Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&am…
Please do not reply to this email to report issues, rather file a bug
on
bugzilla.opensuse.org. For more information on filing bugs please
see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash (5.0.18 -> 5.1.4)
dnsmasq (2.82 -> 2.83)
gstreamer (1.18.2 -> 1.18.3)
gstreamer-plugins-bad (1.18.2 -> 1.18.3)
gstreamer-plugins-base (1.18.2 -> 1.18.3)
gstreamer-plugins-good (1.18.2 -> 1.18.3)
gstreamer-plugins-libav (1.18.2 -> 1.18.3)
gstreamer-plugins-ugly (1.18.2 -> 1.18.3)
libqt5-qtbase
ncurses (6.2.20201205 -> 6.2.20210109)
openldap2 (2.4.56 -> 2.4.57)
perl-Mojolicious (8.70 -> 8.71)
perl-Net-DNS (1.28 -> 1.29)
publicsuffix (20201223 -> 20210108)
qemu
readline (8.0 -> 8.1)
rubygem-cri
rubygem-delayed_job (4.1.8 -> 4.1.9)
rubygem-delayed_job_active_record (4.1.4 -> 4.1.5)
rubygem-pdf-core (0.8.1 -> 0.9.0)
rubygem-ttfunk (1.6.2.1 -> 1.7.0)
rubygem-xml-simple (1.1.5 -> 1.1.8)
vlc (3.0.11.1 -> 3.0.12)
vulkan-loader (1.2.162.0 -> 1.2.165)
=== Details ===
==== bash ====
Version update (5.0.18 -> 5.1.4)
Subpackages: bash-doc bash-lang
- Update to final bash 5.1
* Which is mainly the last rc3 veresion
- Add official patch bash51-001
There is a missing dependency on a constructed file, which can cause highly
parellel builds to fail.
- Add official patch bash51-002
If there are no jobs, and the `-n' and `-p' options are both supplied to
`wait', bash can assign a value to the variable name specified with `-p'
instead of leaving it unset.
- Add official patch bash51-003
Bash does not put a command substitution process that is started to perform an
expansion in a child process into the right process group where it can receive
keyboard-generated signals.
- Add official patch bash51-004
If a key-value compound array assignment to an associative array is supplied
as an assignment statement argument to the `declare' command that declares the
array, the assignment doesn't perform the correct word expansions.
This patch makes key-value assignment and subscript assignment perform the
same expansions when they're supplied as an argument to `declare'.
- Update to bash 5.1 rc3
* The `assoc_expand_once' option now affects the evaluation of the -v primary
to test and the [[ compound command.
==== dnsmasq ====
Version update (2.82 -> 2.83)
- Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
* Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
* Fix a remote buffer overflow problem in the DNSSEC code.
Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
to this, referenced by CVE-2020-25681, CVE-2020-25682,
CVE-2020-25683 CVE-2020-25687.
* Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much
entropy in the {query-ID, random-port} tuple as possible, to
help defeat cache poisoning attacks. Refer: CVE-2020-25684.
* Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
* Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded independently.
This is, in theory, inefficent but in practise not a problem,
_except_ that is means that an answer for any of the forwarded
queries will be accepted and cached.
An attacker can send a query multiple times, and for each
repeat, another {port, ID} becomes capable of accepting the
answer he is sending in the blind, to random IDs and ports.
The chance of a succesful attack is therefore multiplied by the
number of repeats of the query. The new behaviour detects
repeated queries and merely stores the clients sending repeats
so that when the first query completes, the answer can be sent
to all the clients who asked. Refer: CVE-2020-25686.
==== gstreamer ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.18.3:
+ Highlighted bugfixes:
- Fix ogg playback regression for ogg files that also have ID3
or APE tags
- compositor: fix artefacts and invalid memory access when
blending subsampled formats
- Exported mini object ref/unref/copy functions for use in
bindings such as gstreamer-sharp
- Add support for Apple silicon (M1) to cerbero package builder
- Ship RIST plugin in binary packages
- Various stability, performance and reliability improvements
- Memory leak fixes
- Build fixes
+ gstreamer:
- gst: Add non-inline ref/unref/copy/replace methods for
various mini objects (buffer, bufferlist, caps, context,
event, memory, message, promise, query, sample, taglist, uri)
for use in bindings such as gstreamer-sharp.
- harness: don't use GST_DEBUG_OBJECT with GstHarness which is
not a GObject.
==== gstreamer-plugins-bad ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-bad-lang gstreamer-transcoder libgstadaptivedemux-1_0-0
libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0
libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0
libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0
libgstwayland-1_0-0 libgstwebrtc-1_0-0 typelib-1_0-GstTranscoder-1_0
- Update to version 1.18.3:
+ assrender: fix mutex handling in certain flushing/error
situations
+ dvbsuboverlay: Add support for dynamic resolution update
+ dashsink: fix critical log of dynamic pipeline
+ d3d11shader: Fix ID3DBlob object leak
+ d3d11videosink: Prepare window once streaming started
+ decklinkaudiosrc: Fix duration of the first audio frame after
each discont
+ intervideosrc: fix negotiation of interlaced caps
+ msdk:
- Needn't close mfx session when failed, fixes double free /
potential crash
- Check GstMsdkContext instead of mfxSession instance
+ srt: fix locking when retrieving stats
+ rtmp2src: fix leaks when connection is cancelled during startup
or connection fails
==== gstreamer-plugins-base ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0
libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0
libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0
typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0
typelib-1_0-GstVideo-1_0
- Update to version 1.18.3:
+ audiorate: Make buffer writable before changing its metadata
+ compositor: fix blending of subsampled components
+ decodebin3:
- When reconfiguring a slot make sure that the ghostpad is
unlinked
- Release selection lock when pushing EOS
+ encodebasebin: Ensure that parsers are compatible with selected
encoders
+ tagdemux: resize and trim buffer in place to fix interaction
with oggdemux
+ videoaggregator: Pop out old buffers on timeout
+ video-blend: fix blending 8-bit and 16-bit frames together
+ appsrc: fix signal documentation
+ gl: document some GL caps specifics
+ libvisual: workaround clang compiler warning
==== gstreamer-plugins-good ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk
gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml
- Update to version 1.18.3:
+ splitmuxsink:
- Avoid deadlock when releasing a pad from a running muxer
- Fix bogus fragment split
+ v4l2object: Map correct video format for RGBA
+ videoflip: fix possible crash when changing
video-direction/method while running
==== gstreamer-plugins-libav ====
Version update (1.18.2 -> 1.18.3)
- Update to version 1.18.3:
+ avauddec: Drain decoder on decoding failure, fixes timestamps
after decoding errors
==== gstreamer-plugins-ugly ====
Version update (1.18.2 -> 1.18.3)
Subpackages: gstreamer-plugins-ugly-lang
- Update to version 1.18.3:
+ No changes
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5
libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite
libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Add patch to fix infinite loop in KWin on XServer exit:
* 0001-Let-QXcbConnection-getTimestamp-properly-exit-when-X.patch
- Spec file cleanup, remove conditionals for Leap 42.x
==== ncurses ====
Version update (6.2.20201205 -> 6.2.20210109)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm
terminfo-screen
- Add ncurses patch 20210109
+ fix errata in man/ncurses.3x from recent updates.
+ improve quoting/escaping in configure script, uses some features of
autoconf 2.52.20210105
- Add ncurses patch 20210102
+ update man/curs_memleaks.3x, to include <term.h> which declares
exit_terminfo.
+ clarify man/curs_terminfo.3x, to mention why the macro setterm is
defined in <curses.h>, and remove it from the list of prototypes
(prompted by patch by Graeme McCutcheon).
+ amend man/curs_terminfo.3x, to note that <curses.h> is required
for certain functions, e.g., those using chtype or attr_t for
types, as well as mvcur (cf: 20201031).
+ use parameter-names in prototypes in curs_sp_funcs.3x, for
consistency with other manpages.
- Add ncurses patch 20201227
+ update terminology entry to 1.8.1 -TD
+ fix some compiler-warnings which gcc8 reports incorrectly.
- Add ncurses patch 20201219
+ suppress hyphenation in generated html for manpages, to address
regression in upgrade of groff 1.22.2 to 1.22.3.
+ fix inconsistent sort-order in see-also sections of manpages (report
by Chris Bennett).
- Port patch ncurses-6.2.dif
- Add ncurses patch 20201212
+ improve manual pages for form field-types.
==== openldap2 ====
Version update (2.4.56 -> 2.4.57)
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client
- updated to 2.4.57
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423,
ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
==== perl-Mojolicious ====
Version update (8.70 -> 8.71)
- updated to 8.71
see /usr/share/doc/packages/perl-Mojolicious/Changes
8.71 2021-01-17
- Added EXPERIMENTAL freeze option to reset method in Mojo::IOLoop.
- Improved Mojo::IOLoop::Subprocess not to close connections after fork.
==== perl-Net-DNS ====
Version update (1.28 -> 1.29)
- update to 1.29
Include test number in summary of failed non-fatal tests.
Remove Net::DNS::SEC specific tests.
Fix faulty test plan in t/08-recurse.t.
==== publicsuffix ====
Version update (20201223 -> 20210108)
- Update to version 20210108:
* Added ghost.io to PSL (#1180)
* Add
myshopify.com (#1179)
==== qemu ====
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi
qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice
qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu
qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-redirect
qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc
qemu-s390x qemu-seabios qemu-sgabios qemu-skiboot qemu-tools qemu-ui-curses qemu-ui-gtk
qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu
qemu-x86
- Fix qemu-testsuite issue where white space processing gets
handled differently under bash 5.1 (boo#1181054)
iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to
invoke the QEMU emulator has been deprecated for some time,
but is still provided. It has as it's ancient origins a version
of QEMU which had KVM acceleration enabled by default, and then
recently, until now, it is a shell script which execs the QEMU
emulator, adding '-machine accel=kvm' to the beginning of the
list of command line options passed to the emulator.
This method collides with the now preferred method of specifying
acceleration options by using -accel. qemu-kvm is now changed to
simply be a symlink to the same QEMU binary which the prior
script exec'd. This new approach takes advantage of a built-in
QEMU feature where if QEMU is invoked using a program name ending
in 'kvm', KVM emulation is enabled. This approach is better in
that it is more compatible with any other command line option
that may be added for describing acceleration.
For those who have modified qemu-kvm to add additional command
line options, or take other actions in the context of the script
you will now need to create an alternate script "emulator" to
achieve the same result. Note that it's possible there may be
some very subtle behavioral difference in the switch from a
script to a symlink, but given that qemu-kvm is a deprecated
package, we're not going to worry about that.
==== readline ====
Version update (8.0 -> 8.1)
Subpackages: libreadline8 readline-doc
- Update to final readline-8.1
which is mainly rc3
- Remove obsolate patches and the signatures
* readline80-001
* readline80-001.sig
* readline80-002
* readline80-002.sig
* readline80-003
* readline80-003.sig
* readline80-004
* readline80-004.sig
- Port patches
* readline-5.2-conf.patch
* readline-6.2-metamode.patch
* readline-6.3-destdir.patch
* readline-6.3-input.dif
* readline-6.3-rltrace.patch
* readline-7.0-screen.patch
- Port and rename patch readline-8.0.dif which is now readline-8.1.dif
- Update to readline-8.1-rc3 for testing
* Fixed a bug that could cause point to be set beyond the end of the line
buffer when aborting an incremental search.
- Update to readline-8.1-rc2 for testing
* Bracketed paste mode is enabled by default. There is a configure-time
option (--enable-bracketed-paste-default) to set the default to on or off.
* Terminals that are named "dumb" or unknown do not enable bracketed paste
by default.
* Ensure that disabling bracketed paste turns off highlighting the incremental
search string when the search is successful.
- Remove patch readline-8.1-bracketed_paste_off.patch and use the
new build time configuration
==== rubygem-cri ====
- limit to ruby 2.7 on TW
==== rubygem-delayed_job ====
Version update (4.1.8 -> 4.1.9)
- updated to version 4.1.9
Support for Rails 6.1
Add support for parameterized mailers via delay call (#1121)
==== rubygem-delayed_job_active_record ====
Version update (4.1.4 -> 4.1.5)
- updated to version 4.1.5
no changelog found, but allows Rails 6.1
==== rubygem-pdf-core ====
Version update (0.8.1 -> 0.9.0)
updated to version 0.9.0
no changelog found
==== rubygem-ttfunk ====
Version update (1.6.2.1 -> 1.7.0)
updated to version 1.7.0
see installed CHANGELOG.md
[#]# 1.7.0
[#]## Changes
* Allow gem installation on Ruby 3.0
Pavel Lobashov
* Allow TTC files to be read from IO object
Tom de Grunt
==== rubygem-xml-simple ====
Version update (1.1.5 -> 1.1.8)
updated to version 1.1.8
no changelog found
==== vlc ====
Version update (3.0.11.1 -> 3.0.12)
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau
- Update to version 3.0.12:
+ Access: Add new RIST access module compliant with simple
profile (VSF_TR-06-1).
+ Access Output: Add new RIST access output module compliant with
simple profile (VSF_TR-06-1).
+ Demux: Fixed adaptive's handling of resolution settings.
+ Audio output: Fix audio distortion on macOS during start of
playback.
+ Video Output: Direct3D11: Fix some potential crashes when using
video filters.
+ Misc:
- Several fixes in the web interface, including privacy and
security improvements
- Update YouTube and Vocaroo scripts.
+ Updated translations.
- Drop vlc-CVE-2020-26664.patch: fixed upstream.
- Drop fix-missing-includes-with-qt-5.15.patch: fixed upstream.
==== vulkan-loader ====
Version update (1.2.162.0 -> 1.2.165)
- update to 1.2.165:
* loader: Properly check for elevated permissions
* loader: Remove SEEK_END usage
* Rename LIB_SUFFIX to VULKAN_LIB_SUFFIX
* build: Update known-good files for 1.2.165 header