Packages changed: expat (2.2.7 -> 2.2.8) gcc9 (9.2.1+r274709 -> 9.2.1+r275327) grub2 installation-images-MicroOS (14.434 -> 14.435) lvm2-device-mapper (1.02.149 -> 1.02.163) python-jsonpatch (1.23 -> 1.24) python-oauthlib (3.0.2 -> 3.1.0) python-pyasn1 (0.4.5 -> 0.4.7) python-pytz python-setuptools python-urllib3 timezone (2019b -> 2019c) transactional-update (2.15 -> 2.16) yast2 (4.2.19 -> 4.2.23) === Details === ==== expat ==== Version update (2.2.7 -> 2.2.8) - Version update to 2.2.8 * Security fixes: (CVE-2019-15903, bsc#1149429) - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; * Bug fixes: - Fix cases where XML_StopParser did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without "-d DIRECTORY"; previously, only "-d DIRECTORY" would give you a proper exit code: Now both cases return exit code 2. * Other changes: - examples: Improve elements.c - Autotools: Add argument --enable-xml-attr-info - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom - Autotools: Fix linking issues with "./configure LD=clang" - Autotools: Fix "make run-xmltest" for out-of-source builds - CMake: Pull all options from Expat <=2.2.7 into namespace - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Install expat_config.h to include directory - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..]) - CMake: Now produces a summary of applied configuration - CMake: Require C++ compiler only when tests are enabled - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) - CMake: Port "make run-xmltest" from GNU Autotools to CMake - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF - Removed patches fixed in the update: * expat-CVE-2019-15903.patch * expat-CVE-2019-15903-tests.patch - Security fix (CVE-2019-15903, bsc#1149429) * Crafted XML input results in heap-based buffer over-read by fooling the parser into changing from DTD parsing to document parsing * Added patches: - expat-CVE-2019-15903.patch - expat-CVE-2019-15903-tests.patch ==== gcc9 ==== Version update (9.2.1+r274709 -> 9.2.1+r275327) Subpackages: libgcc_s1 libstdc++6 - Add gcc9-pr91772.patch and gcc9-pr91763.patch to fix fallout of gcc9-autodetect-g-at-lto-link.patch. - Add gcc9-autodetect-g-at-lto-link.patch. [bsc#1149995] - Reorder things in cross.spec.in so the Version define comes before the first use of %version. - Revert removal of defattr, it breaks building on SLES12. - Update to gcc-9-branch head (r275327). * Pulls fix for POWER9 DARN miscompilation. (bsc#1149145, CVE-2019-15847) - Rework shared spec file parts to allow custom Summary and Description for cross compilers. Clarify their Summary and Description. [bsc#1148517] - Replace old $RPM_* shell vars by macros (where possible). - Drop defattr and BuildRoot. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix fallback embed doesn't work when no post mbr gap at all (boo#1142229) * Refresh grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch ==== installation-images-MicroOS ==== Version update (14.434 -> 14.435) - fix sshd location so that it works with fips enabled (bsc#1140169) - 14.435 ==== lvm2-device-mapper ==== Version update (1.02.149 -> 1.02.163) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec: make baselibs.conf to a common source. - Avoid creation of mixed-blocksize PV on LVM volume groups (bsc#1149408) + bug-1149408_Fix-rounding-writes-up-to-sector-size.patch + bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch - Update lvm.conf files - add devices/allow_mixed_block_sizes item - Update to LVM2.2.03.05 - To drop lvm2-clvm and lvm2-cmirrord rpms (jsc#PM-1324) - Fix Out of date package (bsc#1111734) - Fix occasional slow shutdowns with kernel 5.0.0 and up (bsc#1137648) - Remove clvmd - Remove lvmlib (api) - Remove lvmetad - Drop patches that have been merged into upstream - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch - bug-1135984_cache-support-no_discard_passdown.patch - Drop patches that have been nonexist/unsupport in upstream - bsc1080299-detect-clvm-properly.patch - bug-998893_make_pvscan_service_after_multipathd.patch - bug-978055_clvmd-try-to-refresh-device-cache-on-the-first-failu.patch - bug-950089_test-fix-lvm2-testsuite-build-error.patch - bug-1072624_test-lvmetad_dump-always-timed-out-when-using-nc.patch - tests-specify-python3-as-the-script-interpreter.patch - Update spec files - merge device-mapper, lvm2-lockd, lvm2 into one spec file - clvmd/lvmlib (api)/lvmetad had been removed, so delete related context in spec file - Update lvm.conf files - remove all lvmetad lines/keywords - add event_activation - remove fallback_to_lvm1 & related items - remove locking_type/fallback_to_clustered_locking/fallback_to_local_locking items - remove locking_library item - remove all special filter rules ==== python-jsonpatch ==== Version update (1.23 -> 1.24) - Update to 1.24: * test with python 3.8 ==== python-oauthlib ==== Version update (3.0.2 -> 3.1.0) - Update to 3.1.0: * OAuth2.0 Provider - Features * #660: OIDC add support of nonce, c_hash, at_hash fields * #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method * #666: Disabling query parameters for POST requests ==== python-pyasn1 ==== Version update (0.4.5 -> 0.4.7) - Update to 0.4.7: * Many bugfixes all around, see CHANGES.rst ==== python-pytz ==== - Add versioned dependency on timezone database to ensure the correct data is installed - Remove system_zoneinfo.patch, and instead add a symlink to the system timezone database - Replace unnecessary pytest, adding a missing __init__.py in the tests to allow the test suite to work on Python 2.7 without pytest ==== python-setuptools ==== - Define LANG in %check to fix openSUSE/SLE 15 testsuite ==== python-urllib3 ==== - Use have/skip_python2/3 macros to allow building only one flavour ==== timezone ==== Version update (2019b -> 2019c) - timezone update 2019c (bsc#1150451) * Fiji observes DST from 2019-11-10 to 2020-01-12. * Norfolk Island starts observing Australian-style DST. ==== transactional-update ==== Version update (2.15 -> 2.16) Subpackages: transactional-update-zypp-config - Update to version 2.16 - Use default command if options, but no command was given [boo#1146116] - Make sure only one process appears in `ps` output [boo#1111897] - Move update check: If a new repository is added (and ZYPPER_AUTO_IMPORT_KEYS is set) adding the new repository key won't fail any more - Avoid unnecessary snapshots / reboots by detecting zypper operations without changes more reliably (e.g. when installing an already installed package) - Update the manpage accordingly - Bugfixes: - Ignore commented lines in fstab when checking for shadowed files - Avoid warning when copying network config - Remove Perl dependency - Building documentation requires Python 3 now ==== yast2 ==== Version update (4.2.19 -> 4.2.23) - Use "display_name" tag for the product label, "label" marks a translatable text (jsc#SLE-7214) - 4.2.23 - Added support for reading products from control.xml file (jsc#SLE-7104) - 4.2.22 - support reading licenses from tar archive (jsc#SLE-7214) - 4.2.21 - Fix a problem when long warnings reports in command line (bsc#1149776). - 4.2.20