Packages changed: bash ebtables installation-images-MicroOS (14.468 -> 14.470) krb5 openldap2 (2.4.49 -> 2.4.50) salt sudo (1.9.0rc2 -> 1.9.0rc4) yast2 (4.2.83 -> 4.2.84) === Details === ==== bash ==== - Fix usage of update-alternatives ==== ebtables ==== Subpackages: libebtc0 - Revert last /bin/bash -> /bin/sh change - Use /bin/sh for ebtables.systemd - Don't hard require systemd, we don't need that in a container ==== installation-images-MicroOS ==== Version update (14.468 -> 14.470) - merge gh#openSUSE/installation-images#374 - support MicroOSNG (bsc#1170885) - 14.470 - prepare for MicroOSNG - merge gh#openSUSE/installation-images#373 - beware of bash using update-alternatives - 14.469 ==== krb5 ==== - Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d notation: libexecdir is likely changing away from /usr/lib to /usr/libexec. ==== openldap2 ==== Version update (2.4.49 -> 2.4.50) - updated to 2.4.50 - added 0014-ITS-8650-fix-debug-usage.patch - enabled new contrib overlay pw-argon2 - replaced FTP by HTTPS download URL for source - removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230) ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Python 3.8 compatibility changes - msgpack support for version >= 1.0.0 (bsc#1171257) - Added: * python3.8-compatibility-pr-s-235.patch * msgpack-support-versions-1.0.0.patch - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Added: * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * make-lazyloader.__init__-call-to-_refresh_file_mappi.patch ==== sudo ==== Version update (1.9.0rc2 -> 1.9.0rc4) - Update to 1.9.0rc4 * Various spelling fixes. Bug #925. * The struct passwd passed to PAM session modules is now looked up by user name, not user-ID, when possible. Fixes a problem with the pam_limits module and configurations where multiple user names share the same ID. Debian bug #734752. * Sudo command line options that take a value may only be specified once. This is to help guard against problems caused by poorly written scripts that invoke sudo with user-controlled input. Bug #924. - Update to 1.9.0rc3 * The sudo-logsrvd package now installs a systemd service on Linux distros that use systemd. * The I/O plugin is now closed before the policy plugin on command exit. * When copying the edited files to the original path, sudoedit now allocates any additional space needed before writing. Previously, it could truncate the destination file if the file system was full. Bug #922. * Fixed a compilation issue with Python 3.8. * Changed how TLS connections are made to the log server. Instead of using a starttls type approach where TLS and plaintext connections share the same point we now use separate ports for plaintext and TLS connections. A (tls) flag can be specified after the host:port to indicate that the connection should be secured with TLS. This avoids a potention man-in-the-middle attack that could cause the connection to be forced into plaintext mode. Unfortunately, this change breaks compatibility with the previous release candidates. ==== yast2 ==== Version update (4.2.83 -> 4.2.84) - AutoYaST: Cleanup/improve issue handling (bsc#1171335). - 4.2.84