Packages changed: alsa-plugins autoyast2 (4.2.34 -> 4.3.0) curl (7.69.1 -> 7.70.0) gdm (3.34.1 -> 3.36.2) ghostscript (9.27 -> 9.52) graphene grub2 hwdata (0.334 -> 0.335) libreoffice mailutils openconnect (8.05 -> 8.09) python-gobject (3.36.0 -> 3.36.1) python-hpack python-tornado6 samba (4.12.2+git.149.16ff41ef1f4 -> 4.12.2+git.152.c5bf9f6da52) schily shared-mime-info (1.15 -> 2.0) simple-scan (3.36.2 -> 3.36.2.1) vim (8.2.0530 -> 8.2.0701) wireless-regdb (20191029 -> 20200429) xorg-x11-driver-video xorg-x11-server zsh === Details === ==== alsa-plugins ==== Subpackages: alsa-plugins-pulse alsa-plugins-pulse-32bit - Split plugins in alsa-plugin package to each subpackage (boo#1171276): now alsa-plugins is a meta package that requires only the fundamental speexrate and upmix plugins - Add documentation for aaf plugin - Minor spec cleanups ==== autoyast2 ==== Version update (4.2.34 -> 4.3.0) Subpackages: autoyast2-installation - Do not export storage settings in the general section unless it is needed (related to bsc#1171356). - Improve AutoInstClone module test coverage and clean-up unused code. - AutoYaST schema improvements (bsc#1170886) -- Allow optional types for string and map objects -- Allow type specification without namespace -- Add type specification with 't' shortcut - 4.3.0 - ayast_setup: Do not add a 'networking' section to the profile when it is not defined explicitly as it is not needed anymore since keeping the configured network is the default option during autoconfiguration (bsc#1170821) - 4.2.35 ==== curl ==== Version update (7.69.1 -> 7.70.0) Subpackages: libcurl4 - Update to 7.70.0 * Changes: - curl: add --ssl-revoke-best-effort to allow a "best effort" revocation check - mqtt: add new experimental protocol - schannel: add "best effort" revocation check option: CURLSSLOPT_REVOKE_BEST_EFFORT - writeout: support to generate JSON output with '%{json}' * Bugfixes: - gnutls: Don't skip really long certificate fields - gnutls: ensure TLS 1.3 when SRP isn't requested - lib: never define CURL_CA_BUNDLE with a getenv - libcurl-multi.3: added missing full stop - libssh: avoid options override by configuration files - libssh: Use new ECDSA key types to check known hosts - tons of other fixes ==== gdm ==== Version update (3.34.1 -> 3.36.2) Subpackages: gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update to version 3.36.2: + Fixes for when GDM isn't started on its configured initial VT. + Don't hardcode path to plymouth. + keyutils has a .pc file so use it. + Chrome remote desktop fix. + Always use separate session bus for greeter sessions. + This runs dbus-run-session, so the binary needs to be available. + Updated translations. - Drop patches fixed upstream: + gdm-look-for-session-based-on-pid-first.patch + gdm-Use-pkg-config-for-keyutils.patch - Rebase patches with quilt. - Add %{_bindir}/dbus-run-session Requires: New runtime dependency. Needed to ensure the dbus-run-session binary is present. ==== ghostscript ==== Version update (9.27 -> 9.52) Subpackages: ghostscript-x11 - The version upgrade to 9.52 fixes in particular CVE-2020-12268: jbic2dec: heap-based buffer overflow in jbig2_image_compose (bsc#1170603) - Version upgrade to 9.52 Highlights in this release include: * The 9.52 release replaces the 9.51 release after a problem was reported with 9.51 which warranted the quick turnaround. Thus, like 9.51, 9.52 is primarily a maintenance release, consolidating the changes we introduced in 9.50. * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt (the "mt" indicating "multi-thread"). LCMS2 is not thread-safe, and cannot be made thread-safe without breaking the ABI. Our fork will be thread-safe and include performance enhancements (these changes have all been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. If there is sufficient interest, our fork will be available as its own package separately from Ghostscript (and MuPDF). * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes: * New option -dALLOWPSTRANSPARENCY: The transparency compositor (and related features), whilst we are improving it, remains sensitive to being driven correctly, and incorrect use can have unexpected/undefined results. Hence, as part of improving security, we limited access to these operators, originally using the -dSAFER feature. As we made "SAFER" the default mode, that became unacceptable, hence the new option -dALLOWPSTRANSPARENCY which enables access to the operators, cf. https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY For a release summary see: https://www.ghostscript.com/doc/9.52/News.htm For details see the News.htm and History9.htm files. - Version upgrade to 9.51 Highlights in this release include: * 9.51 is primarily a maintainance release, consolidating the changes we introduced in 9.50. * We have continued our work on code hygiene for this release, with a focus on the static analysis tool Coverity (from Synopsys, Inc) and we are now maintaining a policy of zero Coverity issues in the Ghostscript/GhostPDL source base. * IMPORTANT: In consultation with a representative of OpenPrinting (http://www.openprinting.org/) it is our intention to deprecate and, in the not distant future, remove the OpenPrinting Vector/Raster Printer Drivers (that is, the opvp and oprp devices). If you rely on either of these devices, please get in touch with us (i.e. Ghostscript upstream), so we can discuss your use case, and revise our plans accordingly. * We (i.e. Ghostscript upstream) are in the process of forking LittleCMS, cf. the other release notes entries below. * The usual round of bug fixes, compatibility changes, and incremental improvements. For a release summary see: https://www.ghostscript.com/doc/9.51/News.htm For details see the News.htm and History9.htm files. - Version upgrade to 9.50 Highlights in this release include: * The change to version 9.50 follows recognition of the extent and importance of the file access control redesign/reimplementation outlined below. * The file access control capability (enable with -dSAFER) has been completely rewritten, with a ground-up rethink of the design. For more details, see: "SAFER" at https://www.ghostscript.com/doc/9.50/Use.htm#Safer * It is important to note that -dSAFER now only enables the file access controls, and no longer applies restrictions to standard Postscript functionality (specifically, restrictions on setpagedevice). If your application relies on these Postscript restrictions, see "OLDSAFER" at https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer and please get in touch, as we do plan to remove those Postscript restrictions unless we have reason not to. IMPORTANT: File access controls are now enabled by default. In order to run Ghostscript without these controls, see "NOSAFER" at https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer * We (i.e. Ghostscript upstream) are in the process of forking LittleCMS, cf. the other release notes entries below. * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes: * There are a couple of subtle incompatibilities between the old and new SAFER implementations. Firstly, as mentioned above, SAFER now leaves standard Postcript functionality unchanged (except for the file access limitations). Secondly, the interaction with save/restore operations, see "SAFER" at https://www.ghostscript.com/doc/9.50/Use.htm#Safer * The following is not strictly speaking new to 9.50, as not much has changed since 9.27 in this area, but for those who don't upgrade with every release: The process of "tidying" the Postscript name space should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working, or may change behaviour. If you encounter such a case, please contact us (i.e. Ghostscript upstream, either the #ghostscript IRC channel or the gs-devel mailing list would be best), and we'll work with you to either find an alternative solution or return the previous functionality, if there is genuinely no other option. One case we know this has occurred is GSView 5 (and earlier). GSView 5 support for PDF files relied upon internal use only features which are no longer available. GSView 5 will still work as previously for Postscript files. For PDF files, users are encouraged to look at MuPDF https://www.mupdf.com/ For a release summary see: https://www.ghostscript.com/doc/9.50/News.htm For details see the News.htm and History9.htm files. - CVE-2019-10216.patch gs-CVE-2019-14811-885444fc.patch gs-CVE-2019-14817-cd1b1cac.patch openjpeg4gs-CVE-2018-6616-8ee33522.patch are fixed in the version 9.52 upstream sources. ==== graphene ==== Subpackages: libgraphene-1_0-0 typelib-1_0-Graphene-1_0 - Use %{_libexecdir} instead of %{_prefix}/lib: follow the package installer definition. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix boot failure as journaled data not get drained due to abrupt power off after grub-install (bsc#1167756) * grub-install-force-journal-draining-to-ensure-data-i.patch ==== hwdata ==== Version update (0.334 -> 0.335) - Update to version 0.335: * Updated pci, usb and vendor ids. ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Fix Bug 1165870 - LO-L3: Image shadow that should be invisible shown as extraneous line below * bsc1165870.diff ==== mailutils ==== Subpackages: libmailutils5 - Fix python packaging: python/sitepackages is definitively not below libexecdir. ==== openconnect ==== Version update (8.05 -> 8.09) Subpackages: libopenconnect5 openconnect-lang - Fix CVE-2020-12105 (boo#1170452) - Introduce subpackage for bash-completion - Update to 8.0.9: * Add bash completion support. * Give more helpful error in case of Pulse servers asking for TNCC. * Sanitize non-canonical Legacy IP network addresses. * Fix OpenSSL validation for trusted but invalid certificates (CVE-2020-12105). * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. (!91) * Disable Nagle's algorithm for TLS sockets, to improve interactivity when tunnel runs over TCP rather than UDP. * GlobalProtect: more resilient handling of periodic HIP check and login arguments, and predictable naming of challenge forms. * Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED. - Update to 8.0.8: * Fix check of pin-sha256: public key hashes to be case sensitive * Don't give non-functioning stderr to CSD trojan scripts. * Fix crash with uninitialised OIDC token. - Update to 8.0.7: * Don't abort Pulse connection when server-provided certificate MD5 doesn't match. * Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks. * Don't abort connection if CSD wrapper script returns non-zero (for now). * Make --passtos work for protocols that use ESP, in addition to DTLS. * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. ==== python-gobject ==== Version update (3.36.0 -> 3.36.1) Subpackages: python3-gobject python3-gobject-Gdk python3-gobject-cairo - Update to version 3.36.1: + tests: Fix failing tests with pytest 5.4.0+. + Gtk: Add override to make sure both TreeModelSort.new_with_model and TreeModel.sort_new_with_model exist independend of the gtk version. + Gtk.Template: Fix initialisation order errors with Widgets getting created from C (potentially through other templates). + Gtk.Template: Fix errors when calling init_template() multiple times. ==== python-hpack ==== - Add patch to work with pytest5: * pytest5.patch ==== python-tornado6 ==== - Fix build with curl 7.70.0: * Revert commit c443fb7bf8a87ba8ab02b9a6af9e140cabc0ab0d which introduces test_method_after_redirect() test. - Add python-tornado6-httpclient-test.patch ==== samba ==== Version update (4.12.2+git.149.16ff41ef1f4 -> 4.12.2+git.152.c5bf9f6da52) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr1 libndr1-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit - libsmb: Don't try to find posix stat info in SMBC_getatr(); (bso#14101); (bsc#1169242); ==== schily ==== Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind4_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star - Update to release 2020.04.18 * smake: A new option -a has been added. This option allows to tell smake not to set up the automake specific make macros MAKE_ARCH, MAKE_OS and similar. ==== shared-mime-info ==== Version update (1.15 -> 2.0) Subpackages: shared-mime-info-lang - Update to version 2.0 + Port build system to meson, and ship test suite with tarball. + Install ITS file to allow gettext to translate mime-type descriptions. + Add BPS and IPS patch formats. + Lower weight for "use strict" and similar in the perl mimetype. + Add new magic for Sega Mega Drive ROMs. + Add Common Lisp mime-type. + Rename text/x-tcl to text/tcl. + Add text/vbscript. + Add PySpread spreadsheet mime-types. + Add Kotlin source mime-type. + Add AVIF image mime-type. + Split versions of the Audible audio mime types. + Add *.spx glob for audio/x-speex+ogg. + Add Apple System Profiler XML mime-type. - Adjust build dependencies: Add meson and xmlto, drop intltool. ==== simple-scan ==== Version update (3.36.2 -> 3.36.2.1) Subpackages: simple-scan-lang - Update to version 3.36.2.1: + Revert the higher bit depth text scans changes - they aren't working with PDF saving. ==== vim ==== Version update (8.2.0530 -> 8.2.0701) Subpackages: gvim vim-data vim-data-common - Update to version 8.2.0701 (no changelog) - Rebase no-common.patch - Rebase disable-unreliable-tests.patch ==== wireless-regdb ==== Version update (20191029 -> 20200429) - Update to version 20200429: * wireless-regdb: update regulatory database based on preceding changes * wireless-regdb: update rules for US on 2.4/5G * GB: Extend to cover DMG channels 5 & 6 * wireless-regdb: Update regulatory rules for Singapore (SG) * wireless-regdb: Update regulatory rules for Indonesia (ID) ==== xorg-x11-driver-video ==== - no longer require vesa X driver on openSUSE either (jsc#SLE-11798) ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk xorg-x11-server-wayland - provide/obsoletes cirrus and ast usermode driver also on openSUSE (jsc#SLE-12127) ==== zsh ==== - Add $HOME aliases to fix regression after dropping /etc/bash.bashrc - Add back LS_COLORS, LS_OPTIONS and GPG_TTY