Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210505 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox cups fftw3 gdb lcms2 (2.11 -> 2.12) libressl (3.2.5 -> 3.3.3) libyui (4.2.8 -> 4.2.10) libyui-ncurses (4.2.8 -> 4.2.10) libyui-ncurses-pkg (4.2.8 -> 4.2.10) libyui-qt (4.2.8 -> 4.2.10) libyui-qt-graph (4.2.8 -> 4.2.10) libyui-qt-pkg (4.2.8 -> 4.2.10) messagelib p7zip python-pandas (1.2.3 -> 1.2.4) python-scipy (1.6.2 -> 1.6.3) tigervnc xconsole xf86-video-vesa xrdb xset xsetroot xsettingsd yast2-trans (84.87.20210425.616915ed60 -> 84.87.20210502.7b34dbceae) === Details === ==== MozillaFirefox ==== Subpackages: MozillaFirefox-translations-common - add compatibility for libavcodec58_134 ==== cups ==== Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupsimage2 - When cupsd creates directories with specific owner group and permissions (usually owner is 'root' and group matches "configure --with-cups-group=lp") specify same owner group and permissions in the RPM spec file to ensure those directories are installed by RPM with the right settings because if those directories were installed by RPM with different settings then cupsd would use them as is and not adjust its specific owner group and permissions which could lead to privilege escalation from 'lp' user to 'root' via symlink attacks e.g. if owner is falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161) ==== fftw3 ==== Subpackages: libfftw3-3 libfftw3_threads3 - Follow the distro default openmpi implementation: + Eliminate the usage of the mpi_implem variable (obsolete) + BuildRequire openmpi-macros-devel instead of %{mpi_implem}-devel + Require openmpi-devel in the mpi-devel package + Use %setup_openmpi to source mpivars.sh ==== gdb ==== - Backport fix for tui assert [swo#27680]: * gdb-tui-fix-len_without_escapes-in-tui-disasm.c.patch ==== lcms2 ==== Version update (2.11 -> 2.12) - update to 2.12: * Added build system for fast-float plugin (see plugin documentation) * Added new build-in sigmoidal tone curve * Added XCode 12 project * Added support for multichannel input up to 15 channels * Fix LUT8 write matrix * Fix version mess on 10/11 * Fix tools & samples xgetopt * Fix warnings on different function pointers * Fix matlab MEX compilation * plugin: cleanup and better SSE detection * plugin: add lab to any on float * plugin: it can now be compiled as C++ * recover PDF documentation, but try to keep it under a resonable size. * Prevent a rare but possible out-of-bounds read in postscript generator * Fix some compiler warnings * Add named color profile building sample to testbed ==== libressl ==== Version update (3.2.5 -> 3.3.3) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.3.3 * Support for DTLSv1.2. * Continued rewrite of the record layer for the legacy stack. * Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default. * The OpenSSL 1.1 TLSv1.3 API is not yet available. ==== libyui ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== libyui-ncurses ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== libyui-ncurses-pkg ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== libyui-qt ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== libyui-qt-graph ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== libyui-qt-pkg ==== Version update (4.2.8 -> 4.2.10) - Added pkgconfig files for libyui-qt and libyui-ncurses for writing extensions of the Qt and NCurses plug-ins (GitHub issue #9 / bsc#1139747) - 4.2.10 ==== messagelib ==== Subpackages: messagelib-lang - Add upstream change to fix a misbehaviour when deleting attachments from encrypted messages: * 0001-Fix-CVE-2021-31855.patch (CVE-2021-31855) ==== p7zip ==== Subpackages: p7zip-full - Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465) ==== python-pandas ==== Version update (1.2.3 -> 1.2.4) - update to version 1.2.4: * Fixed regressions + Fixed regression in DataFrame.sum() when min_count greater than the DataFrame shape was passed resulted in a ValueError (GH39738) + Fixed regression in DataFrame.to_json() raising AttributeError when run on PyPy (GH39837) + Fixed regression in (in)equality comparison of pd.NaT with a non-datetimelike numpy array returning a scalar instead of an array (GH40722) + Fixed regression in DataFrame.where() not returning a copy in the case of an all True condition (GH39595) + Fixed regression in DataFrame.replace() raising IndexError when regex was a multi-key dictionary (GH39338) + Fixed regression in repr of floats in an object column not respecting float_format when printed in the console or outputted through DataFrame.to_string(), DataFrame.to_html(), and DataFrame.to_latex() (GH40024) + Fixed regression in NumPy ufuncs such as np.add not passing through all arguments for DataFrame (GH40662) ==== python-scipy ==== Version update (1.6.2 -> 1.6.3) - update to version 1.6.3: * Issues closed + #13772: Divide by zero in distance.yule + #13796: CI: prerelease_deps failures + #13890: TST: spatial rotation failure in (1.6.3) wheels repo (ARM64) * Pull requests + #13755: CI: fix the matplotlib warning emitted during builing docs + #13773: BUG: Divide by zero in yule dissimilarity of constant vectors + #13799: CI/MAINT: deprecated np.typeDict + #13819: substitute np.math.factorial with math.factorial + #13895: TST: add random seeds in Rotation module ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Do not carry two variants of the same servcice file, but rather bring a template which we dynamically adjust during installation to cater for the correct libexecdir value. + Replace xvnc-novnc-libexec.service and xvnc-novnc-lib.service with xvnc-novnc.service.in. - package both xvnc-novnc-libexec.service and xvnc-novnc-lib.service source files - Adjusting suse_version check from '> 1500' to '>= 1550' per request. - Adding if statement to control libexec (Tumbleweed +) vs lib based 'Source#' file for 'xvnc-novnc.service'. - 'xvnc-novnc.service' requires '/usr/libexec/vnc/with-vnc-key.sh' vs '/usr/lib/vnc/with-vnc-key.sh' for ExecStart to work correctly. ==== xconsole ==== - modernize spec (move license to licensedir) ==== xf86-video-vesa ==== - modernize spec file (move license to licensedir) ==== xrdb ==== - modernize spec file (move license to licensedir) ==== xset ==== - modernize spec-file (move license to licensedir) ==== xsetroot ==== - modernize spec file (move license to licensedir) ==== xsettingsd ==== - modernize spec file (move license to licensedir) ==== yast2-trans ==== Version update (84.87.20210425.616915ed60 -> 84.87.20210502.7b34dbceae) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20210502.7b34dbceae: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Turkish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'network'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak)