Packages changed: c-ares (1.15.0~20191108 -> 1.15.0+20191108) conmon (2.0.2 -> 2.0.3) curl kdump kernel-firmware (20191023 -> 20191108) libselinux libselinux-bindings libssh (0.9.0 -> 0.9.2) openssh patterns-microos read-only-root-fs (1.0+git20190607.11f8587 -> 1.0+git20191112.42add9e) rpm-config-SUSE (0.g44 -> 0.g45) systemd ucode-intel (20190918 -> 20191112) xen (4.13.0_01 -> 4.13.0_02) === Details === ==== c-ares ==== Version update (1.15.0~20191108 -> 1.15.0+20191108) - Fix version number of the snapshot to not be downgrade: bsc#1156601 ==== conmon ==== Version update (2.0.2 -> 2.0.3) - Add log level trace - Separate handling of log reopen events and terminal resize events ==== curl ==== Subpackages: libcurl4 - Fix segfault in zypper ref: [bsc#1156481] * remove_handle: clear expire timers after multi_done() * Add patch curl-expire-clear.patch ==== kdump ==== - add kdump-savedump-search-also-for-vmlinux.xz.patch (bnc#1155921) ==== kernel-firmware ==== Version update (20191023 -> 20191108) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20191108 (git commit f1100ddf581f): * i915: Add HuC firmware v7.0.3 for TGL * i915: Add GuC firmware v35.2.0 for TGL * i915: Add HuC firmware v9.0.0 for EHL * i915: Add GuC firmware v33.0.4 for EHL * rtw88: RTL8723D: add firmware file v48 * qed: Add firmware 8.40.33.0 * amdgpu: add new navi14 wks gfx firmware for 19.30 * amdgpu: update navi14 firmware for 19.30 * amdgpu: update raven firmware for 19.30 * linux-firmware: Add firmware file for Intel Bluetooth AX201 ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Added Use-Python-distutils-to-install-SELinux.patch to use Python's distutils instead of building and installing python bindings manually ==== libselinux-bindings ==== - Add python3.8-compat.patch which makes build possible even with Python 3.8, which doesn?t automatically adds -lpython ==== libssh ==== Version update (0.9.0 -> 0.9.2) Subpackages: libssh-config libssh4 - Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) - Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) ==== openssh ==== - Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep glibc master implements multiple functions using that syscall making the privsep sandbox kill the preauth process. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Don't install open-iscsi by default [bsc#1156660] ==== read-only-root-fs ==== Version update (1.0+git20190607.11f8587 -> 1.0+git20191112.42add9e) - Update to version 1.0+git20191112.42add9e: * Add RequiresMountsFor=/etc override for systemd-udevd.service ==== rpm-config-SUSE ==== Version update (0.g44 -> 0.g45) - Update to version 0.g45: * Use -flto=auto for _lto_cflags for now ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit 0b715187a87907e18edf98eab9d0a50fced4a424 9dbdbc2f10 logind: fix (again) the race that might happen when logind restores VT (bsc#1101591 bsc#1140081) c848bec110 libblkid: open device in nonblock mode. (bsc#1084671) b70ad6c927 resolved: check for IP in certificate when using DoT with GnuTLS (bsc#1155539 CVE-2018-21029) bbedf3d557 resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS eb732c2e29 resolved: fix connection failures with TLS 1.3 and GnuTLS 4e45084ac5 shared/install: failing with -ELOOP can be due to the use of an alias in install_error() 2e297f0d87 shared/install: fix error codes returned by install_context_apply() dd29d70d32 man: alias names can't be used with enable command - Fix %{_libexecdir} misuses of /usr/lib ==== ucode-intel ==== Version update (20190918 -> 20191112) - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - AVN B0/C0 6-4d-8/01 0000012d Atom C2xxx - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000151 Xeon Scalable - CLX-SP B0 6-55-6/bf 0400002c Xeon Scalable Gen2 - GLK-R R0 6-7a-8/01 00000016 Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 - ICL-U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL-U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKX-SP H0/M0/U0 6-55-4/b7 02000064->02000065 Xeon Scalable - SKX-D M1 6-55-4/b7 02000064->02000065 Xeon D-21xx - CLX-SP B1 6-55-7/bf 0500002b->0500002c Xeon Scalable Gen2 - SKL-H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - GLK B0 6-7a-1/01 0000002e->00000032 Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - ---- removed platforms ------------------------------------ - CFL-H/S P0 6-9e-c/22 000000a2 Core Gen9 - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) ==== xen ==== Version update (4.13.0_01 -> 4.13.0_02) - Update to Xen 4.13.0 RC2 release xen-4.13.0-testing-src.tar.bz2