Packages changed: 389-ds (1.4.3.1~git0.a08202a5b -> 1.4.3.3~git0.776c6edf5) bison (3.5.1 -> 3.5.2) elementary-xfce-icon-theme (0.14+git5.36fd0049 -> 0.14+git19.684af360) ibus-m17n kernel-source (5.5.4 -> 5.5.5) libarchive libgpg-error (1.36 -> 1.37) libseccomp libunwind openssl-1_1 qemu qemu-linux-user sysdig (0.26.5_k5.5.4_1 -> 0.26.5_k5.5.5_1) system-users xfce4-weather-plugin (0.10.0 -> 0.10.1) === Details === ==== 389-ds ==== Version update (1.4.3.1~git0.a08202a5b -> 1.4.3.3~git0.776c6edf5) Subpackages: lib389 libsvrcore0 - Add requirement on openssl for rust-openssl as part of ldaptokens - Add rust vendored libs - Add 0001-fix-cargo-build.patch to fix minor rust build issues - Update to version 1.4.3.3~git0.776c6edf5: * Bump version to 1.4.3.3 * Issue 50855 - remove unused file from UI * Issue 50855 - UI: Port Server Tab to React * Issue 49845 - README does not contain complete information on building * Issue: 50686 - Port fractional replication test cases from TET to python3 part 1 * Ticket - 49623-cont cenotaph errors on modrdn operations * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled * Issue 50886 - Typo in the replication debug message * Issue 50873 - Fix healthcheck and virtual attr check * Issue 50873 - Fix issues with healthcheck tool * Issue 50028 - Add a new CI test case * Issue 49946 - Add a new CI test case * Issue 50117 - Add a new CI test case * Ticket 50787 - fix implementation of attr unique * Ticket 50859 - support running only with ldaps socket * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache * Issue 50867 - Fix minor buildsys issues * Issue 50737 - Allow building with rust online without vendoring * Ticket 50831 add cargo.lock to allow offline builds * Ticket 50694 - import PEM certs on startup * Ticket 50857 - Memory leak in ACI using IP subject * Issue 49761 - Fix CI test suite issues * Issue 50853 - Fix NULL pointer deref in config setting * Issue 50850 - Fix dsctl healthcheck for python36 * Issue 49990 - Need to enforce a hard maximum limit for file descriptors * Ticket 48707 - ldapssotoken for authentication * Bump version to 1.4.3.2 * Issue 49254 - Fix compiler failures and warnings * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown * Issue 50836 - Port Schema UI tab to React * Issue 50842 - Decrease 389-console Cockpit component size * Ticket 50790 - Add result text when filter is invalid * Issue 50627 - Add ASAN logs to HTML report * Issue 50834 - Incorrectly setting the NSS default SSL version max * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 * Ticket 50784 - performance testing scripts * Issue 50599 - Fix memory leak when removing db region files * Issue 49395 - Set the default TLS version min to TLS1.2 * Issue 50818 - dsconf pwdpolicy get error * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" * Issue 50599 - Remove db region files prior to db recovery * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ * Issue 50816 - dsconf allows the root password to be set to nothing * Issue 50798 - incorrect bytes in format string(fix import issue) ==== bison ==== Version update (3.5.1 -> 3.5.2) Subpackages: bison-lang - Update to version 3.5.2: * Portability issues and minor cosmetic issues. * The lalr1.cc skeleton properly rejects unsupported values for parse.lac (as yacc.c does). ==== elementary-xfce-icon-theme ==== Version update (0.14+git5.36fd0049 -> 0.14+git19.684af360) - Update to version 0.14+git19.684af360: * Several small symlink fixes * Revamped all 16px panel icons and made several fixes * Revamped 16px dark panel icons and synced network icons from elementary upstream * Add symlinks for LICENSE * Fix dangling symlinks to AUTHORS, CONTRIBUTORS, and README.md * Cleanup unused styles fron thunderbird svgs, fixing inkscape warning attribute 'mask' given as CSS * Second run of vacuum-defs * Drop file reference (fixes #171) * Rename fake svgs to pngs * Vacuum all svgs * Drop Chrome and Chromium icons Both icons scale well at every size ==== ibus-m17n ==== - Change group as System/Localization - Enable ibus-m17n-setup build ==== kernel-source ==== Version update (5.5.4 -> 5.5.5) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 5.5.5 (bnc#1012628). - io_uring: fix deferred req iovec leak (bnc#1012628). - io_uring: retry raw bdev writes if we hit -EOPNOTSUPP (bnc#1012628). - Input: synaptics - switch T470s to RMI4 by default (bnc#1012628). - Input: synaptics - enable SMBus on ThinkPad L470 (bnc#1012628). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bnc#1012628). - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bnc#1012628). - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bnc#1012628). - ALSA: pcm: Fix double hw_free calls (bnc#1012628). - ALSA: hda/realtek - Add more codec supported Headset Button (bnc#1012628). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (bnc#1012628). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (bnc#1012628). - ACPI: EC: Fix flushing of pending work (bnc#1012628). - ACPI: PM: s2idle: Avoid possible race related to the EC GPE (bnc#1012628). - ACPICA: Introduce acpi_any_gpe_status_set() (bnc#1012628). - ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system (bnc#1012628). - ext4: don't assume that mmp_nodename/bdevname have NUL (bnc#1012628). - ext4: fix support for inode sizes > 1024 bytes (bnc#1012628). - ext4: fix checksum errors with indexed dirs (bnc#1012628). - ext4: add cond_resched() to ext4_protect_reserved_inode (bnc#1012628). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bnc#1012628). - Btrfs: fix race between using extent maps and merging them (bnc#1012628). - btrfs: ref-verify: fix memory leaks (bnc#1012628). - btrfs: print message when tree-log replay starts (bnc#1012628). - btrfs: log message when rw remount is attempted with unclean tree-log (bnc#1012628). - ARM: npcm: Bring back GPIOLIB support (bnc#1012628). - gpio: xilinx: Fix bug where the wrong GPIO register is written to (bnc#1012628). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bnc#1012628). - xprtrdma: Fix DMA scatter-gather list mapping imbalance (bnc#1012628). - cifs: make sure we do not overflow the max EA buffer size (bnc#1012628). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bnc#1012628). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bnc#1012628). - EDAC/sysfs: Remove csrow objects on errors (bnc#1012628). - EDAC/mc: Fix use-after-free and memleaks during device removal (bnc#1012628). - KVM: nVMX: Use correct root level for nested EPT shadow page tables (bnc#1012628). - KVM: x86/mmu: Fix struct guest_walker arrays for 5-level paging (bnc#1012628). - perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map (bnc#1012628). - s390/pkey: fix missing length of protected key on return (bnc#1012628). - s390/uv: Fix handling of length extensions (bnc#1012628). - drm/vgem: Close use-after-free race in vgem_gem_create (bnc#1012628). - drm/mst: Fix possible NULL pointer dereference in drm_dp_mst_process_up_req() (bnc#1012628). - drm/panfrost: Make sure the shrinker does not reclaim referenced BOs (bnc#1012628). - drm/amdgpu: update smu_v11_0_pptable.h (bnc#1012628). - drm/amdgpu:/navi10: use the ODCAP enum to index the caps array (bnc#1012628). - bus: moxtet: fix potential stack buffer overflow (bnc#1012628). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bnc#1012628). - drivers: ipmi: fix off-by-one bounds check that leads to a out-of-bounds write (bnc#1012628). - IB/mlx5: Return failure when rts2rts_qp_counters_set_id is not supported (bnc#1012628). - IB/hfi1: Acquire lock to release TID entries when user file is closed (bnc#1012628). - IB/hfi1: Close window for pq and request coliding (bnc#1012628). - IB/rdmavt: Reset all QPs when the device is shut down (bnc#1012628). - IB/umad: Fix kernel crash while unloading ib_umad (bnc#1012628). - RDMA/core: Fix invalid memory access in spec_filter_size (bnc#1012628). - RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bnc#1012628). - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create (bnc#1012628). - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bnc#1012628). - RDMA/core: Fix protection fault in get_pkey_idx_qp_list (bnc#1012628). - s390/time: Fix clk type in get_tod_clock (bnc#1012628). - Input: ili210x - fix return value of is_visible function (bnc#1012628). - sched/uclamp: Reject negative values in cpu_uclamp_write() (bnc#1012628). - mac80211: use more bits for ack_frame_id (bnc#1012628). - spmi: pmic-arb: Set lockdep class for hierarchical irq domains (bnc#1012628). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bnc#1012628). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bnc#1012628). - mac80211: fix quiet mode activation in action frames (bnc#1012628). - cifs: fix mount option display for sec=krb5i (bnc#1012628). - ceph: noacl mount option is effectively ignored (bnc#1012628). - arm64: dts: fast models: Fix FVP PCI interrupt-map property (bnc#1012628). - KVM: x86: Mask off reserved bit from #DB exception payload (bnc#1012628). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit (bnc#1012628). - perf stat: Don't report a null stalled cycles per insn metric (bnc#1012628). - NFSv4.1 make cachethis=no for writes (bnc#1012628). - NFSv4: Ensure the delegation cred is pinned when we call delegreturn (bnc#1012628). - Revert "drm/sun4i: drv: Allow framebuffer modifiers in mode config" (bnc#1012628). - drm/i915/pmu: Correct the rc6 offset upon enabling (bnc#1012628). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bnc#1012628). - io-wq: add support for inheriting ->fs (bnc#1012628). - NFSv4: Add accounting for the number of active delegations held (bnc#1012628). - gpio: add gpiod_toggle_active_low() (bnc#1012628). - mmc: core: Rework wp-gpio handling (bnc#1012628). - commit 5157fff - Update config files (bnc#1161832). Disable CONFIG_MODULE_SIG on i386. We don't run pesign on i386 builds, hence the modules are not signed at all. This results in module verification failures and warnings. CONFIG_SECURITY_LOCKDOWN_LSM depends on (selects) CONFIG_MODULE_SIG, so we have to disable it too. But it makes no sense to lockdown without module signature anyway. - commit 599e3c2 - vt: selection, close sel_buffer race (bnc#1162928 CVE-2020-8648). - vt: selection, handle pending signals in paste_selection (bnc#1162928 CVE-2020-8648). - commit 813d10d ==== libarchive ==== Subpackages: bsdtar libarchive13 - Switch back to cmake build now that cmake-mini exists, this will no longer create a build-cycle. ==== libgpg-error ==== Version update (1.36 -> 1.37) Subpackages: libgpg-error0 libgpg-error0-32bit - Update to 1.37 Release-info: https://dev.gnupg.org/T4772 * Fixes a build problems when using Gawk 5.0 [#4459] * Improves cross-compiling support. [#4643] * New error codes to map SQLite primary error codes. * Now uses poll(2) instead of select(2) in gpgrt_poll if possible. * Fixes a bug in gpgrt_close. [#4698] * Fixes a few minor portability bugs. * New interfaces in this release: GPG_ERR_NO_KEYBOXD GPG_ERR_KEYBOXD GPG_ERR_NO_SERVICE GPG_ERR_SERVICE GPG_ERR_SQL_OK GPG_ERR_SQL_ERROR GPG_ERR_SQL_INTERNAL GPG_ERR_SQL_PERM GPG_ERR_SQL_ABORT GPG_ERR_SQL_BUSY GPG_ERR_SQL_LOCKED GPG_ERR_SQL_NOMEM GPG_ERR_SQL_READONLY GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR GPG_ERR_SQL_CORRUPT GPG_ERR_SQL_NOTFOUND GPG_ERR_SQL_FULL GPG_ERR_SQL_CANTOPEN GPG_ERR_SQL_PROTOCOL GPG_ERR_SQL_EMPTY GPG_ERR_SQL_SCHEMA GPG_ERR_SQL_TOOBIG GPG_ERR_SQL_CONSTRAINT GPG_ERR_SQL_MISMATCH GPG_ERR_SQL_MISUSE GPG_ERR_SQL_NOLFS GPG_ERR_SQL_AUTH GPG_ERR_SQL_FORMAT GPG_ERR_SQL_RANGE GPG_ERR_SQL_NOTADB GPG_ERR_SQL_NOTICE GPG_ERR_SQL_WARNING GPG_ERR_SQL_ROW GPG_ERR_SQL_DONE - Remove patch fixed upstream. * gawk5.patch ==== libseccomp ==== - Add patch to fix ntpsec and others build (accidental drop of symbols): * SNR_ppoll.patch ==== libunwind ==== - Fix build with GCC-10: [bsc#1160876] * In GCC-10, the default option -fcommon will change to -fno-common - Add libunwind-gcc10-build-fno-common.patch ==== openssl-1_1 ==== Subpackages: libopenssl-1_1-devel libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - Use the newly build libcrypto shared library when computing the hmac checksums in order to avoid a bootstrapping issue by BuildRequiring libopenssl1_1 (bsc#1164102) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) * add openssl-fips_fix_selftests_return_value.patch - Added SHA3 FIPS self-tests bsc#1155345 * openssl-fips-add-SHA3-selftest.patch ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-ui-spice-app qemu-vgabios qemu-vhost-user-gpu qemu-x86 - Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch - BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors. ==== qemu-linux-user ==== - Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch - BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors. ==== sysdig ==== Version update (0.26.5_k5.5.4_1 -> 0.26.5_k5.5.5_1) - sysdig-32bit.patch: make build on 32bit ==== system-users ==== Subpackages: system-group-hardware system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-games system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-tftp system-user-upsd system-user-uucp system-user-wwwrun - Align /var/lib/tss permissions with trousers (boo#1162360). ==== xfce4-weather-plugin ==== Version update (0.10.0 -> 0.10.1) Subpackages: xfce4-weather-plugin-lang - Update to 0.10.1 * Switch to 'locationforecast' product and use a more recent API version (bxo#16268) * Fix invalid scrollbar index to add a label (bxo#16023) * Update URLs from goodies.x.o to docs.x.o (bxo#16182) * Fix build with panel 4.15 * Make build output less verbose * Use standard icon names (bxo#16059) * Translation updates