New Tumbleweed snapshot 20210312 released! - openSUSE Factory

15 Mar 2021


      Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&...
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
  MozillaThunderbird (78.8.0 -> 78.8.1)
  bison (3.7.5 -> 3.7.6)
  btrfsprogs (5.9 -> 5.11)
  curl (7.74.0 -> 7.75.0)
  drbd
  file
  git (2.30.1 -> 2.30.2)
  gpm
  libaom (2.0.0 -> 2.0.2)
  libisofs
  liblastfm-qt5 (1.0.9+20150206 -> 1.1.0)
  libmysofa (1.1 -> 1.2)
  libxfce4ui
  libxkbcommon (1.0.3 -> 1.1.0)
  mozjs78 (78.7.0 -> 78.8.0)
  nano (5.6 -> 5.6.1)
  openssl-1_1
  perl-HTML-Parser (3.75 -> 3.76)
  perl-URI (5.08 -> 5.09)
  postfix
  pulseaudio
  python-Pillow (8.1.0 -> 8.1.2)
  python-Twisted (20.3.0 -> 21.2.0)
  python-pandas (1.2.2 -> 1.2.3)
  python-pycurl
  python-zipp (3.4.0 -> 3.4.1)
  rebootmgr (1.3 -> 1.3.1)
  salt
  sddm
  shaderc (2020.4 -> 2020.5)
  snapper
  sssd (2.4.0 -> 2.4.2)
  vmaf (2.1.0 -> 2.1.1)
  wpa_supplicant
  yast2 (4.3.56 -> 4.3.59)
=== Details ===
==== MozillaThunderbird ====
Version update (78.8.0 -> 78.8.1)
Subpackages: MozillaThunderbird-translations-common
- Mozilla Thunderbird 78.8.1
  * several bugfixes and improvements
  * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)
==== bison ====
Version update (3.7.5 -> 3.7.6)
Subpackages: bison-lang
- GNU bison 3.7.6:
  * Fix reused push parsers
  * Fix table generation
==== btrfsprogs ====
Version update (5.9 -> 5.11)
Subpackages: btrfsprogs-udev-rules libbtrfs0
- Update to 5.11
  * fix device path canonicalization for device mapper devices
  * receive: remove workaround for setting capabilities, all stable kernels
    have been patched
  * receive: fix duplicate mount path detection
  * rescue: new subcommand create-control-device
  * device stats: minor fix for plain text format output
  * build: detect if e2fsprogs support 64bit timestamps
  * build: drop libmount, required functionality has been reimplemented
  * mkfs: warn when raid56 is used
  * balance convert: warn when raid56 is used
  * other
  * new and updated tests
  * documentation updates
  * seeding device
  * raid56 status
  * CI updates
  * docker images for various distros
- Update to 5.10.1
  * static build works again
  * other:
  * add a way to test static binaries with the testsuite
  * clarify scrub docs
  * update dependencies, minimum version for libmount is 2.24, this may
    change in the future
- Update to 5.10
  * scrub status:
  * print percentage of progress
  * add size unit options
  * fi usage: also print free space from statfs
  * convert: copy full 64 bit timestamp from ext4 if availalble
  * check:
  * add ability to repair extent item generation
  * new option to remove leftovers from inode number cache (-o inode_cache)
  * check for already running exclusive operation (balance, device add/...)
    when starting one
  * preliminary json output support for 'device stats'
  * fixes:
  * subvolume set-default: id 0 correctly falls back to toplevel
  * receive: align internal buffer to allow fast CRC calculation
  * logical-resolve: distinguish -o subvol and bind mounts
  * build: new dependency libmount
  * other
  * doc fixes and updates
  * new tests
  * ci on gitlab temporarily disabled
  * debugging output enhancements
==== curl ====
Version update (7.74.0 -> 7.75.0)
Subpackages: libcurl4
- Harden build, enable full RELRO
- Never allow undefined symbols anywhere.
- Update to 7.75.0
  * Changes:
  - curl: add --create-file-mode [mode]
  - curl: add new variables to --write-out
  - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
  - gopher: implement secure gopher protocol
  - http: add Hyper as new optional HTTP backend
  - http: introduce AWS HTTP v4 Signature support
  * Bugfixes:
  - cmake: Add an option to disable libidn2
  - cmake: enable gophers correctly in curl-config
  - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
  - digest_sspi: Show InitializeSecurityContext errors in verbose mode
  - getinfo: build with disabled HTTP support
  - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
  - http_proxy: Fix CONNECT chunked encoding race condition
  - httpauth: make multi-request auth work with custom port
  - lib: pass in 'struct Curl_easy *' to most functions
  - lib: remove Curl_ prefix from many static functions
  - lib: save a bit of space with some structure packing
  - libssh: avoid plain free() of libssh-memory
  - mime: make sure setting MIMEPOST to NULL resets properly
  - multi_runsingle: bail out early on data->conn == NULL
  - ngtcp2: Fix http3 upload stall
  - ngtcp2: Fix stack buffer overflow
  - openssl: lowercase the hostname before using it for SNI
  - socks: use the download buffer instead
  - speedcheck: exclude paused transfers
  - too?_writeout: fix the -w time output units
  - url: if IDNA conversion fails, fallback to Transitional
- Refresh libcurl-ocloexec.patch
==== drbd ====
- bsc#1183429, compat to kernel v5.11
  Add patch compat_to_v5_11.patch
==== file ====
Subpackages: file-magic libmagic1
- Remove patch file-5.12-zip.dif as it is upstream solved (boo#1183143)
==== git ====
Version update (2.30.1 -> 2.30.2)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk
- git 2.30.2:
  * CVE-2021-21300: On case-insensitive file systems with support
    for symbolic links, if Git is configured globally to apply
    delay-capable clean/smudge filters (such as Git LFS), Git could
    be fooled into running remote code during a clone (boo#1183026)
==== gpm ====
Subpackages: libgpm2
- remove unnecessary StandardOutput override in the unit definition
  file. (bsc#1182147)
==== libaom ====
Version update (2.0.0 -> 2.0.2)
- Update to version 2.0.2:
  * Prepare for the libaom v2.0.2 release
  * Call av1_setup_frame_size() when dropping a frame
  * Avoid memset in filter_intra_predictor module
  * Fix a typo bug in apply_temporal_filter_planewise
  * Modify the assertion in temporal filter intrinsics
  * Fix unit test ThreadTestLarge.EncoderResultTest/49
  * Add -Wimplicit-function-declaration as C flag only
  * Update CHANGELOG for libaom v2.0.1
  * Set allow_screen_content_tools to 0 in rt mode
  * chroma_check: don't access UV planes if monochrome
==== libisofs ====
- Support building against libjte-1 or libjte-2.
==== liblastfm-qt5 ====
Version update (1.0.9+20150206 -> 1.1.0)
- fix version number (the existing tarball was actually tagged as 1.1.0)
==== libmysofa ====
Version update (1.1 -> 1.2)
- update to 1.2:
  * CVE-2020-36151: Incorrect handling of input data in
    mysofa_resampler_reset_mem function [boo#1181978]
  * CVE-2020-36148: Incorrect handling of input data in
    verifyAttribute function [boo#1181981]
  * CVE-2020-36152: Buffer overflow in readDataVar in
    hdf/dataobject.c [boo#1181977]
  * CVE-2020-36150: Incorrect handling of input data in loudness
    function [boo#1181979]
  * CVE-2020-36149: Incorrect handling of input data in
    changeAttribute function [boo#1181980]
  * Steinberg audio enhancements for symmetrical HRTFs
==== libxfce4ui ====
Subpackages: libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0
- Build package with glade support
==== libxkbcommon ====
Version update (1.0.3 -> 1.1.0)
Subpackages: libxkbcommon-x11-0 libxkbcommon0
- Update to release 1.1.0
  * Update keysym definitions to latest xorgproto. In particular,
    this adds many special keysyms corresponding to Linux evdev
    keycodes.
  * New XKB_KEY_* definitions.
==== mozjs78 ====
Version update (78.7.0 -> 78.8.0)
- Update to version 78.8.0esr:
  + Fix build with Rust 1.50.
==== nano ====
Version update (5.6 -> 5.6.1)
Subpackages: nano-lang
- Fox signature sources
- Drop no longer needed scriplets
- GNU nano 5.6.1:
  * Search matches are properly colorized in softwrap mode too
  * Option 'highlightcolor' has been renamed to 'spotlightcolor'
==== openssl-1_1 ====
Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac
- Fix unresolved error codes [bsc#1182959]
- Update patches:
  * openssl-1.1.1-fips.patch
  * openssl-1.1.1-evp-kdf.patch
==== perl-HTML-Parser ====
Version update (3.75 -> 3.76)
- updated to 3.76
  see /usr/share/doc/packages/perl-HTML-Parser/Changes
  3.76      2021-03-04
  * Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall
    and Chase Whitener)
==== perl-URI ====
Version update (5.08 -> 5.09)
- updated to 5.09
  see /usr/share/doc/packages/perl-URI/Changes
  5.09      2021-03-03 15:16:47Z
  - Update Business::ISBN version requirements (GH#85) (brian d foy and Olaf
    Alders)
==== postfix ====
Subpackages: postfix-doc
- (bsc#1183305) - config.postfix uses db as suffix for postmaps
  Depending on DEF_DB_TYPE uses lmdb or db
- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
  still refers to /etc/services
  Use getent to detect if smtps is already defined.
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion
- Upstream fixes for supporting HFP in native backend (bsc#1167940):
  0001-bluetooth-use-consistent-profile-names.patch
  0002-bluetooth-separate-HSP-and-HFP.patch
  0003-bluetooth-add-correct-HFP-rfcomm-negotiation.patch
  0004-bluetooth-make-native-the-default-backend.patch
  0005-bluetooth-enable-module-bluez5-discover-argument-ena.patch
  0006-bluetooth-fix-headset-auto-ofono-handover.patch
  0007-bluetooth-prefer-headset-HFP-HF-connection-with-nati.patch
  0008-bluetooth-complete-bluetooth-profile-separation.patch
  0009-bluetooth-use-device-flag-to-prevent-assertion-failu.patch
  0010-bluetooth-rename-enable_hs_role-to-enable_shared_pro.patch
  0011-bluetooth-clean-up-rfcomm_write-usage.patch
==== python-Pillow ====
Version update (8.1.0 -> 8.1.2)
- update to 8.1.2:
  - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins
- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.
  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
==== python-Twisted ====
Version update (20.3.0 -> 21.2.0)
- Update to 21.2.0:
  * Features
    + The enableSessions argument to twisted.internet.ssl.CertificateOptions now
    + actually enables/disables OpenSSL's session cache. Also, due to
    + session-related bugs, it defaults to False. (#9583)
    + twisted.internet.defer.inlineCallbacks and ensureDeferred will now associate a contextvars.Context with the coroutines they run, meaning that ContextVar objects will maintain their value within the same coroutine, similarly to asyncio Tasks. This functionality requires Python 3.7+, or the contextvars PyPI backport to be installed for Python 3.5-3.6. (#9719, #9826)
    + twisted.internet.defer.Deferred.fromCoroutine has been added. This is similar to the existing ensureDeferred function, but is named more consistently inside Twisted and does not pass through Deferreds. (#9825)
    + trial now allows the @unittest.skipIf decorator to specify that an entire test class should be skipped. (#9829)
    + The twisted.python.deprecate.deprecatedKeywordParameter decorator can be used to mark a keyword paramater of a function or method as deprecated. (#9844)
    + Projects using Twisted can now perform type checking against a Twisted
    + installation, for example using mypy. (#9908)
    + twisted.python.util.InsensitiveDict now fully implements MutableMapping. (#9919)
    + Python 3.8 is now tested and supported. (#9955)
    + Support a coroutine function in twisted.internet.task.react (#9974)
    + PyPy 3.7 is now tested and supported. (#10093)
  * Bugfixes
    + twisted.web.twcgi.CGIProcessProtocol.processEnded(...) now handles an already-finished request, for example when request.connectionLost(...) was called previously. (#9468)
    + Twisted's dependency on PyHamcrest has been moved from the base package to the new "test" extra. Consequently the test extra must be installed for Twisted's test suite to pass. (#9509)
    + Fixed serialization of timedelta, date, and time objects in twisted.spread. (#9716)
    + twisted.internet.asyncioreactor.AsyncioSelectorReactor now raises an exception if instantiated with an event loop which is not compatible with asyncio.SelectorEventLoop. This fixes the AsyncioSelectorReactor in Python 3.8+ on Windows, where in bp-34687 the default Windows asyncio event loop was changed to ProactorEventLoop. Applications that use AsyncioSelectorReactor on Windows with Python 3.8+ must call asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy()) before instantiating and running AsyncioSelectorReactor. (#9766)
    + twisted.internet.process.registerReapProcessHandler and ._BaseProcess.reapProcess will no longer raise a TypeError when processing a None PID (#9775)
    + INotify will close its file descriptor if a directory is automatically removed by twisted from the watchlist because it's deleted, avoiding orphaned filedescriptors. (#9777)
    + DelayedCall.reset() is now working properly with asyncioreactor (#9780)
    + AsyncioSelectorReactor.seconds() now correctly returns an epoch time. (#9787)
    + The _connDone parameter has been removed from twisted.internet.abstract.FileDescriptor.loseConnection()'s signature in order to match the signature in the base class twisted.internet._newtls.ConnectionMixin loseConnection(). (#9849)
    + The Gtk3 reactor now runs on Wayland-only sessions (#9904)
    + Descriptive error messages from twisted.internet.error are now present when running with 'python -OO'. (#9918)
    + Comparator methods such as eq() now always return NotImplemented for uncomparable types. (#9919)
    + When installing Twisted it now requires a minimum Python 3.5.4 version to match the version used with automated testing. This is the minimum Python version that we know that Twisted works with. (#10098)
- Drop patches no-pygtkcompat.patch, python-38-hmac-digestmod.patch,
  python-38-no-cgi-parseqs.patch, twisted-pr1369-remove-pyopenssl-npn.patch,
  twisted-pr1487-increase-ffdh-keysize.patch and
  test-mktime-invalid-tm_isdst.patch as they have been merged.
- Refresh other patches.
- Add no-cython_test_exception_raiser.patch to avoid another dependency.
- Update URL and make use of sitelib, not sitearch macros
==== python-pandas ====
Version update (1.2.2 -> 1.2.3)
- update to version 1.2.3:
  * Fixed regressions
    + Fixed regression in to_excel() raising KeyError when giving
    duplicate columns with columns attribute (GH39695)
    + Fixed regression in nullable integer unary ops propagating mask
    on assignment (GH39943)
    + Fixed regression in DataFrame.__setitem__() not aligning
    DataFrame on right-hand side for boolean indexer (GH39931)
    + Fixed regression in to_json() failing to use compression with
    URL-like paths that are internally opened in binary mode or with
    user-provided file objects that are opened in binary mode
    (GH39985)
    + Fixed regression in Series.sort_index() and
    DataFrame.sort_index(), which exited with an ungraceful error
    when having kwarg ascending=None passed. Passing ascending=None
    is still considered invalid, and the improved error message
    suggests a proper usage (ascending must be a boolean or a
    list-like of boolean) (GH39434)
    + Fixed regression in DataFrame.transform() and Series.transform()
    giving incorrect column labels when passed a dictionary with a
    mix of list and non-list values (GH40018)
==== python-pycurl ====
- Remove a failing test-case until fixed in curl:
  * Upstream issue: https://github.com/curl/curl/issues/6615
==== python-zipp ====
Version update (3.4.0 -> 3.4.1)
- update to 3.4.1:
  * refresh packaging
==== rebootmgr ====
Version update (1.3 -> 1.3.1)
- Update to version 1.3.1
  - Move all dbus config files to /usr/share/dbus-1
==== salt ====
Subpackages: python3-salt salt-master salt-minion
- virt.network_update: handle missing ipv4 netmask attribute
- Added:
  * virt.network_update-handle-missing-ipv4-netmask-attr.patch
- Set distro requirement to oldest supported version in requirements/base.txt
- Added:
  * 3002-set-distro-requirement-to-oldest-supported-vers.patch
- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Don't require python3-certifi
- Added:
  * do-not-monkey-patch-yaml-bsc-1177474.patch
- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
==== sddm ====
Subpackages: sddm-branding-openSUSE
- Add patch to reintroduce /etc/profile reading if fish is shell:
  * 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch
==== shaderc ====
Version update (2020.4 -> 2020.5)
- Update to release 2020.5
  * Support newer glslang
==== snapper ====
Subpackages: libsnapper5 snapper-zypp-plugin
- updated translations (bsc#1149754)
==== sssd ====
Version update (2.4.0 -> 2.4.2)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap
- Update to release 2.4.2
  * Default value of "user" config option was fixed into
    accordance with man page, i.e. default is "root".
  * pam_sss_gss now support authentication indicators to further
    harden the authentication.
- Pass --with-pid-path=%{_rundir} to configure: adjust rundir
  according the distro settings, i.e. /run on modern systems.
  Eliminates a systemd warning like this one in the journal:
    Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13:
    PIDFile= references a path below legacy directory /var/run/,
    updating /var/run/sssd.pid ? /run/sssd.pid; please update the unit file accordingly.
- Update to release 2.4.1
  * New PAM module pam_sss_gss for authentication using GSSAPI.
  * case_sensitive=Preserving can now be set for trusted domains
    with AD and IPA providers.
  * krb5_use_subdomain_realm=True can now be used when sub-domain
    user principal names have upnSuffixes which are not known in
    the parent domain. SSSD will try to send the Kerberos request
    directly to a KDC of the sub-domain.
  * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald
    output, to avoid issues with PID parsing in rsyslog
    (BSD-style forwarder) output.
  * Added pam_gssapi_check_upn to enforce authentication only
    with principal that can be associated with target user.
  * Added pam_gssapi_services to list PAM services that can
    authenticate using GSSAPI.
==== vmaf ====
Version update (2.1.0 -> 2.1.1)
- update to 2.1.1:
  * Fixes a SSIM/MS-SSIM precision bug where a lossless comparison did not
    always result in a perfect 1.0 score. (#796).
  * Adds feature extractor options to clip the dB scores for both PSNR/SSIM.
  - -aom_ctc v1.0 has been updated to use these clipping options according to
    the AOM CTC. (#802).
- disable LTO build (fails at least since 2.1.0)
==== wpa_supplicant ====
Subpackages: wpa_supplicant-gui
- Fix systemd device ready dependencies in wpa_supplicant@.service file.
  (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fai...)
==== yast2 ====
Version update (4.3.56 -> 4.3.59)
Subpackages: yast2-logs
- Use meaningful button labels when asking the user if would like
  to continue when an installation client is missing
  (related to bsc#1180594).
- 4.3.59
- save_y2logs: Make modified content of log files just warning
  instead of fatal (bsc#1182710 see comment 2)
- 4.3.58
- Ask the user if would like to continue when an installation
  client is missing (related to bsc#1180594).
- 4.3.57