Packages changed:
Mesa
Mesa-drivers
bash
ca-certificates-mozilla (2.50 -> 2.52)
cogl
e2fsprogs
elfutils
filesystem
gawk
gtk4
ldb (2.3.0 -> 2.4.0)
libsolv (0.7.19 -> 0.7.20)
libsoup2
lz4
mozilla-nss (3.69.1 -> 3.70)
samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
tar
timezone (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
u-boot-rpiarm64 (2021.07 -> 2021.10)
=== Details ===
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== bash ====
- Install bash_builtins manpage under the correct name
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== cogl ====
Subpackages: libcogl-pango20 libcogl20
- Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2:
Fix undefined references. Following this, add libtool
BuildRequires and pass autoreconf call before configure as the
patch touches the buildsystem.
- Add patches from fedora that should have gone upstream:
+ 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch:
egl: Use eglGetPlatformDisplay not eglGetDisplay.
+ 0002-add-GL_ARB_shader_texture_lod-support.patch: Add
GL_ARB_shader_texture_lod support.
+ 0003-texture-support-copy_sub_image.patch: texture: Support
copy_sub_image.
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== gtk4 ====
Subpackages: gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0
- Fix a syntax error in the gtk4_immodule_postun RPM macro
==== ldb ====
Version update (2.3.0 -> 2.4.0)
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
Subpackages: libsoup-2_4-1 typelib-1_0-Soup-2_4
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== lz4 ====
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== mozilla-nss ====
Version update (3.69.1 -> 3.70)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93
==== samba ====
Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs
- Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.
- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos
- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed
- Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
(bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting
the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
(bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
==== tar ====
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
==== u-boot-rpiarm64 ====
Version update (2021.07 -> 2021.10)
Subpackages: u-boot-rpiarm64-doc
- Update to 2021.10
Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222).
Enable BTRFS for Risc-V.
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0013-riscv-enable-CMD_BTRFS.patch
0014-Disable-timer-check-in-file-loading.patch
- Update to 2021.10-rc5
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped (upstreamed):
0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch
- Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64
- Add sifiveunmatched flavor
- Update to 2021.10-rc4
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped:
0014-btrfs-Use-default-subvolume-as-file.patch