Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20220116 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: clamav (0.103.4 -> 0.103.5) gupnp (1.4.2 -> 1.4.3) python-hiredis (1.1.0 -> 2.0.0) python-python-lzo (1.12 -> 1.14) python-tables (3.6.1 -> 3.7.0) shadow (4.9 -> 4.11.1) === Details === ==== clamav ==== Version update (0.103.4 -> 0.103.5) Subpackages: libclamav9 libfreshclam2 - Update to 0.103.5 * CVE-2022-20698: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled. * Fixed ability to disable the file size limit with libclamav C API, like this: cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); This issue didn't affect ClamD or ClamScan which also can disable the limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, or clamscan --max-filesize=0 for ClamScan. Note: Internally, the max file size is still set to 2 GiB. Disabling the limit for a scan will fall back on the internal 2 GiB limitation. * Increased the maximum line length for ClamAV config files from 512 bytes to 1,024 bytes to allow for longer config option strings. * SigTool: Fix insufficient buffer size for --list-sigs that caused a failure when listing a database containing one or more very long signatures. This fix was backported from 0.104. ==== gupnp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3: + ServiceProxy: - Properly propagate cancelled actions in deprecated calls. - Fix deprecated async calls, again. ==== python-hiredis ==== Version update (1.1.0 -> 2.0.0) - Update to 2.0.0 * Bump hiredis from 0.13.3 to 1.0.0 and consequently add support for RESP3 (see #104) * Add type hints (see #106) * Drop support for EOL Python versions 2.7, 3.4, and 3.5 (see #103) - Drop obsolete patches * hiredis1.patch * bump_hiredis_0.14.1.patch - Update patches * 0001-Use-system-libhiredis.patch * drop-vendor-sources.patch ==== python-python-lzo ==== Version update (1.12 -> 1.14) - Update to 1.14 * Add python2 support statement * Fix 32bit int limitations - Includes support for Python 3.10 now ==== python-tables ==== Version update (3.6.1 -> 3.7.0) - Update to 3.7.0 * Compatibility with Python 3.10, numpy 1.21 and HDF5 1.12. * Support for Python 3.5 has been dropped (#840 and #850). * Internal C-Blosc sources updated to 1.21.1 (#931). Note that, starting from C-Blosc 1.19 does not include the Snappy codec sources anymore, so Snappy will be not available if you compile from included sources; other packages (like conda or wheels), may (or may not) include it. * Switch to git submodule for the management of vendored c-blosc sources. * Improved code formatting and notation consistency (#873, #868, [#865] thanks to Miroslav ?edivý). * Improve the use of modern Python including :mod:pathlib, f-strings (#859, #855, #839 and #818 thanks to Miroslav ?edivý). * Simplified management of version information. * Drop dependency on the deprecated distutils. * Modernize the setup script and add support for PEP517 (#907). * Fix pkg-config (setup.py) for Python 3.9 on Debian. Thanks to Marco Sulla PR #792. * Fix ROFileNode fails to return the fileno() (#633). * Do not flush read only files (#915 thanks to @lrepiton). * Drop the deprecated hdf5Version and File.open_count. * the :func:get_tables_version and :func:get_hdf5_version functions are now deprecated please use the coresponding :data:tables.__version__ and :data:tables.hdf5_version instead. - Drop patches fixed upstream * PyTables-compat-numpy119.patch * PyTables-pr810-tostring.patch * PyTables-skip-test_vlarray.patch * tables-pr862-lowercasefdtype.patch - Replace Never-use-the-msse2-flag-explicitly.patch by use of environment variable ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge@hallyn.com (B175CFA98F192AF2) * Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)