser.c + timsort.h: support older GCCs + Make configure.ac work with older pkg-config * Bug Fixes: + Fix for conditional sections at end of document + Make sure that Python tests exit with error code + Audit memory error handling in xpath.c + Fix error code in xmlTextWriterStartDocument + Fix integer overflow when counting written bytes + Fix uninitialized memory access in HTML parser + Fix memory leak in xmlSchemaValAtomicType + Disallow conditional sections in internal subset + Fix use-after-free in xmlTextReaderFreeNodeList + Fix Regextests + Fix empty branch in regex + Fix integer overflow in entity recursion check + Don't read external entities or XIncludes from stdin + Fix Schema determinism check of ##other namespaces + Fix potential null deref in xmlSchemaIDCFillNodeTables + Fix potential memory leak in xmlBufBackToBuffer + Fix error message when processing XIncludes with fallbacks + Fix memory leak in xmlRegEpxFromParse + 14:00 is a valid timezone for xs:dateTime + Fix memory leak in xmlParseBalancedChunkMemoryRecover + Fix potential null deref in xmlRelaxNGParsePatterns + Misleading error message with xs:{min|max}Inclusive + Fix memory leak in xmlXIncludeLoadTxt + Partial fix for comparison of xs:durations + Fix null deref in xmlreader buffer + Fix unability to RelaxNG-validate grammar with choice-based name class + Fix unability to validate ambiguously constructed interleave for RelaxNG + Fix possible null dereference in xmlXPathIdFunction + fix memory leak in xmlAllocOutputBuffer + Fix unsigned int overflow + dict.h: gcc 2.95 doesn't allow multiple storage classes + Fix another code path in xmlParseQName + Make sure that xmlParseQName returns NULL in error case + Fix build without reader but with pattern + Fix memory leak in xmlAllocOutputBufferInternal error path + Fix unsigned integer overflow + Fix return value of xmlOutputBufferWrite + Fix parser termination from "Double hyphen within comment" error + Fix call stack overflow in xmlFreePattern + Fix null deref in previous commit + Fix memory leaks in xmlXPathParseNameComplex error paths + Check for integer overflow in xmlXPtrEvalChildSeq + Fix xmllint dump of XPath namespace nodes + Fix float casts in xmlXPathSubstringFunction + Fix null deref in xmlregexp error path + Fix null pointer dereference in xmlTextReaderReadOuterXml + Fix memory leaks in xmlParseStartTag2 error paths + Fix memory leak in xmlSAX2StartElement + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" + Fix NULL pointer deref in xmlTextReaderValidateEntity + Memory leak in xmlFreeTextReader + Memory leak in xmlFreeID (xmlreader.c) * Improvements: + Propagate memory errors in valuePush + Propagate memory errors in xmlXPathCompExprAdd + Make xmlFreeDocElementContent non-recursive + Avoid ignored attribute warnings under GCC + Make xmlDumpElementContent non-recursive + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE + Mark xmlExp* symbols as removed + Make xmlParseConditionalSections non-recursive + Adjust expected error in Python tests + Make xmlTextReaderFreeNodeList non-recursive + Make xmlFreeNodeList non-recursive + Make xmlParseContent and xmlParseElement non-recursive + Remove executable bit from non-executable files + Fix expected output of test/schemas/any4 + Optimize build instructions in README + xml2-config.in: Output CFLAGS and LIBS on the same line + xml2-config: Add a --dynamic switch to print only shared libraries + Annotate functions with __attribute__((no_sanitize)) + Fix warnings when compiling without reader or push parser + Remove unused member `doc` in xmlSaveCtxt + Limit recursion depth in xmlXPathCompOpEvalPredicate + Remove -Wno-array-bounds + Remove unreachable code in xmlXPathCountFunction + Improve XPath predicate and filter evaluation + Limit recursion depth in xmlXPathOptimizeExpression + Disable hash randomization when fuzzing + Optional recursion limit when parsing XPath expressions + Optional recursion limit when evaluating XPath expressions + Use break statements in xmlXPathCompOpEval + Optional XPath operation limit + Fix compilation with --with-minimum + Check XPath stack after calling functions + Remove debug printf in xmlreader.c + Always define LIBXML_THREAD_ENABLED when enabled + Fix unused function warning in testapi.c + Remove unneeded function pointer casts + Fix -Wcast-function-type warnings (GCC 8) + Fix -Wformat-truncation warnings (GCC 8) * Cleanups: + Rebuild docs + Disable xmlExp regex code + Remove redundant code in xmlRelaxNGValidateState + Remove redundant code in xmlXPathCompRelationalExpr - Rebase patch fix-perl.diff ==== libxslt ==== Version update (1.1.33 -> 1.1.34) - Update to 1.1.34: Oct 30 2019 * Documentation: - Fix EXSLT web pages, Regenerate web pages - Fix Git link in news.html - Minor documentation fixes after recent changes - Regenerate symbols and API docs - Regenerate EXSLT website * Portability: - Remove stubs when compiling without debugger or profiler - configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries - configure.ac: Conditionally determine whether xml2-config should pass shared libraries or static libraries - xslt-config.in: Fix broken --prefix=DIR support - libexslt.pc.in: Do not expose private library dependencies unless invoked - libxslt.pc.in: Do not expose private library dependencies unless invoked - Fix -Wformat-overflow warning (GCC 9) - Stop including ansidecl.h - Remove WIN32_EXTRA_* variables - Build without winsock * Bug Fixes: - xsl:template without name and match attributes should not be allowed - Make sure that Python tests exit with error code - Improve handling of invalid UTF-8 in format-number - Fix dangling pointer in xsltCopyText - Fix memory leak in pattern compilation error path - Fix uninitialized read with UTF-8 grouping chars - Fix integer overflow in FORMAT_GYEAR - Fix performance regression with xsl:number - Backup XPath context node in xsltInitCtxtKey - Fix unsigned integer overflow in date.c - Fix insertion of xsl:fallback content - Avoid quadratic behavior in xsltSaveResultTo - Fix numbering in non-Latin scripts - Fix uninitialized read of xsl:number token - Fix integer overflow in _exsltDateDayInWeek - Rework xsltAttrVT allocation - Fix check of xsltTestCompMatch return value - Fix security framework bypass - Use xmlNewTextChild in EXSLT dyn:map - Fix float casts in exsltDateDuration - Always set context node before calling XPath iterators - Fix attribute precedence with xsl:use-attribute-sets - Backup context node in exsltFuncFunctionFunction - Initialize ctxt->output before evaluating global vars - Fix memory leak in EXSLT functions error path * Improvements: - Fix -Wimplicit-fallthrough warnings - Adjust number of API index pages - Make xsltCompileRelativePathPattern non-recursive - Check that crypto:rc4_decrypt produces valid UTF-8 - Avoid recursion in keys.c:skipPredicate - xslt-config.in: Simply handling of $all_flags - xslt-config.in: Add a --dynamic option to --libs - xslt-config.in: Simplify basic library handling - xslt-config.in: Remove unused variable - xslt-config: Simply handling of --cflags - Improve fuzzers - Always reuse XPath context - Compile with -Wextra - Make profiler support optional - Hide unused code when compiling without debugger - Reorganize fuzzing code - Optional operation limit - Improve seed corpus and dictionary - Reuse XPath context when compiling stylesheets - Reuse XPath context in dyn:map - Reuse XPath context in saxon:expression - Add libFuzzer targets - Adjust error message in expected test output - Change bug tracker URL - Change git repo URL - Regenerate NEWS - Fix misleading indentation in security.c * Cleanups: - Remove empty TODO file - Remove generated file libxsltclass.txt from version control - Rebuild docs - Rebase patch libxslt-config-fixes.patch - Remove patches fixed upstream: * libxslt-CVE-2019-11068.patch * libxslt-CVE-2019-13117.patch * libxslt-CVE-2019-13118.patch * libxslt-CVE-2019-18197.patch ==== libzypp ==== Version update (17.15.0 -> 17.17.0) - Introduce PurgeKernels class (bsc#1155198) Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules. - Add solver jobs for retracted packages and ptfs. Support for ptf packages and retract ed patches. - Do not enforce 'en' being in RequestedLocales (bsc#1155678) If the user decides to have a system without explicit language support he may do so. - Pass correct posttrans script argument (fixes #190) - BuildRequires: libsolv-devel >= 0.7.8. - version 17.17.0 (12) - Expose new libsolv API via C++ counterparts (openSUSE/zypper#214) - BuildRequires: libsolv-devel >= 0.7.7 - version 17.16.0 (12) ==== nano ==== Version update (4.5 -> 4.6) - update to 4.6: * re-introduce the formatter command (M-F) * ^T will try to run 'hunspell' before 'spell', because it checks spelling for the locale's language and understands UTF-8 * Multiple errors or warnings on startup will no longer slow nano down but will be indicated on the status bar with trailing dots ==== openssl ==== - Remove Obsoletes: pkgconfig(*): Only package names can be obsoleted. Until RPM 4.15, those lines were simply ineffective and being ignored, but with RPM 4.15 they result in an error. ==== perl ==== Subpackages: perl-base - Add perl-Adapt-Configure-to-GCC-version-10.patch in order to fix boo#1158254. ==== permissions ==== Version update (1550_20191118 -> 1550_20191205) Subpackages: chkstat permissions-config - Update to version 20191205: * fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690) - Update to version 20191122: * faxq-helper: correct "secure" permission for trusted group (bsc#1157498) ==== python-PyYAML ==== Version update (5.1.2 -> 5.2) - update to 5.2 * A more flexible fix for custom tag constructors * Change default loader for yaml.add_constructor * Change default loader for add_implicit_resolver, add_path_resolver * Move constructor for object/apply to UnsafeConstructor * Fix logic for quoting special characters ==== read-only-root-fs ==== Version update (1.0+git20191112.42add9e -> 1.0+git20191203.3f7cc07) - Update to version 1.0+git20191203.3f7cc07: * Workaround /var being RO during systemd-journal-flush (boo#1156421) ==== sssd ==== Version update (2.2.0 -> 2.2.2) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.2.2 * New options were added which allow sssd-kcm to handle bigger data. See manual pages for max_ccaches, max_uid_caches and max_ccache_size. * SSSD can now automatically refresh cached user data from subdomains in IPA/AD trust. * Fixed issue with SSSD hanging when connecting to non-responsive server with ldaps://. * SSSD is now restarted by systemd after crashes. ==== tallow ==== Version update (19+git20191104.5dfb982 -> 19+git20191106.4b071b0) - 0001-Add-extra-path-for-firewall-cmd.patch: firewall-cmd can be in a different path than ipset/iptables - Update to version 19+git20191106.4b071b0: * Need configure in this workflow. * Fix dependency. * Add github workflow integration. ==== transactional-update ==== Version update (2.17 -> 2.20) Subpackages: transactional-update-zypp-config - Update to version 2.20 - Add the option `--continue` to extend an existing snapshot. This can be used to perform multiple operations before rebooting into the new state. [gh#openSUSE/transactional-update#16] - Make sure the dracut service to print warnings on /etc overlay conflicts also runs in the pre-made images. - Add "none" reboot method - Remove conflicting overlay artifacts in case an existing overlay directory will be reused ==== vim ==== Version update (8.1.2233 -> 8.1.2383) Subpackages: vim-data-common - Updated to version 8.1.2383, fixes the following problems + refreshed patches: vim-7.3-help_tags.patch vim-7.3-name_vimrc.patch vim-8.1.0297-dump3.patch * Cannot get the Vim command line arguments. * get_short_pathname() fails depending on encoding. * "C" with 'virtualedit' set does not include multi-byte char. * Ml_get error if pattern matches beyond last line. * Mode() result after usign "r" depends on whether CURSOR_SHAPE is defined. (Christian Brabandt) * Error in docs tags goes unnoticed. * Popup window width changes when scrolling. * Match highlight does not combine with 'wincolor'. * Creating docs tags uses user preferences. (Tony Mechelynck) * 'wrapscan' is not used for "gn". * Third character of 'listchars' tab shows in wrong place when 'breakindent' is set. * Some tests are still in old style. * "make vimtags" does not work in runtime/doc. * CTRL-W dot does not work in a terminal when modifyOtherKeys is enabled. * "make vimtags" does not print any message. * CTRL-U and CTRL-D don't work in popup window. * ":term command" may not work without a shell. * Compiler warning for int size. * Using "which" to check for an executable is not reliable. * May get hit-enter prompt after entering a number. (Malcolm Rowe) * Running tests may leave XfakeHOME behind. * With modifyOtherKeys set 'noesckeys' doesn't work. (James McCoy) * Unpack assignment in function not recognized. * 'noesckeys' test fails in GUI. * There are two test files for :let. * When popup with "botleft" does not fit it flips incorrectly. * Position unknown for a mouse click in a popup window. * Compiler warning for uninitialized variable. (Tony Mechelynck) * Spell file flag zero is not recognized. * Tags file with very long line stops using binary search. * "gf" is not tested in Visual mode. * Build error if FEAT_TAG_BINS is not defined. (John Marriott) * Test may hang at more prompt. * Wrong default when "pos" is changed with popup_atcursor(). * Newlines in 'balloonexpr' result only work in the GUI. * Using "seesion" looks like a mistake. * Terminal window is not updated when info popup changes. * Using "cd" with "exe" may fail. * Computation of highlight attributes is too complicated. * Crash when passing partial to substitute(). * 'showbreak' cannot be set for one window. * Crash when passing many arguments through a partial. (Andy Massimino) * Missed on use of p_sbr. * Compiler warning for unused variable. (Tony Mechelynck) * Padding in structures wastes memory. * Using border highlight in popup window leaks memory. * Using EndOfBuffer highlight in popup does not look good. * Not using all space when popup with "topleft" flips to above. * After :diffsplit closing the window does not disable diff. * Autocommand test fails. * Memory leak when executing command in a terminal. * v:mouse_winid not set on click in popup window. * Join adds trailing space when second line is empty. (Brennan Vincent) * Cursor position wrong when characters are concealed and asearch causes a scroll. * If buffer of popup is in another window cursorline sign shows. * Text properties are not combined with syntax by default. * The ex_vimgrep() function is too long. * Missing part of 8.1.2296. * ConPTY in MS-Windows 1909 is still wrong. * Redraw breaks going through list of popup windows. * :lockmarks does not work for '[ and ']. * Cursor in wrong position after horizontal scroll. * Cannot get the mouse position when getting a mouse click. * No warning for wrong entry in translations. * Double and triple clicks are not tested. * Positioning popup doesn't work for buffer-local textprop. * Deleting text before zero-width textprop removes it. * Compiler warning for argument type. * No proper test for directory changes in quickfix. * Warning for missing function prototype. * "line:" field in tags file not used. * Debugging where a delay comes from is not easy. * vi' sometimes does not select anything. * Not always using the right window when jumping to an error. * FORTIFY_SOURCE can also be present in CPPFLAGS. * No test for spell affix file with flag on suffix. * Compiler warning for int size. * Insufficient test coverage for quickfix. * Cannot select all text with the mouse. (John Marriott) * Quickfix test fails in very big terminal. * Width of scrollbar in popup menu not taken into account. * Crash when using balloon with empty line. * Cannot parse a date/time string. * Cannot build with Hangul input. * A few hangul input pieces remain. * Mouse multiple click test is a bit flaky. * vi' does not always work when 'selection' is exclusive. * The option.c file is still very big. * Missing file in refactoring. * With modifyOtherKeys CTRL-^ doesn't work. * Possible NULL pointer dereference in popup_locate(). (Coverity) * Error message for function arguments may use NULL pointer. (Coverity) * When an expr mapping moves the cursor it is not restored. * Double-click time sometimes miscomputed. * Using Visual mark sith :s gives E20 if not set. * Insufficient testing for quickfix. * Quickfix test fails under valgrind and asan. * Not so easy to interrupt a script programatically. * Random number generator in Vim script is slow. * Using time() for srand() is not very random. * .cjs files are not recognized as Javascript. * CTRL-R CTRL-R doesn't work with modifyOtherKeys. * :const cannot be followed by "| endif". * :lockvar and :unlockvar cannot be followed by "| endif". * Other text for CTRL-V in Insert mode with modifyOtherKeys. * 'wincolor' not used for > for not fitting double width char. Also: popup drawn on right half of double width character looks wrong. * rand() does not use the best algorithm. * No test with wrong argument for rand(). * Cannot build without FEAT_FLOAT. (John Marriott) * Quickfix test coverage can still be improved. * Cannot place signs in a popup window. (Maxim Kim) * ml_get error when accessing Visual area in 'statusline'. * Missing tests for recent popupwin changes. * Using old C style comments. * Registers are not sufficiently tested. * Using old C style comments. * Cannot build with quickfix and without text properties. * Build problems on VMS. * FEAT_TEXT_PROP is a confusing name. * Cannot build with +popupwin but without +quickfix. (John Marriott) * Unused parts of libvterm are included. * No suffucient testing for registers. * Preprocessor indents are incorrect. * GUI: when losing focus a pending operator is executed. * Using old C style comments. * Not all register related code is covered by tests. ==== zypper ==== Version update (1.14.32 -> 1.14.33) Subpackages: zypper-needs-restarting - Introduce purge-kernels command (bsc#1155198) Adds a new zypper command to cleanup all obsolete kernels as configured by the user. - Request root privs for zypper addlocale and removelocale. - Load only target resolvables for removelocale. - Load only target resolvables for zypper rm (bsc#1157377) - Fix broken search by filelist (bsc#1135114 ) - zypper-log: Replace python by a bash script (fixes#304, fixes#306, bsc#1156158) - locales: do not sort out requested locales which are not available (bsc#1155678) - list_patches_by_issue: rewrite table output and add xml output (bsc#1154805) Prevent listing duplicate matches in tables. XML result is provided within the new element. - list-patches: XML add patch and (bsc#1154805) - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298) - Always execute commit when adding/removing locales (fixes bsc#1155205) - man page: fix description of --table-style,-s (bsc#1154804) - Provide reverse search in zypper (fixes #214) This patch adds a new set of switches to zypper to support searching reverse dependencies for a package or a set of packages. - BuildRequires: libzypp-devel >= 17.16.1. - version 1.14.33