Packages changed: MozillaFirefox (66.0.2 -> 66.0.3) apparmor bzr curl (7.64.0 -> 7.64.1) glassfish-servlet-api grantlee5 javamail libosinfo libstorage-ng (4.1.106 -> 4.1.107) libvirt (5.1.0 -> 5.2.0) mercurial multipath-tools (0.7.9+139+suse.ed9d450 -> 0.8.0+17+suse.a28893f) osinfo-db (20190301 -> 20190319) plasma5-workspace python-base (2.7.15 -> 2.7.16) python-gevent python-libvirt-python (5.1.0 -> 5.2.0) relaxngDatatype salt (2018.3.2 -> 2019.2.0) systemd unbound vym (2.6.0 -> 2.7.0) xml-commons-apis xml-commons-resolver === Details === ==== MozillaFirefox ==== Version update (66.0.2 -> 66.0.3) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 66.0.3 * Fixed: Address bar on tablets running Windows 10 now behaves correctly (bmo#1498973) * Fixed: Performance issues with some HTML5 games (bmo#1537609) * Fixed a bug with keypress events in IBM cloud applications (bmo#1538970) * Fix for keypress events in some Microsoft cloud applications (bmo#1539618) * Changed: Updated Baidu search plugin ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350) ==== bzr ==== Subpackages: bzr-lang - Ensure neutrality of descriptions. ==== curl ==== Version update (7.64.0 -> 7.64.1) Subpackages: libcurl4 - Install curl.fish completions file from curl rather than from the fish package - update to version 7.64.1 * Changes: - alt-svc: experiemental support added - configure: add --with-amissl * Bugfixes: - AppVeyor: switch VS 2015 builds to VS 2017 image - CURLU: fix NULL dereference when used over proxy - Curl_easy: remove req.maxfd - never used! - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning - DoH: inherit some SSL options from user's easy handle - Secure Transport: no more "darwinssl" - Secure Transport: tvOS 11 is required for ALPN support - cirrus: Added FreeBSD builds using Cirrus CI - cleanup: make local functions static - cli tool: do not use mime.h private structures - cmdline-opts/proxytunnel.d: the option tunnnels all protocols - configure: add additional libraries to check for LDAP support - configure: remove the unused fdopen macro - configure: show features as well in the final summary - conncache: use conn->data to know if a transfer owns it - connection: never reuse CONNECT_ONLY connections - connection_check: restore original conn->data after the check - connection_check: set ->data to the transfer doing the check - cookie: Add support for cookie prefixes - cookies: dotless names can set cookies again - cookies: fix NULL dereference if flushing cookies with no CookieInfo set - curl.1: --user and --proxy-user are hidden from ps output - curl.1: mark the argument to --cookie as - curl.h: use __has_declspec_attribute for shared builds - curl: display --version features sorted alphabetically - curl: fix FreeBSD compiler warning in the --xattr code - curl: remove MANUAL from -M output - curl_easy_duphandle.3: clarify that a duped handle has no shares - curl_multi_remove_handle.3: use at any time, just not from within callbacks - curl_url.3: this API is not experimental anymore - dns: release sharelock as soon as possible - docs: update max-redirs.d phrasing - examples/10-at-a-time.c: improve readability and simplify - examples/cacertinmem.c: use multiple certificates for loading CA-chain - examples/crawler: Fix the Accept-Encoding setting - examples/ephiperfifo.c: various fixes - examples/externalsocket: add missing close socket calls - examples/http2-download: cleaned up - examples/http2-serverpush: add some sensible error checks - examples/http2-upload: cleaned up - examples/httpcustomheader: Value stored to 'res' is never read - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' - examples/sftpuploadresume: Value stored to 'result' is never read - examples: only include - examples: remove recursive calls to curl_multi_socket_action - examples: remove superfluous null-pointer checks - file: fix "Checking if unsigned variable 'readcount' is less than zero." - fnmatch: disable if FTP is disabled - gnutls: remove call to deprecated gnutls_compression_get_name - gopher: remove check for path == NULL - gssapi: fix deprecated header warnings - hostip: make create_hostcache_id avoid alloc + free - http2: multi_connchanged() moved from multi.c, only used for h2 - http2: verify :athority in push promise requests - http: make adding a blank header thread-safe - http: send payload when (proxy) authentication is done - http: set state.infilesize when sending multipart formposts - makefile: make checksrc and hugefile commands "silent" - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set - mbedtls: release sessionid resources on error - memdebug: log pointer before freeing its data - memdebug: make debug-specific functions use curl_dbg_ prefix - mime: put the boundary buffer into the curl_mime struct - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME - multi: remove verbose "Expire in" ... messages - multi: removed unused code for request retries - multi: support verbose conncache closure handle - negotiate: fix for HTTP POST with Negotiate - openssl: add support for TLS ASYNC state - openssl: if cert type is ENG and no key specified, key is ENG too - pretransfer: don't strlen() POSTFIELDS set for GET requests - rand: Fix a mismatch between comments in source and header - runtests: detect "schannel" as an alias for "winssl" - schannel: be quiet - remove verbose output - schannel: close TLS before removing conn from cache - schannel: support CALG_ECDH_EPHEM algorithm - scripts/completion.pl: also generate fish completion file - singlesocket: fix the 'sincebefore' placement - source: fix two 'nread' may be used uninitialized warnings - ssh: fix Condition '!status' is always true - ssh: loop the state machine if not done and not blocking - strerror: make the strerror function use local buffers - test578: make it read data from the correct test - tests: Fixed XML validation errors in some test files - tests: add stderr comparison to the test suite - tests: fix multiple may be used uninitialized warnings - threaded-resolver: shutdown the resolver thread without error message - tool_cb_wrt: fix writing to Windows null device NUL - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr - tool_operate: build on AmigaOS - tool_operate: fix typecheck warning - transfer.c: do not compute length of undefined hex buffer - travis: add build using gnutls - travis: add scan-build - travis: bump the used wolfSSL version to 4.0.0 - travis: enable valgrind for the iconv tests - travis: use updated compiler versions: clang 7 and gcc 8 - unit1307: require FTP support - unit1651: survive curl_easy_init() fails - url/idnconvert: remove scan for <= 32 ascii values - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks - urlapi: reduce variable scope, remove unreachable 'break' - urldata: convert bools to bitfields and move to end - urldata: simplify bytecounters - urlglob: Argument with 'nonnull' attribute passed null - version.c: silent scan-build even when librtmp is not enabled - vtls: rename some of the SSL functions - wolfssl: stop custom-adding curves - x509asn1: "Dereference of null pointer" - x509asn1: cleanup and unify code layout - zsh.pl: escape ':' character - zsh.pl: update regex to better match curl -h output - Dropped patches fixed upstream: * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch * 0002-connection_check-restore-original-conn-data-after-th.patch * curl-singlesocket-sincebefore-placement.patch ==== glassfish-servlet-api ==== - Do not depend at all on the parent pom, since we are not building with maven. ==== grantlee5 ==== - Add fix-build-with-Qt-5.13.patch - Run spec-cleaner ==== javamail ==== - Do not depend on the jvnet-parent pom since we are not building with maven ==== libosinfo ==== Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 - Upstream bug fixes from Fabiano Fidêncio 0001-media-Fix-usage-of-application-id.patch 0002-loader-Properly-load-the-arch-value-for-images.patch ==== libstorage-ng ==== Version update (4.1.106 -> 4.1.107) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#634 - added parser for 'btrfs filesystem df' - probe btrfs with multiple devices - updated unit test - added unit test - added integration tests - extended documentation - added pre-check for btrfs - added checks for nullptr - renamed variable (that really ties the function together) - simplyfied interface - coding style and cleanup - work on btrfs with multiple devices - 4.1.107 ==== libvirt ==== Version update (5.1.0 -> 5.2.0) Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Fix and re-enable snapshot tests f66f70ac-snapshot-fix-use-after-free.patch - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users 2a07c990-api-CVE-2019-3886.patch, ae076bb4-remote-CVE-2019-3886.patch bsc#1131595 - spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch touches remote_protocol.x - Update to libvirt 5.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 4ec3cf9a-apparmor-rules.patch, f38ef0fa-no-RDMA-check.patch, 411cdaf8-apparmor-check-profile-name.patch, 696239ba-qemu-fix-query-cpus-fast.patch, 09eb1ae0-conf-add-xenbus-controller.patch, fb059757-libxl-add-xenbus-controller.patch, ec5a1191-libxl-support-max-grant-frames.patch, 5a64c202-xenconfig-support-max-grant-frames.patch - Added patches: ff376c62-tests-fix-mocking-stat-lstat.patch, ebe9c6ea-qemu-firmware-dirent.patch ==== mercurial ==== Subpackages: mercurial-lang - require openssl python module for runtime (not only build) (boo#1132347) ==== multipath-tools ==== Version update (0.7.9+139+suse.ed9d450 -> 0.8.0+17+suse.a28893f) Subpackages: kpartx - Re-enable kmod-style dependencies for multipath-tools package (bsc#1119414) - Separate out libmpath0 (bsc#1119414) - Spec file improvements * Add Conflicts: for older multipath-tools to libmpath0 * Move license files to the libmpath0 package, which contains the code with complex licensing. The executables are GPL-2.0 anyway. * Remove bogus dependency of -devel package on device-mapper * -devel package depends on libmpath0, not multipath-tools * Remove %dir %{_defaultlicensedir} for SLE12-SP3 and newer (John Vandenberg ) * Remove unused /var/cache/multipath directory * Remove check for multipath maps in %pre and %post * Remove SLE11-specific multipathd service stop / start from %pre / %post * Remove obsolete tools from package description (bsc#1129827) * Add -n to %service_del_{pre,post}un for multipathd.socket - Update to version 0.8.0+17+suse.a28893f: * Code-identical to 0.7.9+139+suse.ed9d450, except for new version number - Disable kmod() style dependencies for now, as they are causing problems with image builds (bsc#1119414). They'd been active for SLE15-SP1 only, anyway. - _service: determine "tag offset" manually, the patch count determined by git is far too high. ==== osinfo-db ==== Version update (20190301 -> 20190319) - Update database to version 20190319 osinfo-db-20190319.tar.xz ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Fix typos in Groups. ==== python-base ==== Version update (2.7.15 -> 2.7.16) Subpackages: libpython2_7-1_0 python-xml - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. Upstream commits e37ef41 and 507bd8c. - Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.diff * Update python-2.7.5-multilib.patch to pass with new platlib regime. ==== python-gevent ==== - Switch off type_https test as it fails with new Python 2.7.16 - Clean up the SPEC file. ==== python-libvirt-python ==== Version update (5.1.0 -> 5.2.0) - Update to 5.2.0 - Add all new APIs and constants in libvirt 5.2.0 ==== relaxngDatatype ==== - Do not depend on the parent pom and remove its reference from the pom.xml files, since we are not building using Maven. - Install unversioned jar/pom files ==== salt ==== Version update (2018.3.2 -> 2019.2.0) Subpackages: python3-salt salt-master salt-minion - No longer limiting Python3 version to <3.7 - Async batch implementation - Added: * async-batch-implementation.patch - Update to Salt 2019.2.0 release For further information see: https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Added: * add-virt.all_capabilities.patch * add-virt.volume_infos-and-virt.volume_delete.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * include-aliases-in-the-fqdns-grains.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch - Removed: * accounting-for-when-files-in-an-archive-contain-non-.patch * add-engine-relaying-libvirt-events.patch * add-other-attribute-to-gecos-fields-to-avoid-inconsi.patch * add-support-for-python-3.7.patch * align-suse-salt-master.service-limitnofiles-limit-wi.patch * avoid-incomprehensive-message-if-crashes.patch * change-stringio-import-in-python2-to-import-the-clas.patch * decode-file-contents-for-python2-bsc-1102013.patch * do-not-override-jid-on-returners-only-sending-back-t.patch * don-t-error-on-retcode-0-in-libcrypto.openssl_init_c.patch * feat-add-grain-for-all-fqdns.patch * fix-async-call-to-process-manager.patch * fix-decrease-loglevel-when-unable-to-resolve-addr.patch * fix-deprecation-warning-bsc-1095507.patch * fix-diffing-binary-files-in-file.get_diff-bsc-109839.patch * fix-for-ec2-rate-limit-failures.patch * fix-for-errno-0-resolver-error-0-no-error-bsc-108758.patch * fix-for-sorting-of-multi-version-packages-bsc-109717.patch * fix-index-error-when-running-on-python-3.patch * fix-latin1-encoding-problems-on-file-module-bsc-1116.patch * fix-mine.get-not-returning-data-workaround-for-48020.patch * fix-unboundlocalerror-in-file.get_diff.patch * fixed-usage-of-ipaddress.patch * fixing-issue-when-a-valid-token-is-generated-even-wh.patch * get-os_family-for-rpm-distros-from-the-rpm-macros.-u.patch * improved-handling-of-ldap-group-id.patch * only-do-reverse-dns-lookup-on-ips-for-salt-ssh.patch * option-to-merge-current-pillar-with-opts-pillar-duri.patch * prepend-current-directory-when-path-is-just-filename.patch * prevent-zypper-from-parsing-repo-configuration-from-.patch * remove-old-hack-when-reporting-multiversion-packages.patch * retire-md5-checksum-for-pkg-mgmt-plugins.patch * show-recommendations-for-salt-ssh-cross-version-pyth.patch * strip-trailing-commas-on-linux-user-gecos-fields.patch * support-use-of-gce-instance-credentials-109.patch * update-error-list-for-zypper.patch * x509-fixes-for-remote-signing-106.patch - Modified: * add-all_versions-parameter-to-include-all-installed-.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * add-hold-unhold-functions.patch * add-saltssh-multi-version-support-across-python-inte.patch * azurefs-gracefully-handle-attributeerror.patch * bugfix-any-unicode-string-of-length-16-will-raise-ty.patch * debian-info_installed-compatibility-50453.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * fall-back-to-pymysql.patch * fix-for-suse-expanded-support-detection.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * fix-ipv6-scope-bsc-1108557.patch * fix-issue-2068-test.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * fixes-cve-2018-15750-cve-2018-15751.patch * get-os_arch-also-without-rpm-package-installed.patch * integration-of-msi-authentication-with-azurearm-clou.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * use-adler32-algorithm-to-compute-string-checksums.patch * x509-fixes-111.patch * zypper-add-root-configuration-parameter.patch - Add root parameter to Zypper module - Added: * zypper-add-root-configuration-parameter.patch ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-logger systemd-sysvinit udev - Import commit 4e6e66ea94cf5125f9044f0869939a86801ed2d8 430877e794 pam-systemd: use secure_getenv() rather than getenv() (bsc#1132348 CVE-2019-3842) 3cff2e6514 man: document that if the main process exits after SIGTERM we go directly to SIGKILL 26c4f7191c bus: fix memleak on invalid message - systemd-coredump: generate a stack trace of all core dumps (bsc#1128832) This stack trace is logged to the journal. ==== unbound ==== Subpackages: libunbound2 unbound-anchor - build python2 and python3 packages with proper name ==== vym ==== Version update (2.6.0 -> 2.7.0) - Update to upstream 2.7.0 (bugfix and features) ==== xml-commons-apis ==== - Do not depend on the apache-parent, since we are not building using Maven. ==== xml-commons-resolver ==== - Do not depend on the parent pom since we are not building using Maven.