Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210205 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (20.3.3 -> 20.3.4) Mesa-drivers (20.3.3 -> 20.3.4) apache2 apache2-manual apache2-prefork apache2-utils apparmor atftp dnsmasq e2fsprogs gcc11 (10.2.1+git1030 -> 11.0.0+git182924) ibus inkscape (1.0.1 -> 1.0.2) ipmitool libqt5-qtlocation libquvi lua53-luasocket nbd (3.20 -> 3.21) perl-URI (5.06 -> 5.07) plasma5-desktop psutils (2.03 -> 2.04) publicsuffix (20210108 -> 20210128) purpose python python-Pygments (2.6.1 -> 2.7.4) python-base python-gssapi (1.6.2 -> 1.6.12) python-kiwi (9.23.5 -> 9.23.12) python-matplotlib (3.3.3 -> 3.3.4) python-pyOpenSSL (20.0.0 -> 20.0.1) python-pycurl (7.43.0.5 -> 7.43.0.6) python-pymongo (3.11.1 -> 3.11.2) python-sniffio python-tornado6 (6.0.4 -> 6.1) snapper system-users vim (8.2.2327 -> 8.2.2411) wget (1.21 -> 1.21.1) wireshark (3.4.2 -> 3.4.3) === Details === ==== Mesa ==== Version update (20.3.3 -> 20.3.4) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.3.4 * fourth bugfix release for the 20.3 branch - removed no longer needed buildfix-ppc64le.patch; build failed on ppc64 due to this patch (bsc#1181439) ==== Mesa-drivers ==== Version update (20.3.3 -> 20.3.4) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to 20.3.4 * fourth bugfix release for the 20.3 branch - removed no longer needed buildfix-ppc64le.patch; build failed on ppc64 due to this patch (bsc#1181439) ==== apache2 ==== - Add lua54.patch to fix building with lua54 ==== apache2-manual ==== - Add lua54.patch to fix building with lua54 ==== apache2-prefork ==== - Add lua54.patch to fix building with lua54 ==== apache2-utils ==== - Add lua54.patch to fix building with lua54 ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - define %_pamdir for <= 15.x to fix the build on those releases ==== atftp ==== - Use system wide tftp user/group, don't create them again ==== dnsmasq ==== - Fix building with lua54 ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2 - Fix usage of info macros on openSUSE, we use file triggers today - Use file requires for post section ==== gcc11 ==== Version update (10.2.1+git1030 -> 11.0.0+git182924) Subpackages: libasan6 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libtsan0 libubsan1 - New packages inherits from gcc10 package. ==== ibus ==== Subpackages: ibus-dict-emoji ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5 libibus-1_0-5-32bit typelib-1_0-IBus-1_0 - Do not build in parallel for reproducible build results (boo#1102408) ==== inkscape ==== Version update (1.0.1 -> 1.0.2) Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang - Update to 1.0.2 * Zooming by middle mouse button click (pressing scroll wheel) can now be deactivated in Edit ? Preferences ? Behavior ? Steps: Zoom with middle mouse click * Canvas rotation by Ctrl + middle mouse drag or Ctrl + Shift + Scroll can be prevented in two ways: - from View ? Canvas Orientation ? Lock Rotation - for all new Inkscape windows in Edit ? Preferences ? Interface: Lock canvas rotation by default * fixed a long-standing, very annoying bug where, when copying an object to the clipboard while also running certain other programs on Linux desktops * Stroke to Path: Converting an object's stroke to a path no longer makes its clones vanish * Performance: Improved rendering performance when zooming through multiple zoom levels * CSS: CSS classes that start with a letter that isn't part of the ASCII set are no longer ignored * User interface: Random actions should no longer cause sudden scaling of the canvas * Arcs from Inkscape files created with versions older than 1.0 are no longer rendered as slices * A long-standing issue with the Eraser tool painting red lines 0instead of erasing as soon as the user has interacted with a menu or dialog or another user interface element has been fixed * Lots of other minor fixes - Drop inkscape-include-atomic.patch ==== ipmitool ==== - Fixes (bsc#1179133) lanplus: hanging on getting cipher suites for 10 seconds A lanplus-don-t-retry-pre-session-Get-cipher-suites.patch - Do not append the device number to the PIDFILE pathname as this will confuse systemd. [bsc#1181063, 0008-bsc#1181063-dont-parametrize-pidfile-name.patch] - When really starting the daemon, in lib/helper.c::ipmi_start_daemon() stdin/stdout/stderr are redirected to /dev/null and this is checked but the check for stderr tests for STDOUT_FILENO. This is, most likely, a copy-paste error. [bsc#1175328, 0007-bsc#1175328-check-for-correct-fd.patch] ==== libqt5-qtlocation ==== Subpackages: libQt5Location5 libQt5Positioning5 libQt5PositioningQuick5 - Add compatibility with qml-autoreqprov ==== libquvi ==== - Correct misspelling in libquvi-0.9.4-lua-5.2.patch ==== lua53-luasocket ==== - Use %lua_provides macro ==== nbd ==== Version update (3.20 -> 3.21) - update to 3.21: - Fix --disable-manpages build - Fix a bug in whitespace handling regarding authorization files - Support client-side marking of devices as read-only - Support preinitialized NBD connection (i.e., skip the negotiation). - Fix the systemd unit file for nbd-client so it works with netlink (the more common situation nowadays) ==== perl-URI ==== Version update (5.06 -> 5.07) - update to 5.07: s/perl.com/example.com/ in examples and tests ==== plasma5-desktop ==== Subpackages: plasma5-desktop-emojier plasma5-desktop-lang - signon-plugin-oauth2 is a runtime dep ==== psutils ==== Version update (2.03 -> 2.04) - update to 2.04: * pstops: fix ability to use paper size in x/y offsets * pstops: fix a warning ==== publicsuffix ==== Version update (20210108 -> 20210128) - Update to version 20210128: * Add Appspace to PSL (#1197) * add torproject.net (#1196) * Public suffixes KU Leuven (#1194) * added clickrising.net (#1192) * Add hosting and paas from OVHcloud (#1193) * add missing IDN ccTLDs: for Bahrain and Laos ( .xn--mgbcpq6gpa1a and .xn--q7ce6a ) (#1175) * Add try-snowplow.com to PSL (#1184) * Update public_suffix_list.dat (#1189) * Update public_suffix_list.dat (#1187) * removal of scapp.io and applicationcloud.io (#1186) * Update public_suffix_list.dat (#1185) * Added fireweb.app to PSL (#1181) * Update and rename tld-update.yml to tld-update.yml.hold * CI: Add Github Actions workflow for TLD updates PRs. (#1166) ==== purpose ==== Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 purpose-lang - Avoid hard dependency of optional plugin requirements ==== python ==== - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. ==== python-Pygments ==== Version update (2.6.1 -> 2.7.4) - Update to 2.7.4 (all what was in the update to 2.7.2 and above it): - Updated lexers: * Ada (#1581) * HTML (#1615, #1614) * Java (#1594, #1586) * JavaScript (#1605, #1589, #1588) * JSON (#1569 -- this is a complete rewrite) * Lean (#1601) * LLVM (#1612) * Mason (#1592) * MySQL (#1555, #1551) * Rust (#1608) * Turtle (#1590, #1553) - Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (#1600) - The ``ImgFormatter`` now calculates the exact character width, which fixes some issues with overlapping text (#1213, [#1611]) - Documentation fixes (#1609, #1599, #1598) - Fixed duplicated Juttle language alias (#1604, #1606) - Added support for Kotlin scripts (#1587) - Removed CSS rule which forced margin to 0 ==== python-base ==== Subpackages: libpython2_7-1_0 python-xml - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. ==== python-gssapi ==== Version update (1.6.2 -> 1.6.12) - Update to 1.6.12: * Fix GSSAPI detection for macOS Big Sur (#235, #236) * Clarify how to disable detection (#234) - Update to 1.6.11: * Fix build on FreeBSD (#232, #228) * On FreeBSD, prefer GSSAPI from ports if available (#232) * Support python >= 3.8 in test suite by dropping dependency on should_be (#215, #229) * Fix malformed S4U tests (#220, #229) - Update to 1.6.10: * Provide python 3.9 Windows wheels (#226, #227) * Fix shlex.split on Windows (#223) * Removed six package and other older py cleanup values (#221, #222) - Update to 1.6.9: * Raise exception on unknown usage (#202, #203) * Update tutorial to make server_name equal FQDN (#209) * Handle missing locale.LC_MESSAGES on Windows (#211) - Update to 1.6.5: * There were no releases between 1.6.5 and 1.6.9 due to release pipeline issues with Github Actions. * Fix python_requires so that python-3.5 users hopefully don't get a version they can't use (#199, #198) - Update to 1.6.4: * There was no v1.6.3 due to an incompatible sphinx extension change. * Fix missing substitution in inquire_property (#195, #196) * Fix DLL handling on Windows with workarounds (#193, #194, #197) ==== python-kiwi ==== Version update (9.23.5 -> 9.23.12) - Bump version: 9.23.11 ? 9.23.12 - Added aaa_base to s390 TW build tests On s390 TW aaa_base is not pulled in by a dependency in obs. It looks like the package is pulled in by a file provides which is not resolved by obs. Thus the package needs to be added explicitly - Bump version: 9.23.10 ? 9.23.11 - Follow up fix, creating custom grub EFI images Make sure custom EFI grub image is copied to the media directory if this is different from the root directory e.g on creation of live images - Bump version: 9.23.9 ? 9.23.10 - Follow up fix, creating custom grub images Moving the grub mkimage call as chroot operation also broke the creation of image builds that uses the legacy custom kiwi boot image feature instead of dracut. This commit fixes it - Added leap box to be shown by build_status helper - Added decorators to help with API management The lifetime of API methods could be limited due to the development of kiwi. To allow for a deprecation process the following helper methods has been added - Bump version: 9.23.8 ? 9.23.9 - Update MicroOS build test This commit alignes the MicroOS tests with the MicroOS images build for kvm and xen. In addition it adds the installation media request and custom initrd modules configuration for the installation media. - Fixed creation of custom bios grub image The last commit moved the grub mkimage call into the chroot. As a side effect and when creating install media the earlyboot script could no longer be found. This commit fixes it - Include installmedia documentation - Bump version: 9.23.7 ? 9.23.8 - Fixed creation of custom grub image If kiwi can't find the distribution provided grub image(s) it creates them using the respective grub[X]-mkimage tool. However the tool was called on the build host which could cause an inconsistency on the used module path. Grub is not packaged consistently across the distributions and also the provided modules comes in different versions and patch sets. Therefore it's required that kiwi calls the grub mkimage tool as chrooted operation inside of the tree that provides the target image. As consequence of the change it's required that the image root tree provides the grub mkimage tool. In addition to the change we now also log the output from the grub mkimage call in the kiwi build logfile. This Fixes #1254 - Add strong typing for the following API methods * kiwi/system/kernel.py * kiwi/system/result.py * kiwi/system/shell.py This references issue #1644 - Add the schematron rules for installinitrd This commit adds an schematron rule to limit the presence of installinitrd element to disk builds including installation media. - Add the installinitrd element This commit adds the `<installinitrd>` element in kiwi schema to facilitate the dracut modules configuration for the installation initrds on OEM images. Within installinitrd element is possible list the dracut modules to append, to omit or to just set an static list of dracut modules to include. Fixes #1676 Fixes #1683 - Add strong typing for the following API methods * system/root_bind.py * system/root_init.py * system/identifier.py This references issue #1644 - Bump version: 9.23.6 ? 9.23.7 - Don't call super() from logging.Formatter It's not needed to run the base class constructor. The interface for the logging facility is also different between python 3.6 and python 3.8 such that calling the base constructor would be bad idea anyway. - Add strong typing for the following API methods * kiwi/system/size.py * kiwi/system/uri.py * kiwi/system/users.py Update the test path for users_test.py This references #1644 - Include missing qemu-tools dependency for iso images This commit includes a missing qemu-tools dependency for iso image type. - Added strong typing for the following API methods * kiwi/system/prepare.py * kiwi/system/profile.py * kiwi/system/setup.py The changes here also lead to a small refactoring for the handling of the package manager. In my opinion it doesn't make sense to allow a None type package manager from the stateful XML instance. As without any package manager nothing can be done. As it also turns into an issue for the PackageManager API which does not allow for an empty value here I thought it's better to come up with a default package manager (set to dnf) if no one is explicitly specified This references Issue #1644 - Explicitly set lvm device source Set external_device_info_source=none for lvm calls. This is related to Issue #1665 - Fixed use of encoding in open calls The use of encodings.ascii in open calls was wrong. Open expects an encoding string but encodings.ascii returns a module reference - Bump version: 9.23.5 ? 9.23.6 - Handle checksum files in ascii encoding Follow up fix for #1673. Handle reading/writing of all supported checksum variants in ascii encoding - Mark Micro DNF as a RPM based package manager Without doing this, KIWI won't generate the correct output files for verification of image content. - Only write GRUB_CMDLINE_LINUX_DEFAULT with content Only write GRUB_CMDLINE_LINUX_DEFAULT in the grub defaults file if there are custom options set via the kernelcmdline attribute. This Fixes #1650 - Move logic to sync system data into a separate method Reduce cyclomatic complexity of DiskBuilder.create_disk() by moving the logic to sync system data into a separate method. ==== python-matplotlib ==== Version update (3.3.3 -> 3.3.4) Subpackages: python38-matplotlib python38-matplotlib-cairo python38-matplotlib-gtk3 python38-matplotlib-tk - update to version 3.3.4: * Fix WebAgg initialization. * Fix parsing QT_API setting with mixed case. * Fix build with link-time optimization disabled in environment. * Fix test compatibility with NumPy 1.20. * Fix test compatibility with pytest 6.2. ==== python-pyOpenSSL ==== Version update (20.0.0 -> 20.0.1) - update to 20.0.1: - Fixed compatibility with OpenSSL 1.1.0. ==== python-pycurl ==== Version update (7.43.0.5 -> 7.43.0.6) - update to 7.43.0.6: * Fixed offset parameter usage in seek callback * Added support for libcurl SSL backend detection via `curl-config --ssl-backends` * Added support for libcurl MultiSSL * Added ability to unset CURLOPT_PROXY. * Added support for CURLOPT_UPLOAD_BUFFERSIZE * Added support for CURLOPT_MAXAGE_CONN * Added support for sharing connection cache in libcurl * Added support for CURLOPT_HAPROXYPROTOCOL * CC and CFLAGS environment variables are now respected when building * Fixed OpenSSL detection on CentOS 7 and 8 * surrogateescape error handler is used in multi_info_read to handle invalid UTF-8. - drop python-pycurl-7.43.0-tls-backend.patch (upstream) - refresh remove_nose.patch to remove even more nose code ==== python-pymongo ==== Version update (3.11.1 -> 3.11.2) - update to 3.11.2: - Fixed a memory leak caused by failing SDAM monitor checks on Python 3 (`PYTHON-2433`_). - Fixed a regression that changed the string representation of :exc:`~pymongo.errors.BulkWriteError` (`PYTHON-2438`_). - Fixed a bug that made it impossible to use :meth:`bson.codec_options.CodecOptions.with_options` and :meth:`~bson.json_util.JSONOptions.with_options` on some early versions of Python 3.4 and Python 3.5 due to a bug in the standard library implementation of :meth:`collections.namedtuple._asdict` (`PYTHON-2440`_). - Fixed a bug that resulted in a :exc:`TypeError` exception when a PyOpenSSL socket was configured with a timeout of ``None`` (`PYTHON-2443`_). ==== python-sniffio ==== - Fix the contextvars requirement for python36 ==== python-tornado6 ==== Version update (6.0.4 -> 6.1) - Update to version 6.1.0 * Full changelog can be found at https://www.tornadoweb.org/en/stable/releases/v6.1.0.html - Drop patches not applying anymore. * python-tornado6-httpclient-test.patch * skip-failing-tests.patch * tornado-testsuite_timeout.patch - Refresh and comment ignore-resourcewarning-doctests.patch - Fix documentation deduplication ==== snapper ==== Subpackages: libsnapper5 snapper-zypp-plugin - fixed testsuite for equal-date (gh#openSUSE/snapper#526) ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-group-libvirt system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-games system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-qemu system-user-tftp system-user-tss system-user-upsd system-user-uucp system-user-vscan system-user-wwwrun - Add system-user-ntp subpackage with ntp user and group and /var/lib/ntp as home directory ==== vim ==== Version update (8.2.2327 -> 8.2.2411) Subpackages: gvim vim-data vim-data-common Updated to version 8.2.2411, fixes the following problems * Debugging code included. * Some test files may not be deleted. * Not all ways Vim can be started are tested. * Vim9: crash when using :trow in a not executed block. * Vim9: wrong error when modifying dict declared with :final. * Vim9: missing :endif not reported when using :windo. * Vim9: warning for uninitialized variable. (Tony Mechelynck) * Pascal-like filetypes not always detected. * Vim9: "silent return" does not restore command modifiers. * Vim9: it is not possible to extend a dictionary with different item types. * Configure test for GTK only says "no". (Harm te Hennepe) * Vim9: no error if using job_info() result wrongly. * Cannot get the type of a value as a string. * win_execute() unexpectedly returns number zero when failing. * Expression command line completion shows variables but not functions after "g:". (Gary Johnson) * "char" functions return the wront column in Insert mode when the cursor is beyond the end of the line. * Vim9: return type of readfile() is any. * Using inclusive index for slice is not always desired. * No focus events in a terminal. * Codecov reports every little coverage drop. * Build failure without GUI. * No check for modified files after focus gained. (Mathias Stearn) * Vim9: cannot handle line break after parenthesis at line end. * Using "void" for no reason. * Vim9: error message for "throw" in function that was called with "silent!". * If the focus lost/gained escape sequence is received twice it is not ignored. (Christ van Willigen) * Spartql files are not detected. * Crash with a weird combination of autocommands. * Stray test failure on Appveyor. * Vim9: ":put =expr" does not handle a list properly. * Vim9: crash when parsing function return type fails. * Wrong #ifdef for use_xterm_like_mouse(). * Strange test failure with MS-Windows. * Test leaves file behind. * Vim9: no highlight for "s///gc" when using 'opfunc'. * Vim9: check of builtin function argument type is incomplete. * Vim9: line break in lambda accesses freed memory. * Vim9: no check for map() changing item type at script level. * When using ":sleep" the cursor is always displayed. * Test failures on some less often used systems. * Insufficient tests for setting options. * Vim9: functions return true/false but can't be used as bool. * Vim9: command fails in catch block. * Vim9: crash when using types in :for with unpack. * Confusing error message for wrong :let command. * Vim9: list assignment only accepts a number index. * Accessing uninitialized memory in test_undo. * Test for RGB color skipped in the terminal. * Vim9: crash when dividing by zero in compiled code using constants. * Vim9: crash when using a range after another expression. * Vim9: no error message for dividing by zero. * Finding spell suggestions twice if 'spellsuggest' contains number. * Vim9: occasional crash when using try/catch and a timer. * Vim9: divide by zero does not abort expression execution. * Build failure. * Focus escape sequences are not named in ":set termcap" output. * Turtle filetype not recognized. * "gj" and "gk" do not work correctly when inside a fold. * Vim9: crash when using ":silent! put". * Runtime type check does not mention argument index. * No easy way to get the maximum or mininum number value. * Test failure on a few systems. * Vim9: using positive offset is unexpected. * Memory leak when creating a global function with closure. * Fennel filetype not recognized. * Vim9: error message when script line starts with "[{". * Vim9: min() and max() return type is "any". * Vim9: error for wrong type may report wrong line number. * Vim9: no white space allowed before "->". * Vim9: "%%" not seen as alternate file name for commands with a buffer name argument. * Method test fails. * Fold test fails in wide terminal. * Vim9: compiled functions are not profiled. * Build fails without +profiling feature. * Some filetypes not detected. * Vim9: profiling if/elseif/endif not correct. * Vim9: profiling try/catch not correct. * Vim9: no need to allow white space before "(" for :def. * Vim9: profiled :def function leaks memory. * Old jumplist code is never used. * MinGW: "--preprocessor" flag no longer supported. * Vim9: profiling only works for one function. * Build failure without the +profiling feature. * Profile test fails on MS-Windows. - remove forcing /usr/bin/vi -> vim symlink. Previous line linked to /etc/alternatives already. ==== wget ==== Version update (1.21 -> 1.21.1) Subpackages: wget-lang - update to 1.21.1: * Fix compilation on MacOS and Solaris 9 * Resove bashism from configure.ac * Fix a compilation warning on 32-bit systems - remove-env-from-shebang.patch: refresh ==== wireshark ==== Version update (3.4.2 -> 3.4.3) Subpackages: libwireshark14 libwiretap11 libwsutil12 wireshark-ui-qt - Wireshark 3.4.3: * CVE-2021-22173: fix USB HID dissector memory leak (wnpa-sec-2021-01, boo#1181598) * CVE-2021-22174: fix USB HID dissector crash (wnpa-sec-2021-02, boo#1181599) * Fix bugs in SIP, Telephony, QUIC, SOMEIP-SD, SRv6, TECMP, AUTOSAR-NM, Fibre Channel, f5ethtrailer, ZVT dissectors. * fix TShark crashes with -T ek option