Packages changed: a2ps bash cpupower hostname krb5 (1.18 -> 1.18.1) libgcrypt openssl-1_1 virtualbox (6.1.6 -> 6.1.8) === Details === ==== a2ps ==== Subpackages: liba2ps1 - Discard rm of nonexistent %{_infodir}/dir to fix build ==== bash ==== Subpackages: bash-doc bash-lang - Add official patch bash50-017 * There were cases where patch 16 reaped process substitution file descriptors (or FIFOs) and processes to early. This is a better fix for the problem that bash50-016 attempted to solve. - Remove temporary patch bash50-fix-016-close-new-fifos.patch ==== cpupower ==== Subpackages: libcpupower0 - Update to latest: turbostat 20.03.20 intel-speed-select 1.3 (bsc#1171810) verions - Adjust needed kernel and userspace requirements in: cpupower_export_tarball_from_git.sh and BuildRequires: libcap-devel A remove_bits_h.patch ==== hostname ==== - Fix LIBEXECDIR substitution for systemd service - Add nis-domainname.service for FreeIPA ==== krb5 ==== Version update (1.18 -> 1.18.1) Subpackages: krb5-32bit krb5-client - Upgrade to 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports "service@" as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. - Remove 0009-Fix-null-dereference-qualifying-short-hostnames.patch ==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac - FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944] * Use safer gcry_mpi_release() instead of mpi_free() - Update patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) * add libgcrypt-fips_selftest_trigger_file.patch * refresh libgcrypt-global_init-constructor.patch - Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted by libgcrypt-global_init-constructor.patch - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC: [bsc#1165539] - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Refreshed patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - FIPS: Switch the PCT to use the new signature operation [bsc#1165539] * Patches for DSA, RSA and ECDSA test_keys functions: - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-RSA.patch - libgcrypt-PCT-ECC.patch - Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: - libgcrypt-global_init-constructor.patch * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch * Fix benchmark regression test in FIPS mode: - libgcrypt-FIPS-GMAC_AES-benckmark.patch - Remove check not needed in _gcry_global_constructor [bsc#1164950] * Update libgcrypt-Restore-self-tests-from-constructor.patch - FIPS: Run the self-tests from the constructor [bsc#1164950] * Add libgcrypt-invoke-global_init-from-constructor.patch ==== openssl-1_1 ==== Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - Limit the DRBG selftests to not deplete entropy (bsc#1165274) * fixes also Firefox crashing with Kerberos (bsc#1167132) * update openssl-fips_selftest_upstream_drbg.patch ==== virtualbox ==== Version update (6.1.6 -> 6.1.8) Subpackages: virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default - Version bump to 6.1.8 (released May 15 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: File "fixes_for_5.7.patch" is removed as the issue was fixed upstream. GUI: Fix several layout and mouse position handling bugs with soft keyboard GUI: Fixed crash on last VM removed (6.1.4 regression; bug #19568, #19525, #19506, #19490, #19481, #19397) GUI and API: Allow renaming VMs which are in saved state Serial: Fixed slow guest output when using the TCP server mode without anyone being connected Guest Additions: Restored 'VBoxClient--checkhostversion' functionality (6.1.0 regression; bug #19470) Guest Additions: Fixed resizing and multi monitor handling for X11 guests. (6.1.0 regression; bug #19496) Guest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391) Guest Control/VBoxManage: Fixed handling of multiple environment variables supplied to 'VBoxManage guestcontrol VM run' (6.1.6/6.0.20 regression; bug #19518) Guest Control: Implemented support for long(er) command lines Guest Control: Various stability improvements