Packages changed:
alsa
apparmor
bluedevil5
cockpit-podman (25 -> 26)
dmidecode
gettext-runtime
gnome-packagekit
gnome-tweaks
kinfocenter5
kscreen5
kwin5
libfido2 (1.5.0 -> 1.6.0)
libqt5-qtmultimedia
libqt5-qtquickcontrols
libqt5-qtquickcontrols2
libqt5-qtsensors
libqt5-qtwayland
milou5
ncurses (6.2.20210109 -> 6.2.20210116)
openssh
pango (1.48.0 -> 1.48.1)
plasma5-desktop
python-pyserial (3.4 -> 3.5)
python-setuptools
raspberrypi-firmware (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-config (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-dt
sudo (1.9.5p1 -> 1.9.5p2)
system-users
systemsettings5
sysuser-tools
webkit2gtk3
xdg-desktop-portal-kde
xfsprogs (5.9.0 -> 5.10.0)
zbar
=== Details ===
==== alsa ====
- Yet more fixes for the crash with dmix plugin (bsc#1181194):
0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
- Backport upstream fixes:
yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in
UCM (bsc#1181194):
0004-topology-use-inclusive-language-for-bclk.patch
0005-topology-use-inclusive-language-for-fsync.patch
0006-topology-use-inclusive-language-in-documentation.patch
0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
0038-topology-parse_tuple_set-remove-dead-condition-code.patch
0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
==== bluedevil5 ====
- Add compatibility with qml-autoreqprov
==== cockpit-podman ====
Version update (25 -> 26)
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
==== dmidecode ====
2 recommended fixes from upstream:
- dmidecode-fix-the-condition-error-in-ascii_filter.patch:
dmidecode: Fix the condition error in ascii_filter.
- dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash
with -u option.
==== gettext-runtime ====
Subpackages: libtextstyle0
- fixup libtextstyle autofoo with adding
use-acinit-for-libtextstyle.patch
==== gnome-packagekit ====
- Add gnome-packagekit-define-HAVE_SYSTEMD.patch: define
HAVE_SYSTEMD macro if systemd if found
(glgo#GNOME/gnome-packagekit!3, bsc#1134544).
==== gnome-tweaks ====
- Add 77dde7477922f645946bfc64b1b25aeed2b01919.patch -- Update
Norwegian bokm�l translation.
==== kinfocenter5 ====
- Add support for qml-autoreqprov
==== kscreen5 ====
- Compatibility with qml-autoreqprov
==== kwin5 ====
- Add compatibility with qml-autoreqprov
==== libfido2 ====
Version update (1.5.0 -> 1.6.0)
Subpackages: libfido2-1 libfido2-udev
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
==== libqt5-qtmultimedia ====
- Add compatibility with qml-autoreqprov
==== libqt5-qtquickcontrols ====
- Add compatibility with qml-autoreqprov
- Add patch to fix unfullfillable import:
* fix-handle-deps.patch
==== libqt5-qtquickcontrols2 ====
Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5
- Add compatibility with qml-autoreqprov
==== libqt5-qtsensors ====
- Add compatibility with qml-autoreqprov
==== libqt5-qtwayland ====
Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5
- Add compatibility with qml-autoreqprov
==== milou5 ====
- Backport upstream MR to avoid unfullfillable qmlimport requires
==== ncurses ====
Version update (6.2.20210109 -> 6.2.20210116)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Don't skip test for qemu builds
- Add ncurses patch 20210116
+ add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS
(report by Patrick McDermott) -TD
+ make opts extension for getcchar work as documented for ncurses 6.1,
adding "-g" flag to test/demo_new_pair to illustrate.
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Add openssh-fix-ssh-copy-id.patch, which fixes breakage
introduced in 8.4p1 (bsc#1181311).
- Improve robustness of sshd init detection when upgrading from
a pre-systemd distribution.
- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
diffie-hellman-group14-sha1 key exchange back to the default
list (bsc#1180958). This is needed for backwards compatibility
with older platforms.
- Make sure sshd is enabled correctly when upgrading from a
pre-systemd distribution (bsc#1180083).
==== pango ====
Version update (1.48.0 -> 1.48.1)
Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0
- Update to version 1.48.1:
+ Fix itemization of multi-paragraph layouts.
+ Fix a few memory leaks.
+ Fix glyph origins in vertical layout.
==== plasma5-desktop ====
- Add support for qml-autoreqprov
==== python-pyserial ====
Version update (3.4 -> 3.5)
- update to version 3.5:
New Features:
[#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module)
Improvements:
[#315] Use absolute import everywhere
[#354] Make ListPortInfo hashable
[#372] threaded: "write" returns byte count
[#400] Add bytesize and stopbits argument parser to tcp_serial_redirect
[#408] loop: add out_waiting
[#495] list_ports_linux: Correct "interface" property on Linux hosts
[#500] Remove Python 3.2 and 3.3 from test
[#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates
miniterm: add CTRL+T Q as alternative to exit
miniterm: suspend function key changed to CTRL-T Z
add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports).
python -m serial opens miniterm (use w/o args and it will print port list too) [experimental]
Bugfixes:
[#371] Don't open port if self.port is not set while entering context manager
[#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException
[#261, #263] list_ports: set default name attribute
[#286] fix: compare only of the same type in list_ports_common.ListPortInfo
rfc2217/close(): fix race-condition
[#305] return b'' when connection closes on rfc2217 connection
[#386] rfc2217/close(): fix race condition
Fixed flush_input_buffer() for situations where the remote end has closed the socket.
[#441] reset_input_buffer() can hang on sockets
examples: port_publisher python 3 fixes
[#324] miniterm: Fix miniterm constructor exit_character and menu_character
[#326] miniterm: use exclusive access for native serial ports by default
[#497] miniterm: fix double use of CTRL-T + s use z for suspend instead
[#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr
[#265] posix: fix PosixPollSerial with timeout=None and add cancel support
[#290] option for low latency mode on linux
[#335] Add support to xr-usb-serial ports
[#494] posix: Don't catch the SerialException we just raised
[#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux
[#509 #518] list_ports: use hardcoded path to library on osx
[#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur
[#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon
==== python-setuptools ====
- We cannot remove vendored packages when generating setuptools
wheel (bsc#1177127).
==== raspberrypi-firmware ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-config ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-dt ====
- Introduce upstream-blconfig-rmem.patch for firmware to be able to define
firmware's configuration reserved memory (jsc#SLE-16616)
==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody
- Add system-user-vscan subpackage with vscan user and group and
/var/spool/amavis as home directory
- Remove kvm group from hardware subpackage, since kvm is in its
own subpackage (jsc#SLE-11629).
- Add qemu user to kvm group
- Add system account and groups for kvm, qemu, and libvirt
(jsc#SLE-11629)
New files: system-group-kvm.conf, system-group-libvirt.conf,
system-user-qemu.conf
- Don't add group nogroup to user nobody, as many daemons misuse
'nogroup' as own group
- Use test -x instead of -f
- Call usermod only if installed
- Align /var/lib/tss permissions with trousers (boo#1162360).
- Add tss user for TPM tools (boo#1162360).
- Remove s390 groups again. The s390-tools maintainer wants to add groups in
s390-tools manually.
- Add system-user-tftp subpackage with tftp user and group and
/srv/tftpboot as home directory [bsc#1143454].
- Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730)
- Add "render" group in system-group-hardware (bsc#1085847)
"uaccess" tag has been dropped from /dev/dri/renderD* and these devices
now have 0666 permsions by default is owned by the render group.
- Change home directory of user man to /var/lib/empty. Home
directories below /var/cache are by definition insecure and a
bad idea.
- uuidd does not need group daemon, Copy&Paste error.
- udev needs groups kvm and lp: [bsc#1058703]
- Add group kvm to system-group-hardware
- Move group lp from system-user-lp to system-group-hardware
- Add system-user-uuidd.conf (boo#1057937#c3).
- user nobody: move usermod to %post, else it will be executed
before the user is created.
- Drop pkgconfig(systemd) BuildRequires: we no longer depend on
systemd-sysusers, but converted to shadow toolset.
- Move group trusted into system-user-root package [bsc#1044014]
- Move system-user-root into own package
- Fix syntax of groups in system-user-root.conf
- Add utmp to system-group-hardware.conf like systemd has
- Create new system-user-root sub-package creating passwd, group
and shadow files with root user.
- BuildRequire pkgconfig(systemd) instead of systemd: this allows
OBS to pick systemd-mini, which is still good enough. And
ultimately it helps us break a build cycle
(system-users - libssh2_org - curl - systemd - system-users).
- BuildIgnore group(lock) and group(daemon) for ourselves, needed
for bootstrap.
- /bin/bash is needed as shell for user nobody
- Add upsd for UPS daemon packages.
- Prerequire group lock for uucp
- Allow user uucp to do locking
- Fix group ownership of /var/lib/wwwrun
- Add group sys to system-group-obsolete
- Add systemusers lp and nobody
- Add systemusers wwwrun, mail and ftp
- Add hardware access groups: kmem, lock, tty, audio, cdrom,
dialout, disk, input, tape, video
- Add group wheel
- Remove /var/spool/uucp directories...
- Change license to MIT
- Add subpackages for obsolete groups and trusted group
- Add subpackages for bin, daemon, news and man
- Adjust to new sysuser-tools
- Use automatic provides and generate %pre with a script
- fix uids and add also groups
- Create users in %pre install section
- Add /etc/uucp to filelist of system-user-uucp
- Add system account games
- Initial version with system account uucp
==== systemsettings5 ====
- Add QML provides
==== sysuser-tools ====
- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets
installed before.
- suggest shadow where useradd_or_adduser_dep is actually required
- Avoid useless use of cat
- Simplify %sysusers_requires
- Drop shebang, rpm passes it to /bin/sh itself
- Packages providing users need /usr/bin/cat installed to create
them. Add that to the PreRequires.
- Create system groups for system users
- Fix bug introduced by simplification of check for useradd -g
- Refactor use of sed away
- Use eval set -- $LINE instead of read for parsing
- Clean up sysusers2shadow and make it use only /bin/sh
- Don't let busybox adduser create the home directory, it breaks
permissions of e.g. /sbin (home of daemon)
- Use only /bin/sh in sysusers-generate-pre and the generated code
- Drop use of tail from the generated %pre scriptlets
- Look for /bin/busybox, too
- Add special handling for busybox and groups
- Use suggests shadow to prefer that over busybox in normal systems
- Add support for busybox adduser/addgroup
- Change requirements from shadow to useradd_or_adduser_dep
- Fix default home directory [bsc#1105934]
- Use _rpmmacrodir for macro file
- Further enhance sysusers-generate-pre: inside the build
environment, it can be acceptable to be failing to create the
users (e.g when building sysuser-tools or system-user-root, since
those two packages have to be speificallty excluded). Always
return with error code 0 if /.buildenv exists.
- sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod
call fails: the resulting system is quite undefined if this
should happen.
- sysusers-generate-pre: exit the pre script with the exit code
of sysusers2shadow.sh.
- sysuser-tools needs to require sysuser-shadow
- Add requires for shadow to sysuser-shadow
- Put helper script into own subpackage
- Convert sysusers config file to shadow arguments and use
shadow suite to create user and groups. Fixes [bsc#1041497] and
serveral dependency loops.
- Don't ignore errors of systemd-sysusers [bsc#1039708]
- Don't remove 'm' and 'r' entries from sysusers configuration
- Add macros.sysusers
- initial package
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles
- Add webkit-font-scaling.patch: Fix system font scaling not
applied to 'font-size: XXXpt'; patch taken from upstream and
rebased to apply cleanly
(https://bugs.webkit.org/show_bug.cgi?id=218450).
- Pass `-q` to setup to disable printing long list of files
extracted from source tarball.
==== xdg-desktop-portal-kde ====
- Add compatibility with qml-autoreqprov
==== xfsprogs ====
Version update (5.9.0 -> 5.10.0)
- update to 5.10.0:
- xfs_repair: remove old code for mountpoint inodes
- xfsprogs: Add inode btree counter feature
- xfsprogs: Add bigtime feature for Y2038
- xfsprogs: Polish translation update
- mkfs.xfs: Add config file feature
- mkfs.xfs: allow users to specify rtinherit=0
- xfs_repair: simplify bmap_next_offset
- man: various manpage updates
- libxfs: remove some old dead code
- libxfs: add realtime extent tracking
- libxfs changes merged from kernel 5.10
- refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch
against libxfs changes
==== zbar ====
- Apply patch0 unconditionally and fix build on Leap