Packages changed: cryptsetup (2.3.3 -> 2.3.4) dracut filesystem fwupd gzip libcap (2.42 -> 2.43) libgpg-error (1.38 -> 1.39) libxcrypt (4.4.15 -> 4.4.17) lvm2 lvm2-device-mapper npth permissions (1550_20200826 -> 1550_20200904) python38 python38-core rsync utempter === Details === ==== cryptsetup ==== Version update (2.3.3 -> 2.3.4) Subpackages: libcryptsetup12 - Update to 2.3.4: * Fix a possible out-of-bounds memory write while validating LUKS2 data segments metadata (CVE-2020-14382, boo#1176128). * Ignore reported optimal IO size if not aligned to minimal page size. * Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9). * Added support panic_on_corruption option for dm-verity devices (kernel 5.9). * Support --master-key-file option for online LUKS2 reencryption * Always return EEXIST error code if a device already exists. * Fix a problem in integritysetup if a hash algorithm has dash in the name. * Fix crypto backend to properly handle ECB mode. * TrueCrypt/VeraCrypt compatible mode now supports the activation of devices with a larger sector. * LUKS2: Do not create excessively large headers. * Fix unspecified sector size for BitLocker compatible mode. * Fix reading key data size in metadata for BitLocker compatible mode. ==== dracut ==== Subpackages: dracut-ima - Generate the tarball during buildtime. Tracking both the tarball and the .obscpio combines the worst of both. ==== filesystem ==== - Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf. Allows to override config to add cleanup options of /var/tmp [bsc#1078466] - Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs) [bsc#1175519] - Fix bug about missing group in tmpfiles.d files - Generic cleanup: - Remove /usr/local/games - /etc/java was moved to javapackages-filesystem long ago - Remove unused languages: en@IPA, it_CH, ja_JP.EUC, ja_JP.SJIS, ja_JP.eucJP, nds_DE - Remove %ghost entries for /tmp, /tmp is now tmpfs and the files are handled by systemd since a long time - Add /usr/etc/default. ==== fwupd ==== Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Add fwupd-jscSLE-11766-close-efidir-leap-gap.patch: Set SLE and openSUSE esp os dir at runtime (jsc#SLE-11766) - Drop _multibuild and build option -Defi_os_dir="%{efidir}": with the above patch fwupd can detect esp os dir dynamically - Update the efidir related %post and %postun scripts in spec file ==== gzip ==== - Enable DFLTCC compression for s390x for levels 1-6 (i. e. to make it used by default) by adding -DDFLTCC_LEVEL_MASK=0x7e to CLFAGS. [jsc#SLE-13775] ==== libcap ==== Version update (2.42 -> 2.43) - update to 2.43 * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets * Clean up a binary from the distribution * Added some more release time checks for non-git tracked files. * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder. ==== libgpg-error ==== Version update (1.38 -> 1.39) - Update to 1.39: * "gpg-error --lib-version" works again. * New function gpgrt_fcancel as alternative to gpgrt_close. This function avoid flushing out buffered data and also tries to delete a newly created file. * Update the gnupg project keyring * Interface changes relative to the 1.38 release: - gpgrt_fcancel: NEW. ==== libxcrypt ==== Version update (4.4.15 -> 4.4.17) - Add compatibility provides for SLE15 - Update to version 4.4.17 * Salt string compatibility with generic implementations ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm can't pass build with gcc option Wstringop-overflow (bsc#1175565) - remove suse speical patch - bug-1175565_lvm-cant-pass-build-with-gcc-option-Wstringop-overflow.patch - add upstream patch + bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch + bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch + bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm can't pass build with gcc option Wstringop-overflow (bsc#1175565) - remove suse speical patch - bug-1175565_lvm-cant-pass-build-with-gcc-option-Wstringop-overflow.patch - add upstream patch + bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch + bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch + bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch ==== npth ==== - Remove old specfile constructs and doubleshipping of docs. ==== permissions ==== Version update (1550_20200826 -> 1550_20200904) Subpackages: chkstat permissions-config - Update to version 20200904: * Add /usr/libexec for cockpit-session as new path * physlock: whitelist with tight restrictions (bsc#1175720) ==== python38 ==== - Just cleanup and reordering items to synchronize with python39 ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Just cleanup and reordering items to synchronize with python39 ==== rsync ==== - Security fix: [bsc#1176160, CVE-2020-14387] * rsync-ssl: Verify the hostname in the certificate when using openssl. - Add rsync-CVE-2020-14387.patch ==== utempter ==== - fixed utempter location after libexecdir change (bsc#1175925)