Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20200226 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (1.4.3.1~git0.a08202a5b -> 1.4.3.3~git0.776c6edf5) ImageMagick (7.0.9.23 -> 7.0.9.25) bind (9.14.9 -> 9.16.0) bison (3.5.1 -> 3.5.2) busybox ca-certificates (2+git20170807.10b2785 -> 2+git20200129.d1a437d) cogl cups-filters (1.25.0 -> 1.27.1) drbd-utils (9.10.0 -> 9.12.0) elementary-xfce-icon-theme (0.14+git5.36fd0049 -> 0.14+git19.684af360) emacs-w3m (1.4.631 -> 1.4.632) gegl (0.4.20 -> 0.4.22) ibus (1.5.21 -> 1.5.22) ldmtool (0.2.3 -> 0.2.4) libarchive libgpg-error (1.36 -> 1.37) libgphoto2 (2.5.23 -> 2.5.24) libmypaint (1.4.0 -> 1.5.0) libseccomp libunwind libuv lightdm-gtk-greeter-branding-openSUSE m17n-db mariadb (10.3.20 -> 10.4.12) mutter nut openssl-1_1 perl-Glib (1.3291 -> 1.3292) pesign-obs-integration plasma5-pk-updates plasma5-thunderbolt (5.18.1 -> 5.18.2) python-Jinja2 (2.10.3 -> 2.11.1) python-cffi (1.13.2 -> 1.14.0) python-pytz (2019.2 -> 2019.3) qemu qemu-linux-user sysfsutils system-users tpm2-0-tss (2.3.2 -> 2.3.3) tracker-miners unbound (1.9.6 -> 1.10.0) v4l2loopback wayland (1.17.0 -> 1.18.0) wireguard (0.0.20200214_k5.4.14_4 -> 0.0.20200215_k5.4.14_4) wpebackend-fdo (1.4.0 -> 1.4.1) xen (4.13.0_04 -> 4.13.0_08) xfce4-weather-plugin (0.10.0 -> 0.10.1) xkbcomp (1.4.2 -> 1.4.3) xtables-addons (3.8_k5.4.14_4 -> 3.9_k5.4.14_4) === Details === ==== 389-ds ==== Version update (1.4.3.1~git0.a08202a5b -> 1.4.3.3~git0.776c6edf5) Subpackages: lib389 libsvrcore0 - Add requirement on openssl for rust-openssl as part of ldaptokens - Add rust vendored libs - Add 0001-fix-cargo-build.patch to fix minor rust build issues - Update to version 1.4.3.3~git0.776c6edf5: * Bump version to 1.4.3.3 * Issue 50855 - remove unused file from UI * Issue 50855 - UI: Port Server Tab to React * Issue 49845 - README does not contain complete information on building * Issue: 50686 - Port fractional replication test cases from TET to python3 part 1 * Ticket - 49623-cont cenotaph errors on modrdn operations * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled * Issue 50886 - Typo in the replication debug message * Issue 50873 - Fix healthcheck and virtual attr check * Issue 50873 - Fix issues with healthcheck tool * Issue 50028 - Add a new CI test case * Issue 49946 - Add a new CI test case * Issue 50117 - Add a new CI test case * Ticket 50787 - fix implementation of attr unique * Ticket 50859 - support running only with ldaps socket * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache * Issue 50867 - Fix minor buildsys issues * Issue 50737 - Allow building with rust online without vendoring * Ticket 50831 add cargo.lock to allow offline builds * Ticket 50694 - import PEM certs on startup * Ticket 50857 - Memory leak in ACI using IP subject * Issue 49761 - Fix CI test suite issues * Issue 50853 - Fix NULL pointer deref in config setting * Issue 50850 - Fix dsctl healthcheck for python36 * Issue 49990 - Need to enforce a hard maximum limit for file descriptors * Ticket 48707 - ldapssotoken for authentication * Bump version to 1.4.3.2 * Issue 49254 - Fix compiler failures and warnings * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown * Issue 50836 - Port Schema UI tab to React * Issue 50842 - Decrease 389-console Cockpit component size * Ticket 50790 - Add result text when filter is invalid * Issue 50627 - Add ASAN logs to HTML report * Issue 50834 - Incorrectly setting the NSS default SSL version max * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 * Ticket 50784 - performance testing scripts * Issue 50599 - Fix memory leak when removing db region files * Issue 49395 - Set the default TLS version min to TLS1.2 * Issue 50818 - dsconf pwdpolicy get error * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" * Issue 50599 - Remove db region files prior to db recovery * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ * Issue 50816 - dsconf allows the root password to be set to nothing * Issue 50798 - incorrect bytes in format string(fix import issue) ==== ImageMagick ==== Version update (7.0.9.23 -> 7.0.9.25) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7 perl-PerlMagick - version update to 7.0.9.25 * Adapt to a change in command-line options in the SVG inkscape delegate. * No percent sign in lab() color. * Support connected-components:eccentricity-threshold, connected-components:major-axis-threshold, connected-components:minor-axis-threshold, connected-components:angle-threshold. * Set the alpha channel if the write mask is not enabled. * Corrected ellipse orientation when computing image moments. ==== bind ==== Version update (9.14.9 -> 9.16.0) Subpackages: bind-chrootenv bind-doc bind-utils python3-bind - Update download urls - Do not enable geoip on old distros, the geoip db was shut down so we need to use geoip2 everywhere - Upgrade to version 9.16.0 Major upgrade, see https://downloads.isc.org/isc/bind9/9.16.0/RELEASE-NOTES-bind-9.16.0.html and CHANGES file in the source tree. Major functional change: * What was set with --with-tuning=large option in older BIND9 versions is now a default, and a --with-tuning=small option was added for small (e.g. OpenWRT) systems. * A new "dnssec-policy" option has been added to named.conf to implement a key and signing policy (KASP) for zones. * The command (and manpage) bind9-config have been dropped as the BIND 9 libraries are now purely internal. No patches became obsolete through the upgrade. [bind-9.16.0.tar.xz] ==== bison ==== Version update (3.5.1 -> 3.5.2) Subpackages: bison-lang - Update to version 3.5.2: * Portability issues and minor cosmetic issues. * The lalr1.cc skeleton properly rejects unsupported values for parse.lac (as yacc.c does). ==== busybox ==== - Disable CONFIG_FEATURE_NSLOOKUP_BIG as it leads to incompatible nslookup behavior ==== ca-certificates ==== Version update (2+git20170807.10b2785 -> 2+git20200129.d1a437d) - Update to version 2+git20200129.d1a437d: * rewrite in bash * java.run: don't set LANG=en_US - no longer require openssl, it's all done by p11-kit ==== cogl ==== Subpackages: libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0 - Add cogl-fix-mesa20.patch: fixes build against Mesa 20 (boo#1164688, glgo#GNOME/cogl!17). ==== cups-filters ==== Version update (1.25.0 -> 1.27.1) - Update to 1.27.1 * libcupsfilters: Let the PPD generator not put any dashes into the PPD option and choice names when translating them from IPP attribute names, to avoid that on the back-translation by CUPS no double-dashes are generated. This broke paper tray selections with tray names like "tray-1", "tray-2", ... (Issue #192, Issue #201, Debian bug #949315). * foomatic-rip: Fixed segfault when PRINTER environment variable is not supplied. * pdftopdf, pdftops, gstoraster, gstopdf, gstopxl, rastertoescpx, rastertopclx, foomatic-rip: Handle zero-page jobs (Issue #117, Pull request #196, Pull request #197, Pull request #198, Pull request #200). * texttopdf: Added support for CJK (double-width) fonts (Issue [#135], Pull request #199). * cups-browsed: Switched default for "CreateIPPPrinterQueues" from "local-only" to "All". The configure script options " - -enable-auto-setup-local-only" and "--enable-auto-setup-driverless-only" can be used to change this default (Debian bug #921252). * rastertoescpx: Fixed wrong freeing of a buffer. * pdftops: Added options "crop-to-fit" and "fill" to the pdftopdf options which the pstops called by pdftops should not apply a second time. * pdftops: Added missing "-sstdout=%stderr" to Ghostscript command line, to assure that all messages are redirected to stderr and do not mix up with the output data. - Drop add-cstring-include.patch: already present upstream - Drop foomatic-rip-fix-compilation-with-fno-common.patch: already present upstream ==== drbd-utils ==== Version update (9.10.0 -> 9.12.0) - Update to 9.12.0 * drbd.ocf: new wrc_timeout param, fail on attach failure, remove_master_score_if_peer_primary param, fail_promote_early_if_peer_primary param, improved helper logging no error if wait-connect fails * drbdadm,v9: fix dumping meta-disk in corner case * crm-fence-peer.9.sh: fix Pacemaker 2 compat * drbdsetup,v9: fixes for various json output corner cases * drbdsetup,all: prepare for netlink changes (linux v5.2+) * drbdadm,v9: fix a check for setting up connections multiple times * init: setup file backed loop devices (mapping from LINSTOR) * rr-conflict: add retry-connect option (>=drbd 9.0.20) * drbdmon: 256/16 colors; events2 handler improvements * drbdsetup,v9: new flag: force-resync (>=drbd 9.0.21) - Remove netlink-prepare-for-kernel-v5.2.patch Remove netlink-Add-NLA_F_NESTED-flag-to-nested-attribute.patch Remove cibadmin-return-code-convert.patch in 144c8cc1d ==== elementary-xfce-icon-theme ==== Version update (0.14+git5.36fd0049 -> 0.14+git19.684af360) - Update to version 0.14+git19.684af360: * Several small symlink fixes * Revamped all 16px panel icons and made several fixes * Revamped 16px dark panel icons and synced network icons from elementary upstream * Add symlinks for LICENSE * Fix dangling symlinks to AUTHORS, CONTRIBUTORS, and README.md * Cleanup unused styles fron thunderbird svgs, fixing inkscape warning attribute 'mask' given as CSS * Second run of vacuum-defs * Drop file reference (fixes #171) * Rename fake svgs to pngs * Vacuum all svgs * Drop Chrome and Chromium icons Both icons scale well at every size ==== emacs-w3m ==== Version update (1.4.631 -> 1.4.632) - Update to current GIT HEAD (6eda3828) ==== gegl ==== Version update (0.4.20 -> 0.4.22) Subpackages: gegl-0_4 libgegl-0_4-0 - Update to version 0.4.22: + Build: - Updates to python gobject introspection tests, and made them able to look up babl typelib. - Build pdf:load again; missing since meson migration. - Fix OpenCL include file generation to work in non-utf8 locales. + Operations: matting-{global,levin}: fix crash when bounding boxes of input and aux differ. ==== ibus ==== Version update (1.5.21 -> 1.5.22) Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Fix dependency between ibus and ibus-dict-emoji * Keep ibus and ibus-dict-emoji from the same source * Add Conflict to remove old ibus containing emoji dictionary files - Update version to 1.5.22 * GDBusAuthObserver security fix, drop ibus-CVE-2019-14822-GDBusServer-peer-authorization.patch * Use XDG_RUNTIME_DIR for Unix socket directory * Hangul button press handling * Fix deprecated APIs * Bug fixes * Fix boo#1149065 * Fix restart crash with inotify read() (Robert Hoffmann) * Make session file header comment more clear (Jason) * Amend typos (Jason) * Add NotShowIn and Keywords keys to the desktop entry (Changwoo Ryu) * Handle small final sigma in ibus_keyval_convert_case (Alex Henrie) * Update translations. - Add ibus-fix-Signal-does-not-exist.patch. Fix build on Leap 15.1 and below - Split ibus-dict-emoji so that KDE Plasma can use IBus's emoji dictionaries without IBus daemon (boo#1161584) ==== ldmtool ==== Version update (0.2.3 -> 0.2.4) Subpackages: libldm-1_0-0 - update to version 0.2.4 - update patch Remove-deprecated-g_type_class_add_private.patch - remove upstream merged patches (werror-fixes.patch, cast_be64toh.patch) - fix buildrequires - use localsource as the github repo doesnt include yet the built tarball for 0.2.4 release ==== libarchive ==== Subpackages: bsdtar libarchive13 - Switch back to cmake build now that cmake-mini exists, this will no longer create a build-cycle. ==== libgpg-error ==== Version update (1.36 -> 1.37) - Update to 1.37 Release-info: https://dev.gnupg.org/T4772 * Fixes a build problems when using Gawk 5.0 [#4459] * Improves cross-compiling support. [#4643] * New error codes to map SQLite primary error codes. * Now uses poll(2) instead of select(2) in gpgrt_poll if possible. * Fixes a bug in gpgrt_close. [#4698] * Fixes a few minor portability bugs. * New interfaces in this release: GPG_ERR_NO_KEYBOXD GPG_ERR_KEYBOXD GPG_ERR_NO_SERVICE GPG_ERR_SERVICE GPG_ERR_SQL_OK GPG_ERR_SQL_ERROR GPG_ERR_SQL_INTERNAL GPG_ERR_SQL_PERM GPG_ERR_SQL_ABORT GPG_ERR_SQL_BUSY GPG_ERR_SQL_LOCKED GPG_ERR_SQL_NOMEM GPG_ERR_SQL_READONLY GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR GPG_ERR_SQL_CORRUPT GPG_ERR_SQL_NOTFOUND GPG_ERR_SQL_FULL GPG_ERR_SQL_CANTOPEN GPG_ERR_SQL_PROTOCOL GPG_ERR_SQL_EMPTY GPG_ERR_SQL_SCHEMA GPG_ERR_SQL_TOOBIG GPG_ERR_SQL_CONSTRAINT GPG_ERR_SQL_MISMATCH GPG_ERR_SQL_MISUSE GPG_ERR_SQL_NOLFS GPG_ERR_SQL_AUTH GPG_ERR_SQL_FORMAT GPG_ERR_SQL_RANGE GPG_ERR_SQL_NOTADB GPG_ERR_SQL_NOTICE GPG_ERR_SQL_WARNING GPG_ERR_SQL_ROW GPG_ERR_SQL_DONE - Remove patch fixed upstream. * gawk5.patch ==== libgphoto2 ==== Version update (2.5.23 -> 2.5.24) - updated to 2.5.24 release - ptp2: * GoPro: fixed all images not visible bug * Canon EOS: lock/unlock ui before more operations * Canon Powershot SX / EOS M: some setup adjustments to make powershot sx work better * Nikon Keymission 170: try override opcodes to allow capture * Nikon DSLR: fixed a regression where 5 seconds was longer image capture shutterspeed * Sony: adjusted manualfocusing not to autofocus * Fuji: access ISO config * Sony: fixed manual focusing * Sony: specify capturetarget on camera, available on current 2019/2020 Sony * bugfixes * New ids added: * Sony Alpha RX100V, A7s, RX0 II, * Nikon Z50, Coolpix L810, KeyMission 170 * Canon PowerShot SX530HS, SX 620HS, * Canon EOS 2000D, 1500D, R2, M6 Mark 2, 250D, * Fuji X-A5, X-E3, GFX100 * GoPro Hero 7 White, 7 Silver, 7 Black, 8 Black - lumix: * New WIFI Lumix camera driver was added, using curl and libxml2. Lots of abilities supported already, also capture preview. However capture itself is not yet working. This driver needs libxml2 and libcurl to be built. - all: * Selecting camera libraries has changed a bit. - -camlibs=everything will select all and outdated drivers - -camlibs=standard will select "current day" drivers - -camlibs=standard,outdated will select "current day" and "outdated" drivers You can now also use modifiers like +canon or -canon to enable/disable selected camera libraries. The default is "standard", same as before. * fixed some issues found by AFL fuzzing, mostly in "outdated" drivers. * SECURITY.md: Small document added describing security properties of the library. ==== libmypaint ==== Version update (1.4.0 -> 1.5.0) - Update to version 1.5.0: * view zoom & view rotation. * spectral color blending (pigment mode). * new smudge settings: length multiplier, buckets, transparency. * new symmetry modes: vertical, vertical+horizontal, rotational, snowflake. * adjustable angle for symmetry modes. * optional multiple output rectangles (only relevant w. new symmetry modes). * Directional offsets are clamped to a maximum distance of 3 * 1080 pixels. - Drop libmypaint-gegl-0.4.14.patch: fixed upstream. - Drop libmypaint-gegl-shlib-version.patch: incorporated upstream. - Drop libmypaint-bump-gegl-version.patch: only applicable hunk moved to libmypaint-gegl-pkgconfig.patch; rest incorporated upstream. - Add libmypaint-gegl-pkgconfig.patch: In libmypaint-gegl.pc, change Name to libmypaint-gegl to avoid conflict with libmypaint.pc and Requires to depend on the correct version of gegl and on libmypaint - not libmypaint-@LIBMYPAINT_API_PLATFORM_VERSION@. - No longer needed to run autoreconf/autogen.sh before configure since patches that modified build files are dropped; also drop libtool BuildRequires required only for autoreconf. - Use autosetup to apply existing patch. - Bump so version in keeping with upstream (1_5-1). - Move libmypaint-gegl.pc file to libmypaint-gegl-devel package. ==== libseccomp ==== - Add patch to fix ntpsec and others build (accidental drop of symbols): * SNR_ppoll.patch ==== libunwind ==== - Fix build with GCC-10: [bsc#1160876] * In GCC-10, the default option -fcommon will change to -fno-common - Add libunwind-gcc10-build-fno-common.patch ==== libuv ==== - Add baselibs.conf to generate 32bit lib needed for bind ==== lightdm-gtk-greeter-branding-openSUSE ==== - Use Greybird Geeko GTK theme by default. Already default in Xfce and maintained by openSUSE members. ==== m17n-db ==== - No longer recommend -lang: supplements are in use. - Run spec-cleaner, modernize spec. ==== mariadb ==== Version update (10.3.20 -> 10.4.12) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - remove @VERSION@ from mariadb.service and mariadb@.service - disable testing with rpm macros as it does not work as for 10.4, needs to be investigated - update suse_skipped_tests.list for ppc - rename mariadb.rpmlintrc to mariadb-rpmlintrc - for ppc install pam_user_map.so in /lib/security - rename mariadb-10.2.12-harden_setuid.patch to mariadb-10.4.12-harden_setuid.patch to match the correct version number. - add mariadb-10.4.12-fix-install-db.patch to improve default behaviour of mysql_install_db. This prevents performing security sensitive actions to be performed but instead only warns the caller (bsc#1160868). - update to 10.4.12 * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10412-release-notes https://mariadb.com/kb/en/library/mariadb-10412-changelog https://mariadb.com/kb/en/library/mariadb-10411-release-notes https://mariadb.com/kb/en/library/mariadb-10411-changelog * fixes for the following security vulnerabilities: CVE-2020-2574 * don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb packages CVE-2020-7221 [bsc#1160868] - add mariadb-10.2.12-harden_setuid.patch to harden auth_pam_tool setuid-root binary [bsc#1160285] - pack pam_user_map.so module in the /%{_lib}/security directory and user_map.conf configuration file in the /etc/security directory - fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895] - move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink attack [bsc#1160912] - change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be SUSE/openSUSE independent - enhance mariadb.service and mariadb@.service with various options (Documentation=, User=, Group=, KillSignal=, SendSIGKILL=, Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=, ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878] - mysql-systemd-helper: use systemd-tmpfiles instead of shell script operations for a cleaner and safer creating of /run/mysql [bsc#1160883] - update to 10.4.10 * changes and improvements for 10.4 https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/ * fixes for the following security vulnerabilities: none - pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow is a symlink to mysqldumpslow and the like) - refresh mariadb-10.2.4-fortify-and-O.patch - update suse_skipped_tests.list - _constraints: increase physicalmemory value - package auth_pam_tool setuid binary properly - add cracklib-password-check subpackage but do not build it right now (cracklib-dict-full >= 2.9.0 is not available yet) - add rcmariadb compat link - add mariadb.rpmlintrc file - do not move my_safe_process to bindir but use rpmlint arch-dependent-file-in-usr-share exception for it (this file is used just for the testing and it doesn't have to be in bindir ==== mutter ==== Subpackages: libmutter-5-0 mutter-data - Rework mutter-fix-mesa20.patch: base it on mutter upstream commit a444a4c. - Add mutter-fix-mesa20.patch: fixes build against Mesa 20 (boo#1164688). ==== nut ==== Subpackages: libupsclient1 nut-cgi - Remove obsolete chown from %post. We no more support upgrade from SUSE Linux 9 (bsc#1157325). ==== openssl-1_1 ==== Subpackages: libopenssl-1_1-devel libopenssl1_1 libopenssl1_1-hmac - Use the newly build libcrypto shared library when computing the hmac checksums in order to avoid a bootstrapping issue by BuildRequiring libopenssl1_1 (bsc#1164102) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) * add openssl-fips_fix_selftests_return_value.patch - Added SHA3 FIPS self-tests bsc#1155345 * openssl-fips-add-SHA3-selftest.patch ==== perl-Glib ==== Version update (1.3291 -> 1.3292) - Add manual license LGPL-2.1-or-later to cpanspec.yml - updated to 1.3292 see /usr/share/doc/packages/perl-Glib/ChangeLog.pre-git ==== pesign-obs-integration ==== - 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch Hard code signing of stage3.bin of s390-tools (bsc#1163524) ==== plasma5-pk-updates ==== Subpackages: plasma5-pk-updates-lang - Add patch to avoid error messages for a locked db (boo#1161501): * 0001-Don-t-show-an-error-for-a-failed-automatic-refresh.patch ==== plasma5-thunderbolt ==== Version update (5.18.1 -> 5.18.2) - Update to 5.18.2 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.18.2.php - No code changes since 5.18.1 ==== python-Jinja2 ==== Version update (2.10.3 -> 2.11.1) - disable tests on 32bit archs - update to 2.11.1 * Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template * Drop support for Python 2.6, 3.3, and 3.4. This will be the last version to support Python 2.7 and 3.5. * Added a new ChainableUndefined class to support getitem and getattr on an undefined object. * Allow {%+ syntax (with NOP behavior) when lstrip_blocks is disabled. * Added a default parameter for the map filter. * Exclude environment globals from meta.find_undeclared_variables(). * Float literals can be written with scientific notation, like 2.56e-3. * Int and float literals can be written with the ?_? separator for legibility, like 12_345. * Fix a bug causing deadlocks in LRUCache.setdefault * The trim filter takes an optional string of characters to trim. * A new jinja2.ext.debug extension adds a {% debug %} tag to quickly dump the current context and available filters and tests. * Lexing templates with large amounts of whitespace is much faster. * Parentheses around comparisons are preserved, so {{ 2 * (3 < 5) }} outputs ?2? instead of ?False?. * Add new boolean, false, true, integer and float tests. * The environment?s finalize function is only applied to the output of expressions (constant or not), not static template data. * When providing multiple paths to FileSystemLoader, a template can have the same name as a directory. * Always return Undefined when omitting the else clause in a {{ 'foo' if bar }} expression, regardless of the environment?s undefined class. Omitting the else clause is a valid shortcut and should not raise an error when using StrictUndefined. * Fix behavior of loop control variables such as length and revindex0 when looping over a generator. * Async support is only loaded the first time an environment enables it, in order to avoid a slow initial import. * In async environments, the |map filter will await the filter call if needed. * In for loops that access loop attributes, the iterator is not advanced ahead of the current iteration unless length, revindex, nextitem, or last are accessed. This makes it less likely to break groupby results. * In async environments, the loop attributes length and revindex work for async iterators. * In async environments, values from attribute/property access will be awaited if needed. * PackageLoader doesn?t depend on setuptools or pkg_resources. * PackageLoader has limited support for PEP 420 namespace packages. * Support os.PathLike objects in FileSystemLoader and ModuleLoader * NativeTemplate correctly handles quotes between expressions. "'{{ a }}', '{{ b }}'" renders as the tuple ('1', '2') rather than the string '1, 2'. * Creating a NativeTemplate directly creates a NativeEnvironment instead of a default Environment. * After calling LRUCache.copy(), the copy?s queue methods point to the correct queue. * Compiling templates always writes UTF-8 instead of defaulting to the system encoding. * |wordwrap filter treats existing newlines as separate paragraphs to be wrapped individually, rather than creating short intermediate lines. * Add break_on_hyphens parameter to |wordwrap filter. * Cython compiled functions decorated as context functions will be passed the context. * When chained comparisons of constants are evaluated at compile time, the result follows Python?s behavior of returning False if any comparison returns False, rather than only the last one * Tracebacks for exceptions in templates show the correct line numbers and source for Python >= 3.7. * Tracebacks for template syntax errors in Python 3 no longer show internal compiler frames * Add a DerivedContextReference node that can be used by extensions to get the current context and local variables such as loop * Constant folding during compilation is applied to some node types that were previously overlooked * TemplateSyntaxError.source is not empty when raised from an included template. * Passing an Undefined value to get_template (such as through extends, import, or include), raises an UndefinedError consistently. select_template will show the undefined message in the list of attempts rather than the empty string. * TemplateSyntaxError can be pickled. ==== python-cffi ==== Version update (1.13.2 -> 1.14.0) Subpackages: python2-cffi python3-cffi - Update to 1.14.0 * ffi.dlopen() can now be called with a handle (as a void *) to an already-opened C library. * fixed a stack overflow issue for calls like lib.myfunc([large list]). * fixed a memory leak inside ffi.getwinerror() on CPython 3.x. ==== python-pytz ==== Version update (2019.2 -> 2019.3) Subpackages: python2-pytz python3-pytz - Update to 2019.3 * IANA 2019c ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-ui-spice-app qemu-vgabios qemu-vhost-user-gpu qemu-x86 - Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch - BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors. ==== qemu-linux-user ==== - Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch - BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors. ==== sysfsutils ==== - Fix compiler issues for this package, which hasn't been touched in a while. Should be no functional change. Added patch: * sysfsutils-fix-compiler-issues.patch ==== system-users ==== Subpackages: system-group-hardware system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-games system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-tftp system-user-upsd system-user-uucp system-user-wwwrun - Align /var/lib/tss permissions with trousers (boo#1162360). ==== tpm2-0-tss ==== Version update (2.3.2 -> 2.3.3) Subpackages: libtss2-esys0 libtss2-mu0 libtss2-sys0 - Update to version 2.3.3 * Fixed mixing salted and unsalted sessions in the same ESAPI context * Removed use of VLAs from TPML marshal code * Added check for object node before calling compute_session_value function * Fixed auth calculation in Esys_StartAuthSession called with optional parameters * Fixed compute_encrypted_salt error handling in Esys_StartAuthSession * Fixed exported symbols map for libtss2-mu ==== tracker-miners ==== Subpackages: tracker-miner-files - Add upstream bug fix patches: + tracker-miners-set-cpu-io-nice.patches + tracker-miners-allow-settatr.patch ==== unbound ==== Version update (1.9.6 -> 1.10.0) Subpackages: libunbound8 unbound-anchor - update to 1.10.0 Features: - Merge RPZ support into master. Only QNAME and Response IP triggers are supported. - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds and Frzk. Updates the unbound.service systemd file and adds a portable systemd service file. - Merge PR#154; Allow use of libbsd functions with configure option - -with-libbsd. By Robert Edmonds and Steven Chamberlain. - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. - Merge PR#156 from Alexander Berkes; Added unbound-control view_local_datas_remove command. Bug Fixes: - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser - Update mailing list URL. - Fix #140: Document slave not downloading new zonefile upon update. - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. And update for more spare space. - Fix #138: stop binding pidfile inside chroot dir in systemd service file. - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. - Fix unreachable code in ssl set options code. - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. - Fix auth zone support for NSEC3 records without salt. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. It was superceded by #151, the unbound_portable.service file. - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - iana portlist updated. - Fix to silence the tls handshake errors for broken pipe and reset by peer, unless verbosity is set to 2 or higher. - Merge PR#147; change rfc reference for reserved top level dns names. - Fix #157: undefined reference to `htobe64'. - Fix subnet tests for disabled DSA algorithm by default. - Update contrib/fastrpz.patch for clean diff with current code. - updated .gitignore for added contrib file. - Add build rule for ipset to Makefile - Add getentropy_freebsd.o to Makefile dependencies. - Fix memory leak in error condition remote.c - Fix double free in error condition view.c - Fix memory leak in do_auth_zone_transfer on success - Stop working on socket when socket() call returns an error. - Check malloc return values in TLS session ticket code - Fix fclose on error in TLS session ticket code. - Add assertion to please static analyzer - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend. - Fix num_reply_addr counting in mesh and tcp drop due to size after serve_stale commit. - Fix to create and destroy rpz_lock in auth_zones structure. - Fix to lock zone before adding rpz qname trigger. - Fix to lock and release once in mesh_serve_expired_lookup. - Fix to put braces around empty if body when threading is disabled. - Fix num_reply_states and num_detached_states counting with serve_expired_callback. - Cleaner code in mesh_serve_expired_lookup. - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. - Document 'ub_result.was_ratelimited' in libunbound. - Fix use after free on log-identity after a reload; Fixes #163. - Fix with libnettle make test with dsa disabled. - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale fixes, but it does not compile, conflicts with new rpz code. - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. - Fix compile warning when threads disabled. - Fix spelling in unbound.conf.5.in. - Stop unbound-checkconf from insisting that auth-zone and rpz zonefiles have to exist. They can not exist, and download later. - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. - Remove unused variable. - Add respip to supported module-config options in unbound-checkconf. - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for Unbound from Yuri Voinov. ==== v4l2loopback ==== Subpackages: v4l2loopback-kmp-64kb v4l2loopback-kmp-default - Added v4l2loopback-dont_use_timeval.patch and v4l2loopback-drop_cast_to_time_t.patch (fix boo#1164757) ==== wayland ==== Version update (1.17.0 -> 1.18.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Replace public key in keyring with 34FF9526CFEF0E97A340E2E40FDE7BE0E88F5E48 (Simon Ser <contact at emersion.fr>). - Update to release 1.18 * Add API to tag proxy objects to allow applications and toolkits to share the same Wayland connection * Track wayland-server timers in user-space to prevent creating too many FDs * Add wl_global_remove, a new function to mitigate race conditions with globals ==== wireguard ==== Version update (0.0.20200214_k5.4.14_4 -> 0.0.20200215_k5.4.14_4) Subpackages: wireguard-kmp-64kb wireguard-kmp-default - Update to version 0.0.20200215 * send: cleanup skb padding calculation * socket: remove useless synchronize_net ==== wpebackend-fdo ==== Version update (1.4.0 -> 1.4.1) - Update to version 1.4.1 (boo#1164688): + Fix build failures with recent compiler versions due to missing function declarations. - Drop memset-prototype.patch: fixed upstream. ==== xen ==== Version update (4.13.0_04 -> 4.13.0_08) Subpackages: xen-libs xen-tools-domU - bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate past the ERET instruction 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch - bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch hardening 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch - Upstream bug fixes (bsc#1027519) 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch - bsc#1159755 - use fixed qemu-3.1 machine type for HVM This must be done in qemu to preserve PCI layout remove libxl.lock-qemu-machine-for-hvm.patch - jsc#SLE-10183 - script to calculate cpuid= mask add helper script from https://github.com/twizted/xen_maskcalc domUs may be migrated between different cpus from the same vendor if their visible cpuid value has incompatible feature bits masked. - jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains add helper script and systemd service from https://github.com/luizluca/xen-tools-xendomains-wait-disk in new sub package xen-tools-xendomains-wait-disk See included README for usage instructions xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh - bsc#1159755 - use fixed qemu-3.1 machine type for HVM qemu4 introduced incompatible changes in pc-i440fx, which revealed a design bug in 'xenfv'. Live migration from domUs started with qemu versions prior qemu4 can not be received with qemu4+. libxl.lock-qemu-machine-for-hvm.patch - Upstream bug fixes (bsc#1027519) 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch ==== xfce4-weather-plugin ==== Version update (0.10.0 -> 0.10.1) Subpackages: xfce4-weather-plugin-lang - Update to 0.10.1 * Switch to 'locationforecast' product and use a more recent API version (bxo#16268) * Fix invalid scrollbar index to add a label (bxo#16023) * Update URLs from goodies.x.o to docs.x.o (bxo#16182) * Fix build with panel 4.15 * Make build output less verbose * Use standard icon names (bxo#16059) * Translation updates ==== xkbcomp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3 * Update configure.ac bug URL for gitlab migration * configure: Remove unused AC_SUBST([REQUIRED_MODULES]) * pkgconfig: Remove unneeded Requires.private * Suppress high-keycode warnings at the default warning level * xkbcomp Fix missing support for "affect" and incorrect modifier handling for ISOLock * Don't compare with string literals * Fix invalid error report on F_Accel field * Error out if we have no default path ==== xtables-addons ==== Version update (3.8_k5.4.14_4 -> 3.9_k5.4.14_4) Subpackages: xtables-addons-kmp-64kb xtables-addons-kmp-default - Update to release 3.9 * Support for Linux 5.6 [boo#1164758] -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org