Packages changed: aaa_base (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1) bash dmidecode filesystem gzip ldb (1.5.4 -> 1.5.5) libdb-4_8 libgcrypt (1.8.4 -> 1.8.5) shadow snapper zstd (1.4.2 -> 1.4.3) === Details === ==== aaa_base ==== Version update (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1) - Update to version 84.87+git20190822.82a17f1: * add sysctl.d/51-network.conf to tighten network security a bit see also (boo#1146866) (jira#SLE-9132) ==== bash ==== - Add official patch bash50-008 When HISTSIZE is set to 0, history expansion can leave the history length set to an incorrect value, leading to subsequent attempts to access invalid memory. - Add official patch bash50-009 The history file reading code doesn't close the file descriptor open to the history file when it encounters a zero-length file. ==== dmidecode ==== 2 recommended fixes from upstream: - dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only scan /dev/mem for entry point on x86 (fixes reboot on ARM64). - dmidecode-fix-formatting-of-tpm-table-output.patch: Fix formatting of TPM table output (missing newlines). ==== filesystem ==== - Move /etc.cron.* directories to cron package - Add /usr/etc ==== gzip ==== - refresh gzip-1.10-ibm_dfltcc_support.patch to fix three data corruption issues [bsc#1145276] [jsc#SLE-5818] [jsc#SLE-8914] ==== ldb ==== Version update (1.5.4 -> 1.5.5) - Update to 1.5.5 + LDAP_REFERRAL_SCHEME_OPAQUE was added to ldb_module.h; (bso#12478); + Skip @ records early in a search full scan; (bso#13893); ==== libdb-4_8 ==== - Add opd deadlock patch as found and documented by Red Hat. (bsc#1148244) * 0001-OPD-deadlock-RH-BZ-1349779.patch - Remove the getpatches as it does not work at all, oracle removed the pages - Use spec-cleaner - Fix stripped debuginfo to make sure we can debug with libdb ==== libgcrypt ==== Version update (1.8.4 -> 1.8.5) - libgcrypt 1.8.5: * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987) * Improve ECDSA unblinding * Provide a pkg-config file ==== shadow ==== - bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature - Update pamd.tar.bz2 with pam configuration files accordingly - encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS - shadow-login_defs-suse.patch: remove encryption NIS entry ==== snapper ==== Subpackages: libsnapper4 - reusing existing subvolumes on mksubvolume run (bsc#1138725, bsc#1126900, gh#openSUSE/snapper#236) ==== zstd ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3 * bug: Fix Dictionary Compression Ratio Regression (#1709) * bug: Fix Buffer Overflow in v0.3 Decompression (#1722) * build: Add support for IAR C/C++ Compiler for Arm (#1705) * misc: Add NULL pointer check in util.c (#1706)