Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&am…
Please do not reply to this email to report issues, rather file a bug
on
bugzilla.opensuse.org. For more information on filing bugs please
see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
krb5 (1.18.2 -> 1.18.3)
openssl-1_1
python-Mako
python-dbus-python
python-dnspython
python-dulwich
python-geventhttpclient
python-importlib-metadata (2.0.0 -> 3.1.1)
python-mailman
python-notify2
python-pyOpenSSL (19.1.0 -> 20.0.0)
python-pycurl
python-python-xlib (0.27 -> 0.29)
python-pyudev
python-requests-toolbelt
python-setuptools
python-urllib3 (1.25.10 -> 1.26.2)
system-users
systemd
sysuser-tools
=== Details ===
==== krb5 ====
Version update (1.18.2 -> 1.18.3)
Subpackages: krb5-32bit krb5-client
- Update to 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
and unloaded while libkrb5support remains loaded.
==== openssl-1_1 ====
Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac
- Use the centralized crypto policy profile (jsc#SLE-15832)
* add openssl-1.1.1-system-cipherlist.patch from Fedora
==== python-Mako ====
- Let the python-rpm-macros do their job for the correct provides
and obsoletes tags for multiple python3 flavors
gh#openSUSE/python-rpm-macros#66
==== python-dbus-python ====
- Support builds with more than one python3 flavor
gh#openSUSE/python-rpm-macros#66
- Remove shebang from examples (rpmlint warning, is in common doc)
- Clean duplicate python flavor variables for configure
- Update the provides/obsoletes tags for old-style dbus-1-$python
==== python-dnspython ====
- Remove skipping tests which are acutally passing.
- Python < 3.7 requires external contextvars
==== python-dulwich ====
- Fix condition around BuildRequirement
- We don't need to break Python 2.7
- Add remove_mock.patch to remove dependency on the external mock
package (gh#dulwich/dulwich#820).
==== python-geventhttpclient ====
- Fix condition around BuildRequirement
- We don't need to break Python 2.7
- Add remove_mock.patch to remove dependency on the external mock
package (gh#gwik/geventhttpclient#135).
==== python-importlib-metadata ====
Version update (2.0.0 -> 3.1.1)
- Update to 3.1.1
* no changelog, probably just the merge of 2.1.1
- Update in v2.1.1
* #261: Restored compatibility for package discovery for metadata
without version in the name and for legacy eggs.
- Update in v3.1.0
* Merge with 2.1.0.
- Update in v2.1.0
* #253: When querying for package metadata, the lookup now honors
package normalization rules.
- Update in v3.0.0
* Require Python 3.6 or later.
- Upstream switched to pytest, so do we
- Revert last change: The condition for **BuildRequires** does not
make any sense, as that would also prevent the install of
python36-importlib_resources into the build environment.
- Make requirement of importlib_resources only for particular
versions of Python (< 3.9).
==== python-mailman ====
- Fix systemd services
- Add missing services and timers to systemd
==== python-notify2 ====
- Fix Requires of dbus-python so that the macros can work out the
correct flavor for multiple python3 flavors
gh#openSUSE/python-rpm-macros#66
==== python-pyOpenSSL ====
Version update (19.1.0 -> 20.0.0)
- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also
skip test_verify_with_time on %ix86.
- Update to v20.0.0
- Backward-incompatible changes:
- The minimum cryptography version is now 3.2.
- Remove deprecated OpenSSL.tsafe module.
- Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
- Deprecations:
- Deprecated OpenSSL.crypto.loads_pkcs7 and
OpenSSL.crypto.loads_pkcs12.
- Changes:
- Added a new optional chain parameter to
OpenSSL.crypto.X509StoreContext() where additional untrusted
certificates can be specified to help chain building. #948
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
certificate file bundles and/or directories for verification.
[#943]
- Added Context.set_keylog_callback to log key material. #910
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
the verified certificate chain of the peer. #894.
- Make verification callback optional in Context.set_verify. If
omitted, OpenSSL?s default verification is used. #933
- Fixed a bug that could truncate or cause a zero-length key
error due to a null byte in private key passphrase in
OpenSSL.crypto.load_privatekey and
OpenSSL.crypto.dump_privatekey. #947
- drop patch fix-compilation-2020.patch: no longer needed
- refreshed patch skip-networked-test.patch
==== python-pycurl ====
- Add make-leap15-compat.patch to pass tests on Leap 15.2
- Add remove_nose.patch to remove dependency on nose
(gh#pycurl/pycurl#655).
==== python-python-xlib ====
Version update (0.27 -> 0.29)
- Update to version 0.29
* Drawable & XInput: Avoid using array.array.tostring() which
will be removed in Python 3.9 (thanks @t-wissmann).
- Changelog for version 0.28
* DPMS: Display Power Management Signaling (by @thiagokokada)
- Add remove-mock.patch gh#python-xlib/python-xlib#186
- Let the python-rpm-macros do their job for correct provides and
obsoletes tag for all python3 flavors
gh#openSUSE/python-rpm-macros#66
==== python-pyudev ====
- Add remove_mock.patch gh#pyudev/pyudev#409
- Static linting with pylint is not needed for unit tests or build
==== python-requests-toolbelt ====
- Fix condition around BuildRequirement
- We don't need to break Python 2.7
- Add remove_mock.patch to remove dependency on the external mock
==== python-setuptools ====
- Add remove_mock.patch to remove dependency on the external mock
package.
==== python-urllib3 ====
Version update (1.25.10 -> 1.26.2)
- If you skip_python2 you don't need mock.
- We don't need to break Python 2.7
- Add remove_mock.patch to remove dependency on the external mock
package (gh#urllib3/urllib3#2108).
- Fixed the testsuite and updated dependencies
- update to 1.26.2:
* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
be imported properly on Python 2.7.8 and earlier (Pull #2052)
* Fixed an issue where two ``User-Agent`` headers would be sent if a
``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
* *Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will
fail**
* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``,
``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
(Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
* Added default ``User-Agent`` header to every request (Pull #1750)
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests (Pull #2018)
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call (Pull #1906)
* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
* Properly terminate SecureTransport connections when CA verification fails (Pull
#1977)
* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
to SecureTransport (Pull #1903)
* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3
(Pull #1970)
* Suppress ``BrokenPipeError`` when writing request body after the server
has closed the socket (Pull #1524)
* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad
MAC")
into an ``urllib3.exceptions.SSLError`` (Pull #1939)
* Fix retry backoff time parsed from ``Retry-After`` header when given
in the HTTP date format. The HTTP date was parsed as the local timezone
rather than accounting for the timezone in the HTTP date (typically
UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
==== system-users ====
Subpackages: system-group-hardware system-group-libvirt system-group-wheel system-user-bin
system-user-daemon system-user-ftp system-user-games system-user-lp system-user-mail
system-user-man system-user-news system-user-nobody system-user-qemu system-user-tftp
system-user-upsd system-user-uucp system-user-wwwrun
- Remove kvm group from hardware subpackage, since kvm is in its
own subpackage (jsc#SLE-11629).
==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit
systemd-32bit systemd-container systemd-doc systemd-lang systemd-logger systemd-sysvinit
udev
- Explicitly require group(kvm) by udev: the group used to be
created by system-users-hardware, but has been split/moved to
qemu/kvm, where it is more logical. The file
/usr/lib/udev/rules.d/50-udev-default.rules references this
group, thus we should make sure the group exists. Otherwise there
are errors in the journal in the form of:
/usr/lib/udev/rules.d/50-udev-default.rules:86 Unknown group 'kvm', ignoring
==== sysuser-tools ====
- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets
installed before.
- suggest shadow where useradd_or_adduser_dep is actually required