Packages changed: dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) gstreamer-plugins-base libdrm libglvnd libmfx libteam (1.29 -> 1.31) libva libyui-ncurses (2.56.1 -> 2.56.2) libzypp (17.24.1 -> 17.24.2) mozilla-nspr (4.26 -> 4.27) mozilla-nss (3.54 -> 3.55) mozjs68 open-vm-tools (11.1.0 -> 11.1.5) perl-HTML-Parser (3.72 -> 3.75) procps tracker (2.3.4 -> 2.3.5) tracker-miners (2.3.3 -> 2.3.4) xorg-x11-server (1.20.8+0 -> 1.20.9) yast2 (4.3.19 -> 4.3.24) zypper (1.14.37 -> 1.14.38) === Details === ==== dracut ==== Version update (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) Subpackages: dracut-ima - Update to version 050+suse.75.g266a76d9: * net-lib.sh: support infiniband network mac addresses (bsc#996146) * 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) * 95nfs: use ip_params_for_remote_addr() (bsc#1167494) * dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) - Update to version 050+suse.71.g390f4d72: * 01fips: modprobe failures during manual module loading is not fatal (bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828) * 95iscsi: fix ipv6 target discovery (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file (bsc#1172807) ==== gstreamer-plugins-base ==== Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Do not recommend PackageKit-gstreamer-plugin: that package already supplements the combination of gstreamer-plugins-base and packagekit. ==== libdrm ==== Subpackages: libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 - version 2.4.102 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 ==== libglvnd ==== - version 1.3.2 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 ==== libmfx ==== - version 20.2.1 needed for jira#SLE/SLE-12712 ==== libteam ==== Version update (1.29 -> 1.31) - update to 1.31: * teamd: fix build error in expansion of macro teamd_log_dbgx * teamd/lacp: fix segfault due to NULL pointer dereference * teamd: fix possible race in master ifname callback * Fix ifinfo_link_with_port race condition with newlink * Skip setting the same hwaddr to a lag port if not needed * teamd/lacp: silence ignore none LACP frames ==== libva ==== Subpackages: libva-drm2 libva2 - version 2.8.0 needed for jira#SLE/SLE-12712 ==== libyui-ncurses ==== Version update (2.56.1 -> 2.56.2) - Fix changing a single cell in a sorted table (bsc#1165388, bsc#1174615) - 2.56.2 ==== libzypp ==== Version update (17.24.1 -> 17.24.2) - VendorAttr: Const-correct API and let Target provide its settings (bsc#1174918) - Support buildnr with commit hash in purge-kernels (bsc#1175342) This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. - Improve Italian traslation of the "breaking dependencies" message (bsc#1173529) - Make sure reading from lsof does not block forever (bsc#1174240) - Just collect details for the signatures found (fixes #229) - version 17.24.2 (22) ==== mozilla-nspr ==== Version update (4.26 -> 4.27) - update to version 4.27 * the macOS platform code for shared library loading was changed to support macOS 11. If the absolute path parameter given to PR_LoadLibrary begins with either /System/ or /usr/lib/ then no test is performed if the library exists at a file. * An include statement for a Windows system library header was added ==== mozilla-nss ==== Version update (3.54 -> 3.55) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. ==== mozjs68 ==== - reset memoryperjob for PowerPC avoid dispatcher to not find worker and still use %limit_build macro for them. ==== open-vm-tools ==== Version update (11.1.0 -> 11.1.5) Subpackages: libvmtools0 - Update to 11.1.5 (build 16724464) (boo#1175573) + This source release rolls up the SDMP fixes release post 11.1.0. + Fix serveral Coverity reported issues. + Address github issues: https://github.com/vmware/open-vm-tools/issues/451 https://github.com/vmware/open-vm-tools/issues/429 https://github.com/vmware/open-vm-tools/issues/428 - Drop unnecessary patch: - gcc10-warning.patch - sdmp-get-version.patch - sdmp-netstat-to-ss.patch - sdmp-warnings.patch ==== perl-HTML-Parser ==== Version update (3.72 -> 3.75) - updated to 3.75 see /usr/share/doc/packages/perl-HTML-Parser/Changes - updated to 3.73 see /usr/share/doc/packages/perl-HTML-Parser/Changes ==== procps ==== Subpackages: libprocps8 - Enable pidof by default ==== tracker ==== Version update (2.3.4 -> 2.3.5) Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 - Update to version 2.3.5: + Add 'tracker export' subcommand to ease migration to 3.x. + Use correct signature for DBusSignalCallback. + Get the systemd user unit dir from pkg-config. + Replace sensitive terms. + Updated translations. - Drop tracker-Use-correct-signature.patch: Fixed upstream. ==== tracker-miners ==== Version update (2.3.3 -> 2.3.4) Subpackages: tracker-miner-files - Update to version 2.3.4: + Block image/ktx files in 90-gstreamer-image-generic.rule. + Set a deadline of 30 seconds for extraction tasks. + Remove generic gstreamer-based image extraction codepath. + Several fixes to libav-based extractor. + Replace sensitive words. + Get the systemd user unit dir from pkg-config. + Updated translations. ==== xorg-x11-server ==== Version update (1.20.8+0 -> 1.20.9) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-wayland - Update to version 1.20.9: * Fix XRecordRegisterClients() Integer underflow * Fix XkbSelectEvents() integer underflow * Fix XIChangeHierarchy() integer underflow * Correct bounds checking in XkbSetNames() * linux: Fix platform device probe for DT-based PCI * linux: Fix platform device PCI detection for complex bus topologies * linux: Make platform device probe less fragile * fix for ZDI-11426 * xfree86: add drm modes on non-GTF panels * present: Check valid region in window mode flips * xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp * xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip * doc: Update URLs in Xserver-DTrace.xml * xwayland: Use a fixed DPI value for core protocol * xwayland: only use linux-dmabuf if format/modifier was advertised * hw/xfree86: Avoid cursor use after free * Update URL's in man pages * xwayland: Disable the MIT-SCREEN-SAVER extension when rootless * xwayland: Hold a pixmap reference in struct xwl_present_event * randr: Check rrPrivKey in RRHasScanoutPixmap() * modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation * xwayland: Store xwl_tablet_pad in its own private key * xwayland: Initialise values in xwlVidModeGetGamma() * xwayland: Fix crashes when there is no pointer * xwayland: Clear private on device removal * xwayland: Free all remaining events in xwl_present_cleanup * xwayland: Always use xwl_present_free_event for freeing Present events * present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip * present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip * xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only * xwayland: Fix infinite loop at startup * modesetting: Disable pageflipping when using a swcursor * dix: do not send focus event when grab actually does not change - Drop patches fixed upstream: * U_0001-Correct-bounds-checking-in-XkbSetNames.patch * U_0002-Fix-XIChangeHierarchy-integer-underflow.patch * U_0003-Fix-XkbSelectEvents-integer-underflow.patch * U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch * U_FixForZDI-11426.patch - U_0001-Correct-bounds-checking-in-XkbSetNames.patch * Correct bounds checking in XkbSetNames() [CVE-2020-14345 / ZDI 11428, boo#1174635] - U_0002-Fix-XIChangeHierarchy-integer-underflow.patch * Fix XIChangeHierarchy() integer underflow [CVE-2020-14346 / ZDI-CAN-11429, boo#1174638] - U_0003-Fix-XkbSelectEvents-integer-underflow.patch * Fix XkbSelectEvents() integer underflow [CVE-2020-14361 / ZDI-CAN 11573, boo#1174910] - U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch * Fix XRecordRegisterClients() Integer underflow [CVE-2020-14362 / ZDI-CAN-11574, boo#1174913] ==== yast2 ==== Version update (4.3.19 -> 4.3.24) - Fixed accidentaly broken dependencies (related to bsc#1175317) - 4.3.24 - Yet another unit test architecture fix :-( (related to bsc#1175317) - 4.3.23 - Fix for the previous change: fixed unit test failure on non x86_64 archs (related to bsc#1175317) - 4.3.22 - Y2Packager::Resolvable.find(): improved error handling, added more unit tests (related to bsc#1175317) - 4.3.21 - Unify profile element paths (bsc#1175680). - 4.3.20 ==== zypper ==== Version update (1.14.37 -> 1.14.38) Subpackages: zypper-needs-restarting - Directly list subcommands in 'zypper help' (bsc#1165424) - man: enhance description of the global package cache (bsc#1175592) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks (bsc#1174561) - Fix help command for list-patches - man: Point out that plain rpm packages are not downloaded to the global package cache (bsc#1173273) - version 1.14.38