New Tumbleweed snapshot 20210120 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210120
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash (5.0.18 -> 5.1.4)
dnsmasq (2.82 -> 2.83)
gstreamer (1.18.2 -> 1.18.3)
gstreamer-plugins-bad (1.18.2 -> 1.18.3)
gstreamer-plugins-base (1.18.2 -> 1.18.3)
gstreamer-plugins-good (1.18.2 -> 1.18.3)
gstreamer-plugins-libav (1.18.2 -> 1.18.3)
gstreamer-plugins-ugly (1.18.2 -> 1.18.3)
libqt5-qtbase
ncurses (6.2.20201205 -> 6.2.20210109)
openldap2 (2.4.56 -> 2.4.57)
perl-Mojolicious (8.70 -> 8.71)
perl-Net-DNS (1.28 -> 1.29)
publicsuffix (20201223 -> 20210108)
qemu
readline (8.0 -> 8.1)
rubygem-cri
rubygem-delayed_job (4.1.8 -> 4.1.9)
rubygem-delayed_job_active_record (4.1.4 -> 4.1.5)
rubygem-pdf-core (0.8.1 -> 0.9.0)
rubygem-ttfunk (1.6.2.1 -> 1.7.0)
rubygem-xml-simple (1.1.5 -> 1.1.8)
vlc (3.0.11.1 -> 3.0.12)
vulkan-loader (1.2.162.0 -> 1.2.165)
=== Details ===
==== bash ====
Version update (5.0.18 -> 5.1.4)
Subpackages: bash-doc bash-lang
- Update to final bash 5.1
* Which is mainly the last rc3 veresion
- Add official patch bash51-001
There is a missing dependency on a constructed file, which can cause highly
parellel builds to fail.
- Add official patch bash51-002
If there are no jobs, and the `-n' and `-p' options are both supplied to
`wait', bash can assign a value to the variable name specified with `-p'
instead of leaving it unset.
- Add official patch bash51-003
Bash does not put a command substitution process that is started to perform an
expansion in a child process into the right process group where it can receive
keyboard-generated signals.
- Add official patch bash51-004
If a key-value compound array assignment to an associative array is supplied
as an assignment statement argument to the `declare' command that declares the
array, the assignment doesn't perform the correct word expansions.
This patch makes key-value assignment and subscript assignment perform the
same expansions when they're supplied as an argument to `declare'.
- Update to bash 5.1 rc3
* The `assoc_expand_once' option now affects the evaluation of the -v primary
to test and the [[ compound command.
==== dnsmasq ====
Version update (2.82 -> 2.83)
- Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
* Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
* Fix a remote buffer overflow problem in the DNSSEC code.
Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
to this, referenced by CVE-2020-25681, CVE-2020-25682,
CVE-2020-25683 CVE-2020-25687.
* Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much
entropy in the {query-ID, random-port} tuple as possible, to
help defeat cache poisoning attacks. Refer: CVE-2020-25684.
* Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
* Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded independently.
This is, in theory, inefficent but in practise not a problem,
_except_ that is means that an answer for any of the forwarded
queries will be accepted and cached.
An attacker can send a query multiple times, and for each
repeat, another {port, ID} becomes capable of accepting the
answer he is sending in the blind, to random IDs and ports.
The chance of a succesful attack is therefore multiplied by the
number of repeats of the query. The new behaviour detects
repeated queries and merely stores the clients sending repeats
so that when the first query completes, the answer can be sent
to all the clients who asked. Refer: CVE-2020-25686.
==== gstreamer ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.18.3:
+ Highlighted bugfixes:
- Fix ogg playback regression for ogg files that also have ID3
or APE tags
- compositor: fix artefacts and invalid memory access when
blending subsampled formats
- Exported mini object ref/unref/copy functions for use in
bindings such as gstreamer-sharp
- Add support for Apple silicon (M1) to cerbero package builder
- Ship RIST plugin in binary packages
- Various stability, performance and reliability improvements
- Memory leak fixes
- Build fixes
+ gstreamer:
- gst: Add non-inline ref/unref/copy/replace methods for
various mini objects (buffer, bufferlist, caps, context,
event, memory, message, promise, query, sample, taglist, uri)
for use in bindings such as gstreamer-sharp.
- harness: don't use GST_DEBUG_OBJECT with GstHarness which is
not a GObject.
==== gstreamer-plugins-bad ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-bad-lang gstreamer-transcoder libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 typelib-1_0-GstTranscoder-1_0
- Update to version 1.18.3:
+ assrender: fix mutex handling in certain flushing/error
situations
+ dvbsuboverlay: Add support for dynamic resolution update
+ dashsink: fix critical log of dynamic pipeline
+ d3d11shader: Fix ID3DBlob object leak
+ d3d11videosink: Prepare window once streaming started
+ decklinkaudiosrc: Fix duration of the first audio frame after
each discont
+ intervideosrc: fix negotiation of interlaced caps
+ msdk:
- Needn't close mfx session when failed, fixes double free /
potential crash
- Check GstMsdkContext instead of mfxSession instance
+ srt: fix locking when retrieving stats
+ rtmp2src: fix leaks when connection is cancelled during startup
or connection fails
==== gstreamer-plugins-base ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0
- Update to version 1.18.3:
+ audiorate: Make buffer writable before changing its metadata
+ compositor: fix blending of subsampled components
+ decodebin3:
- When reconfiguring a slot make sure that the ghostpad is
unlinked
- Release selection lock when pushing EOS
+ encodebasebin: Ensure that parsers are compatible with selected
encoders
+ tagdemux: resize and trim buffer in place to fix interaction
with oggdemux
+ videoaggregator: Pop out old buffers on timeout
+ video-blend: fix blending 8-bit and 16-bit frames together
+ appsrc: fix signal documentation
+ gl: document some GL caps specifics
+ libvisual: workaround clang compiler warning
==== gstreamer-plugins-good ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml
- Update to version 1.18.3:
+ splitmuxsink:
- Avoid deadlock when releasing a pad from a running muxer
- Fix bogus fragment split
+ v4l2object: Map correct video format for RGBA
+ videoflip: fix possible crash when changing
video-direction/method while running
==== gstreamer-plugins-libav ====
Version update (1.18.2 -> 1.18.3)
- Update to version 1.18.3:
+ avauddec: Drain decoder on decoding failure, fixes timestamps
after decoding errors
==== gstreamer-plugins-ugly ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-ugly-lang
- Update to version 1.18.3:
+ No changes
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Add patch to fix infinite loop in KWin on XServer exit:
* 0001-Let-QXcbConnection-getTimestamp-properly-exit-when-X.patch
- Spec file cleanup, remove conditionals for Leap 42.x
==== ncurses ====
Version update (6.2.20201205 -> 6.2.20210109)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20210109
+ fix errata in man/ncurses.3x from recent updates.
+ improve quoting/escaping in configure script, uses some features of
autoconf 2.52.20210105
- Add ncurses patch 20210102
+ update man/curs_memleaks.3x, to include
participants (1)
-
Dominique Leuenberger