Packages changed: avahi ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) drpm ell (0.36 -> 0.38) filesystem fwupd (1.5.3 -> 1.5.6) gnome-desktop (3.38.3 -> 3.38.4) gtk3 (3.24.24 -> 3.24.25) ipset (7.10 -> 7.11) kmod ldacBT libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libnettle (3.7 -> 3.7.1) libpcap (1.9.1 -> 1.10.0) libqt5-qtwebengine llvm11 mpg123 pam patterns-base pcre pipewire python-py (1.9.0 -> 1.10.0) supportutils systemd tar (1.33 -> 1.34) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim webkit2gtk3 xkeyboard-config (2.31 -> 2.32) xmlsec1 === Details === ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) Subpackages: dracut-ima - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== drpm ==== - skip valgrind checking on aarch64 (bsc#1182493) ==== ell ==== Version update (0.36 -> 0.38) - Update to release 0.38 : * Fix issue with DHCP v6 Rapid Commit option check. * Fix issue with handling RFC8018/RFC1423 padding. * Fix issue with D-Bus filter messages with no interfaces set. * Add support for PKCS#12 certification loading. ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== fwupd ==== Version update (1.5.3 -> 1.5.6) Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Update to 1.5.6: New features: * Add SBAT metadata to the fwupd EFI binary * Add support for GD32VF103 as found in the Longan Nano * Add support for RMI PS2 devices * Add support for the System76 Keyboard * Allow downloading firmware from IPFS * Install the UX data into a single .tar.xz file * Add a plugin to update PixArt RF devices * Add new hardware to use the elantp and rts54hid plugins * Allow specifying more than one VendorID for a device * Detect the AMD TSME encryption state for HSI-4 * Detect the AMI PK test key is not installed for HSI-1 * Add Maple Ridge Thunderbolt firmware parsing support * Add --no-remote-check to ignore checking for download remotes * Allow creating FMAP and Synaptics firmware using builder.xml Fixes: * Add support for the Starlabs LabTop L4 * Allow using an external ESP again * Ask the user to reboot when required if downgrading * Be more paranoid when parsing ASCII buffers and devices * Check if the fwupd BootXXXX entry exists on failure * Clear the pending flag if restarting the system * Do not allow flashing using flashrom if BLE is enabled * Do not allow Lenovo hardware to install multiple capsules * Do not parse the OptionROM image * Do not show Unknown [***] for every client connection * Fix dnload wBlockNum wraparound for ST devices * Fix OOM when using large ArchiveSizeMax values * Fix several crashes spotted by AddressSanitizer * Fix several places where the Goodix MOC plugin could crash * Include the PCR0 to the report metadata * Report the lockdown status from UEFI and SuperIO plugins * Show a console warning if the system clock is not set * Fix flashing a fingerprint reader that is in use * Fix several critical warnings when parsing invalid firmware * Fix updating DFU devices that use DNLOAD_BUSY * Ignore the legacy UEFI OVMF dummy GUID * Make libfwupd more thread safe to fix a crash in gnome-software * Never show unprintable chars from invalid firmware in the logs * Allow using fwupdtool as non-root for firmware commands * Do not trust the Block.HintSystem boolean for ESP filtering * Fix a memory leak when parsing Synaptics firmware * Fix a possible crash when reading the Goodix MOC USB request * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images - Deprecate fwupd-bsc1179790-disable-hintsystem.patch ==== gnome-desktop ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.4: + Updated translations. ==== gtk3 ==== Version update (3.24.24 -> 3.24.25) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.25: + Settings: Make cursor aspect ratio setting work. + Broadway: - Fix touchscreen event handling. - Support Android / Chrome on-screen keyboard. + Wayland: - Avoid crashes with tablet input. - Add api to support clients with subsurfaces better. + Inspector: Make the inspector available in non-debug builds. + Theme: - Make scrollbars larger. - Disable shadows on maximized, fullscreen and tiled windows. + Printing: Support Avahi-discovered printers better. + Input: - Show preedit for compose sequences. - Support long compose sequences. - Support compose sequences producing multiple characters. + Updated translations. ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kmod ==== Subpackages: libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== ldacBT ==== - Exclude building in big-endian architectures (s390 s390x ppc64) since ldacBT requires a little-endian cpu to build. ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== libpcap ==== Version update (1.9.1 -> 1.10.0) - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) * Linux: with a timeout of zero, wait indefinitely * Linux: clean up support for some non-GNU libc C libraries * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP * Fix handling of some ioctls that fail with "permission denied" even when the ioctl isn't supported at all * Added support for ICMPv6 types 1-4 as tokens in filters * Report the DLT description in error messages * Linux: Add support for DSA data link types * Linux USB: use the snapshot length to set the buffer size, and set the len field to reflect the length in the URB * rpcapd: allow rpcapd to rebind more rapidly * Add Haiku pcap implementation * rpcap: redo protocol version negotiation to avoid problems with old servers (it still works with servers using the old negotiation, as well as servers not supporting negotiation) * Remove (unused) SITA support here. * Correctly handle pcapng captures with more than one IDB with a snspshot length greater than the supported maximum - Remove libpcap-no-old-socket.patch - Rebase libpcap-1.0.0-s390.patch ==== libqt5-qtwebengine ==== - Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch - Relax constraints for armv6 and armv7 ==== llvm11 ==== - Don't use gold and ThinLTO on ppc64le because of boo#1181621. - Fix-missing-include.patch: fix build with GCC 11. (boo#1181875) - CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch: Fix target component lookup. (boo#1180748) ==== mpg123 ==== - Avoid unconditional Supplements ==== pam ==== - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== - package testsuite in a separate RPM (boo#1182235) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - ldacBT only builds on little endian architectures, so we can't buildrequire it on big endian systems like s390, s390x or ppc64. ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== supportutils ==== - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 #90 + supportconfig: use readlink /proc//cwd to get cwd list instead of lsof #91 + supportconfig: sssd_info consistency #93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 - Additions to version 3.1.12 + Capture IBM Power bootlist (SLE-15557) + Fix spelling typos in man pages #78 + Collect multipath wwids file #77 + Removed unnecessary appname parameter from HTTP upload URL + added aa-status #74 - Additions to version 3.1.12 + [powerpc] Collect logs for power specific components #72 (bscn#1176895) + supportconfig: fs-btrfs: Add "btrfs device stats" output #73 - Additions to version 3.1.11 + Changes affecting supportconfig - disk_info: Show discard information in lsblk #70 - memory_info: Show VMware memory balloon infomation #71 - Addition to version 3.1.10 + Changes affecting analyzevmcore - Fixed typo in error message #67 + Changes affecting supportconfig - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Check btrfs balance status #69 - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) - Updated to version 3.1.1 + Fixed X missing /prob/fb error (bsc#1127069) + Fixed dasdview -f (bsc#1109664) + Clarified -t help description (bsc#1121043) + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) + Collects systemd journal with minimum install (bsc#1094225) + Supportconfig fails on bzip archives (bsc#1120049) + Get few drbd output & configuration #42 - Corrected missed SUSE separation lines - Fixed invalid exit code commands (bsc#1125666) - CVE-2018-19640: supportutils: Users can kill arbitrary processes (CVE-2018-19640 bsc#1118463) - User can overwrite arbitrary log files in support tar (CVE-2018-19638 bsc#1118460) - Code execution if run with -v (CVE-2018-19639 bsc#1118462) - Static temporary filename allows overwriting of files (CVE-2018-19637 bsc#1117776) - Included additional SUSE separation (bsc#1125609) - Merged added listing of locked packes by zypper #41 - Corrected spec file errors - Added firewall-cmd info - btrfs filesystem usage - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors - Added corosync status to ha_info - Clarified -x functionality in supportconfig(8) (bsc#1115245) - Dump find errors in ib_info - Exclude pam.txt per GDPR by default (bsc#1112461) - udev service and journal content (bsc#1051797) - supportconfig collects tuned profile settings (bsc#1071545) - sfdisk -d no disk device specified (bsc#1043311) - Added vulnerabilites check in basic-health.txt (bsc#1105849) - Added backup rpm database directory - Updated URLs in documentation - Added only sched_domain from cpu0 - Blacklist sched_domain from proc.txt (bsc#1046681) - Use %license instead of %doc [bsc#1082318] - Accounts for firewalld now (bsc#1079137) - Added dmesg taint seach - Removed mii-tool from networking - Updated HA to use chrony - Added kdumptool calibrate to crash.txt - Removed SLES_VER case for sles8,9 and 10 - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service - Fixed no disk device with sfdisk (bsc#1078638) - Removed OPTION_SAM from man pages and resource file - Validated missing commands - Updated apparmor with systemctl service - Replaced deprecated networking commands (bsc#1078318) - Removed sam_info since suse_sam is no longer available - Assigned SLE15 to SLES_VER selections (bsc#1078168) - Includes X without display issue (bsc#1077813) - Fixes for Infiniband (bsc#1071294) - Using chrony for NTP (bsc#1077818) - Added os-release processing (bsc#1077758) - Removed invalid string tty string (bsc#1077681) - Added SLE15 taint values (bsc#1077683) - Added transactional update with OPTION_TRANSACTIONAL=1 - Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL - Fixed docker package detection (bsc#1069457) - Replaced route with ip route (bsc#1070379) - Added systemd-delta to systemd.txt (bsc#1071924) - Changed repos -u to repos -d (bsc#1071926) - Added rdma-core for infiniband (bsc#1071294) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: vim-data-common vim-small - source correct suse.vimrc file (boo#1182324) ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update _constraints for armv6/armv7 ==== xkeyboard-config ==== Version update (2.31 -> 2.32) - Update to version 2.32 * latest bugfix release ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Relax the crypto policies for the test-suite. This allows the tests using certificates with small key lengths to pass.