Packages changed: bcache-tools gnome-user-docs (3.36.2 -> 3.36.6) gnutls (3.6.14 -> 3.6.15) kbd libarchive libxml2 open-vm-tools openldap2 (2.4.52 -> 2.4.53) podman xfsprogs (5.7.0 -> 5.8.0) === Details === ==== bcache-tools ==== - Cure fallout from %_libexecdir change [boo#1174075, boo#1176244] ==== gnome-user-docs ==== Version update (3.36.2 -> 3.36.6) - Update to version 3.36.6: + Various updates and corrections to GNOME Help. + Updated translations. ==== gnutls ==== Version update (3.6.14 -> 3.6.15) - Update to 3.6.15 * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. [GNUTLS-SA-2020-09-04, CVSS: medium] * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now indicates that with a false return value (!1306). * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked accordingly to SP800-56A rev 3 (!1295, !1299). * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than the size of the internal base64 blob (#1025). * libgnutls: Certificate verification failue due to OCSP must-stapling is not honered is now correctly marked with the GNUTLS_CERT_INVALID flag * libgnutls: The audit log message for weak hashes is no longer printed twice * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is disabled in the priority string. Previously, even when TLS 1.2 is explicitly disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is enabled (#1054). - drop upstreamed patches: * gnutls-detect_nettle_so.patch * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch ==== kbd ==== Subpackages: kbd-legacy - add libkeymap-Fix-mk_mapname-for-the-plain-map.patch ==== libarchive ==== - fix build with binutils submitted to Factory, adding upstream libarchive-3.4.3-fix_test_write_disk_secure.patch ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Security fix: [bsc#1176179, CVE-2020-24977] * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal - Add patch libxml2-CVE-2020-24977.patch ==== open-vm-tools ==== Subpackages: libvmtools0 - Use libtirpc also in SLE-15-SP3 ==== openldap2 ==== Version update (2.4.52 -> 2.4.53) - updated to 2.4.53 OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332) ==== podman ==== Subpackages: podman-cni-config - Cleanup %install section to use "make install" - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions ==== xfsprogs ==== Version update (5.7.0 -> 5.8.0) - update to v5.8.0: * xfs_db: set b_ops to NULL for types without verifiers * mkfs: allow setting dax flag on root directory * xfs_quota: improve reporting and messages * xfs_db: use correct inode to set inode type * xfs_db: fix nlink usage in check * xfs_db: report the inode dax flag * man: update mkfs.xfs inode flag option documentation * xfsprogs: move custom interface def'ns to new header * xfs_repair: check quota counters * xfs_io: fix -D vs -R handling * libxfs changes merged from kernel 5.8