Packages changed: ddclient inxi (3.0.30 -> 3.0.32) krb5 (1.16.1 -> 1.17) perl-Cpanel-JSON-XS (4.08 -> 4.09) perl-Image-ExifTool (11.24 -> 11.27) permissions (20181116 -> 20190212) pim-sieve-editor rdesktop squid sssd suse-module-tools (15.1.0 -> 15.1.10) tgt (1.0.60 -> 1.0.74) xcalc (1.0.6 -> 1.0.7) xf86-video-chips (1.3.0 -> 1.4.0) xf86-video-tdfx (1.4.7 -> 1.5.0) xfce4-panel-plugin-diskperf yast2-installation (4.1.35 -> 4.1.36) yast2-packager (4.1.26 -> 4.1.27) yast2-theme (4.1.9 -> 4.1.10) === Details === ==== ddclient ==== - Ensure neutrality of description. - Do not ignore errors from useradd. - Avoid %__-type macro indirection. ==== inxi ==== Version update (3.0.30 -> 3.0.32) - Update to version 3.0.32: * See /usr/share/doc/packages/inxi/inxi.changelog ==== krb5 ==== Version update (1.16.1 -> 1.17) Subpackages: krb5-32bit - Replace old $RPM_* shell vars - Upgrade to 1.17. Major changes: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Use systemd-tmpfiles to create files under /var/lib/kerberos, required by transactional updates; (bsc#1100126); - Rename patches: * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch * krb5-1.6.3-gssapi_improve_errormessages.dif to 0004-krb5-1.6.3-gssapi_improve_errormessages.patch * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch * krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch ==== perl-Cpanel-JSON-XS ==== Version update (4.08 -> 4.09) - updated to 4.09 see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes 4.09 2019-02-15 (rurban) - Add seperate allow_dupkeys property, in relaxed (#122) - Fixed allow_dupkeys for the XS slow path - Silence 2 -Wunused-value warnings - Fix ->unblessed_bool to produce modifiable perl structures (PR #121 by Pali) ==== perl-Image-ExifTool ==== Version update (11.24 -> 11.27) Subpackages: exiftool perl-File-RandomAccess - Update to version 11.27 * See /usr/share/doc/packages/perl-Image-ExifTool/Changes ==== permissions ==== Version update (20181116 -> 20190212) - Update to version 20190212: * removed old entry for wodim * removed old entry for netatalk * removed old entry for suidperl * removed old entriy for utempter * removed old entriy for hostname * removed old directory entries * removed old entry for qemu-bridge-helper * removed old entries for pccardctl * removed old entries for isdnctrl * removed old entries for unix(2)_chkpwd * removed old entries for mount.nfs * removed old entries for (u)mount * removed old entry for fileshareset * removed old entries for KDE * removed old entry for heartbeat * removed old entry for gnome-control-center * removed old entry for pcp * removed old entry for lpdfilter * removed old entry for scotty * removed old entry for ia32el * removed old entry for squid * removed old qpopper whitelist * removed pt_chown entries. Not needed anymore and a bad idea anyway * removed old majordomo entry * removed stale entries for old ncpfs tools * removed old entry for rmtab * Fixed typo in icinga2 whitelist entry * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox * Removed whitelist for /usr/bin/su.core. According to comment a temporary hack introduced 2012 to help moving su from coretuils to util-linux. I couldn't find it anywhere, so we don't need it anymore * Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that is used doesn't exists anymore starting with Leap 15, so it will not work there anyway. Users using this (old) package can do this individually * removed entry for /etc/ftpaccess. We currently don't have it anywhere (and judging from my search this has been the case for quite a while) * Ensure consistency of entries, otherwise switching between settings becomes problematic * Fix spelling of SUSE * permissions.local: fix typo ==== pim-sieve-editor ==== Subpackages: pim-sieve-editor-lang - Remove unneeded build requirements ==== rdesktop ==== - Trim redundant wording from description. - Use %make_install. ==== squid ==== - Revert whitespace deletions of .changes as it makes diffs a pain. - Do not hide errors from useradd. Make scriptlets plain sh compatible. ==== sssd ==== Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Add krb-noversion.diff so sssd_pac builds even with newer krb. ==== suse-module-tools ==== Version update (15.1.0 -> 15.1.10) - Update to version 15.1.10 (git b28b13d): - implemented fs blacklisting logic (jsc#SLES-4085, fate#326832) ==== tgt ==== Version update (1.0.60 -> 1.0.74) - Update to version v1.0.74 from version v1.0.60: * tgt 1.0.74 * AIO backing store now reports a list of supported opcodes * tgt 1.0.73 * Update tgt-admin * fix build w/newer glibc * Display nop_count and and nop_interval * Quote $backing_store variable in system(), execute() and backtick-calls * Buffer size is stored in struct concat_buf.size field, so use that instead of BUFSIZE since buffer size can be more than BUFSIZE. Also, remove BUFSIZE since its not used anymore. * tgt 1.0.72 * smc: fix snprintf warnings with gcc7 This removed the tarball v1.0.60.tar.gz, and replaced it with v1.0.74.tar.gz, which can now be gotten using the new _service file. This also updated the SPEC file with the new version number and the different patch set. Remaining patches were renumbered. This following patches were UPDATED (refreshed): * tgt-fix-build * tgt-include-sys-macros-for-major.patch The following patches were REMOVED (no longer needed): * tgt-handle-access-of-a-target-that-has-been-removed * tgt-missing-module-directory-not-an-error * tgt-compare-pointer-to-null.patch And the following patch was added (and submitted upstream): * tgt-Fix-gcc7-string-truncation-warnings.patch ==== xcalc ==== Version update (1.0.6 -> 1.0.7) - Update to version 1.0.7 * This release fixes things that cause warnings from gcc or cppcheck, as well as assorted build system maintenance and tuneups. ==== xf86-video-chips ==== Version update (1.3.0 -> 1.4.0) - update to release 1.4.0 * This is a bug fix release of Chips & Technologies DDX for X.Org X Server. There was an X Server crash bug with the Version 1.3 and older code when the code was converted for a newer vgaHW ABI. This affects devices older than the HiQVideo generation. This release fixes this particular issue. Please note that the code may not compile against X Server 1.20 since it no longer supports 24-bit color. ==== xf86-video-tdfx ==== Version update (1.4.7 -> 1.5.0) - Update to version 1.5.0 * This is a maintenance release of 3dfx DDX for X.Org X Server. The DDX compiles cleanly without compilation warnings on X Server 1.19.6. ==== xfce4-panel-plugin-diskperf ==== Subpackages: xfce4-panel-plugin-diskperf-lang - Added patch missing_sysmacros.patch sys/sysmacros.h required for glibc-2.25+ (bxo#13940) and (boo#1125650) ==== yast2-installation ==== Version update (4.1.35 -> 4.1.36) - Save the used repositories at the end of installation to not offer the driver packages again (bsc#953522) - 4.1.36 ==== yast2-packager ==== Version update (4.1.26 -> 4.1.27) - Automatically preselect the driver packages from new repositories (bsc#953522) - 4.1.27 ==== yast2-theme ==== Version update (4.1.9 -> 4.1.10) Subpackages: yast2-theme-breeze yast2-theme-oxygen - Update oxygen icon theme (boo#1125450) - 4.1.10