Packages changed: aaa_base (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3) btrfsprogs (5.3.1 -> 5.4) dbus-1 (1.12.12 -> 1.12.16) expat (2.2.8 -> 2.2.9) gnutls (3.6.10 -> 3.6.11.1) iproute2 (5.3 -> 5.4) libxcrypt (4.4.3 -> 4.4.10) rebootmgr restorecond systemd === Details === ==== aaa_base ==== Version update (84.87+git20191120.98f1524 -> 84.87+git20191206.1cb88e3) - Update to version 84.87+git20191206.1cb88e3: * Add support for lesskey.bin in /usr/etc * Do last change also for tcsh * Not all XTerm based emulators do have an terminfo entry ==== btrfsprogs ==== Version update (5.3.1 -> 5.4) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.4 * support new hash algorithms (kernel 5.5): * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2 * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5) * check: * --repair delays start with a warning, can be skipped using --force * enhanced detetion of inode types from partial data, more options for repair * receive: fix quiet option * image: speed up chunk loading * fi usage: * sort devices by id * print ratio of used/total per block group type * rescue zero-log: reset the log pointers directly, avoid reading some other potentially damaged structures * new make target install-static to install only static binaries/libraries * other * docs updates * new tests * cleanups and refactoring ==== dbus-1 ==== Version update (1.12.12 -> 1.12.16) Subpackages: libdbus-1-3 - Verify signatures * dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian developer keyring. - Drop dbus_at_console.ck not needed - Clean up sources * Source2 dbus-1.desktop now Source4 * baselib.conf now source 3 - Update to 1.12.16 * CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of Apple Information Security. (bsc#1137832, dbus#269, Simon McVittie) - From 1.12.14 * Raise soft fd limit to match hard limit, even if unprivileged. This makes session buses with many clients, or with clients that make heavy use of fd-passing, less likely to suffer from fd exhaustion. (dbus!103, Simon McVittie) * If a privileged dbus-daemon has a hard fd limit greater than 64K, don't reduce it to 64K, ensuring that we can put back the original fd limits when carrying out traditional (non-systemd) activation. This fixes a regression with systemd >= 240 in which system services inherited dbus-daemon's hard and soft limit of 64K fds, instead of the intended soft limit of 1K and hard limit of 512K or 1M. (dbus!103, Debian#928877; Simon McVittie) * Fix build failures caused by an AX_CODE_COVERAGE API change in newer autoconf-archive versions (dbus#249, dbus!88; Simon McVittie) * Fix build failures with newer autoconf-archive versions that include AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie) * Parse section/group names in .service files according to the syntax from the Desktop Entry Specification, rejecting control characters and non-ASCII in section/group names (dbus#208, David King) * Fix various -Wlogical-op issues that cause build failure with newer gcc versions (dbus#225, dbus!109; David King) * Don't assume we can set permissions on a directory, for the benefit of MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie) * Don't overwrite PKG_CONFIG_PATH and related environment variables when the pkg-config-based version of DBus1Config is used in a CMake project (dbus#267, dbus!96; Clemens Lang) - Drop now upstream Patches * dbus-no-ax-check.patch * dbus-new-autoconf-archive.patch ==== expat ==== Version update (2.2.8 -> 2.2.9) - Version update to 2.2.9 * Other changes: - examples: Drop executable bits from elements.c [#349] Windows: Change the name of the Windows DLLs from expat*.dll to libexpat*.dll once more (regression from 2.2.8, first fixed in 1.95.3, issue #61 on SourceForge today, was issue #432456 back then); needs a fix due case-insensitive file systems on Windows and the fact that Perl's XML::Parser::Expat compiles into Expat.dll. [#347] Windows: Only define _CRT_RAND_S if not defined Version info bumped from 7:10:6 to 7:11:6 ==== gnutls ==== Version update (3.6.10 -> 3.6.11.1) - gnutls 3.6.11.1: * libgnutls: Corrected issue with TLS 1.2 session ticket handling as client during resumption * libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to the empty string. This is a behavioral change of the API but it conforms to the RFC4648 expectations * libgnutls: Fixed AES-CFB8 implementation, when input is shorter than the block size. Fix backported from nettle. * certtool: CRL distribution points will be set in CA certificates even when non self-signed * gnutls-cli/serv: added raw public-key handling capabilities (RFC7250). Key material can be set via the --rawpkkeyfile and - -rawpkfile flags. ==== iproute2 ==== Version update (5.3 -> 5.4) - Update to new upstream release 5.4 * devlink: increase number of supported options (32 -> 64) * devlink: add trap set and show commands * devlink: add trap group set and show commands * devlink: add reset_dev_on_drv_probe param * devlink: support unknown value for fw_load_policy * devlink: support flash status monitoring * devlink: add reload failed indication * ip: netns: support dump of nsid conversion table * ip: nexthop: support filtering by protocol for flush and list * rdma: driver QP type string * tc: introduce ct action * tc: support 64-bit rate and peakrate * tc: etf: support skip_sock_check * tc: flower: add matching on conntrack info * tc: taprio: support setting flags * tc: taprio: support setting txtime_delay * documentation improvements * json output improvements * drop outdated example scripts and README files - drop (patched script dropped) examples-fix-bashisms-in-example-script.patch - ss-fix-end-of-line-printing-in-misc-ss.c.patch: fix missing end of line at the end of ss output ==== libxcrypt ==== Version update (4.4.3 -> 4.4.10) - Update to version 4.4.10 * Fix alignment problem for GOST 34.11 (Streebog) in gost-yestcrypt. * The crypt_* functions will now all fail and set errno to ERANGE if their 'phrase' argument is longer than CRYPT_MAX_PASSPHRASE_SIZE characters (this is currently 512) * The NT hashing method no longer truncates passphrases at 128 characters; Windows does not do this. - format-overflow.patch: remove ==== rebootmgr ==== - Fix %posttrans script returning an error code ==== restorecond ==== - Use %make_build and respect %optflags. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit dbb1d4734daffa62e0eddecfa4f784c84a9d8e76 1439d72a72 udevd: don't use monitor after manager_exit() 99288dd778 Revert "udevd: fix crash when workers time out after exit is signal caught" 152577d6d0 udevd: fix crash when workers time out after exit is signal caught f854991504 udevd: wait for workers to finish when exiting (bsc#1106383) Changes from the v243-stable (84 commits): e51d9bf9e5 man: add entry about SpeedMeter= aa1fc791c7 udev: silence warning about PROGRAM+= or IMPORT+= rules b9a619bb67 udevadm: ignore EROFS and return earlier 1ec5b9f80c basic: add vmware hypervisor detection from device-tree 7fa7080248 umount: be happy if /proc/swaps doesn't exist [...] 47d0e23d26 udev: fix memleak caused by wrong cleanup function a6fb0542c5 parse_hwdb: fix compatibility with pyparsing 2.4.* cb1d892f17 parse_hwdb: process files in order