New Tumbleweed snapshot 20210106 released! - openSUSE Factory

8 Jan 2021


      Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&...
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
  Mesa (20.2.4 -> 20.3.2)
  Mesa-drivers (20.2.4 -> 20.3.2)
  NetworkManager
  busybox (1.32.0 -> 1.32.1)
  libebml (1.4.0 -> 1.4.1)
  libstorage-ng (4.3.76 -> 4.3.78)
  nodejs14 (14.15.3 -> 14.15.4)
  openssh
  tlp
  virt-manager
  xen (4.14.1_02 -> 4.14.1_05)
  yast2-pkg-bindings (4.3.4 -> 4.3.5)
=== Details ===
==== Mesa ====
Version update (20.2.4 -> 20.3.2)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- update to 20.3.2
  * third bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
  remove them from egl_platforms
==== Mesa-drivers ====
Version update (20.2.4 -> 20.3.2)
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2
- update to 20.3.2
  * third bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
  remove them from egl_platforms
==== NetworkManager ====
Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0
- Second attempt to exclude systemd.automount from nfs processing:
  fix boo#1116625
==== busybox ====
Version update (1.32.0 -> 1.32.1)
Subpackages: busybox-static
- Update to version 1.32.1
  - fixes a case where in ash, "wait" never finishes.
- sendmail-ignore-F-option.patch: ignore -F option as used by
  cron (workaround for [bbn#13426])
==== libebml ====
Version update (1.4.0 -> 1.4.1)
- Update to version 1.4.1
  * Fixed a case EbmlMaster::Read where the element returned via
    UpperEltFound and FountElt points to a just-deleted element,
    causing callers to think the memory returned is valid,
    potentially leading to use-after-free/double-free errors.
    This can happen if the specific element's Read function
    throws an exception when encountering certain invalid data
    constellations.
==== libstorage-ng ====
Version update (4.3.76 -> 4.3.78)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Finnish) (bsc#1149754)
- 4.3.78
- Translated using Weblate (Russian) (bsc#1149754)
- 4.3.77
==== nodejs14 ====
Version update (14.15.3 -> 14.15.4)
Subpackages: npm14
- New upstream LTS version 14.15.4:
  * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS
    implementation. When writing to a TLS enabled socket,
    node::StreamBase::Write calls node::TLSWrap::DoWrite with
    a freshly allocated WriteWrap object as first argument.
    If the DoWrite method does not return an error, this object is
    passed back to the caller as part of a StreamWriteResult structure.
    This may be exploited to corrupt memory leading to a
    Denial of Service or potentially other exploits (bsc#1180553)
  * CVE-2020-8287: HTTP Request Smuggling allow two copies of a
    header field in a http request. For example, two Transfer-Encoding
    header fields. In this case Node.js identifies the first header
    field and ignores the second. This can lead to HTTP Request
    Smuggling (https://cwe.mitre.org/data/definitions/444.html).
    (bsc#1180554)
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Support /usr/etc/pam.d
==== tlp ====
Subpackages: tlp-rdw
- Use the same value for TLP_ULIB in the %build phase and the
  %install phase (boo#1180495):
  + BuildRequire pkgconfig(udev)
  + Use pkg-config --variable udev_dir udev for the value of
    TLP_ULIB.
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1180062 - virt-install uses isoinfo. Include mkisofs in the
  spec file.
  virt-manager.spec
==== xen ====
Version update (4.14.1_02 -> 4.14.1_05)
Subpackages: xen-libs xen-tools xen-tools-domU
- Update libxl.set-migration-constraints-from-cmdline.patch
  Remove code which handled --max_factor. The total amount of
  transferred data is no indicator to trigger the final stop+copy.
  This should have been removed during upgrade to Xen 4.7.
  Fix off-by-one in --max_iters, it caused one additional copy cycle.
  Reduce default value of --max_iters from 5 to 2.
  The workload within domU will continue to produce dirty pages.
  It is unreasonable to expect any slowdown during migration.
  Now there is one initial copy of all memory, one instead of four
  iteration for dirty memory, and a final copy iteration prior move.
==== yast2-pkg-bindings ====
Version update (4.3.4 -> 4.3.5)
- Set the previous "distro_target" option when restarting the
  package manager (bsc#1176275), fixes upgrade from SLE12 via SMT
- 4.3.5