Packages changed: elfutils haproxy (2.0.7+git0.1909aa1e -> 2.0.9+git6.26b7b800) installation-images-MicroOS (14.443 -> 14.447) ncurses open-lldp (1.0.1+56.cb81e95 -> 1.0.1+102.4c7fcc3) openssl (1.1.1c -> 1.1.1d) openssl-1_1 (1.1.1c -> 1.1.1d) ucode-intel (20191112 -> 20191115) yast2 (4.2.30 -> 4.2.34) === Details === ==== elfutils ==== Subpackages: libasm1 libdw1 libebl-plugins libelf1 - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead - dwelf_elf_e_machine_string.patch: Avoid spurious failure ==== haproxy ==== Version update (2.0.7+git0.1909aa1e -> 2.0.9+git6.26b7b800) - Update to version 2.0.9+git6.26b7b800: * BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 * BUG/MINOR: peers: Wrong null "server_name" data field handling. * MINOR: peers: Add debugging information to "show peers". * MINOR: peers: Add TX/RX heartbeat counters. * MINOR: peers: Alway show the table info for disconnected peers. - Update to version 2.0.9+git1.caf02113: * BUG/MINOR: init: fix set-dumpable when using uid/gid - Update to version 2.0.9+git0.efac87ee: * [RELEASE] Released version 2.0.9 * BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe * BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams * BUG/MINOR: log: limit the size of the startup-logs * BUILD: contrib/da: remove an "unused" warning * MINOR: memory: also poison the area on freeing * CLEANUP: session: slightly simplify idle connection cleanup logic * BUG/MEDIUM: Make sure we leave the session list in session_free(). * BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition * BUG/MINOR: queue/threads: make the queue unlinking atomic * DOC: management: fix typo on "cache_lookups" stats output * DOC: management: document cache_hits and cache_lookups in the CSV format * DOC: management: document reuse and connect counters in the CSV format * BUG: dns: timeout resolve not applied for valid resolutions * BUG/MINOR: action: do-resolve now use cached response * BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams * MINOR: doc: http-reuse connection pool fix * BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it * BUG/MEDIUM: mux-h1: Disable splicing for chunked messages * BUG/MEDIUM: mux-h2: immediately report connection errors on streams * BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list * BUG/MEDIUM: mux-h2: report no available stream on a connection having errors * BUG/MINOR: config: Update cookie domain warn to RFC6265 * BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready. * BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready. * MINOR: mux: Add a new method to get informations about a mux. * BUG/MINOR: spoe: fix off-by-one length in UUID format string * BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached * BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent * BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed * MINOR: tcp: avoid confusion in time parsing init * BUG/MINOR: mux-h2: do not emit logs on backend connections * MINOR: config: warn on presence of "\n" in header values/replacements - Update to version 2.0.8+git0.60e6020c: * [RELEASE] Released version 2.0.8 * BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless * BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion * BUG/MINOR: ssl: fix memcpy overlap without consequences. * BUG/MEDIUM: http: unbreak redirects in legacy mode * BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire * BUG/MINOR: sample: Make the `field` converter compatible with `-m found` * BUG/MINOR: cache: alloc shctx after check config * BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr * BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed * BUG/MINOR: mworker/cli: reload fail with inherited FD * BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 * CLEANUP: bind: handle warning label on bind keywords parsing. * CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn * CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn * CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes * REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI * BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive. * BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached. * Revert e8826ded5fea3593d89da2be5c2d81c522070995. * BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads * BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing. * BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers * BUG/MINOR: mworker/ssl: close openssl FDs unconditionally * BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive * MINOR: version: make the version strings variables, not constants * BUG/MINOR: WURFL: fix send_log() function arguments * BUG/MINOR: mux-h1: Capture ignored parsing errors * BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted * BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data * BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1 * BUILD: ssl: wrong #ifdef for SSL engines code * BUG/MINOR: ssl: abort on sni_keytypes allocation failure * BUG/MINOR: ssl: free the sni_keytype nodes * BUG/MINOR: ssl: abort on sni allocation failure * BUG/MEDIUM: applet: always check a fast running applet's activity before killing * MINOR: stats: mention in the help message support for "json" and "typed" * DOC: fix typo in Prometheus exporter doc * DOC: clarify some points around http-send-name-header's behavior * BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri * BUG/MINOR: peers: crash on reload without local peer. * BUG/MEDIUM: mux-h2: do not enforce timeout on long connections * BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const * MINOR: mux-h2: add a per-connection list of blocked streams * BUG/MINOR: action: do-resolve does not yield on requests with body * BUG/MEDIUM: lua: Store stick tables into the sample's `t` field * BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) * BUG/MINOR: stats: Add a missing break in a switch statement ==== installation-images-MicroOS ==== Version update (14.443 -> 14.447) - merge gh#openSUSE/installation-images#343 - Revert "Include KacstOne font for Persian (boo#1092920)" - Use Noto Naskh Arabic instead of KacstBook (boo#1092920) - another attempt to fix fonts - 14.447 - merge gh#openSUSE/installation-images#344 - Added linuxrc reboot_timeout option (bsc1122493) - 14.446 - merge gh#openSUSE/installation-images#342 - Include KacstOne font for Persian (boo#1092920) - 14.445 ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Do not add has size to linker flags of any pkg-config - Add ncurses patch 20191109 + add warning-check in tic for terminals with parm_dch vs parm_ich. + drop ich1 from rxvt-basic, Eterm and mlterm to improve compatibility with old non-curses programs -TD + reviewed st 0.8.2, updated some details -TD + use ansi+rep several places -TD + corrected tic's check for ich1 (report by Sebastian J. Bronner, cf: 20020901). - Add ncurses patch 20191102 + check parameter of set_escdelay, return ERR if negative. + check parameter of set_tabsize, return ERR if not greater than zero (report/patch by Anthony Sottile). + revise CF_ADD_LIBS macro to prepend rather than append libraries. + add "xterm-mono" to help packagers (report by Sven Joachim) -TD ==== open-lldp ==== Version update (1.0.1+56.cb81e95 -> 1.0.1+102.4c7fcc3) Subpackages: liblldp_clif1 - Update to version v1.0.1+102.4c7fcc3: * l2_packet: Guard ETH_P_LLDP define * lldp_mand: retrieve permanent mac address in get_mac() * lldp_util: use netlink to fetch mac address * lldp_util: drop get_macstr() * linux/if_link.h: Update and add bonding netlink definitions - Update to version v1.0.1+95.3168e11: * Test with newer GCC 8 and 9 versions * RPM build is broken, so skip * Place the tarball in the right place * A tarball needs to be built after bootstrap.sh for use with RPM * Added missing steps for building an RPM * Finish off with testing building the RPM * Test package installation as well * Test under multiple GCC releases * Drop requirement for Travis CI testing with Clang * Support checking build with Travis CI * vdp-netlink: account for sizes properly * qbg: avoid warning for extra parens * qbg: port name is always a valid pointer * dcbx-nl: drop run_cmd * ecp: allow for failure to create * lldp_util: allow for null ifa_addr element * lldpad: Do not enable port if already enabled * Silent -Werror=address-of-packed-member warnings. * Come up with STRNCPY_TERMINATED (#25). * vdptool: fixed compile error for getline() * Fix #23 by off by one strncpy value. * 8021qaz: Block lldptool set operations if read only mode is on * 8021qaz: Add read only option for 8021qaz module * lldp: Allow lldptool to modify optional TLV's content * 8021qaz: Print dscp2prio map * autoconf: Add systemd support in configure.ac * rpm-spec: Add vdp22 man files to lldpad.spec.in ==== openssl ==== Version update (1.1.1c -> 1.1.1d) - Update to 1.1.1d release ==== openssl-1_1 ==== Version update (1.1.1c -> 1.1.1d) Subpackages: libopenssl1_1 - Merged upstream changes to allow NULL salt values in EVP_PBE_scrypt(). * Revealed by nodejs12 during bsc#1149572. * Modified openssl-jsc-SLE-8789-backport_KDF.patch - openssl-jsc-SLE-8789-backport_KDF.patch: retain old behaviour of EVP_PBE_scrypt. When key output buffer is not provided, only check if the input parameters are in valid range and ignore passphrase/salt fields as they are only used in the actual calculation. - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch - To avoid seperate certification of openssh server / client move the SSH KDF (Key Derivation Function) into openssl. * jsc#SLE-8789 * Sourced from commit 8d76481b189b7195ef932e0fb8f0e23ab0120771#diff-a9562bc75317360a2e6b8b0748956e34 in openssl master (introduce the SSH KDF) and commit 5a285addbf39f91d567f95f04b2b41764127950d in openssl master (backport EVP/KDF API framework) * added openssl-jsc-SLE-8789-backport_KDF.patch ==== ucode-intel ==== Version update (20191112 -> 20191115) - Updated to 20191115 release (bsc#1157004) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- updated platforms ------------------------------------ - SKL-U/Y D0 6-4e-3/c0 000000d4->000000d6 Core Gen6 Mobile - SKL-U23e K1 6-4e-3/c0 000000d4->000000d6 Core Gen6 Mobile - SKL-H/S/E3 N0/R0/S0 6-5e-3/36 000000d4->000000d6 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000c6->000000ca Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000c6->000000ca Core Gen7 Mobile - KBL-U23e J1 6-8e-9/c0 000000c6->000000ca Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000c6->000000ca Core Gen8 Mobile - KBL-R U Y0 6-8e-a/c0 000000c6->000000ca Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000c6->000000ca Core Gen8 Mobile - AML-Y42 V0 6-8e-c/94 000000c6->000000ca Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000c6->000000ca Core Gen8 Mobile - CML-U42 V0 6-8e-c/94 000000c6->000000ca Core Gen10 Mobile - KBL-G/H/S/X/E3 B0 6-9e-9/2a 000000c6->000000ca Core Gen7 Desktop, Mobile, Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000c6->000000ca Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000c6->000000ca Core Gen8 - CFL-S P0 6-9e-c/22 000000c6->000000ca Core Gen9 Desktop - CFL-H/S/E3 R0 6-9e-d/22 000000c6->000000ca Core Gen9 Desktop, Mobile, Xeon E - CML-U62 A0 6-a6-0/80 000000c6->000000ca Core Gen10 Mobile - Updated to 20191113 release - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- updated platforms ------------------------------------ - CFL-S P0 6-9e-c/22 000000a2->000000c6 Core Gen9 Desktop ==== yast2 ==== Version update (4.2.30 -> 4.2.34) - Fix crash in upgrade caused by wrong parameter to snapper (bsc#1156819) - 4.2.34 - Use new snapper machine-readable output to retrieve snapshots information (related to bsc#1149322). - 4.2.33 - Add linuxrc option "reboot_timeout" to configure the timeout before reboot (bsc#1122493) - 4.2.32 - Network: During an installation, check which backend is in use when Systemd is running. (bsc#1151291) - 4.2.31