Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&am…
Please do not reply to this email to report issues, rather file a bug
on
bugzilla.opensuse.org. For more information on filing bugs please
see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (83.0 -> 84.0)
MozillaThunderbird (78.5.1 -> 78.6.0)
SDL2 (2.0.12 -> 2.0.14)
akonadi-contact
boost-base
boost-extra
dolphin
gtk2 (2.24.32+70 -> 2.24.33)
kaddressbook
kvm_stat (5.9.12 -> 5.10.1)
mozilla-nss (3.58 -> 3.59)
openblas_pthreads (0.3.12 -> 0.3.13)
orca (3.38.1 -> 3.38.2)
plasma5-desktop
python-importlib-metadata (3.1.1 -> 3.3.0)
python-more-itertools (8.5.0 -> 8.6.0)
python-pyOpenSSL
sudo (1.9.4 -> 1.9.4p2)
timezone (2020d -> 2020e)
timezone-java (2020d -> 2020e)
wireshark (3.4.1 -> 3.4.2)
xmlsec1 (1.2.30 -> 1.2.31)
=== Details ===
==== MozillaFirefox ====
Version update (83.0 -> 84.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
* WebRender is enabled by default when run on GNOME-based X11
Linux desktops
MFSA 2020-54 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26972 (bmo#1671382)
Use-After-Free in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26975 (bmo#1661071)
Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
* CVE-2020-26976 (bmo#1674343)
HTTPS pages could have been intercepted by a registered
service worker when they should not have been
* CVE-2020-26977 (bmo#1676311)
URL spoofing via unresponsive port in Firefox for Android
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-26979 (bmo#1641287, bmo#1673299)
When entering an address in the address or search bars, a
website could have redirected the user before they were
navigated to the intended url
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
* CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459,
bmo#1669914, bmo#1673567)
Memory safety bugs fixed in Firefox 84
- requires
NSS >= 3.59
rust >= 1.44
rust-cbindgen >= 0.15.0
- remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch
- Add/Enable GNOME search provider
==== MozillaThunderbird ====
Version update (78.5.1 -> 78.6.0)
Subpackages: MozillaThunderbird-translations-common
- Mozilla Thunderbird 78.6.0
* changes and additions in MailExtensions
* several bugfixes
*
https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
MFSA 2020-56 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Thunderbird 78.6
==== SDL2 ====
Version update (2.0.12 -> 2.0.14)
- update to 2.0.14:
* Added support for PS5 DualSense and Xbox Series X controllers to the HIDAPI controller
driver
* Vulkan support to the KMSDRM video driver
* see details on
https://discourse.libsdl.org/t/sdl-2-0-14-released/28470
==== akonadi-contact ====
Subpackages: akonadi-contact-lang akonadi-plugin-contacts libKF5AkonadiContact5
libKF5ContactEditor5
- Obsolete kdepim-apps-libs-lang as well to avoid update problems
==== boost-base ====
Subpackages: boost-license1_75_0 libboost_date_time1_75_0 libboost_filesystem1_75_0
libboost_iostreams1_75_0 libboost_locale1_75_0 libboost_regex1_75_0 libboost_thread1_75_0
- libboost_nowide now uses same pattern of Provides/Conflicts
and version numbers as other Boost libraries
- Add missing conflicts for Boost 1.66
- Boost.Build (jam) implementation is now obsoletes older versions
==== boost-extra ====
- libboost_nowide now uses same pattern of Provides/Conflicts
and version numbers as other Boost libraries
- Add missing conflicts for Boost 1.66
- Boost.Build (jam) implementation is now obsoletes older versions
==== dolphin ====
Subpackages: dolphin-part dolphin-part-lang libdolphinvcs5
- Add upstream patch to fix crash on launch (kde#429628,
kde#430434):
* 0001-Fix-access-url-navigator-while-creating-new-tab-in-f.patch
==== gtk2 ====
Version update (2.24.32+70 -> 2.24.33)
Subpackages: gtk2-data gtk2-immodule-amharic gtk2-immodule-inuktitut gtk2-immodule-thai
gtk2-immodule-tigrigna gtk2-immodule-vietnamese gtk2-immodule-xim gtk2-lang gtk2-tools
gtk2-tools-32bit libgtk-2_0-0 libgtk-2_0-0-32bit
- Update to version 2.24.33:
+ This is the final GTK 2.x release. There will be no more
updates to GTK 2. All users are encouraged to update to GTK 3
or 4.
+ Make the output of gtk-query-immodules deterministic.
+ GtkCalendar: Use %OB if supported.
+ GtkIconTheme: prefer exact matches.
+ build:
- Support automake 1.16.
- Fix compiler warnings with newer gcc.
==== kaddressbook ====
Subpackages: kaddressbook-doc kaddressbook-lang libKPimAddressbookImportExport5
- Obsolete kdepim-apps-libs-lang as well to avoid update problems
==== kvm_stat ====
Version update (5.9.12 -> 5.10.1)
- Fix kernel version comparison for selectively applying patches
* so that it won't break when, e.g., 5.10.0 hits Factory
==== mozilla-nss ====
Version update (3.58 -> 3.59)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs
mozilla-nss-tools
- update to NSS 3.59
Notable changes
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
==== openblas_pthreads ====
Version update (0.3.12 -> 0.3.13)
- Update to version 0.3.13
common:
* Added a generic bfloat16 SBGEMV kernel
* Fixed a potentially severe memory leak after fork in OpenMP builds
that was introduced in 0.3.12
* Added detection of the Fujitsu Fortran compiler
* Added detection of the (e)gfortran compiler on OpenBSD
* Added support for overriding the default name of the library independently
from symbol suffixing in the gmake builds (already supported in cmake)
RISC V:
* Added a RISC V port optimized for C910V
POWER:
* Added optimized POWER10 kernels for SAXPY, CAXPY, SDOT, DDOT and DGEMV_N
* Improved DGEMM performance on POWER10
* Improved STRSM and DTRSM performance on POWER9 and POWER10
* Fixed segmemtation faults in DYNAMIC_ARCH builds
* Fixed compilation with the PGI compiler
x86:
* Fixed compilation of kernels that require SSE2 intrinsics since 0.3.12
x86_64:
* Added an optimized bfloat16 SBGEMV kernel for SkylakeX and Cooperlake
* Improved the performance of SASUM and DASUM kernels through parallelization
* Improved the performance of SROT and DROT kernels
* Improved the performance of multithreaded xSYRK
* Fixed OpenMP builds that use the LLVM Clang compiler together with GNU gfortran
(where linking of both the LLVM libomp and GNU libgomp could lead to lockups or
wrong results)
* Fixed miscompilations by old gcc 4.6
* Fixed misdetection of AVX2 capability in some Sandybridge cpus
* Fixed lockups in builds combining DYNAMIC_ARCH with TARGET=GENERIC on OpenBSD
ARM64:
* Fixed segmentation faults in DYNAMIC_ARCH builds
MIPS:
* Improved kernels for Loongson 3R3 ("3A") and 3R4 ("3B") models,
including MSA
* Fixed bugs in the MSA kernels for CGEMM, CTRMM, CGEMV and ZGEMV
* Added handling of zero increments in the MSA kernels for SSWAP and DSWAP
* Added DYNAMIC_ARCH support for MIPS64 (currently Loongson3R3/3R4 only)
SPARC:
* Fixed building 32 and 64 bit SPARC kernels with the SolarisStudio compilers
- Fix invalid symlinks (boo#1179764).
==== orca ====
Version update (3.38.1 -> 3.38.2)
Subpackages: orca-lang
- Update to version 3.38.2:
+ Don't treat unknown coordinates as definitely off-screen.
Should fix the problem seen with flat review resulting from a
change in Gtk+ 3.24.24.
==== plasma5-desktop ====
Subpackages: plasma5-desktop-emojier plasma5-desktop-lang
- Add upstream patch to fix keyboard repeat settings not being
applied immediately (boo#1164739, kde#418175):
* Reparse-the-key-repeat-rate-config-when-we-try-to-load-it.patch
==== python-importlib-metadata ====
Version update (3.1.1 -> 3.3.0)
- New version requires typing_extensions for Python < 3.8
(Leap and TW python36 flavor)
- update to 3.3.0:
* * #265: ``EntryPoint`` objects now expose a ``.dist`` object
referencing the ``Distribution`` when constructed from a
Distribution.
* The object returned by ``metadata()`` now has a
formally-defined protocol called ``PackageMetadata``
with declared support for the ``.get_all()`` method.
Fixes #126.
- add typing-extensions dependency for older python versions
==== python-more-itertools ====
Version update (8.5.0 -> 8.6.0)
- update to 8.6.0:
* :func:`all_unique` (thanks to brianmaissy)
* :func:`nth_product` and :func:`nth_permutation` (thanks to N8Brooks)
* :func:`chunked` and :func:`sliced` now accept a ``strict`` parameter (thanks to
shlomif and jtwool)
* Python 3.5 has reached its end of life and is no longer supported.
* Python 3.9 is officially supported.
==== python-pyOpenSSL ====
- Adjust metadata for skip-networked-test.patch and refer to the proper
upstream ticket gh#pyca/pyopenssl#68.
==== sudo ====
Version update (1.9.4 -> 1.9.4p2)
Subpackages: sudo-plugin-python
- Update to 1.9.4p2
* Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
if the sudoers file contains a runas user-specific Defaults entry.
Bug #951.
- News in 1.9.4p1
* Fixed a regression introduced in version 1.9.4 where sudo would
not build when configured using the --without-sendmail option.
Bug #947.
* Fixed a problem where if I/O logging was disabled and sudo was
unable to connect to sudo_logsrvd, the command would still be
allowed to run even when the "ignore_logfile_errors" sudoers
option was enabled.
* Fixed a crash introduced in version 1.9.4 when attempting to run
a command as a non-existent user. Bug #948.
* The installed sudo.conf file now has the default sudoers Plugin
lines commented out. This fixes a potential conflict when there
is both a system-installed version of sudo and a user-installed
version. GitHub issue #75.
* Fixed a regression introduced in sudo 1.9.4 where sudo would run
the command as a child process even when a pseudo-terminal was
not in use and the "pam_session" and "pam_setcred" options were
disabled. GitHub issue #76.
* Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
sudoers option could not be set to a value of 3. Bug #950.
==== timezone ====
Version update (2020d -> 2020e)
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
==== timezone-java ====
Version update (2020d -> 2020e)
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
==== wireshark ====
Version update (3.4.1 -> 3.4.2)
Subpackages: libwireshark14 libwiretap11 libwsutil12 wireshark-ui-qt
- Wireshark 3.4.2
* CVE-2020-26422: QUIC dissector crash (boo#1180232)
* Fix IETF QUIC TLS decryption errors when packets are coalesced
with random data
* QUIC: missing dissection of some coalesced SH packets
* Fix false expect error seen on FCoE frames
* Updated Protocol Support
DOCSIS, FC-dNS, FC-SWILS, FCoE, QUIC, SNMP, and USBHID
==== xmlsec1 ====
Version update (1.2.30 -> 1.2.31)
Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1
- Update to version 1.2.31:
+ Unload error strings in OpenSSL shutdown.
+ Make userData available when executing preExecCallback
function.
+ Add an option to use secure memset.
- Pass --disable-md5 to configure: The cryptographic strength of
the MD5 algorithm is sufficiently doubtful that its use is
discouraged at this time. It is not listed as an algorithm in
[XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1