Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210810 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: acpid gnome-autoar gnome-settings-daemon gnome-shell gupnp libgweather mariadb-connector-c (3.2.3 -> 3.1.13) python-gevent webkit2gtk3 === Details === ==== acpid ==== - Added hardening to systemd service(s). Modified: * acpid.service ==== gnome-autoar ==== Subpackages: libgnome-autoar-0-0 libgnome-autoar-gtk-0-0 - Drop gnome-autoar-CVE-2020-36241.patch on SLE and Leap 15.4: fixed upstream. ==== gnome-settings-daemon ==== Subpackages: gnome-settings-daemon-lang - Drop patches fixed upstream on SLE and Leap 15.4: + gnome-settings-daemon-jscSLE16518-update-subprojects-libgvc.patch + gnome-settings-daemon-media-keys-warnings-cleanup-for-gvc-update.patch + gnome-settings-daemon-not-warn-about-starting-stopping-services.patch ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang - Drop patches fixed upstream: + gnome-shell-network-agent-not-pop-up.patch + gnome-shell-jscSLE16518-update-subprojects-libgvc.patch + gnome-shell-CVE-2020-17489.patch ==== gupnp ==== - Drop patches fixed upstream on SLE and Leap 15.4 gupnp-validate-host-header.patch. - Add gupnp-validate-host-header.patch: validate host header (boo#1186590 glgo#GNOME/gupnp#24 CVE-2021-33516). ==== libgweather ==== Subpackages: gweather-data libgweather-3-16 libgweather-lang typelib-1_0-GWeather-3_0 - Drop patches merged upstream on SLE and Leap 15.4: + libgweather-use-after-free-libsoup.patch + libgweather-yrno-xml-parser-leak.patch + libgweather-forecast-attribution-leak.patch + libgweather-metno-api.patch - Add libgweather-use-after-free-libsoup.patch: fix a possible use after free (glgo#GNOME/libgweather#34). - Add libgweather-yrno-xml-parser-leak.patch and libgweather-forecast-attribution-leak.patch: fix memory leaks, taken from upstream gnome-3-34 branch. - Add libgweather-metno-api.patch: use new metno API (bsc#1185651 glgo#GNOME/libgweather#82). ==== mariadb-connector-c ==== Version update (3.2.3 -> 3.1.13) - drop absolute_path_fix.patch: obsolete after previous change (properly setting INSTALL_LAYOUT and libdir) [bsc#1187459] - set INSTALL_LAYOUT=RPM and adjust libdir, includedir, plugindir and pcdir values to fix mariadb_config output. Also fix the missing "%s" in private_library.patch so it shows the correct path for plugindir [bsc#1179921] [bsc#1183878] - Update to release 3.1.13 [bsc#1185870], [bsc#1185872], [bsc#1185868] * CONC-537: Only read from MYSQL_HOME if MARIADB_HOME was not set * CONC-548: Symbol conflict with libsodium * CONC-490: Handshake error when CLIENT_CONNECT_WITH_DB flag was set without specifying database * CONC-543: Hash functions conflict with GnuTLS * CONC-539: Added cipher suites ECDHE-RSA-AES128-SHA256 (0xC027) and ECDHE-RSA-AES256-SHA384 (0xC028) to the cipher map which maps cipher suite names to the corresponding algorithm ids (Windows Schannel) * CONC-535: Disabled checksum ignored in events (replication/ binlog API) - Remove mariadb-connector-c-cmake-3.20.patch (upstreamed) - Add mariadb-connector-c-cmake-3.20.patch: Fix build with cmake 3.20. - Update to release 3.1.12 [bsc#1182739]: * MDEV-24577: Fix warnings generated during compilation of plugin/auth_pam/testing/pam_mariadb_mtr.c on FreeBSD * CONC-521: Fixed warning on MacOS when including ucontext.h * CONC-518: Check if mysql->options.extension was allocated before checking async_context * CONC-517: C/C looks for plugins in wrong location on Windows - Update to release 3.1.11: * CONC-513: MSAN use-of-uninitialized-value in strstr() * CONC-512: truncation check for float values fails on i386 due * to Intel FPU optimization bug in gcc * CONC-510: Fix crash when loading plugins in mysql_server_init() * CONC-508: Added support for passwords > 255 characters * CONC-507: Fixed race condition in ma_net_init * CONC-501: Added support for TLS v1.3 cipher suites * MDEV-21612: Removed unused command COM_MULTI - changes in release 3.1.10: * CONC-500: Fixed error when loading intermediate chained certificates * MDEV-18818: Fixed wrong zlib in mariadb_config when building inside server package * CONC-498: MYSQL_UNIX_ADDR and MYSQL_PORT are now defined * Added new build option WIITH_ICONV=ON/OFF. When set to OFF (default) API function mariadb_convert_string will always return -1 and sets errorcode to ENOTSUP. * mariadb_config now tries to determine the path of execution or uses MARIADB_CONFIG environment variable before falling back and using CMAKE_INSTALL_PREFIX for location of libraries and include files * added --variables option for mariadb_config. Supported values are pkgincludedir, pkglibdir and pkgplugindir. - absolute_path_fix.patch, private_library.patch: refreshed - Update to release 3.1.9 * CONC-469: Use servers preferred authentication method unless another plugin was specified. * Added support for kFreeBSD builds * Fixed memory leak in GnuTLS if connection couldn't be established. - refresh private_library.patch - Update to release 3.1.8 [bsc#1171550] * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improperly * CONC-464: Fix static build for auth_gssapi_client plugin * Fixes for the following security vulnerabilities: CVE-2020-13249 - refresh absolute_path_fix.patch and private_library.patch - Update to release 3.1.7 * TLS/SSL: when the client doesn't procide a CA file and the option ssl_verify_server_cert was set, the peer cerificate will be validated against the system CA. - Update to release 3.1.6 * Fixed: ERROR 2026 (HY000): SSL connection error: Certificate signature check failed * Fixed: Provide error code and message for Schannel errors * Fixed SEC_E_INVALID_TOKEN when server sends large message during SSL handshake - New upstream version 3.1.5 [bsc#1156669] * MDEV-20469: Plugin dialog could not be loaded (wrong path) * ODBC-440: Fixed typo in sha256_password cmake configuration * CONC-418: For unknown/not handled schannel error codes FormatMessage function will be used instead of returning "Unknown error" message. - New upstream version 3.1.4 * CONC-431: Use windows crypto libraries on Windows platforms * Included in MariaDB 10.4.8, MariaDB 10.3.18, and MariaDB 10.2.27 - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and private_library.patch - New upstream version 3.1.3 * CONC-380: Fix CMake warnings * CONC-345: heap-use-after-free in client_mpvio_read_packet * CONC-423: Fix GnuTLS error with TLSv1.3 * CONC-424: Ignore SERVER_STATUS_CURSOR_EXISTS if client didn't open a cursor before * CONC-421: Fixed crash in GnuTLS when key and certificate are in the same file * CONC-429: Don't allow invalid characters in plugin names * MDEV-19807: Fixed Location of PLUGINDIR if Connector/C is a subproject - refresh absolute_path_fix.patch and private_library.patch - New upstream version 3.1.2 [bsc#1136035] * CONC-383: client plugins can't be loaded due to missing prefix * Fixed version setting in GnuTLS by moving "NORMAL" at the end of priority string * CONC-386: Added support for pem files which contain certificate and private key. * Replication/Binlog API: The main mechanism used in replication is the binary log. * CONC-395: Dashes and underscores are not interchangeable in options in my.cnf - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and private_library.patch - pack client_ed25519.so - Add pkgconfig(zlib) Requires to the -devel package: the .pc file lists -lz in the Libs, but does not mention any requires explicitly. So let's do our consumers a favor and pull in what we require. - move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig [bsc#1126088] - New upstream version 3.0.9 * CONC-384: Incorrect packet when a connection attribute name or value is equal to or greater than 251 * CONC-388: field->def_length is always set to 0 (only used by deprecated function mysql_list_fields) * Getter should get and the setter should set CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS * CONC-385: Removed some cmake system checks * CONC-387: Fix case sensitive include file names for cross compiling * Fixed cnake policy CMP007 * Support static linking auth plugins * Fix build with deprecated OpenSSL API: replaced ERR_remove_state by ERR_remove_thread_state * Disable LOAD DATA LOCAL INFILE suport by default and auto-enable it for the duration of one query, if the query string starts with the word "load". In all other cases the application should enable LOAD DATA LOCAL INFILE support explicitly * Changed return code for mysql_optionv/mysql_get_optionv to 1 (was -1) and added CR_NOT_IMPLEMENTED error message if a option is unknown or not supported. This will fix possible error when setting connection attribute failed - New upstream version 3.0.8 * mingw fix: use lowercase names for include files * CONC-375: Fixed handshake errors when mixing TLSv1.3 cipher suites with cipher suites from other TLS protocols * CONC-312: Added new caching_sha2_password authentication plugin for authentication with MySQL 8.0 - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch - pack caching_sha2_password.so plugin - New upstream version 3.0.7 [bsc#1116686] * Build fixes when building with ASAN/TSAN * CONC-370: Fixed memory leak in configuration file parsing. * CONC-371: Incorrect fractional part conversion when converting datetime string to MYSQL_TIME * CONC-283: Fixed pkg-config configuration * CONC-364: Not all sockets created in pvio_socket_connect function are closed * multiple fixes in named pipe implementation * CONC-349: Added new parameter STMT_ATTR_STATE to retrieve statement status via api function mysql_stmt_attr_get - refresh private_library.patch and absolute_path_fix.patch - pack libmariadb.pc - New upstream version 3.0.6 * MDEV-15263: FIx IS_NUM() macro * CONC-297: local infile parameter must be unsigned int instead of my_bool * CONC-329: change return value of internal socket functions from my_bool to int * CONC-332: my_auth doesn't read/update server ok packet * CONC-344: reset internal row counter * CONC-345: invalid heap use after free * CONC-346: Remove old cmake policies * fixed crash in mysql_select_db if NULL parameter was provided - refresh private_library.patch - New upstream version 3.0.5 - 3.0.5 important changes: * CONC-336: Allow multiple initialization of client library * Fixed string to MYSQL_TIME conversion (prepared statements) * CONC-334: Copy all members of MYSQL_FIELD to internal statement structure * Fixed double free in dynamic column library * Added checks for corrupted packets in protocol * MDEV-15450: Added default connection attribute _server_host * CONC-326: fixed wrong openssl thread id callback - 3.0.4 important changes: * Added option MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS for mysql_options()/mysql_optionsv(): * New plugin configuration interface: The default configuration for a specific plugin can be specified via cmake parameter - DCLIENT_PLUGIN_${PLUGIN}=[DYNAMIC|STATIC|OFF]. * Added support for linux abstract socket (MDEV-15655). * CONC-320: Added asynchronous/non-blocking support for OpenSSL and GnuTLS * CONC-294: Access violation in mysql_close when using a connection plugin. * MDEV-14977: If built dynamically the old_password plugin could not be located due to wrong filename (must be mysql_old_password.so instead of old_password.so). * CONC-315: If no default client character set was specified, the utf8 character set will be used by default (instead of setting the client character set to server character set) * CONC-317: Parsing of configuration file fails if key/value pairs contain white spaces. * CONC-322: Correct handling of EAGAIN and EINPROGRESS in internal_connect (socket) for non windows platforms. * CONC-323: mariadb_stmt_execute_direct hangs forever if compression used. * CONC-324: Wrong codepage numbers for some collations. * CONC-326: ssl_thread_init() uses wrong openssl threadid callback - refresh the following patches: * mariadb-connector-c-2.3.1_unresolved_symbols.patch * absolute_path_fix.patch * private_library.patch - Drop libmysqlclient_r Provides from the -devel package. (bsc#1097938) - New upstream version 3.0.3 * Added support for new utf8mb4 character sets * MDEV-9059: Bundle first command with authentication packet * Build: support static OpenSSL on Windows * MDEV-14101: Add support for tls-version, via mysql_options(mysql, MARIADB_OPT_TLS_VERSION, value), where value must be "TLSv1.1", "TLSv1.2" or "TLSv1.3". * CONC-275: New indicator type STMT_INDICATOR_IGNORE_ROW for skipping particular parameter set in bulk operation (prepared statements). * MDEV-10361: Don't try to reconnect twice if mysql_ping failed. * Build fix for TSAN build with Clang * CONC-302: Fix output of mariadb_config * CONC-301: In case of a truncation the statement status was not updated correctly and further calls to mysql_stmt_fetch_column failed * MDEV-14647: Fixed crash when client receives extended ok packet with SESSION_TRACK_STATE_CHANGE information flag * CONC-297: setting MYSQL_OPT_LOCAL_INFILE failed on big endian systems. * MDEV-14514: mariadb_config returned wrong exit code when specifying an invalid option * MDEV-11546: Fixed timeout problem in Schannel * CONC-277: Allow reinitialization of the library if mysql_server_end() was called. * CONC-292: Fixed malloc result check in dynamic columns * MDEV-14165: The metadata length value for a column with a zerofill flag was calculated with a fixed length instead of using the reported length. * CONC-286: Force TLS/SSL usage if fingerprint parameters were specified. * CONC-282: Connector/C now provides additional information for package version * mariadb_config --cc_version lists the package version * Beside MARIADB_PACKAGE_VERSION numeric representation MARIADB_PACKAGE_VERSION_ID can be used now within preprocessor directives. * MDEV-13959: Fixed duplicate if condition in dynamic columns * Added MARIADB_BASE_VERSION definition in mariadb_version.h to distnguish MARIADB from MySQL * CONC-271: installation layout fix for RPM - refresh the following patches: * absolute_path_fix.patch * private_library.patch - drop 0334aa48.patch that is no longer needed - use %license instead of %doc [bsc#1082318] - Use more cmake macros - Run spec-cleaner - 0334aa48.patch: Backported implementation and testcase for skipping particular paramset in bulk operation/. This is needed to get current stable MariaDB connector/ODBC actually compilable. - Install missing header (bsc#1067904) - mariadb-connector-c is now a provider of the libmariadb library for mariadb and others - add compatibility symlinks - change LIBDIR, INCLUDEDIR and PLUGINDIR paths to be the same as it was in the mariadb package (compatibility reasons) - add baselibs.conf - add %{mariadb_version} macro that should correspond with the current version of the mariadb package - refresh absolute_path_fix.patch and private_library.patch - move libraries to %{_libdir}/mariadb/ to avoid a conflict - add README and COPYING.LIB to %doc - New upstream version 3.0.2 * Array support for prepared statements (bulk operations) * TLS/SSL support for GnuTLS, Windows SChannel and LibreSSL * Support for passphrase protected keys * SHA256 authentication plugin - refreshed * mariadb-connector-c-2.3.1_unresolved_symbols.patch * absolute_path_fix.patch * private_library.patch - change sover from 2 to 3 - tweak build options * DMYSQL_UNIX_ADDR is now DMARIADB_UNIX_ADDR * DPLUGIN_INSTALL_DIR is now DINSTALL_PLUGINDIR * add DINSTALL_LIBDIR, WITH_MYSQLCOMPAT and DWITH_SSL - now we build also the following plugins: * auth_gssapi_client.so * remote_io.so * sha256_password.so - move libmysqlclient* libraries to %{_libdir} - Fix RPM groups once more. - New upstream version 2.3.3: * Fixed build for big-endian platforms. Obsoletes bigendian_type_fixes.patch * Changed parameter type for parameter reconnect in mysql_optionsv from uint to my_bool - absolute_path_fix.patch: refreshed - Remove unused gnutls from buildrequires - Update descriptions and RPM groups - Set proper MySQL socket path for localhost connections - Update to version 2.3.2 * Plugin API interface change: Changed the interface of authentication plugins, allowing plugins from C/C 3.0 (like GSSAPI/Kerberos plugin) * CONC-205: Any field going after a TEXT field in the selecion list is fetched incorrectly (prepared statements) * CONC-198: Can't use more than one statement per connection * CONC-223: Add client support for missing collations * MDEV-10894: big endian conversion * fixed packet_length in dialog plugin * fixed include of my_stmt.h * fixed wrong behavior of read_timeout * fixed timeout for non-blocking operations * fixed output for plugindir in mariadb_config * removed extra check for non binary result types in fetch_bin (prepared statements) - mariadb.keyring: add MariaDB Enterprise signing key - bigendian_type_fixes.patch: fix build failure on Big endien - absolute_path_fix.patch: * remove ugly paths in mariadb_config * list correct include paths - private_library.patch: shared library with exported private symbols in place of a static library - mariadb-connector-c-2.3.1_unresolved_symbols.patch: add missing library to link requirements. - initial package ==== python-gevent ==== - Skip two tests that fail in SLE/Leap: * skip-tests-in-leap.patch ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Drop unneeded patch on Leap and SLE by now: webkit2gtk3-restore-npapi.patch (bsc#1189105).