New Tumbleweed snapshot 20211011 released!

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20211011 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: CoreFreq (1.87.1_k5.14.9_1 -> 1.87.4_k5.14.9_1) ImageMagick (7.1.0.8 -> 7.1.0.9) Mesa-drivers apache2-mod_php7 bash-completion checkmedia (5.4 -> 6.1) codec2 firewalld (1.0.0 -> 1.0.1) freerdp gcr (3.40.0 -> 3.41.0) git glibc hwdata (0.351 -> 0.352) hwinfo (21.76 -> 21.77) libHX (3.26 -> 4.0.1) libqb (2.0.2+20201203.def947e -> 2.0.3+20210303.404adbc) libreoffice (7.1.5.2 -> 7.2.2.1) libvirt (7.7.0 -> 7.8.0) libx86emu (3.2 -> 3.3) libzypp (17.28.4 -> 17.28.5) lirc luajit man mariadb mdadm open-iscsi openssh (8.4p1 -> 8.8p1) openssh-askpass-gnome (8.4p1 -> 8.8p1) patterns-gnome pcsc-lite (1.9.3 -> 1.9.4) php7 polkit-default-privs (1550+20210818.b0c41fd -> 1550+20211008.9751669) publicsuffix (20210928 -> 20211006) pulseaudio python-libvirt-python (7.7.0 -> 7.8.0) rubygem-bootsnap (1.7.7 -> 1.9.1) rubygem-marcel (1.0.1 -> 1.0.2) rubygem-puma (5.4.0 -> 5.5.0) rubygem-rubocop (1.19.1 -> 1.22.1) rubygem-rubocop-ast (1.11.0 -> 1.12.0) rubygem-spring (2.1.1 -> 3.0.0) rubygem-unicode-display_width (2.0.0 -> 2.1.0) virt-manager virtualbox virtualbox-kmp xwayland yarn (1.22.11 -> 1.22.13) yast2-trans (84.87.20210914.a5d6b81b64 -> 84.87.20210929.6d3a97ea50) === Details === ==== CoreFreq ==== Version update (1.87.1_k5.14.9_1 -> 1.87.4_k5.14.9_1) - Update to version 1.87.4 - fixed service hardening preventing daemon to start (boo#1191509) - added modprobe_corefreqd.service.patch to load/unload kernel module on service start/stop. Do not load module on boot anymore - fixed leap15_3.patch including unnessary junk ==== ImageMagick ==== Version update (7.1.0.8 -> 7.1.0.9) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - previous version updates fixed also: CVE-2018-10805,CVE-2018-11624,CVE-2018-11625,CVE-2018-12599,CVE-2018-12600, CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323, CVE-2018-16328,CVE-2018-16329,CVE-2018-16412,CVE-2018-16413,CVE-2018-16640, CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645, CVE-2018-17966,CVE-2018-18024,CVE-2018-18544,CVE-2018-20467,CVE-2019-10650, CVE-2019-11007,CVE-2019-11008,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505, CVE-2019-11506,CVE-2019-11597,CVE-2019-11598,CVE-2019-12974,CVE-2019-12975, CVE-2019-12976,CVE-2019-12977,CVE-2019-12978,CVE-2019-12979,CVE-2019-13133, CVE-2019-13134,CVE-2019-13135,CVE-2019-13136,CVE-2019-13137,CVE-2019-13295, CVE-2019-13296,CVE-2019-13297,CVE-2019-13298,CVE-2019-13299,CVE-2019-13300, CVE-2019-13301,CVE-2019-13302,CVE-2019-13303,CVE-2019-13304,CVE-2019-13305, CVE-2019-13306,CVE-2019-13307,CVE-2019-13308,CVE-2019-13309,CVE-2019-13310, CVE-2019-13311,CVE-2019-13391,CVE-2019-13454,CVE-2019-14980,CVE-2019-14981, CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709, CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713,CVE-2019-19948, CVE-2019-19949,CVE-2019-7175,CVE-2019-7395,CVE-2019-7396,CVE-2019-7397, CVE-2019-7398,CVE-2019-9956,CVE-2020-19667,CVE-2020-25664,CVE-2020-25665, CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27560, CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754, CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759, CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764, CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769, CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774, CVE-2020-27775,CVE-2020-27776,CVE-2020-29599,CVE-2021-20241,CVE-2021-20311, CVE-2021-20312,CVE-2021-20313,CVE-2021-20241,CVE-2021-20243,CVE-2021-20244, CVE-2021-20246 (bsc#1094741,bsc#1094742,bsc#1094745,bsc#1095812,bsc#1096200,bsc#1096203, bsc#1098545,bsc#1098546,bsc#1102003,bsc#1102004,bsc#1102005,bsc#1102007, bsc#1106254,bsc#1106855,bsc#1106857,bsc#1106858,bsc#1106989,bsc#1106996, bsc#1107604,bsc#1107609,bsc#1107612,bsc#1107616,bsc#1107618,bsc#1107619, bsc#1110746,bsc#1111069,bsc#1111072,bsc#1113064,bsc#1120381,bsc#1124365, bsc#1124366,bsc#1124367,bsc#1124368,bsc#1128649,bsc#1130330,bsc#1131317, bsc#1132054,bsc#1132060,bsc#1133204,bsc#1133205,bsc#1133498,bsc#1133501, bsc#1136732,bsc#1138464,bsc#1139884,bsc#1139885,bsc#1139886,bsc#1140100, bsc#1140102,bsc#1140103,bsc#1140104,bsc#1140105,bsc#1140106,bsc#1140110, bsc#1140111,bsc#1140501,bsc#1140513,bsc#1140520,bsc#1140534,bsc#1140538, bsc#1140543,bsc#1140545,bsc#1140547,bsc#1140549,bsc#1140552,bsc#1140554, bsc#1140664,bsc#1140665,bsc#1140666,bsc#1140667,bsc#1140668,bsc#1140669, bsc#1140673,bsc#1141171,bsc#1146065,bsc#1146068,bsc#1146211,bsc#1146212, bsc#1146213,bsc#1151781,bsc#1151782,bsc#1151783,bsc#1151784,bsc#1151785, bsc#1151786,bsc#1159861,bsc#1160369,bsc#1161194,bsc#1178067,bsc#1179103, bsc#1179202,bsc#1179208,bsc#1179212,bsc#1179221,bsc#1179223,bsc#1179240, bsc#1179244,bsc#1179260,bsc#1179268,bsc#1179269,bsc#1179276,bsc#1179278, bsc#1179281,bsc#1179285,bsc#1179311,bsc#1179312,bsc#1179313,bsc#1179315, bsc#1179317,bsc#1179321,bsc#1179322,bsc#1179327,bsc#1179333,bsc#1179336, bsc#1179338,bsc#1179339,bsc#1179343,bsc#1179345,bsc#1179346,bsc#1179347, bsc#1179361,bsc#1179362,bsc#1179397,bsc#1179753,bsc#1182335,bsc#1184624, bsc#1184626,bsc#1184627,bsc#1184628,bsc#1182335,bsc#1182336,bsc#1182325, bsc#1182337) - version update to 7.1.0.9: * Squash a dump truck load of VisualStudio compiler warnings. * improved algorithm for automatic calculation of word breaks and pointsize for caption and labels. * improve wrapping between words and within words (reference https://github.com/ImageMagick/ImageMagick/discussions/4227). - added patches disable Contrast test for i586 on SLE 15 + ImageMagick-filter.t-disable-Contrast.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ==== apache2-mod_php7 ==== - previous version updates fixes also: CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071, CVE-2021-21702,CVE-2021-21704,CVE-2021-21705 bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706, bsc#1182049,bsc#1188035,bsc#1188037 ==== bash-completion ==== - Add patch boo1190929-9af4afd0.patch for boo#1190929 add support for compeletion modinfo completion recognize .ko.zst as well as .ko.bz2 ==== checkmedia ==== Version update (5.4 -> 6.1) - merge gh#openSUSE/checkmedia#16 - fix auto-detecting a suitable signature location for rh media - 6.1 - merge gh#openSUSE/checkmedia#15 - add --version option to tagmedia - use volume id if app id is missing for nice output - add support for rh style meta data and digest calculation - extend fragment calculation to suse style - show signee if signature is ok - add --create-signature option - fix large file support - updated unit tests - enhance documentation - add new and shiny README.adoc - 6.0 ==== codec2 ==== - Added a patch moved-freedv_callback_rx_sym-into-internal-header.patch to fix building gnuradio (patch taken from upstream) - Drop handcrafted generation of the pkgconfig file - Remove "-Wno-dev" ==== firewalld ==== Version update (1.0.0 -> 1.0.1) Subpackages: firewalld-bash-completion firewalld-lang firewalld-zsh-completion python3-firewall - Update to 1.0.1: * keep linux capability CAP_SYS_MODULE * UPnP Client: actually allow SSDP traffic * Fix RPM macros to test if firewall-cmd is executable ==== freerdp ==== Subpackages: libfreerdp2 libwinpr2 - Finally nailed it: CMAKE_INSTALL_LIBDIR is absolute on Leaps and relative on TW, but freerdp requires the relative variant. Fixes boo#1190919 - Remove freerdp-fix-plugin-path.patch again, the problem was introduced/fixed by cmake changes ==== gcr ==== Version update (3.40.0 -> 3.41.0) Subpackages: gcr-data gcr-lang gcr-prompter gcr-ssh-askpass gcr-viewer libgck-1-0 libgcr-3-1 typelib-1_0-Gck-1 typelib-1_0-Gcr-3 - Update to version 3.41.0: + Port ssh-agent from gnome-keyring. + build: Fix parallel build failure due to missing marshal dependency. + Fix warnings by dropping `volatile` for g_once_init_inter locations. + tests: More robust against GTask unref race condition. + Updated translations. - Add pkgconfig(libsecret-1), pkgconfig(libsystemd), pkgconfig(systemd) and openssh-clients BuildRequires: Build new standalone ssh-agent, and split it out in own sub-package. ==== git ==== Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk perl-Git - Added hardening to systemd service(s) (bsc#1181400). Modified: * git-daemon.service ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output (BZ #282539 - x86-string-control-test.patch: x86-64: Use testl to check __x86_string_control - pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel should not fail after exit (BZ #19193) - pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill and thread exit (BZ #12889) - getcwd-attribute-access.patch: posix: Fix attribute access mode on getcwd (BZ #27476) - pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return ESRCH for old programs (BZ #19193) - pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ [#28036]) - setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with blocked signals in thread exit (BZ #28361) - pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send signals to a specific thread (BZ #28407) - sysconf-nprocessors-affinity.patch: linux: Revert the use of sched_getaffinity on get_nproc (BZ #28310) - iconv-charmap-close-output.patch: renamed from icon-charmap-close-output.patch ==== hwdata ==== Version update (0.351 -> 0.352) - Update to version 0.352 (bsc#1191375: + Updated pci, usb and vendor ids. ==== hwinfo ==== Version update (21.76 -> 21.77) - merge gh#openSUSE/hwinfo#105 - Use license file from gnu.org - Fix spelling - Add missing final newline - Trim excess whitespace - Simple maintenance improvements - 21.77 ==== libHX ==== Version update (3.26 -> 4.0.1) Subpackages: libHX32 libHX32-32bit - Update to release 4.0.1 * lib: add ``HX_slurp_fd``, ``HX_slurp_file`` * proc: add ``HXproc_switch_user`` * proc: add ``HXproc_top_fd`` * socket: add ``HX_socket_from_env`` * opt: add ``HXOPT_KEEP_ARGV`` flag ==== libqb ==== Version update (2.0.2+20201203.def947e -> 2.0.3+20210303.404adbc) - Update to version 2.0.3+20210303.404adbc (v2.0.3): - syslog: Add a message-id parameter for messages (gh#ClusterLabs/libqb#433) - timers: Add some locking (gh#ClusterLabs/libqb#436) - ipcc: Have a few goes at tidying up after a dead server (gh#ClusterLabs/libqb#434) - strlcpy: Check for maxlen underflow (gh#ClusterLabs/libqb#432) - doxygen2man: fix printing of lines starting with '.' (gh#ClusterLabs/libqb#431) - doxygen2man: ignore all-whitespace brief descriptions (gh#ClusterLabs/libqb#430) ==== libreoffice ==== Version update (7.1.5.2 -> 7.2.2.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.2.2.1 - Refresh pld-skia-patches.patch - Fix bsc#1189813: LO-L3: Shadow effect for tables in PPTX partly incorrect * bsc1189813.patch - Add vendored poppler to use for all codestreams except Tumbleweed. - Use vendored boost for all codestreams except Tumbleweed. Update boost vendored version. - Update to 7.2.1.2: * LO minor release - Added patch: * pld-skia-patches.patch * skia-freetype2.11.patch ==== libvirt ==== Version update (7.7.0 -> 7.8.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - lxc: controller: Fix container launch on cgroup v1 1b9ce05c-lxc-fix-cgroupV1.patch boo#1183247 - tools: Fix virt-host-validate SEV detection 3f9c1a4b-fix-host-validate-sev.patch boo#1188715 - Update to libvirt 7.8.0 - jsc#SLE-18260 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: b75a16ae-libxl-improve-die-id.patch, 65fab900-libxl-fix-driver-reload.patch, 51eb680b-libxl-dont-autostart-on-reload.patch - spec: Fix hangs during package update bsc#1177902, bsc#1190693 - spec: Don't add --timeout arg to /etc/sysconfig/libvirtd when running in traditional mode without socket activation bsc#1190695 ==== libx86emu ==== Version update (3.2 -> 3.3) - merge gh#wfeldt/libx86emu#34 - Migrate CI to GitHub Actions - 3.3 ==== libzypp ==== Version update (17.28.4 -> 17.28.5) - Downloader does not respect checkExistsOnly flag (bsc#1190712) A missing check causes zyppng::Downloader to always download full files even if the checkExistsOnly flag is set. This patch adds the missing logic. - Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815) The kernel-*-livepatch packages are supposed to serve as a stable handle for the ephemeral kernel livepatch packages. See FATE#320268 for details. As part of the kernel live patching ecosystem, kernel-*-livepatch packages should not block the purge-kernels step. - version 17.28.5 (22) ==== lirc ==== - Revert "Require typelib packages": better to have rpm auto-detect them. - Add gobject-introspection BuildRequires to have the typelib dep scanner on board. - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_irexec.service.patch * harden_lircd-uinput.service.patch * harden_lircd.service.patch * harden_lircmd.service.patch - Require typelib packages, otherwise lirc-setup fails to start. ==== luajit ==== - Exclude s390x for now. There is a not-yet-upstreamed port available, but we would need to rebase it for our release. ==== man ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_man-db.service.patch Modified: * man-db-create.service ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Fix socket address in mariadb@.socket file ==== mdadm ==== - Install mdadm in _sbindir rather than /sbin. This is more appropriate now that we have a merged-/usr. (bsc#1191076) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Fix possible systemd cycle by adding an "obsoletes" for the old libopeniscsiusr for older versions. ==== openssh ==== Version update (8.4p1 -> 8.8p1) Subpackages: openssh-clients openssh-common openssh-server - Version update to 8.8p1: = Security * sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege. Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). = Potentially-incompatible changes * This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K. For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible. Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options. = New features * ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs directive to accept a "none" argument to specify the default behaviour. = Bugfixes * scp(1): when using the SFTP protocol, continue transferring files after a transfer error occurs, better matching original scp/rcp behaviour. * ssh(1): fixed a number of memory leaks in multiplexing, * ssh-keygen(1): avoid crash when using the -Y find-principals command. * A number of documentation and manual improvements, including bz#3340, PR139, PR215, PR241, PR257 - Additional changes from 8.7p1 release: = Potentially-incompatible changes * scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. This was previously available via the -3 flag. This mode avoids the need to expose credentials on the origin hop, avoids triplicate interpretation of filenames by the shell (by the local system, the copy origin and the destination) and, in conjunction with the SFTP support for scp(1) mentioned below, allows use of all authentication methods to the remote hosts (previously, only non-interactive methods could be used). A -R flag has been added to select the old behaviour. * ssh(1)/sshd(8): both the client and server are now using a stricter configuration file parser. The new parser uses more shell-like rules for quotes, space and escape characters. It is also more strict in rejecting configurations that include options lacking arguments. Previously some options (e.g. DenyUsers) could appear on a line with no subsequent arguments. This release will reject such configurations. The new parser will also reject configurations with unterminated quotes and multiple '=' characters after the option name. * ssh(1): when using SSHFP DNS records for host key verification, ssh(1) will verify all matching records instead of just those with the specific signature type requested. This may cause host key verification problems if stale SSHFP records of a different or legacy signature type exist alongside other records for a particular host. bz#3322 * ssh-keygen(1): when generating a FIDO key and specifying an explicit attestation challenge (using -Ochallenge), the challenge will now be hashed by the builtin security key middleware. This removes the (undocumented) requirement that challenges be exactly 32 bytes in length and matches the expectations of libfido2. * sshd(8): environment="..." directives in authorized_keys files are now first-match-wins and limited to 1024 discrete environment variable names. = New features * scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. SFTP offers more predictable filename handling and does not require expansion of glob(3) patterns via the shell on the remote side. * sftp-server(8): add a protocol extension to support expansion of ~/ and ~user/ prefixed paths. This was added to support these paths when used by scp(1) while in SFTP mode. * ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to the ssh(1) -f flag. GHPR231 * ssh(1): add a StdinNull directive to ssh_config(5) that allows the config file to do the same thing as -n does on the ssh(1) command- line. GHPR231 * ssh(1): add a SessionType directive to ssh_config, allowing the configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. GHPR231 * ssh-keygen(1): allowed signers files used by ssh-keygen(1) signatures now support listing key validity intervals alongside they key, and ssh-keygen(1) can optionally check during signature verification whether a specified time falls inside this interval. This feature is intended for use by git to support signing and verifying objects using ssh keys. * ssh-keygen(8): support printing of the full public key in a sshsig signature via a -Oprint-pubkey flag. = Bugfixes * ssh(1)/sshd(8): start time-based re-keying exactly on schedule in the client and server mainloops. Previously the re-key timeout could expire but re-keying would not start until a packet was sent or received, causing a spin in select() if the connection was quiescent. * ssh-keygen(1): avoid Y2038 problem in printing certificate validity lifetimes. Dates past 2^31-1 seconds since epoch were displayed incorrectly on some platforms. bz#3329 * scp(1): allow spaces to appear in usernames for local to remote and scp -3 remote to remote copies. bz#1164 * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as a deprecated alias so configuration files continue to work as well as a reference in the man page for people looking for it. bz#3303 * ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name when extracting a key from a PKCS#11 certificate. bz#3327 * ssh(1): restore blocking status on stdio fds before close. ssh(1) needs file descriptors in non-blocking mode to operate but it was not restoring the original state on exit. This could cause problems with fds shared with other programs via the shell, bz#3280 and GHPR246 * ssh(1)/sshd(8): switch both client and server mainloops from select(3) to pselect(3). Avoids race conditions where a signal may arrive immediately before select(3) and not be processed until an event fires. bz#2158 * ssh(1): sessions started with ControlPersist were incorrectly executing a shell when the -N (no shell) option was specified. bz#3290 * ssh(1): check if IPQoS or TunnelDevice are already set before overriding. Prevents values in config files from overriding values supplied on the command line. bz#3319 * ssh(1): fix debug message when finding a private key to match a certificate being attempted for user authentication. Previously it would print the certificate's path, whereas it was supposed to be showing the private key's path. GHPR247 * sshd(8): match host certificates against host public keys, not private keys. Allows use of certificates with private keys held in a ssh-agent. bz#3524 * ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which allows RSA/SHA2 signatures for public key authentication but fails to advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these server to incorrectly match PubkeyAcceptedAlgorithmse and potentially refuse to offer valid keys. bz#3213 * sftp(1)/scp(1): degrade gracefully if a sftp-server offers the limits@openssh.com extension but fails when the client tries to invoke it. bz#3318 * ssh(1): allow ssh_config SetEnv to override $TERM, which is otherwise handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. * sftp-server(8): the limits@openssh.com extension was incorrectly marked as an operation that writes to the filesystem, which made it unavailable in sftp-server read-only mode. bz#3318 * ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when the update removed more host keys than remain present. * Many manual page fixes. - Additional changes from 8.6p1 release: = Security * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this option was enabled with a set of patterns that activated logging in code that runs in the low-privilege sandboxed sshd process, the log messages were constructed in such a way that printf(3) format strings could effectively be specified the low-privilege code. = New features * sftp-server(8): add a new limits@openssh.com protocol extension that allows a client to discover various server limits, including maximum packet size and maximum read/write length. * sftp(1): use the new limits@openssh.com extension (when available) to select better transfer lengths in the client. * sshd(8): Add ModuliFile keyword to sshd_config to specify the location of the "moduli" file containing the groups for DH-GEX. * unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to enable printing of the elapsed time in seconds of each test. = Bugfixes * ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in manual pages with the current default. GHPR174 * ssh(1): ensure that pkcs11_del_provider() is called before exit. GHPR234 * ssh(1), sshd(8): fix problems in string->argv conversion. Multiple backslashes were not being dequoted correctly and quoted space in the middle of a string was being incorrectly split. GHPR223 * ssh(1): return non-zero exit status when killed by signal; bz#3281 * sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum packet size. Also handle zero-length reads that are not explicitly banned by the spec. - Additional changes from 8.5p1 release: = Security * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. = Potentially-incompatible changes * ssh(1), sshd(8): this release changes the first-preference signature algorithm from ECDSA to ED25519. * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive and often explicitly interactive. The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. * ssh(1), sshd(8): remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc before it was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. * ssh(1), sshd(8): update/replace the experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime coupled with X25519. The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. * ssh(1): disable CheckHostIP by default. It provides insignificant benefits while making key rotation significantly more difficult, especially for hosts behind IP-based load-balancers. = New features * ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions: - The key was matched in the UserKnownHostsFile (and not in the GlobalKnownHostsFile). - The same key does not exist under another name. - A certificate host key is not in use. - known_hosts contains no matching wildcard hostname pattern. - VerifyHostKeyDNS is not enabled. - The default UserKnownHostsFile is in use. * ssh(1), sshd(8): add a new LogVerbose configuration directive for that allows forcing maximum debug logging by file/function/line pattern-lists. * ssh(1): when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key. * ssh(1): allow UserKnownHostsFile=none to indicate that no known_hosts file should be used to identify host keys. * ssh(1): add a ssh_config KnownHostsCommand option that allows the client to obtain known_hosts data from a command in addition to the usual files. * ssh(1): add a ssh_config PermitRemoteOpen option that allows the client to restrict the destination when RemoteForward is used with SOCKS. * ssh(1): for FIDO keys, if a signature operation fails with a "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This supports some biometric devices that fall back to requiring PIN when reading of the biometric failed, and devices that require PINs for all hosted credentials. * sshd(8): implement client address-based rate-limiting via new sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize directives that provide more fine-grained control on a per-origin address basis than the global MaxStartups limit. = Bugfixes * ssh(1): Prefix keyboard interactive prompts with "(user@host)" to make it easier to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224 * sshd(8): fix sshd_config SetEnv directives located inside Match blocks. GHPR201 * ssh(1): when requesting a FIDO token touch on stderr, inform the user once the touch has been recorded. * ssh(1): prevent integer overflow when ridiculously large ConnectTimeout values are specified, capping the effective value (for most platforms) at 24 days. bz#3229 * ssh(1): consider the ECDSA key subtype when ordering host key algorithms in the client. * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The previous name incorrectly suggested that it control allowed key algorithms, when this option actually specifies the signature algorithms that are accepted. The previous name remains available as an alias. bz#3253 * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms. * sftp-server(8): add missing lsetstat@openssh.com documentation and advertisement in the server's SSH2_FXP_VERSION hello packet. * ssh(1), sshd(8): more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078). * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206 * Minor man page fixes (capitalization, commas, etc.) bz#3223 * sftp(1): when doing an sftp recursive upload or download of a read-only directory, ensure that the directory is created with write and execute permissions in the interim so that the transfer can actually complete, then set the directory permission as the final step. bz#3222 * ssh-keygen(1): document the -Z, check the validity of its argument earlier and provide a better error message if it's not correct. bz#2879 * ssh(1): ignore comments at the end of config lines in ssh_config, similar to what we already do for sshd_config. bz#2320 * sshd_config(5): mention that DisableForwarding is valid in a sshd_config Match block. bz3239 * sftp(1): fix incorrect sorting of "ls -ltr" under some circumstances. bz3248. * ssh(1), sshd(8): fix potential integer truncation of (unlikely) timeout values. bz#3250 * ssh(1): make hostbased authentication send the signature algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type. - Rebased patches: * openssh-7.7p1-IPv6_X_forwarding.patch * openssh-7.7p1-X11_trusted_forwarding.patch * openssh-7.7p1-X_forward_with_disabled_ipv6.patch * openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-kdf.patch * openssh-7.7p1-disable_openssl_abi_check.patch * openssh-7.7p1-eal3.patch * openssh-7.7p1-enable_PAM_by_default.patch * openssh-7.7p1-fips.patch * openssh-7.7p1-fips_checks.patch * openssh-7.7p1-host_ident.patch * openssh-7.7p1-hostname_changes_when_forwarding_X.patch * openssh-7.7p1-ldap.patch * openssh-7.7p1-no_fork-no_pid_file.patch * openssh-7.7p1-pam_check_locks.patch * openssh-7.7p1-pts_names_formatting.patch * openssh-7.7p1-remove_xauth_cookies_on_exit.patch * openssh-7.7p1-seccomp_ipc_flock.patch * openssh-7.7p1-seccomp_stat.patch * openssh-7.7p1-send_locale.patch * openssh-7.7p1-sftp_force_permissions.patch * openssh-7.7p1-sftp_print_diagnostic_messages.patch * openssh-7.7p1-systemd-notify.patch * openssh-7.9p1-keygen-preserve-perms.patch * openssh-7.9p1-revert-new-qos-defaults.patch * openssh-8.0p1-gssapi-keyex.patch * openssh-8.1p1-audit.patch * openssh-8.1p1-seccomp-clock_gettime64.patch * openssh-8.1p1-seccomp-clock_nanosleep.patch * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-use-openssl-kdf.patch * openssh-8.4p1-vendordir.patch * openssh-fips-ensure-approved-moduli.patch * openssh-link-with-sk.patch * openssh-reenable-dh-group14-sha1-default.patch * openssh-whitelist-syscalls.patch - Removed openssh-fix-ssh-copy-id.patch (fixed upstream). - openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc - sshd-gen-keys-start: - only source sysconfig file if it exists. - create /etc/ssh if it does not exists. Required for image based installation/updates. ==== openssh-askpass-gnome ==== Version update (8.4p1 -> 8.8p1) - Version upgrade to 8.8p1 * No changes for askpass, see main package changelog for details ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Drop gnome-power-manager Recommends: Package is dormant upstream and on its way to be replaced by new features inside of gnome-control-center. ==== pcsc-lite ==== Version update (1.9.3 -> 1.9.4) Subpackages: libpcsclite1 - version 1.9.4 * fix a memory leak when libusb is used for hotplug (i.e. non-Linux systems) ==== php7 ==== Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - previous version updates fixes also: CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071, CVE-2021-21702,CVE-2021-21704,CVE-2021-21705 bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706, bsc#1182049,bsc#1188035,bsc#1188037 ==== polkit-default-privs ==== Version update (1550+20210818.b0c41fd -> 1550+20211008.9751669) - drop backward compatibility symlink in /etc/polkit-default-privs.standard. rpmlint 2.0 is now in Factory and the check there directly uses the profile in /usr/etc/polkit-default-privs/profiles/standard. - drop polkit-whitelisting sub-package. This is now handled in rpmlint 2.0 internally. - Update to version 1550+20211008.9751669: * whitelist power-profiles-daemon actions (bsc#1189900) * cleanup: remove polkit-rules-whitelist.json ==== publicsuffix ==== Version update (20210928 -> 20211006) - Update to version 20211006: * Update Pull Request Template to add clarity * util: gTLD data autopull updates for 2021-10-01T15:13:10 UTC (#1445) ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion - Make system-user-pulse noarch - Split sysusers.d file to separate package as needed by brltty (bsc#1191465) ==== python-libvirt-python ==== Version update (7.7.0 -> 7.8.0) - Update to 7.8.0 - Add all new APIs and constants in libvirt 7.8.0 - jsc#SLE-18260 ==== rubygem-bootsnap ==== Version update (1.7.7 -> 1.9.1) Subpackages: ruby2.7-rubygem-bootsnap ruby3.0-rubygem-bootsnap - updated to version 1.9.1 * Removed a forgotten debug statement in JSON precompilation ==== rubygem-marcel ==== Version update (1.0.1 -> 1.0.2) - updated to version 1.0.2 * Include Apache license in gem release. (a525d5b) * Prefer audio/x-wav for WAV audio files. (#45) * Prefer application/x-x509-ca-cert for Privacy-Enhanced Mail certificates. (#46) * Prefer audio/flac for FLAC audio files. (#47) * Prefer audio/aac for Advanced Audio Coding audio files. (#49) * Prefer application/vnd.ms-access for Microsodt Access DB files. (#50) * Support text/x-scss and text/x-sass stylesheets. (#52) * Support encrypted Microsoft Access DB files. (#53) * Prefer application/x-ole-storage for Microsoft Office files. (#54) * Prefer text/markdown for Markdown files. (#55) * Prefer audio/mpc for Musepack audio files. (#56) * Support audio/webm audio files. (#58) * Support image/avif images files. (#63) ==== rubygem-puma ==== Version update (5.4.0 -> 5.5.0) - updated to version 5.5.0 * Features * Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257]) * add support for the PROXY protocol (v1 only) ([#2654], [#2651]) * Add a semantic CLI option for no config file ([#2689]) * Bugfixes * More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699]) * allow multiple after_worker_fork hooks ([#2690]) * Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687]) * Performance * Fix performance of server-side SSL connection close. ([#2675]) ==== rubygem-rubocop ==== Version update (1.19.1 -> 1.22.1) - updated to version 1.22.1 [#]# 1.22.1 (2021-10-04) [#]## Bug fixes * [#10143](https://github.com/rubocop/rubocop/issues/10143): Fix an error for `Lint/RequireRelativeSelfPath` when using a variable as an argument of `require_relative`. ([@koic][]) * [#10140](https://github.com/rubocop/rubocop/issues/10140): Fix false positive for `Layout/DotPosition` when a heredoc receives a method on the same line as the start sigil in `trailing` style. ([@dvandersluis][]) * [#10148](https://github.com/rubocop/rubocop/issues/10148): Fix `Style/QuotedSymbols` handling escaped characters incorrectly. ([@dvandersluis][]) * [#10145](https://github.com/rubocop/rubocop/issues/10145): Update `Style/SelectByRegexp` to ignore cases where the receiver appears to be a hash. ([@dvandersluis][]) [#]# 1.22.0 (2021-09-29) [#]## New features * [#8431](https://github.com/rubocop/rubocop/issues/8431): Add `Safety` section to documentation for all cops that are `Safe: false` or `SafeAutoCorrect: false`. ([@dvandersluis][]) * [#10132](https://github.com/rubocop/rubocop/issues/10132): Reorganize output of `rubocop --help` for better clarity. ([@dvandersluis][]) * [#10111](https://github.com/rubocop/rubocop/pull/10111): Add new `Style/NumberedParametersLimit` cop. ([@dvandersluis][]) * [#10025](https://github.com/rubocop/rubocop/pull/10025): Changed cop `SpaceInsideParens` to include a `compact` style. ([@itay-grudev][]) * [#10084](https://github.com/rubocop/rubocop/issues/10084): Add new `Lint/RequireRelativeSelfPath` cop. ([@koic][]) * [#8327](https://github.com/rubocop/rubocop/issues/8327): Add new cop `Style/SelectByRegexp`. ([@dvandersluis][]) * [#10100](https://github.com/rubocop/rubocop/pull/10100): Add new `Style/NumberedParameters` cop. ([@Hugo-Hache][]) * [#10103](https://github.com/rubocop/rubocop/issues/10103): Add `AllowHttpProtocol` option to `Bundler/InsecureProtocolSource`. ([@koic][]) * [#10102](https://github.com/rubocop/rubocop/pull/10102): Add new `Security/IoMethods` cop. ([@koic][]) [#]## Bug fixes * [#10110](https://github.com/rubocop/rubocop/issues/10110): Update `Layout/DotPosition` to be able to handle heredocs. ([@dvandersluis][]) * [#10134](https://github.com/rubocop/rubocop/issues/10134): Update `Style/MutableConstant` to not consider multiline uninterpolated strings as unfrozen in ruby 3.0. ([@dvandersluis][]) * [#10124](https://github.com/rubocop/rubocop/pull/10124): Fix `Layout/RedundantLineBreak` adding extra space within method chains. ([@dvandersluis][]) * [#10118](https://github.com/rubocop/rubocop/issues/10118): Fix crash with `Style/RedundantSort` when the block doesn't only contain a single `send` node. ([@dvandersluis][]) * [#10135](https://github.com/rubocop/rubocop/issues/10135): Fix `Style/WordArray` to exclude files in `--auto-gen-config` when `percent` style is given but brackets are required. ([@dvandersluis][]) * [#10090](https://github.com/rubocop/rubocop/issues/10090): Fix a false negative for `Style/ArgumentsForwarding` when using only kwrest arg. ([@koic][]) * [#10099](https://github.com/rubocop/rubocop/pull/10099): Update`Style/RedundantFreeze` to stop considering `ENV` values as immutable. ([@byroot][]) * [#10078](https://github.com/rubocop/rubocop/pull/10078): Fix `Layout/LineLength` reported length when ignoring directive comments. ([@dvandersluis][]) * [#9934](https://github.com/rubocop/rubocop/issues/9934): Fix configuration loading to not raise an error for an obsolete ruby version that is subsequently overridden. ([@dvandersluis][]) * [#10136](https://github.com/rubocop/rubocop/issues/10136): Update `Lint/AssignmentInCondition` to not consider assignments within blocks in conditions. ([@dvandersluis][]) * [#9588](https://github.com/rubocop/rubocop/issues/9588): Fix causing a variable to be shadowed from outside the rescue block in the logic of Naming/RescuedExceptionsVariableName. ([@lilisako][]) * [#10096](https://github.com/rubocop/rubocop/issues/10096): Fix `Lint/AmbiguousOperatorPrecedence` with `and`/`or` operators. ([@dvandersluis][]) * [#10106](https://github.com/rubocop/rubocop/issues/10106): Fix `Style/RedundantSelf` for pattern matching. ([@dvandersluis][]) * [#10066](https://github.com/rubocop/rubocop/issues/10066): Fix how `MinDigits` is calculated for `Style/NumericLiterals` when generating a configuration file. ([@dvandersluis][]) [#]## Changes * [#10088](https://github.com/rubocop/rubocop/pull/10088): Update `Lint/BooleanSymbol` to be `SafeAutoCorrect: false` rather than `Safe: false`. ([@dvandersluis][]) * [#10122](https://github.com/rubocop/rubocop/pull/10122): Update `Style/RedundantSort` to be unsafe, and revert the special case for `size` from [#10061](https://github.com/rubocop/rubocop/pull/10061). ([@dvandersluis][]) * [#10130](https://github.com/rubocop/rubocop/issues/10130): Update `Lint/ElseLayout` to be able to handle an `else` with only a single line. ([@dvandersluis][]) [#]# 1.21.0 (2021-09-13) [#]## New features * [#7849](https://github.com/rubocop/rubocop/issues/7849): Add new `Lint/AmbiguousOperatorPrecedence` cop. ([@dvandersluis][]) * [#9061](https://github.com/rubocop/rubocop/issues/9061): Add new `Lint/IncompatibleIoSelectWithFiberScheduler` cop. ([@koic][]) [#]## Bug fixes * [#10067](https://github.com/rubocop/rubocop/pull/10067): Fix an error for `Lint/NumberConversion` when using nested number conversion methods. ([@koic][]) * [#10054](https://github.com/rubocop/rubocop/pull/10054): Fix a false positive for `Layout/SpaceAroundOperators` when match operators between `<<` and `+=`. ([@koic][]) * [#10061](https://github.com/rubocop/rubocop/issues/10061): Fix a false positive for `Style/RedundantSort` when using `size` method in the block. ([@koic][]) * [#10063](https://github.com/rubocop/rubocop/pull/10063): Fix a false positive for `Layout/SingleLineBlockChain` when method call chained on a new line after a single line block with trailing dot. ([@koic][]) * [#10064](https://github.com/rubocop/rubocop/pull/10064): Fix `Style/ExplicitBlockArgument` corrector assuming any existing block argument was named `block`. ([@byroot][]) * [#10070](https://github.com/rubocop/rubocop/issues/10070): Fix a false positive for `Style/MutableConstant` when using non-interpolated heredoc in Ruby 3.0. ([@koic][]) [#]## Changes * [#9674](https://github.com/rubocop/rubocop/issues/9674): Disable `Style/AsciiComments` by default. ([@dvandersluis][]) * [#10051](https://github.com/rubocop/rubocop/pull/10051): Improve the messaging for `Style/Documentation` to be more clear about what class/module needs documentation. ([@dvandersluis][]) * [#10074](https://github.com/rubocop/rubocop/pull/10074): Update `Naming/InclusiveLanguage` to be disabled by default. ([@dvandersluis][]) * [#10068](https://github.com/rubocop/rubocop/pull/10068): Mark `Style/AndOr` as unsafe auto-correction. ([@koic][]) [#]# 1.20.0 (2021-08-26) [#]## New features * [#10040](https://github.com/rubocop/rubocop/pull/10040): Make `Lint/Debugger` aware of debug.rb. ([@koic][]) * [#9580](https://github.com/rubocop/rubocop/issues/9580): Add a new cop that enforces which bundler gem file to use. ([@gregfletch][]) [#]## Bug fixes * [#10033](https://github.com/rubocop/rubocop/issues/10033): Fix an incorrect auto-correct for `Style/BlockDelimiters` when there is a comment after the closing brace and using method chanin. ([@koic][]) * [#6630](https://github.com/rubocop/rubocop/issues/6630): Updated `Style/CommentAnnotation` to be able to handle multiword keyword phrases. ([@dvandersluis][]) * [#7836](https://github.com/rubocop/rubocop/issues/7836): Update `Style/BlockDelimeters` to add `begin`...`end` when converting a block containing `rescue` or `ensure` to braces. ([@dvandersluis][]) * [#10031](https://github.com/rubocop/rubocop/issues/10031): Fix a false positive for `Style/HashExcept` when comparing with hash value. ([@koic][]) [#]## Changes * [#10034](https://github.com/rubocop/rubocop/pull/10034): Add `RubyJard` debugger calls to Lint/Debugger/DebuggerMethods. ([@DanielVartanov][]) * [#10006](https://github.com/rubocop/rubocop/pull/10006): Interpolated string literals are no longer frozen since Ruby 3.0. ([@splattael][]) * [#9328](https://github.com/rubocop/rubocop/issues/9328): Recognize shareable_constant_value magic comment. ([@thearjunmdas][], [@caalberts][]) * [#10036](https://github.com/rubocop/rubocop/issues/10036): Mark `Style/StructInheritance` as unsafe auto-correction. ([@koic][]) ==== rubygem-rubocop-ast ==== Version update (1.11.0 -> 1.12.0) - updated to version 1.12.0 [#]## Bug fixes * [#208](https://github.com/rubocop/rubocop-ast/issues/208): Update `MethodDispatchNode#block_literal?` to return true for `numblock`s. ([@dvandersluis][]) ==== rubygem-spring ==== Version update (2.1.1 -> 3.0.0) Subpackages: ruby2.7-rubygem-spring ruby3.0-rubygem-spring - updated to version 3.0.0 * Require applications to have reloading enabled in the managed environments. * Require Ruby 2.5. * Require Rails 5.2. ==== rubygem-unicode-display_width ==== Version update (2.0.0 -> 2.1.0) - updated to version 2.1.0 * Unicode 14.0 ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1191356 - virt-manager should not depend on gtk4 Modified files: virt-manager.spec virtman-dont-specify-gtksource-version.patch virtman-dont-specify-vte-version.patch - jsc#SLE-20856 Dev: KVM: Enable vfio-ccw and vfio-ap in virt-* tools 965480e8-virt-install-add-mediated-device.patch ==== virtualbox ==== Subpackages: virtualbox-guest-tools virtualbox-guest-x11 - Fix ldconfig invocation in scriptlets - Remove vbox-fix-usb-rules.sh from qt package to avoid file conflict - Fix build failures in Leap 15.1 and Leap 15.2 due to kmk_sed issues. - Finish UsrMerge for VirtualBox components (boo#1191104). ==== virtualbox-kmp ==== - Fix ldconfig invocation in scriptlets - Remove vbox-fix-usb-rules.sh from qt package to avoid file conflict - Fix build failures in Leap 15.1 and Leap 15.2 due to kmk_sed issues. - Finish UsrMerge for VirtualBox components (boo#1191104). ==== xwayland ==== - Specfile cleanup ==== yarn ==== Version update (1.22.11 -> 1.22.13) - update to 1.22.13: https://github.com/yarnpkg/yarn/releases/tag/v1.22.13 ==== yast2-trans ==== Version update (84.87.20210914.a5d6b81b64 -> 84.87.20210929.6d3a97ea50) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20210929.6d3a97ea50: * New POT for text domain 'nfs'. * New POT for text domain 'network'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'cluster'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'network'. * Translated using Weblate (Greek) * Translated using Weblate (Greek) * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * New POT for text domain 'base'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish)