Packages changed: Mesa (20.0.1 -> 20.0.2) Mesa-drivers (20.0.1 -> 20.0.2) bluez (5.52 -> 5.54) conmon (2.0.12 -> 2.0.14) coreutils (8.31 -> 8.32) fwupd (1.3.6 -> 1.3.9) gdbm grub2 installation-images-MicroOS (14.462 -> 14.463) ldb (2.0.8 -> 2.1.1) libinput (1.15.3 -> 1.15.4) nano (4.8 -> 4.9) python3 python3-base samba (4.11.6+git.120.e474a78db08 -> 4.12.0+git.132.199dc21ab22) sssd (2.2.2 -> 2.2.3) sysfsutils talloc (2.3.0 -> 2.3.1) tdb (1.4.2 -> 1.4.3) tevent (0.10.1 -> 0.10.2) toolbox (1.0+git20200217.cd18bfb -> 1.0+git20200324.dd047bc) xinit === Details === ==== Mesa ==== Version update (20.0.1 -> 20.0.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to Mesa 20.0.2 * bugfix release: fixes all over the code base ==== Mesa-drivers ==== Version update (20.0.1 -> 20.0.2) Subpackages: Mesa-dri Mesa-gallium - update to Mesa 20.0.2 * bugfix release: fixes all over the code base ==== bluez ==== Version update (5.52 -> 5.54) Subpackages: libbluetooth3 - update to bluez-5.54: * Fix issue with HOGP to accept data only from bonded devices. * Fix issue with A2DP sessions being connected at the same time. * Fix issue with class UUID matches before connecting profile. * Add support for handling MTU auto-tuning option for AVDTP. * Add support for new policy for Just-Works repairing. * Add support for Enhanced ATT bearer (EATT). - bluez-5.53: * Fix issue with handling unregistration for advertisment. * Fix issue with A2DP and handling recovering process. * Fix issue with udpating input device information. * Add support for loading blocked keys. - remove obsolete upstreamed patches: * HOGP-must-only-accept-data-from-bonded-devices.patch * HID-accepts-bonded-device-connections-only.patch - refresh other patches - Add HOGP-must-only-accept-data-from-bonded-devices.patch HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.(bsc#1166751)(CVE-2020-0556) HID-accepts-bonded-device-connections-only.patch This change adds a configuration for platforms to choose a more secure posture for the HID profile.(bsc#1166751)(CVE-2020-0556) input-hog-Attempt-to-set-security-level-if-not-bonde.patch Attempt to set security level if not bonded. (bsc#1166751)(CVE-2020-0556) input-Add-LEAutoSecurity-setting-to-input.conf.patch Add LEAutoSecurity setting to input.conf. (bsc#1166751)(CVE-2020-0556) ==== conmon ==== Version update (2.0.12 -> 2.0.14) - Update to v2.0.14 - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe ==== coreutils ==== Version update (8.31 -> 8.32) - Update to 8.32: * Noteworthy changes in release 8.32 (2020-03-05) [stable] * * Bug fixes cp now copies /dev/fd/N correctly on platforms like Solaris where it is a character-special file whose minor device number is N. [bug introduced in fileutils-4.1.6] dd conv=fdatasync no longer reports a "Bad file descriptor" error when fdatasync is interrupted, and dd now retries interrupted calls to close, fdatasync, fstat and fsync instead of incorrectly reporting an "Interrupted system call" error. [bugs introduced in coreutils-6.0] df now correctly parses the /proc/self/mountinfo file for unusual entries like ones with '\r' in a field value ("mount -t tmpfs tmpfs /foo$'\r'bar"), when the source field is empty ('mount -t tmpfs "" /mnt'), and when the filesystem type contains characters like a blank which need escaping. [bugs introduced in coreutils-8.24 with the introduction of reading the /proc/self/mountinfo file] factor again outputs immediately when stdout is a tty but stdin is not. [bug introduced in coreutils-8.24] ln works again on old systems without O_DIRECTORY support (like Solaris 10), and on systems where symlink ("x", ".") fails with errno == EINVAL (like Solaris 10 and Solaris 11). [bug introduced in coreutils-8.31] rmdir --ignore-fail-on-non-empty now works correctly for directories that fail to be removed due to permission issues. Previously the exit status was reversed, failing for non empty and succeeding for empty directories. [bug introduced in coreutils-6.11] 'shuf -r -n 0 file' no longer mistakenly reads from standard input. [bug introduced with the --repeat feature in coreutils-8.22] split no longer reports a "output file suffixes exhausted" error when the specified number of files is evenly divisible by 10, 16, 26, for --numeric, --hex, or default alphabetic suffixes respectively. [bug introduced in coreutils-8.24] seq no longer prints an extra line under certain circumstances (such as 'seq -f "%g " 1000000 1000000'). [bug introduced in coreutils-6.10] * * Changes in behavior Several programs now check that numbers end properly. For example, 'du -d 1x' now reports an error instead of silently ignoring the 'x'. Affected programs and options include du -d, expr's numeric operands on non-GMP builds, install -g and -o, ls's TABSIZE environment variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size and --parallel. date now parses military time zones in accordance with common usage: "A" to "M" are equivalent to UTC+1 to UTC+12 "N" to "Y" are equivalent to UTC-1 to UTC-12 "Z" is "zulu" time (UTC). For example, 'date -d "09:00B" is now equivalent to 9am in UTC+2 time zone. Previously, military time zones were parsed according to the obsolete rfc822, with their value negated (e.g., "B" was equivalent to UTC-2). [The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating coreutils package.] ls issues an error message on a removed directory, on GNU/Linux systems. Previously no error and no entries were output, and so indistinguishable from an empty directory, with default ls options. uniq no longer uses strcoll() to determine string equivalence, and so will operate more efficiently and consistently. * * New Features ls now supports the --time=birth option to display and sort by file creation time, where available. od --skip-bytes now can use lseek even if the input is not a regular file, greatly improving performance in some cases. stat(1) supports a new --cached= option, used on systems with statx(2) to control cache coherency of file system attributes, useful on network file systems. * * Improvements stat and ls now use the statx() system call where available, which can operate more efficiently by only retrieving requested attributes. stat and tail now know about the "binderfs", "dma-buf-fs", "erofs", "ppc-cmm-fs", and "z3fold" file systems. stat -f -c%T now reports the file system type, and tail -f uses inotify. * * Build-related gzip-compressed tarballs are distributed once again - Refresh patches: * coreutils-disable_tests.patch * coreutils-getaddrinfo.patch * coreutils-i18n.patch * coreutils-invalid-ids.patch * coreutils-remove_hostname_documentation.patch * coreutils-remove_kill_documentation.patch * coreutils-skip-gnulib-test-tls.patch * coreutils-tests-shorten-extreme-factor-tests.patch - coreutils-i18n.patch: * uniq: remove collation handling as required by newer POSIX; see - https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8e81d44b5 - https://www.austingroupbugs.net/view.php?id=963 - coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch: * Add patch for 'ls' to restore 8.31 behavior on removed directories. - coreutils.spec: * Version: bump version. * %check: re-enable regular 'make check' for non-multibuild package. * reference the above new patch. - coreutils.keyring: * Update from upstream (Savannah). ==== fwupd ==== Version update (1.3.6 -> 1.3.9) Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Update to version 1.3.9: * Release fwupd 1.3.9 * Always check for PLAIN when doing vercmp() operations * improved fish shell completion * vli: Set the MSP430 version format to pair * added completion script for fish shell * Always return AppStream markup for remote agreements * Do not fail loading in /etc/machine-id is not available * fu-engine: Fixup broken-ness from 0c0fada18fc9cb2a0efec351db67f0867bf045cd * Use xb_builder_source_add_simple_adapter * fu-tool: Correctly append the release to devices in `get-details` * For the `get-details` command make sure to always show devices * fu-engine: Copy the version and format from donor device in get-details * fu-engine: Use unknown for version format by default on get-details * Inihbit all power management actions using logind when updating * fu-device-list: Check protocol before de-duping devices * ata: Switch off the verbose logging by default * Discard the reason upgrades aren't available (Fixes: #1678) * Improve the description of `fwupdtpmevlog` for man page * Move `fwupdtpmevlog` into `bindir` * uefi: Move `fwupdate` into `bindir` * Move `fwupdtool` and `fwupdagent` into `bindir` * ci: use standalone script to generate build dependencies * Move the daemons from /usr/lib/fwupd to /usr/libexec/fwupd * Use the recently released flashrom v1.2 * uefi: Apply capsule update even with single valid capsule * Fix a critical warning when installing some firmware * ebitdo: Fix the endpoint address logged in the error message * fu-util: fix a logic error in report uploading introduced in e076d48afb74d1447936d353f12781755f13b047 * uefi: Find the correct lds and crt name when specifying -Defi_ldsdir * upower: Move battery threshold declaration into a configuration file * upower: Decrease minimum battery requirement to 10% - Update to version 1.3.8: * Release fwupd 1.3.8 * Do not use fu_common_vercmp() when the device verfmt is PLAIN * altos: Output raw buffer data when using FWUPD_ALTOS_VERBOSE * altos: Prefix an error to provide more context * altos: Add a trivial _to_string() implementation * synaptics-cxaudio: Make the verfmt match that of the existing Windows tools * synaptics-mst: Allow MST to fall back if no PCI device is marked as parent * Allow specifying a list of subsystems when setting a physical ID * synaptics-mst: Fix trivial thinko caused by the wrong dock connected * vli: Invert the logic to reboot the parent FuCliUsbhubDevice, not the child * vli: Switch around the hub tier values * uefi: Fix a build regression with Fedora 30 * logitech_hidpp: Ignore detach failures (Fixes: #1183) * logitech_hidpp: When detaching to bootloader use non-blocking IO and wait for timeout * vli: Show erase progress when doing a v2 recovery * uefi: Do not remove the 'Linux Firmware Updater' boot entry before update * uefi: Do not rewrite BootOrder in the EFI helper * vli: Add support for the PS186 device * Set up more parent devices for various Lenovo USB hubs * cxaudio: Set the update protocol to prevent a daemon warning * vli: Add support for Lenovo Modularized dock * Add an extra instance ID to disambiguate USB hubs * vli: Remove the unused tierX custom flags for each device * Revert "Correctly delete UEFI variables" * uefi: make debugging output more readable * vli: Fix a potential buffer-overflow when parsing firmware * tpm: Optimize the string parsing and fix the boolean logic * synaptics-rmi: Add a missing error enum value * synaptics-rmi: Correctly identify a checksum failure * synaptics-rmi: Fix Coverity issue that is impossible to hit in reality * solokeys: Parse old versions of the bootloader string * Add a plugin to update PD controllers by Fresco Logic * vli: Set the device progress correctly when erasing a PD device * vli: Use the correct command to get the device firmware version * vli: Correctly reset all VL100 devices * vli: Set all standalone PD devices to not do SPI auto-detection * vli: Mark standalone PD devices as updatable * vli: Set the protocol for FuVliUsbhubPdDevice types * Support the new gnuefi file locations * Cleanup ancient fwupdate-* EFI variables too (Fixes: #1739) * Detect kernel lockdown status * vli: Add the DEV instance ID to all devices * tpm-eventlog: Replay the TPM event log to get the PCRx values * tpm-eventlog: Store the eventlog hashes in binary form - Update to version 1.3.7: * Release fwupd 1.3.7 * Correctly delete UEFI variables * ci: allow working with podman w/o aliases * ci: fedora: force correct rpm package version * src: fu-engine: check version was updated by checking version * Correctly import PKCS-7 remote metadata * Add 'refresh' to fwupdtool * Add 'get-remotes' to fwupdtool * Generate a win32 setup binary * Fix display of UTF-8 characters on Windows * Move MOTD population into the daemon * fu-util: Discourage metadata refreshes more than once per day * Disable the battery percentage checks if UPower is unavailable * Allow getting the list of updates in JSON format from fwupdagent * Revert "trivial: Attempt to fix Debian CI" * fu-remote-list: emit a changed signal when modifying a remote * synaptics-mst: Skip self tests for systems with amdgpu * Allow applying all releases to get to a target version * Split up fu_engine_install() into two halves * logitech_hidpp: use the correct timeout for IO channel writes * Allow quirking devices that always require a version check * Shut down automatically when there is system memory pressure * Show the device parent if there is an interesting child * Allow the client to get the list of FwupdDevice children * Set the FwupdDevice parents in fwupdtool * Don't always get the vendor ID for udev devices using the parent * Add a runtime warning when adding a device without an vendor-id or protocol set * vli: Set more of the firmware max sizes automatically * vli: Add a SpiAutoDetect quirk for some of the PD devices * vli: Use a different protocol ID for i2c devices * vli: Add support for standalone Single PD devices * vli: Move generic SPI functionality into the FuVliDevice base class * vli: Remove the PD emulation code * vli: Use a more standard GUID for the child i²c and shared SPI devices * vli: Allow setting the device kind from a quirk * vli: Make more function names match the docs * vli: Move the SPI command quirking from FuVliUsbhubDevice down to FuVliDevice * vli: Rename FuVliUsbhubPdFirmware to FuVliPdFirmware * vli: Allow the device to specify the PD firmware header offset * vli: Add a FuVliDevice as a subclass to FuVliUsbhubDevice * vli: Define the device GType in the quirk file * vli: Move the CRC calculations out of usbhub scope * vli: Have one 'DeviceKind' for all objects * vli: Rename the `vli_usbhub` plugin to `vli` * Capitalize GNOME - package has grown a few new binaries: fwupdagent, fwupdate, fwupdtool and a tpm event debugging tool, that is packaged separately: fwupdtpmevlog ==== gdbm ==== Subpackages: libgdbm6 libgdbm_compat4 - No longer recommend -lang: supplements are in use. Also add a explicit %%{name] = %%{version} Provides to aid supplements to do the right thing. We will lose the lang package Recommends for the compat package, but normally nobody will have only the compat package installed without the current package. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Backport to support searching for specific config files for netboot (bsc#1166409) * 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch * 0002-kern-Add-X-option-to-printf-functions.patch * 0003-normal-main-Search-for-specific-config-files-for-net.patch * 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch - move *.module files to separate -debug subpackage (boo#1166578) ==== installation-images-MicroOS ==== Version update (14.462 -> 14.463) - merge gh#openSUSE/installation-images#367 - samba-libs needs libgnutls now - 14.463 ==== ldb ==== Version update (2.0.8 -> 2.1.1) - Release ldb 2.1.1 + Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270). ==== libinput ==== Version update (1.15.3 -> 1.15.4) - Update to release 1.15.4 * record: fix dmi recording ==== nano ==== Version update (4.8 -> 4.9) - GNU Nano 4.9: * When justifying a selection, the new paragraph and the succeeding one get the appropriate first-line indent * Trying to justify an empty selection does not crash * Redoing the insertion of an empty file does not crash * DOS line endings in nanorc files are accepted * Option --suspend / 'set suspend' has been renamed to the more logical --suspendable / 'set suspendable' ==== python3 ==== - Update list of skipped tests for qemu linux-user build, test_setegid (test.test_os.PosixUidGidTests) is confusing it ==== python3-base ==== Subpackages: libpython3_8-1_0 - Update list of skipped tests for qemu linux-user build, test_setegid (test.test_os.PosixUidGidTests) is confusing it ==== samba ==== Version update (4.11.6+git.120.e474a78db08 -> 4.12.0+git.132.199dc21ab22) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - ndrdump tests: Make the tests less fragile - python/samba/gp_parse: Fix test errors with python3.8 - Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). - Update to samba 4.12.0 + For details on all items see WHATSNEW.txt in samba-doc package. + Samba 4.12 raises this minimum version to Python 3.5. + Samba now requires GnuTLS 3.4.7 to be installed. + New Spotlight backend for Elasticsearch. + Retiring DES encryption types in Kerberos. With this release, support for DES encryption types has been removed from Samba, and setting DES_ONLY flag for an account will cause Kerberos authentication to fail for that account (see RFC-6649). + Samba-DC: DES keys no longer saved in DB. + The netatalk VFS module has been removed. + The BIND9_FLATFILE DNS backend is deprecated in this release and will be removed in the future. + CTDB changes + The ctdb_mutex_fcntl_helper periodically re-checks the lock file. + Bugs + Retire DES encryption types in Kerberos; (bso#14202); bsc#(1165574). + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + s3: DFS: Don't allow link deletion on a read-only share; (bso#14269). + pidl/wscript: configure should insist on Parse::Yapp::Driver; (bso#14284). + smbd fails to handle EINTR from open(2) properly; (bso#14285). + ldb: version 2.1.1; (bso#14270)). + vfs: Set getting and setting of MS-DFS redirects on the filesystem to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and SMB_VFS_READ_DFS_PATHAT(); (bso#14282). + bootstrap: Remove un-used dependency python3-crypto; (bso#14255) + Fix CID 1458418 and 1458420; (bso#14247). + lib: Fix a shutdown crash with "clustering = yes"; (bso#14281). + Winbind member (source3) fails local SAM auth with empty domain name; (bso#14247). + winbindd: Handle missing idmap in getgrgid(); (bso#14265). + Don't use forward declaration for GnuTLS typedefs; (bso#14271). + Add io_uring vfs module; (bso#14280). + libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2; (bso#14250). + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239); + lib:util: Log mkdir error on correct debug levels; (bso#14253). ==== sssd ==== Version update (2.2.2 -> 2.2.3) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to 2.2.3 * New features: * allow_missing_name now treats empty strings the same as missing names. * "soft_ocsp" and "soft_crl" options have been added to make the checks for revoked certificates more flexible if the system is offline. * Smart card authentication in polkit is now allowed by default. * Fixes: * Handling of FreeIPA users and groups containing ?@? sign now works. * SSSD was unable to hande ldap_uri containing URIs with different port numbers, which has been rectified. - Add 0001-Fix-build-failure-against-samba-4.12.0rc1.patch ==== sysfsutils ==== - Update sysfsutils-fix-compiler-issues.patch in order to fix boo#1166612. ==== talloc ==== Version update (2.3.0 -> 2.3.1) Subpackages: libtalloc2 python3-talloc - Upgrade to 2.3.1 + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). + lib/talloc: clang: Fix 'Value stored during its initialization is never read'. + Spelling fixes s/recieved/received/ + talloc: ASAN fix for test_magic_protection. + talloc: ASAN fix for test_rusty + talloc: ASAN fix for test_pool_nest + talloc: ASAN fix for test_talloc_free_in_destructor + talloc: ASAN fix for test_realloc_on_destructor_parent ==== tdb ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3 + Upgrade waf to version 2.0.18 to fix a cross-compilation issue; (bso#13846). + lib/tdb/docs/tracing.txt: typo fixes ==== tevent ==== Version update (0.10.1 -> 0.10.2) - Update to version 0.10.2 + Upgrade waf to version 2.0.18 to fix a cross-compilation issue; (bso#13846). ==== toolbox ==== Version update (1.0+git20200217.cd18bfb -> 1.0+git20200324.dd047bc) - Update to version 1.0+git20200324.dd047bc: * fix entering a toolbox if something changed in /dev since creation ==== xinit ==== - /etc/X11/xinit/xinitrc.common * prevent gnome-session from failing by setting XDG_SESSION_TYPE to 'x11' (boo#1163262)