Packages changed: Mesa Mesa-drivers apache2 (2.4.49 -> 2.4.51) apache2-manual (2.4.49 -> 2.4.51) apache2-prefork (2.4.49 -> 2.4.51) apache2-utils (2.4.49 -> 2.4.51) bash ca-certificates-mozilla (2.50 -> 2.52) cepces cogl e2fsprogs elfutils elfutils-debuginfod filesystem gawk gtk4 hiredis (1.0.0 -> 1.0.2) ldb (2.3.0 -> 2.4.0) libsolv (0.7.19 -> 0.7.20) libsoup2 libstorage-ng (4.4.41 -> 4.4.43) llvm12 llvm13 (12.0.1 -> 13.0.0) lz4 mozilla-nss (3.69.1 -> 3.70) redis (6.2.5 -> 6.2.6) samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) tar texinfo timezone (2021a -> 2021c) timezone-java (2021a -> 2021c) transactional-update (3.5.5 -> 3.5.6) trousers u-boot-rpiarm64 (2021.07 -> 2021.10) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== apache2 ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-manual ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-prefork ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== apache2-utils ==== Version update (2.4.49 -> 2.4.51) - version update to 2.4.51 * ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. - version update to 2.4.50 * ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in the uri-path when it's preceded by a dot. [Yann Ylavic] * ) mod_md: when MDMessageCmd for a 'challenge-setup::' fails (!= 0 exit), the renewal process is aborted and an error is reported for the MDomain. This provides scripts that distribute information in a cluster to abort early with bothering an ACME server to validate a dns name that will not work. The common retry logic will make another attempt in the future, as with other failures. Fixed a bug when adding private key specs to an already working MDomain, see . [Stefan Eissing] * ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they had no hostname ("unix:/..."). [Yann Ylavic] * ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could run into an assertion which terminated (and restarted) the child process where the task was running. Eventually, all OCSP responses were collected, but not in the way that things are supposed to work. See also . The bug was possibly triggered when more than one OCSP status needed updating at the same time. For example for several renewed certificates after a server reload. * ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590. [Janne Peltonen ] * ) event mpm: Correctly count active child processes in parent process if child process dies due to MaxConnectionsPerChild. PR 65592 [Ruediger Pluem] * ) mod_http2: when a server is restarted gracefully, any idle h2 worker threads are shut down immediately. Also, change OpenSSL API use for deprecations in OpenSSL 3.0. Adds all other, never proposed code changes to make a clean sync of http2 sources. [Stefan Eissing] * ) mod_dav: Correctly handle errors returned by dav providers on REPORT requests. [Ruediger Pluem] * ) core: do not install core input/output filters on secondary connections. [Stefan Eissing] * ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. [Ruediger Pluem] * ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] ==== bash ==== Subpackages: bash-doc - Install bash_builtins manpage under the correct name ==== ca-certificates-mozilla ==== Version update (2.50 -> 2.52) - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA - remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021. (bsc#1190858) ==== cepces ==== Subpackages: cepces-certmonger cepces-selinux python3-cepces - Only install the selinux policy if necessary - Add missing dependency on the main package to the certmonger subpackage - Use %license and move it to the common subpackage - Avoid bashisms - Fix file list for the python subpackage for 3.10+ - Also disable selinux in 15.4, since it is still not supported. ==== cogl ==== Subpackages: libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0 - Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2: Fix undefined references. Following this, add libtool BuildRequires and pass autoreconf call before configure as the patch touches the buildsystem. - Add patches from fedora that should have gone upstream: + 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch: egl: Use eglGetPlatformDisplay not eglGetDisplay. + 0002-add-GL_ARB_shader_texture_lod-support.patch: Add GL_ARB_shader_texture_lod support. + 0003-texture-support-copy_sub_image.patch: texture: Support copy_sub_image. ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libext2fs2 - quota-Add-support-to-version-0-quota-format.patch: quota: Add support to version 0 quota format (jsc#SLE-17360) quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360) quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360) tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota files (jsc#SLE-17360) e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not trash user limits when processing orphan list (jsc#SLE-17360) debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota commands (jsc#SLE-17360) quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360) - add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships with them ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) SLE bug (for tracking the above) bsc#1191310 ==== elfutils-debuginfod ==== - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) ==== filesystem ==== - don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on file trigger compat mode in that case and do it posttrans (boo#1189788). - generic %ghost handling instead of hardcoding ==== gawk ==== - remove update-alternatives support, as on linux systems GNU software (i.e. gawk in this case) is usually considered the default implementation. - use %make macros ==== gtk4 ==== Subpackages: gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0 - Fix a syntax error in the gtk4_immodule_postun RPM macro ==== hiredis ==== Version update (1.0.0 -> 1.0.2) - hiredis 1.0.2 * Hiredis v1.0.2 is a security release with a fix for CVE-2021-32765. v1.0.1 erroneously bumped the SONAME so should be skipped. - hiredis 1.0.1: * CVE-2021-32765: integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data boo#1191331 ==== ldb ==== Version update (2.3.0 -> 2.4.0) Subpackages: libldb2 python3-ldb - Update to version 2.4.0 + Improve calculate_popt_array_length() + Use C99 initializers for builtin_popt_options[] + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + pyldb: fix a typo + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests + Add missing break in switch statement ==== libsolv ==== Version update (0.7.19 -> 0.7.20) Subpackages: libsolv-tools python3-solv ruby-solv - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest [bsc#1190465] - fix compatibility with Python 3.10 - new SOLVER_EXCLUDEFROMWEAK job type - support for environments in comps parser - bump version to 0.7.20 - Disable python2 usage on suse_version >= 1550 by default (still possible to use osc build --with=python). ==== libsoup2 ==== Subpackages: libsoup-2_4-1 typelib-1_0-Soup-2_4 - Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840) ==== libstorage-ng ==== Version update (4.4.41 -> 4.4.43) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#835 - generate pools with dasds - extended testsuite - 4.4.43 - merge gh#openSUSE/libstorage-ng#834 - added get_dasd_type_name() and get_dasd_format_name() - 4.4.42 ==== llvm12 ==== Subpackages: clang12 clang12-doc libLLVM12 libLTO12 libclang12 - Don't build clang-tools, libc++ and python3-clang anymore, because they come from llvm13 now. - Remove version requirement from clang-tools dependency. ==== llvm13 ==== Version update (12.0.1 -> 13.0.0) Subpackages: clang-tools libc++-devel libc++1 libc++abi-devel libc++abi1 - Update to version 13.0.0. * For details, see the release notes: - https://releases.llvm.org/13.0.0/docs/ReleaseNotes.html - https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html - https://releases.llvm.org/13.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html - https://releases.llvm.org/13.0.0/projects/libcxx/docs/ReleaseNotes.html - https://releases.llvm.org/13.0.0/tools/lld/docs/ReleaseNotes.html * New LLVM tools: - llvm-otool: Mach-O object file displaying tool. - llvm-sim: LLVM IR Similarity Visualizer. - llvm-tapi-diff: Diff tool for tbd files. - llvm-windres: Tool to manipulate Windows resources. * llvm-elfabi was removed. * New Clang tools: - clang-repl, an interactive interpreter for C/C++. - intercept-build, analyze-build: the former intercepts build commands to build a compilation database, the latter runs the static analyzer over all translation units. - scan-build-py: Python reimplementation of scan-build. - Rebase patches: * link-clang-shared.patch * llvm-do-not-install-static-libraries.patch * llvm-exegesis-link-dylib.patch - Drop patches that have landed upstream: * tablegen-test-link-static.patch - Run tests on more architectures, disable those that seem to hang. Don't run libcxx tests at all anymore because they take so long. - Relax constraints so that we can build on more machines. ==== lz4 ==== - version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438] ==== mozilla-nss ==== Version update (3.69.1 -> 3.70) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - required for Firefox 93 ==== redis ==== Version update (6.2.5 -> 6.2.6) - redis 6.2.6 with security fixes for * Security fixes: - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value (boo#1191299) - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms (boo#1191300) - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value (boo#1191302) - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections (boo#1191303) - CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304) - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value (boo#1191305) - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit (boo#1191305) - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow (boo#1191306) * Bug fixes that involve behavior changes: - GEO* STORE with empty source key deletes the destination key and return 0 Previously it would have returned an empty array like the non-STORE variant. - PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions This actually changed in 6.2.0 but was overlooked and omitted from the release notes. * Bug fixes that are only applicable to previous releases of Redis 6.2: - Fix CLIENT PAUSE, used an old timeout from previous PAUSE - Fix CLIENT PAUSE in a replica would mess the replication offset - Add some missing error statistics in INFO errorstats * Other bug fixes: - Fix incorrect reply of COMMAND command key positions for MIGRATE command - Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) - Fix the wrong misdetection of sync_file_range system call, affecting performance * CLI tools: - When redis-cli received ASK response, it didn't handle it * Improvements: - Add latency monitor sample when key is deleted via lazy expire - Sanitize corrupt payload improvements - Delete empty keys when loading RDB file or handling a RESTORE command ==== samba ==== Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-policy0-python3 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-doc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind - Adjust spec to use pam macros; (bsc#1191046). - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. - Add missing build dependency on bison when building with the embedded Heimdal Kerberos - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed - Update to 4.14.7 * smbd panic on force-close share during offload write; (bso#14769); * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK; (bso#12033); * Fix returned attributes on fake quota file handle and avoid hitting the VFS; (bso#14731); * vfs_shadow_copy2 fix inodes not correctly updating inode numbers; (bso#14756); * Fix build on Solaris; (bso#14774); * Make dos attributes available for unreadable files; (bso#14654); * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7; (bso#14607); * Start the SMB encryption as soon as possible; (bso#14793); ==== tar ==== Subpackages: tar-rmt - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131 * bsc#1120610 ==== texinfo ==== Subpackages: info info-std - Move to /usr for UsrMerge (boo#1191099) ==== timezone ==== Version update (2021a -> 2021c) - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. ==== timezone-java ==== Version update (2021a -> 2021c) - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. ==== transactional-update ==== Version update (3.5.5 -> 3.5.6) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.6 - tukit: Add S/390 bootloader support [bsc#1189807] - t-u: support purge-kernels with t-u patch [bsc#1190788] ==== trousers ==== - move libraries to /usr/lib (bsc#1191102) ==== u-boot-rpiarm64 ==== Version update (2021.07 -> 2021.10) Subpackages: u-boot-rpiarm64-doc - Update to 2021.10 Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222). Enable BTRFS for Risc-V. Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0013-riscv-enable-CMD_BTRFS.patch 0014-Disable-timer-check-in-file-loading.patch - Update to 2021.10-rc5 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped (upstreamed): 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch - Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64 - Add sifiveunmatched flavor - Update to 2021.10-rc4 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped: 0014-btrfs-Use-default-subvolume-as-file.patch