Packages changed: acpica (20190405 -> 20190509) ceph (14.2.1.431+gd032e5dd80 -> 14.2.1.448+g1bd10a856f) curl (7.64.1 -> 7.65.0) fwupd (1.2.3 -> 1.2.8) gcc (8 -> 9) gcc7 gcc9 (9.0.1+r270591 -> 9.1.1+r271393) gdb hwinfo (21.64 -> 21.66) insserv-compat libimagequant libreoffice libssh libvirt perl-Mojolicious (8.16 -> 8.17) pmdk (1.5 -> 1.6) python-ipy (0.83 -> 1.00) python-pycryptodome === Details === ==== acpica ==== Version update (20190405 -> 20190509) - Update to version 20190509 Includes a fix that breaks VirtualBox https://github.com/acpica/acpica/issues/462 ==== ceph ==== Version update (14.2.1.431+gd032e5dd80 -> 14.2.1.448+g1bd10a856f) Subpackages: librados2 librbd1 - Update to 14.2.1-448-g1bd10a856f: + monitoring: update Grafana dashboards + mgr/dashboard: fix some performance data are not displayed + monitoring: SNMP OID per every Prometheus alert rule + mgr/dashboard: Validate if any client belongs to more than one group + mgr/dashboard: Admin resource not honored + mgr/dashboard: Unable to see tcmu-runner perf counters + mgr/dashboard: iSCSI form does not support IPv6 - Update to 14.2.1-440-g0ac6920288: + rebase on top of upstream nautilus branch, SHA1 1dc43a036fcc0121e3a0c1fe7ca6cd77cde1bf60 + client: fix vxattr nanosecond field padding (bsc#1135219, bsc#1135221) ==== curl ==== Version update (7.64.1 -> 7.65.0) Subpackages: libcurl4 - Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436] * Changes: - CURLOPT_DNS_USE_GLOBAL_CACHE: removed - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse - pipelining: removed * Bugfixes: - CVE-2019-5435: Integer overflows in curl_url_set - CVE-2019-5436: tftp: use the current blksize for recvfrom() - --config: clarify that initial : and = might need quoting - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk - CURLOPT_ADDRESS_SCOPE: fix range check and more - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value - CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE - CURL_MAX_INPUT_LENGTH: largest acceptable string input size - Curl_disconnect: treat all CONNECT_ONLY connections as "dead" - OS400/ccsidcurl: replace use of Curl_vsetopt - OpenSSL: Report -fips in version if OpenSSL is built with FIPS - WRITEFUNCTION: add missing set_in_callback around callback - altsvc: Fix building with cookies disabled - auth: Rename the various authentication clean up functions - base64: build conditionally if there are users - cmake: avoid linking executable for some tests with cmake 3.6+ - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use - cmake: set SSL_BACKENDS - configure: avoid unportable '==' test(1) operator - configure: error out if OpenSSL wasn't detected when asked for - configure: fix default location for fish completions - cookie: Guard against possible NULL ptr deref - curl: make code work with protocol-disabled libcurl - curl: report error for "--no-" on non-boolean options - curlver.h: use parenthesis in CURL_VERSION_BITS macro - docs/INSTALL: fix broken link - doh: acknowledge CURL_DISABLE_DOH - doh: disable DOH for the cases it doesn't work - examples: remove unused variables - ftplistparser: fix LGTM alert "Empty block without comment" - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies - http: acknowledge CURL_DISABLE_HTTP_AUTH - http: mark bundle as not for multiuse on < HTTP/2 response - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled - http_negotiate: do not treat failure of gss_init_sec_context() as fatal - http_ntlm: Corrected the name of the include guard - http_ntlm_wb: Handle auth for only a single request - http_ntlm_wb: Return the correct error on receiving an empty auth message - lib509: add missing include for strdup - lib557: initialize variables - mbedtls: enable use of EC keys - mime: acknowledge CURL_DISABLE_MIME - multi: improved HTTP_1_1_REQUIRED handling - netrc: acknowledge CURL_DISABLE_NETRC - nss: allow fifos and character devices for certificates - nss: provide more specific error messages on failed init - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 - openssl: mark connection for close on TLS close_notify - openvms: Remove pre-processor for SecureTransport - parse_proxy: use the URL parser API - parsedate: disabled on CURL_DISABLE_PARSEDATE - pingpong: disable more when no pingpong protocols are enabled - polarssl_threadlock: remove conditionally unused code - progress: acknowledge CURL_DISABLE_PROGRESS_METER - proxy: acknowledge DISABLE_PROXY more - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries - revert "multi: support verbose conncache closure handle" - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 - sasl: only enable if there's a protocol enabled using it - singleipconnect: show port in the verbose "Trying ..." message - socks5: user name and passwords must be shorter than 256 - socks: fix error message - socksd: new SOCKS 4+5 server for tests - spnego_gssapi: fix return code on gss_init_sec_context() failure - ssh-libssh: remove unused variable - ssh: define USE_SSH if SSH is enabled (any backend) - ssh: move variable declaration to where it's used - test1002: correct the name - test2100: Fix typos in test description - tests: Run global cleanup at end of tests - tests: make Impacket (SMB server) Python 3 compatible - tool_cb_wrt: fix bad-function-cast warning - tool_formparse: remove redundant assignment - tool_help: Warn if curl and libcurl versions do not match - tool_help: include for strcasecmp - url: always clone the CUROPT_CURLU handle - url: convert the zone id from a IPv6 URL to correct scope id - urlapi: add CURLUPART_ZONEID to set and get - urlapi: increase supported scheme length to 40 bytes - urlapi: require a non-zero host name length when parsing URL - urlapi: stricter CURLUPART_PORT parsing - urlapi: strip off zone id from numerical IPv6 addresses - urlapi: urlencode characters above 0x7f correctly - vauth/cleartext: update the PLAIN login to match RFC 4616 - vauth/oauth2: Fix OAUTHBEARER token generation - vauth: Fix incorrect function description for Curl_auth_user_contains_domain - vtls: fix potential ssl_buffer stack overflow - wildcard: disable from build when FTP isn't present - xattr: skip unittest on unsupported platforms ==== fwupd ==== Version update (1.2.3 -> 1.2.8) Subpackages: fwupd-lang libfwupd2 - Update to version 1.2.8: * Don't upload reports when the user has configured their system in a broken way * Allow setting the daemon verbose domains at runtime * Allow fwupdmgr to modify the daemon config * Do not compare version formats when the release format is unknown * Do not fall back integers to a plain version format * Use the device version format when converting the release version * Set the VersionFormat using the metadata or the UEFI quirk - Changes from version 1.2.7: * l10n: Create Lithuanian translation file * l10n: Update LINGUAS * Updated: Add support for 8BitDo M30. * modem-manager: increase the timeout to wait for modem after uninhibited * modem-manager: implement qmi pdc active config selection as attach() * fu-engine: When removing activation flag match the correct version * Require --force to install a release with a different version format * Match the old or new version number when setting NEEDS_REBOOT * Make an error message clearer when there are no updates available * Add support for the not-child extension from Logitech * thunderbolt: Set require-ac for Thunderbolt devices (Fixes: gh#hughsie/fwupd#1142) * Fix some typos spotted using codespell * Add a component categories to express the firmware type * fu-tool: Port get-history command to fwupdtool * Recreate the history database if migration failed * Move the core built-in 'fwupd' remote over to the dell-esrt plugin * snap: Add a custom systemd unit to call activation on shutdown (Fixes: gh#hughsie/fwupd#1125) * ata: Flush cache before standby and activate * synapticsmst: blacklist plugin when using amdgpu (Fixes: gh#hughsie/fwupd#1121) * uefi: add a new option to specify the os name * Return the newest device when using fu_history_get_device_by_id() * uefi: More carefully check the output from tpm2_pcrlist * uefi: Don't overwrite CustomFlags if set from a quirk * Shut down the daemon if the on-disk binary is replaced * ata: Correct activation functionality * Fix version comparisons after reboot for some formats * fu-tool: save history from stuff installed with `fwupdtool` - Changes from version 1.2.6: * ata: send ATA standby immediate when activating firmware * offline: Be more graceful when dealing with Plymouth failures * Save the new version in the history database for offline updates * Show the DeviceID when showing the updates list * Allow forcing an offline-only update on a live system using --force * Do not schedule an update on battery power if it requires AC power * superio: Add InstallDuration default value * superio: Add support for writing new e-flash contents * superio: Fix reading the attestation checksum * superio: Add support for reading the device checksum * superio: Use the chipset ID in the device name * superio: Move the device flush before getting the register map * superio: Move all the IT89xx code to a subclassed device object * superio: Move all the IT85xx code to a subclassed device object * superio: Split and export fu_superio_device_ec_writeX() * superio: Remove the port from fu_superio_device_ec_read() * superio: Move the register read/write into the FuSuperioDevice object * superio: Check the IOBAD0 is usable during setup * superio: Use fu_device_set_firmware_size() * superio: Move some constants out to the common header * superio: Use GObject properties in FuSuperioDevice * superio: Convert FuSuperioDevice to be derivable * Update Plymouth when updating pending firmware * Ask to reboot after scheduling an offline firmware update * Do not fail when scheduling more than one update to be run offline * Allow running offline updates when in system-update.target * Fix the location of fwupdoffline in the service file * Add optional vfuncs to allow detaching and attaching verify() * superio: Add list of SPI commands for future usage * Add a verify-update command to fwupdtool * uefi: Actually upload the UPDATE_INFO entry for the UX capsule * superio: Get the chip size from the EC rather than hardcoding * uefi: Check the error code of QueryCapsuleCapabilities() correctly * Update the UEFI UX Capsule Header checksum when needed. * uefi: Copy the shimx64.efi binary for known broken firmware * Correctly get the check the new version for devices that replug * Add a simple script to add a capsule header * Ensure the PKCS-7 client certificate exists at startup * fix makecab directive options * fwpup.service: use display-manager.service instead of gdm.service * Allow signing the fwupd report with the client certificate * Add a D-Bus method to generate a signature using the self-signed client certificate * Allow signing and verifying data using a PKCS-7 self-signed client certificate * Fix a critical warning when loading a PKCS-7 certificate with no DN * Include all device checksums in the LVFS report * modem-manager: Fix a trivial build warning * superio: Fix a trivial build warning * Move out the offline update functionality to a new binary * Do not reboot when failing to start fwupd during offline updates * Do not write the schema version to the db when loading * Do not recreate XbSilo caches when running on a readonly filesystem * Add the fwupdagent binary for use in shell scripts * Allow restricting firmware updates for enterprise use * standalone-installer: new --allow-older and --allow-reinstall options * Show the upgrade and downgrade flags when getting releases for a device * Rename FwupdRelease:trust-flags to FwupdRelease:flags * fu-tool: Save device state to @LOCALSTATEDIR@/lib/fwupd/state.json on actions * modem-manager: implement support for qmi-pdc * Add a plugin to support ModemManager hardware * fu-tool: Don't let failing to find dbus prevent engine from starting * ata: Support delayed activation * dell-dock: Use activation when calling fwupdtool activate * Add a support for delayed activation * uefi: Fix the self tests when running on Fedora SilverBlue * Do not fail to start the daemon if tpm2_pcrlist hangs * po/make-images.sh: quote LOCALEDIR and PYTHON3 * meson: print stderr of python3 command instead of stdout * Revert "contrib/debian: Switch to debian unstable" * Add elogind support - Changes from version 1.2.5: * uefi: fix segfault in fwup_set_update_statuses * Show in Flathub correctly * debian: explicitly depend on shared-mime-info * superio: Implement detach() and attach() * superio: Correct the names of some constants and improve debugging support * dell-dock: Filter the last supported payloads of certain board 4 SKUs * circleci: Manage the lifecycle of the snap * Add support to run snap build in CircleCI * wacom-usb: Use the correct buffer format for the touch module * wacom-usb: Set the install duration for each device type * wacom-usb: Return with an error if there were too many retries * wacom-usb: Make updating less verbose * Convert all child instance IDs when converting the parent * uefi: Allow devices to create more complete fake UEFI devices * unifying: Fix regression when recovering from failed flash * Ensure libxmlb dir exists for LGTM.com * Add C build configuration for LGTM.com * Use G_BEGIN_DECLS correctly for internal headers * standalone-installer: Fix issue found by LGTM * Use '#pragma once' to avoid a lot of boilerplate * Force LGTM to see Python 3 * fwupd: Hide firmware-packager behind meson option` * fu-common-cab: Correct handling of CAB files w/ nested directories and older libgcab * Fix a regression in using the InstanceIDs for quirk matching * thunderbolt: Convert the instance IDs as we never open the device * udev: Manally call fu_device_setup() to convert the instance IDs * fu-tool: Correct a crash caused by calling fwupdtool update * fu-tool: Don't fail if dbus is unavailable * contrib/debian: Switch to debian unstable * wacom-usb: Record the block number when failing * wacom-usb: The touch address is big endian * wacom-usb: Accept a non-binary IHEX file for the touch update * wacom-usb: Only poll when the device status is 'busy' * wacom-usb: Only reboot the device when all composite devices have been updated * wacom-usb: Fix flashing failure with latest Intuos Pro tablet * dfu: Fill holes when reading SREC files * Add fwupd_guid_from_string() to drop dep on uuid * wacom-raw: Check the InstanceID rather than GUID * Defer the InstanceID->GUID hashing until after setup * ata: Check for USB enclosures as well * Do not use efivar just to print a mixed endian GUID * Add fu_device_add_instance_id() and prefer explicit conversion * Report the DeviceInstanceIDs to `fwupdmgr get-updates` * Export some of the GUID functionality * Allow a plugin to set _ANOTHER_WRITE_REQUIRED to run more than one plugin * nvme: Add an extra check for Dell plugins to avoid false positives * ata: Add support for detecting Dell GUIDs * Fix the self tests when using glib2 >=2.59.0 * Add support to call composite prepare and cleanup using fwupdtool * uefi: Disable -Wno-address-of-packed-member * uefi: Don't unconditionally enable Werror for the EFI binary * Disable -Wno-address-of-packed-member - Changes from version 1.2.4: * Remove the autogenerated headers in the gettext files * ata: Default to the non-activation 0xE subcommand * fastboot: Use a much longer timeout as the removal delay * fu-progressbar: be more quiet when running non-interactive * fu-tool: Show UpdateMessage if applicable for install command * dfu: Simplify the SREC parser to avoid a crash with an invalid file * wacom-raw: Use the correct error codes when the panel is not supported * wacom-usb: Add some more information to the README * fu-keyring-utils: Don't fail missing PKI directory when compiled with GPG/PKCS7 * dell: Check that the flash interface command is available * wacom-usb: Fix the plugin name to allow devices to be updated * fastboot: flash the partition after downloading the file * uefi: Add a quirk to use the legacy bootmgr description * ata: Mark all devices as needing a reboot * ata: Add a new plugin to upgrade firmware on ATA/ATAPI hardware * udev-device: Add a utility function for debugging * udev-device: Set the firmware revision automatically * udev-device: Set the serial number automatically * udev-device: Fall back to non-database model and vendor values * udev-device: Fix critical warning if the device has no parent * dell-dock: Add support for a passive flow * Add support for an `UpdateMessage` and display it in tools * fu-tool: Port the `get-updates` command over * When using `directory` remote type automatically generate metadata * libfwupd: Add support for new remote type "directory" * Ensure cabinet archives always have a container checksum * Add support for a per-release source and details URL * When generating a CAB Silo use the prefix "components" * uefi: Add a trivial debugging statement to debug a UX capsule failure * uefi: Use fwup_new0() to allocate the updates table array * nitrokey: Correct Nitrokey Storage invalid firmware version read * dell-dock: Add support for flashing Thunderbolt over I2C * wacom-raw: Add a plugin to update Wacom embedded EMR and AES panels * fu-util/fu-tool: sync up reboot and shutdown behavior * dfu: Ignore the SUB ASCII value * dfu: Fix the parser to support extended segment addresses * dfu: Support ihex files with leading comments don't show an error * uefi: Correct a boot order creation bug (Fixes: gh#hughsie/fwupd#956) * uefi: Remove all variable length arrays * uefi: Fix a logic bug in fwup_search_file() * uefi: Use _cleanup_free in one more place * uefi: Do not pass required attrs to fwup_delete_variable() * uefi: Delete the old Linux-Firmware-Updater boot entry * uefi: Use the GNU-EFI BOOL type * Check if plugin changed after the device attaches or detaches * uefi: Refactor and simplify the EFI loader * Show a console warning if loading an out-of-tree plugin * UEFI: Do the UX checksum calculation in fwupd * wacom-usb: Add two more Intuos tablets * nvme: Add the needs-shutdown quirk to Phison NVMe drives * Add _NEEDS_SHUTDOWN flag for devices * Use GCC __cleanup__ features in the EFI loader * nvme: Add flag to support manually aligning the firmware to the FWUG value * nvme: Support FGUID to get the SKU GUID * nvme: Support FWUG to get the write block size * nvme: Add trivial comment to clarify address bitshifting * uefi: Do not check the BGRT status before uploading a UX capsule * dfu: Fix flashing various Jabra devices * upower: Add support for checking battery percentage * nvme: Check the return code of the admin passthru ioctl * fu-tool: Add support for an 'update' command to fwupdtool * dell-dock: Set minimum board to board 4 * dell-dock: Workaround a manufacturing bug for board level 4 * dell-dock: Wait longer for re-enumeration on TBT SKU * superio: Support IT89xx devices * fu-main: remove incompatible locale error message * Add a new plugin checklist (Fixes: gh#hughsie/fwupd#899) - Dropped obsolete patch: fwupd-bsc1130056-change-esp-os-name.patch (upstream PR: gh#hughsie/fwupd#1119 - Fixed fwupd-bsc1130056-change-shim-path.patch so that it works with the new files - Cleaned up changelog ==== gcc ==== Version update (8 -> 9) Subpackages: cpp gcc-c++ gcc-fortran gcc-info gcc-objc libstdc++-devel - Add ada links on riscv64 - Package default D compiler. - Switch gcc to default 9. ==== gcc7 ==== - Strip -flto from $optflags. ==== gcc9 ==== Version update (9.0.1+r270591 -> 9.1.1+r271393) Subpackages: libasan5 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libtsan0 libubsan1 - Update to gcc-9-branch head (r271393). - Always use ISL for crosses like for native compilers. - Update to gcc-9-branch head (r271050). - Strip -flto from $optflags as we use LTO bootstrap config. - Update to GCC 9.1.0 release. - Update to gcc-9-branch head (r270796). - Enable D for s390x. - Enable D for aarch64 and riscv64 - Update to gcc-9-branch head (r270689). * GCC 9.1 RC2. ==== gdb ==== - Add gdb-gcc9-fix-build-with-latest-GCC-9.0-tree.patch and gdb-gcc9-warning-on-elf32-arm.c-elf32_arm_final_link.patch in order to fix build with GCC9. ==== hwinfo ==== Version update (21.64 -> 21.66) - merge gh#openSUSE/hwinfo#80 - fix Makefile and allow building for old distros - 21.66 - merge gh#openSUSE/hwinfo#79 - return BIOS UUID in decoded (with '-'s) form (bsc#1135819) - 21.65 ==== insserv-compat ==== - fix handling of ,start= parameters (bsc#1133306) ==== libimagequant ==== - Add gcc9-Update-const-var-openmp-const-var-handling.patch in order to handle boo#1134979. ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - If there is no firebird engine we still need java to run hsqldb bsc#1135189 - LO-L3: PPTX: Rectangle turns from green to blue and loses transparency when transparency is set * bsc1135228.patch ==== libssh ==== - Add support for new AES-GCM encryption types; (bsc#1134193) * Add 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch * Add 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch * Add 0001-tests-Add-aes-gcm-ciphers-tests.patch ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - spec: add systemd-container dependency to qemu and lxc drivers bsc#1136109 ==== perl-Mojolicious ==== Version update (8.16 -> 8.17) - updated to 8.17 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.17 2019-05-23 - Fixed a bug in Mojo::UserAgent where the request timeout would not work for keep-alive requests. (ilmari) ==== pmdk ==== Version update (1.5 -> 1.6) Subpackages: libpmem1 - Disable Werror to deal with a new GCC 9 warning. - Update to PMDK 1.6 (jsc#SLE-5400) - See ChangeLog for details ==== python-ipy ==== Version update (0.83 -> 1.00) - version update to 1.00 * Fix IPv6 string interpretation for small ints * Various Python3 language fixes * consider 127.0 range LOOPBACK not PRIVATE ==== python-pycryptodome ==== Subpackages: python2-pycryptodome python3-pycryptodome - Use -fno-strict-aliasing in order to bypass: https://github.com/Legrandin/pycryptodome/issues/291.