15 Mar
2021
15 Mar
'21
08:01
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&am…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaThunderbird (78.8.0 -> 78.8.1)
bison (3.7.5 -> 3.7.6)
btrfsprogs (5.9 -> 5.11)
curl (7.74.0 -> 7.75.0)
drbd
file
git (2.30.1 -> 2.30.2)
gpm
libaom (2.0.0 -> 2.0.2)
libisofs
liblastfm-qt5 (1.0.9+20150206 -> 1.1.0)
libmysofa (1.1 -> 1.2)
libxfce4ui
libxkbcommon (1.0.3 -> 1.1.0)
mozjs78 (78.7.0 -> 78.8.0)
nano (5.6 -> 5.6.1)
openssl-1_1
perl-HTML-Parser (3.75 -> 3.76)
perl-URI (5.08 -> 5.09)
postfix
pulseaudio
python-Pillow (8.1.0 -> 8.1.2)
python-Twisted (20.3.0 -> 21.2.0)
python-pandas (1.2.2 -> 1.2.3)
python-pycurl
python-zipp (3.4.0 -> 3.4.1)
rebootmgr (1.3 -> 1.3.1)
salt
sddm
shaderc (2020.4 -> 2020.5)
snapper
sssd (2.4.0 -> 2.4.2)
vmaf (2.1.0 -> 2.1.1)
wpa_supplicant
yast2 (4.3.56 -> 4.3.59)
=== Details ===
==== MozillaThunderbird ====
Version update (78.8.0 -> 78.8.1)
Subpackages: MozillaThunderbird-translations-common
- Mozilla Thunderbird 78.8.1
* several bugfixes and improvements
* https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)
==== bison ====
Version update (3.7.5 -> 3.7.6)
Subpackages: bison-lang
- GNU bison 3.7.6:
* Fix reused push parsers
* Fix table generation
==== btrfsprogs ====
Version update (5.9 -> 5.11)
Subpackages: btrfsprogs-udev-rules libbtrfs0
- Update to 5.11
* fix device path canonicalization for device mapper devices
* receive: remove workaround for setting capabilities, all stable kernels
have been patched
* receive: fix duplicate mount path detection
* rescue: new subcommand create-control-device
* device stats: minor fix for plain text format output
* build: detect if e2fsprogs support 64bit timestamps
* build: drop libmount, required functionality has been reimplemented
* mkfs: warn when raid56 is used
* balance convert: warn when raid56 is used
* other
* new and updated tests
* documentation updates
* seeding device
* raid56 status
* CI updates
* docker images for various distros
- Update to 5.10.1
* static build works again
* other:
* add a way to test static binaries with the testsuite
* clarify scrub docs
* update dependencies, minimum version for libmount is 2.24, this may
change in the future
- Update to 5.10
* scrub status:
* print percentage of progress
* add size unit options
* fi usage: also print free space from statfs
* convert: copy full 64 bit timestamp from ext4 if availalble
* check:
* add ability to repair extent item generation
* new option to remove leftovers from inode number cache (-o inode_cache)
* check for already running exclusive operation (balance, device add/...)
when starting one
* preliminary json output support for 'device stats'
* fixes:
* subvolume set-default: id 0 correctly falls back to toplevel
* receive: align internal buffer to allow fast CRC calculation
* logical-resolve: distinguish -o subvol and bind mounts
* build: new dependency libmount
* other
* doc fixes and updates
* new tests
* ci on gitlab temporarily disabled
* debugging output enhancements
==== curl ====
Version update (7.74.0 -> 7.75.0)
Subpackages: libcurl4
- Harden build, enable full RELRO
- Never allow undefined symbols anywhere.
- Update to 7.75.0
* Changes:
- curl: add --create-file-mode [mode]
- curl: add new variables to --write-out
- dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
- gopher: implement secure gopher protocol
- http: add Hyper as new optional HTTP backend
- http: introduce AWS HTTP v4 Signature support
* Bugfixes:
- cmake: Add an option to disable libidn2
- cmake: enable gophers correctly in curl-config
- cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
- digest_sspi: Show InitializeSecurityContext errors in verbose mode
- getinfo: build with disabled HTTP support
- http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
- http_proxy: Fix CONNECT chunked encoding race condition
- httpauth: make multi-request auth work with custom port
- lib: pass in 'struct Curl_easy *' to most functions
- lib: remove Curl_ prefix from many static functions
- lib: save a bit of space with some structure packing
- libssh: avoid plain free() of libssh-memory
- mime: make sure setting MIMEPOST to NULL resets properly
- multi_runsingle: bail out early on data->conn == NULL
- ngtcp2: Fix http3 upload stall
- ngtcp2: Fix stack buffer overflow
- openssl: lowercase the hostname before using it for SNI
- socks: use the download buffer instead
- speedcheck: exclude paused transfers
- too?_writeout: fix the -w time output units
- url: if IDNA conversion fails, fallback to Transitional
- Refresh libcurl-ocloexec.patch
==== drbd ====
- bsc#1183429, compat to kernel v5.11
Add patch compat_to_v5_11.patch
==== file ====
Subpackages: file-magic libmagic1
- Remove patch file-5.12-zip.dif as it is upstream solved (boo#1183143)
==== git ====
Version update (2.30.1 -> 2.30.2)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk
- git 2.30.2:
* CVE-2021-21300: On case-insensitive file systems with support
for symbolic links, if Git is configured globally to apply
delay-capable clean/smudge filters (such as Git LFS), Git could
be fooled into running remote code during a clone (boo#1183026)
==== gpm ====
Subpackages: libgpm2
- remove unnecessary StandardOutput override in the unit definition
file. (bsc#1182147)
==== libaom ====
Version update (2.0.0 -> 2.0.2)
- Update to version 2.0.2:
* Prepare for the libaom v2.0.2 release
* Call av1_setup_frame_size() when dropping a frame
* Avoid memset in filter_intra_predictor module
* Fix a typo bug in apply_temporal_filter_planewise
* Modify the assertion in temporal filter intrinsics
* Fix unit test ThreadTestLarge.EncoderResultTest/49
* Add -Wimplicit-function-declaration as C flag only
* Update CHANGELOG for libaom v2.0.1
* Set allow_screen_content_tools to 0 in rt mode
* chroma_check: don't access UV planes if monochrome
==== libisofs ====
- Support building against libjte-1 or libjte-2.
==== liblastfm-qt5 ====
Version update (1.0.9+20150206 -> 1.1.0)
- fix version number (the existing tarball was actually tagged as 1.1.0)
==== libmysofa ====
Version update (1.1 -> 1.2)
- update to 1.2:
* CVE-2020-36151: Incorrect handling of input data in
mysofa_resampler_reset_mem function [boo#1181978]
* CVE-2020-36148: Incorrect handling of input data in
verifyAttribute function [boo#1181981]
* CVE-2020-36152: Buffer overflow in readDataVar in
hdf/dataobject.c [boo#1181977]
* CVE-2020-36150: Incorrect handling of input data in loudness
function [boo#1181979]
* CVE-2020-36149: Incorrect handling of input data in
changeAttribute function [boo#1181980]
* Steinberg audio enhancements for symmetrical HRTFs
==== libxfce4ui ====
Subpackages: libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0
- Build package with glade support
==== libxkbcommon ====
Version update (1.0.3 -> 1.1.0)
Subpackages: libxkbcommon-x11-0 libxkbcommon0
- Update to release 1.1.0
* Update keysym definitions to latest xorgproto. In particular,
this adds many special keysyms corresponding to Linux evdev
keycodes.
* New XKB_KEY_* definitions.
==== mozjs78 ====
Version update (78.7.0 -> 78.8.0)
- Update to version 78.8.0esr:
+ Fix build with Rust 1.50.
==== nano ====
Version update (5.6 -> 5.6.1)
Subpackages: nano-lang
- Fox signature sources
- Drop no longer needed scriplets
- GNU nano 5.6.1:
* Search matches are properly colorized in softwrap mode too
* Option 'highlightcolor' has been renamed to 'spotlightcolor'
==== openssl-1_1 ====
Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac
- Fix unresolved error codes [bsc#1182959]
- Update patches:
* openssl-1.1.1-fips.patch
* openssl-1.1.1-evp-kdf.patch
==== perl-HTML-Parser ====
Version update (3.75 -> 3.76)
- updated to 3.76
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.76 2021-03-04
* Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall
and Chase Whitener)
==== perl-URI ====
Version update (5.08 -> 5.09)
- updated to 5.09
see /usr/share/doc/packages/perl-URI/Changes
5.09 2021-03-03 15:16:47Z
- Update Business::ISBN version requirements (GH#85) (brian d foy and Olaf
Alders)
==== postfix ====
Subpackages: postfix-doc
- (bsc#1183305) - config.postfix uses db as suffix for postmaps
Depending on DEF_DB_TYPE uses lmdb or db
- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
still refers to /etc/services
Use getent to detect if smtps is already defined.
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion
pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth
pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf
pulseaudio-utils pulseaudio-zsh-completion
- Upstream fixes for supporting HFP in native backend (bsc#1167940):
0001-bluetooth-use-consistent-profile-names.patch
0002-bluetooth-separate-HSP-and-HFP.patch
0003-bluetooth-add-correct-HFP-rfcomm-negotiation.patch
0004-bluetooth-make-native-the-default-backend.patch
0005-bluetooth-enable-module-bluez5-discover-argument-ena.patch
0006-bluetooth-fix-headset-auto-ofono-handover.patch
0007-bluetooth-prefer-headset-HFP-HF-connection-with-nati.patch
0008-bluetooth-complete-bluetooth-profile-separation.patch
0009-bluetooth-use-device-flag-to-prevent-assertion-failu.patch
0010-bluetooth-rename-enable_hs_role-to-enable_shared_pro.patch
0011-bluetooth-clean-up-rfcomm_write-usage.patch
==== python-Pillow ====
Version update (8.1.0 -> 8.1.2)
- update to 8.1.2:
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923)
Image Plugins
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect
error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid
size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in
TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be
used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where
Pillow
did not properly check the reported size of the contained image. These images could
cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer,
Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been
fixed
==== python-Twisted ====
Version update (20.3.0 -> 21.2.0)
- Update to 21.2.0:
* Features
+ The enableSessions argument to twisted.internet.ssl.CertificateOptions now
+ actually enables/disables OpenSSL's session cache. Also, due to
+ session-related bugs, it defaults to False. (#9583)
+ twisted.internet.defer.inlineCallbacks and ensureDeferred will now associate a
contextvars.Context with the coroutines they run, meaning that ContextVar objects will
maintain their value within the same coroutine, similarly to asyncio Tasks. This
functionality requires Python 3.7+, or the contextvars PyPI backport to be installed for
Python 3.5-3.6. (#9719, #9826)
+ twisted.internet.defer.Deferred.fromCoroutine has been added. This is similar to the
existing ensureDeferred function, but is named more consistently inside Twisted and does
not pass through Deferreds. (#9825)
+ trial now allows the @unittest.skipIf decorator to specify that an entire test class
should be skipped. (#9829)
+ The twisted.python.deprecate.deprecatedKeywordParameter decorator can be used to
mark a keyword paramater of a function or method as deprecated. (#9844)
+ Projects using Twisted can now perform type checking against a Twisted
+ installation, for example using mypy. (#9908)
+ twisted.python.util.InsensitiveDict now fully implements MutableMapping. (#9919)
+ Python 3.8 is now tested and supported. (#9955)
+ Support a coroutine function in twisted.internet.task.react (#9974)
+ PyPy 3.7 is now tested and supported. (#10093)
* Bugfixes
+ twisted.web.twcgi.CGIProcessProtocol.processEnded(...) now handles an
already-finished request, for example when request.connectionLost(...) was called
previously. (#9468)
+ Twisted's dependency on PyHamcrest has been moved from the base package to the
new "test" extra. Consequently the test extra must be installed for
Twisted's test suite to pass. (#9509)
+ Fixed serialization of timedelta, date, and time objects in twisted.spread. (#9716)
+ twisted.internet.asyncioreactor.AsyncioSelectorReactor now raises an exception if
instantiated with an event loop which is not compatible with asyncio.SelectorEventLoop.
This fixes the AsyncioSelectorReactor in Python 3.8+ on Windows, where in bp-34687 the
default Windows asyncio event loop was changed to ProactorEventLoop. Applications that use
AsyncioSelectorReactor on Windows with Python 3.8+ must call
asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy()) before
instantiating and running AsyncioSelectorReactor. (#9766)
+ twisted.internet.process.registerReapProcessHandler and ._BaseProcess.reapProcess
will no longer raise a TypeError when processing a None PID (#9775)
+ INotify will close its file descriptor if a directory is automatically removed by
twisted from the watchlist because it's deleted, avoiding orphaned filedescriptors.
(#9777)
+ DelayedCall.reset() is now working properly with asyncioreactor (#9780)
+ AsyncioSelectorReactor.seconds() now correctly returns an epoch time. (#9787)
+ The _connDone parameter has been removed from
twisted.internet.abstract.FileDescriptor.loseConnection()'s signature in order to
match the signature in the base class twisted.internet._newtls.ConnectionMixin
loseConnection(). (#9849)
+ The Gtk3 reactor now runs on Wayland-only sessions (#9904)
+ Descriptive error messages from twisted.internet.error are now present when running
with 'python -OO'. (#9918)
+ Comparator methods such as eq() now always return NotImplemented for uncomparable
types. (#9919)
+ When installing Twisted it now requires a minimum Python 3.5.4 version to match the
version used with automated testing. This is the minimum Python version that we know that
Twisted works with. (#10098)
- Drop patches no-pygtkcompat.patch, python-38-hmac-digestmod.patch,
python-38-no-cgi-parseqs.patch, twisted-pr1369-remove-pyopenssl-npn.patch,
twisted-pr1487-increase-ffdh-keysize.patch and
test-mktime-invalid-tm_isdst.patch as they have been merged.
- Refresh other patches.
- Add no-cython_test_exception_raiser.patch to avoid another dependency.
- Update URL and make use of sitelib, not sitearch macros
==== python-pandas ====
Version update (1.2.2 -> 1.2.3)
- update to version 1.2.3:
* Fixed regressions
+ Fixed regression in to_excel() raising KeyError when giving
duplicate columns with columns attribute (GH39695)
+ Fixed regression in nullable integer unary ops propagating mask
on assignment (GH39943)
+ Fixed regression in DataFrame.__setitem__() not aligning
DataFrame on right-hand side for boolean indexer (GH39931)
+ Fixed regression in to_json() failing to use compression with
URL-like paths that are internally opened in binary mode or with
user-provided file objects that are opened in binary mode
(GH39985)
+ Fixed regression in Series.sort_index() and
DataFrame.sort_index(), which exited with an ungraceful error
when having kwarg ascending=None passed. Passing ascending=None
is still considered invalid, and the improved error message
suggests a proper usage (ascending must be a boolean or a
list-like of boolean) (GH39434)
+ Fixed regression in DataFrame.transform() and Series.transform()
giving incorrect column labels when passed a dictionary with a
mix of list and non-list values (GH40018)
==== python-pycurl ====
- Remove a failing test-case until fixed in curl:
* Upstream issue: https://github.com/curl/curl/issues/6615
==== python-zipp ====
Version update (3.4.0 -> 3.4.1)
- update to 3.4.1:
* refresh packaging
==== rebootmgr ====
Version update (1.3 -> 1.3.1)
- Update to version 1.3.1
- Move all dbus config files to /usr/share/dbus-1
==== salt ====
Subpackages: python3-salt salt-master salt-minion
- virt.network_update: handle missing ipv4 netmask attribute
- Added:
* virt.network_update-handle-missing-ipv4-netmask-attr.patch
- Set distro requirement to oldest supported version in requirements/base.txt
- Added:
* 3002-set-distro-requirement-to-oldest-supported-vers.patch
- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Don't require python3-certifi
- Added:
* do-not-monkey-patch-yaml-bsc-1177474.patch
- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
* prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
==== sddm ====
Subpackages: sddm-branding-openSUSE
- Add patch to reintroduce /etc/profile reading if fish is shell:
* 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch
==== shaderc ====
Version update (2020.4 -> 2020.5)
- Update to release 2020.5
* Support newer glslang
==== snapper ====
Subpackages: libsnapper5 snapper-zypp-plugin
- updated translations (bsc#1149754)
==== sssd ====
Version update (2.4.0 -> 2.4.2)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common
sssd-ldap
- Update to release 2.4.2
* Default value of "user" config option was fixed into
accordance with man page, i.e. default is "root".
* pam_sss_gss now support authentication indicators to further
harden the authentication.
- Pass --with-pid-path=%{_rundir} to configure: adjust rundir
according the distro settings, i.e. /run on modern systems.
Eliminates a systemd warning like this one in the journal:
Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13:
PIDFile= references a path below legacy directory /var/run/,
updating /var/run/sssd.pid ? /run/sssd.pid; please update the unit file accordingly.
- Update to release 2.4.1
* New PAM module pam_sss_gss for authentication using GSSAPI.
* case_sensitive=Preserving can now be set for trusted domains
with AD and IPA providers.
* krb5_use_subdomain_realm=True can now be used when sub-domain
user principal names have upnSuffixes which are not known in
the parent domain. SSSD will try to send the Kerberos request
directly to a KDC of the sub-domain.
* SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald
output, to avoid issues with PID parsing in rsyslog
(BSD-style forwarder) output.
* Added pam_gssapi_check_upn to enforce authentication only
with principal that can be associated with target user.
* Added pam_gssapi_services to list PAM services that can
authenticate using GSSAPI.
==== vmaf ====
Version update (2.1.0 -> 2.1.1)
- update to 2.1.1:
* Fixes a SSIM/MS-SSIM precision bug where a lossless comparison did not
always result in a perfect 1.0 score. (#796).
* Adds feature extractor options to clip the dB scores for both PSNR/SSIM.
- -aom_ctc v1.0 has been updated to use these clipping options according to
the AOM CTC. (#802).
- disable LTO build (fails at least since 2.1.0)
==== wpa_supplicant ====
Subpackages: wpa_supplicant-gui
- Fix systemd device ready dependencies in wpa_supplicant@.service file.
(see:
https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fa…)
==== yast2 ====
Version update (4.3.56 -> 4.3.59)
Subpackages: yast2-logs
- Use meaningful button labels when asking the user if would like
to continue when an installation client is missing
(related to bsc#1180594).
- 4.3.59
- save_y2logs: Make modified content of log files just warning
instead of fatal (bsc#1182710 see comment 2)
- 4.3.58
- Ask the user if would like to continue when an installation
client is missing (related to bsc#1180594).
- 4.3.57
36
days inactive
36
days old
0 comments
1 participants
participants (1)
-
Dominique Leuenberger