December 2020 - openSUSE Kubic - openSUSE Mailing Lists

COW/noCOW on MicroOS Desktop /home subvolume
by Dario Faggioli 23 Mar '21

23 Mar '21

Hello, I've finally had the chance to put in a VM an instance of MicroOS Desktop with the new partition layout and. IMO, the fact that it has /var in a (nocow) subvolume is really a big improvement, so thanks Richard for that! We have /home in a subvolume too, which is also great, and it as well has the nocow flag set. I know this mostly come from a conversation we had on #microos-desktop on IRC but thinking more about that, and discussing this with some users, I wonder whether it is really the best choice. I mean, it sure is ok for /var, but for /home, using nocow means that we give up on some of the nicer BTRFS features, especially for home folders, wouldn't it? That might be especially true for MicroOS Desktop. E.g., think at being able to compress (if not the entire home directories or the entire subvolume) the user installed flatpaks (and using that as an argument "against" those that are still complaining that <Ah, but flatpaks takes a lot of space on disk!>> :-D). So, are there reasons why it's really preferable to keep the /home subvolume as nocow and I'm missing them? Or shall we switch it to cow? Also, while there, shall we evaluate adding other flags by default (i.e., things like autodefrag, or even compression itself)? E.g., AFAIUI, on Fedora, while not doing that right now, they're considering doing something like that, e.g.: https://pagure.io/fedora-btrfs/project/issue/5 Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

3 4

[opensuse-kubic] MicroOS error when setting container memory limit
by Sébastien 'sogal' Poher 11 Mar '21

11 Mar '21

Hi, On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error: Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ? If so, what is the proper way to update Grub config on a RO filesystem ? podman version 2.0.4 podman info (ociRuntime part): ociRuntime: name: runc package: runc-1.0.0~rc91-1.2.x86_64 path: /usr/bin/runc version: |- runc version 1.0.0-rc91 spec: 1.0.2-dev Regards, -- Sébastien 'sogal' Poher > When there's no more room at school, the dumb will walk the Earth!

5 10

Fish completions for kubernetes-client
by Robert Munteanu 14 Jan '21

14 Jan '21

Hi, The kubernetes-client package does not come with completions for fish. There is a long history upstream and in the fish shell itself but with no real conclusion: - https://github.com/fish-shell/fish-shell/issues/5516 - https://github.com/kubernetes/kubernetes/issues/30763 - https://github.com/kubernetes/kubernetes/pull/58484 - https://github.com/kubernetes/kubectl/issues/576 In the meantime, there is a third-party completion script that works reasonably well: https://github.com/evanlucas/fish-kubectl-completions I would like to package and submit this completion. I see two options: - add it as a source to the kubernetes-1.20 package - submit it as a separate kubernetes-client-fish-completion package and add supplements as usual, but without version ranges. Any thoughts on whether this is desirable and which option would be preferred? Thanks, Robert

3 4

New MicroOS snapshot 20201229 released!
by Richard Brown 30 Dec '20

30 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: libva (2.9.1 -> 2.10.0) === Details === ==== libva ==== Version update (2.9.1 -> 2.10.0) Subpackages: libva-drm2 libva2 - update to 2.10.0: * add: Pass offset and size of pred_weight_table * add: add vaCopy interface to copy surface and buffer * add: add definition for different execution * add: New parameters for transport controlled BRC were added * add: add FreeBSD support * add: add a bufer type to adjust context priority dynamically * fix: correct the api version in meson.build * fix: remove deprecated variable from va_trace.c * fix: Use va_deprecated for the deprecate variable * fix: Mark chroma_sample_position as deprecated * doc: va_dec_av1: clarifies CDEF syntax element packing * doc: [AV1] Update documented ranges for loop filter and quantization params. * doc: Update va.h for multi-threaded usages * trace: va/va_trace: ignore system gettid() on Linux

1 0

New MicroOS snapshot 20201228 released!
by Richard Brown 29 Dec '20

29 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cantarell-fonts (0.201 -> 0.301) cyrus-sasl ell (0.33 -> 0.35) kio libhandy (1.0.2 -> 1.0.3) mpg123 (1.26.3 -> 1.26.4) === Details === ==== cantarell-fonts ==== Version update (0.201 -> 0.301) - Update to version 0.301: + Oopsie-release: The last one was missing PostScript names for the new glyphs. Only relevant for when extracting text from PDFs where the generator omitted the text stream. + Rounded coordinates of macronbelowcomb.narrow and macroncomb.narrow.case. Leftovers from when they were scaled components. + Internal: Removed stale layers and data, added normalization script to prune unnecessary data. import-glyphs.py also imports PostScript names now. - Update to version 0.300: + Import Greek glyph set designed by Florian Fecher for GSoC 2018. No kerning, might need a slight respacing. Imported anyway because someting is better than nothing. + Correct positioning of dotaccentcomb.case. + Correct mark positioning in caroncomb.case. + Correct appearance of ustraightstroke in variable font, the overlap became visible at smaller, autohinted sizes. + Correct bar positioning in Ustraightstroke and ustraightstroke. + Correct anchor positioning in Y. + Internal: Consolidate various anchors in composites into the base outline glyphs, to reduce the chance they get out sync. + Updated translations. ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - Remove Berkeley DB dependency (JIRA#SLE-12190) The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build without Berkely DB support. gdbm will be used instead of BDB. The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don?t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h - removed patches obsoleted by upstream changes: * shared_link_on_ppc.patch * cyrus-sasl-2.1.27-openssl-1.1.0.patch * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * 0003-Check-return-error-from-gss_wrap_size_limit.patch * 0004-Add-support-for-retrieving-the-mech_ssf.patch * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch * cyrus-sasl-fix-logging-in-gssapi.patch - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch ==== ell ==== Version update (0.33 -> 0.35) - Update to release 0.35 * Add support for DHCP v6 Rapid Commit. * Add support for ICMP v6 implementation. * Add support for PKCS#1 formatted private keys. ==== kio ==== Subpackages: kio-core - Add upstream patch to prevent crashing when using "apply to all" in the move/copy/overwrite dialog (kde#430374): * 0001-RenameDialog-Add-missing-nullptr-initialization.patch ==== libhandy ==== Version update (1.0.2 -> 1.0.3) Subpackages: libhandy-1-0 typelib-1_0-Handy-1_0 - Update to version 1.0.3: + Fix build warnings with newer GCC. + HdyActionRow: Clarify hdy_action_row_get_icon_name() documentation. + HdyCarousel: Fix drawing cache invalidation on resize. + HdyComboRow: Use the right checkmark icon. + HdyLeaflet and HdyDeck: Increase the edge swipe area size. + HdyKeypad: Fix typing the '+' symbol. + HdyPreferencesGroup: - Fix a memory leak when destroying the widget. - Don't show empty title and description when using gtk_widget_show_all(). + HdySwipeTracker: - Correctly transform widget coordinates for touchpad swipes. - Fix a memory leak. ==== mpg123 ==== Version update (1.26.3 -> 1.26.4) - Update to version 1.26.4 * Clarify seeking documentation regarding samples and PCM frames. * Fix cmake build to install fmt123.h. * Some cmake build fixes, tinyalsa addition by Maarten. * libmpg123: explicitly handle some irrelevant corner cases in tabinit

1 0

New Kubic snapshot 20201228 released!
by Richard Brown 29 Dec '20

29 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cyrus-sasl === Details === ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - Remove Berkeley DB dependency (JIRA#SLE-12190) The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build without Berkely DB support. gdbm will be used instead of BDB. The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build with Berkely DB support. - Update to 2.1.27 * Added support for OpenSSL 1.1 * Added support for lmdb * Lots of build fixes * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: Added support for SCRAM-SHA-256 * LOGIN plugin: Don?t prompt client for password until requested by server * NTLM plugin: Fixed crash due to uninitialized HMAC context - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - bsc#983938 `After=syslog.target` left-overs in several unit files - added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h - removed patches obsoleted by upstream changes: * shared_link_on_ppc.patch * cyrus-sasl-2.1.27-openssl-1.1.0.patch * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * 0003-Check-return-error-from-gss_wrap_size_limit.patch * 0004-Add-support-for-retrieving-the-mech_ssf.patch * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch * cyrus-sasl-fix-logging-in-gssapi.patch - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch

1 0

New MicroOS snapshot 20201226 released!
by Richard Brown 28 Dec '20

28 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: libtirpc (1.2.6 -> 1.3.1) === Details === ==== libtirpc ==== Version update (1.2.6 -> 1.3.1) Subpackages: libtirpc-netconfig libtirpc3 - Fix sed call to fixup libtirpc.pc.in: as we want our tirpc to be a transparent drop-in-replacement for rpc, we move the files from /usr/include/tirpc to /usr/include. Due to an upstream change in libtirpc.pc.in, though, the existing sed call no longer matched and no longer corrected the information according to our package. - Update to libtirpc 1.3.1 - Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. - svc_dg: Free xp_netid during destroy - Fix memory management issues of fd locks - libtirpc: replace array with list for per-fd locks - __svc_vc_dodestroy: fix double free of xp_ltaddr.buf - __rpc_dtbsize: rlim_cur instead of rlim_max - pkg-config: use the correct replacements for libdir/includedir

1 0

New Kubic snapshot 20201226 released!
by Richard Brown 28 Dec '20

28 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: libtirpc (1.2.6 -> 1.3.1) === Details === ==== libtirpc ==== Version update (1.2.6 -> 1.3.1) Subpackages: libtirpc-netconfig libtirpc3 - Fix sed call to fixup libtirpc.pc.in: as we want our tirpc to be a transparent drop-in-replacement for rpc, we move the files from /usr/include/tirpc to /usr/include. Due to an upstream change in libtirpc.pc.in, though, the existing sed call no longer matched and no longer corrected the information according to our package. - Update to libtirpc 1.3.1 - Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. - svc_dg: Free xp_netid during destroy - Fix memory management issues of fd locks - libtirpc: replace array with list for per-fd locks - __svc_vc_dodestroy: fix double free of xp_ltaddr.buf - __rpc_dtbsize: rlim_cur instead of rlim_max - pkg-config: use the correct replacements for libdir/includedir

1 0

New MicroOS snapshot 20201224 released!
by Richard Brown 25 Dec '20

25 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: boost-base dolphin gtk2 (2.24.32+70 -> 2.24.33) mozilla-nss (3.58 -> 3.59) plasma5-desktop python-importlib-metadata (3.1.1 -> 3.3.0) python-more-itertools (8.5.0 -> 8.6.0) python-pyOpenSSL sudo (1.9.4 -> 1.9.4p2) timezone (2020d -> 2020e) xmlsec1 (1.2.30 -> 1.2.31) === Details === ==== boost-base ==== Subpackages: boost-license1_75_0 libboost_thread1_75_0 - libboost_nowide now uses same pattern of Provides/Conflicts and version numbers as other Boost libraries - Add missing conflicts for Boost 1.66 - Boost.Build (jam) implementation is now obsoletes older versions ==== dolphin ==== Subpackages: dolphin-part libdolphinvcs5 - Add upstream patch to fix crash on launch (kde#429628, kde#430434): * 0001-Fix-access-url-navigator-while-creating-new-tab-in-f.patch ==== gtk2 ==== Version update (2.24.32+70 -> 2.24.33) Subpackages: gtk2-tools libgtk-2_0-0 - Update to version 2.24.33: + This is the final GTK 2.x release. There will be no more updates to GTK 2. All users are encouraged to update to GTK 3 or 4. + Make the output of gtk-query-immodules deterministic. + GtkCalendar: Use %OB if supported. + GtkIconTheme: prefer exact matches. + build: - Support automake 1.16. - Fix compiler warnings with newer gcc. ==== mozilla-nss ==== Version update (3.58 -> 3.59) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.59 Notable changes * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. ==== plasma5-desktop ==== - Add upstream patch to fix keyboard repeat settings not being applied immediately (boo#1164739, kde#418175): * Reparse-the-key-repeat-rate-config-when-we-try-to-load-it.patch ==== python-importlib-metadata ==== Version update (3.1.1 -> 3.3.0) - New version requires typing_extensions for Python < 3.8 (Leap and TW python36 flavor) - update to 3.3.0: * * #265: ``EntryPoint`` objects now expose a ``.dist`` object referencing the ``Distribution`` when constructed from a Distribution. * The object returned by ``metadata()`` now has a formally-defined protocol called ``PackageMetadata`` with declared support for the ``.get_all()`` method. Fixes #126. - add typing-extensions dependency for older python versions ==== python-more-itertools ==== Version update (8.5.0 -> 8.6.0) - update to 8.6.0: * :func:`all_unique` (thanks to brianmaissy) * :func:`nth_product` and :func:`nth_permutation` (thanks to N8Brooks) * :func:`chunked` and :func:`sliced` now accept a ``strict`` parameter (thanks to shlomif and jtwool) * Python 3.5 has reached its end of life and is no longer supported. * Python 3.9 is officially supported. ==== python-pyOpenSSL ==== - Adjust metadata for skip-networked-test.patch and refer to the proper upstream ticket gh#pyca/pyopenssl#68. ==== sudo ==== Version update (1.9.4 -> 1.9.4p2) - Update to 1.9.4p2 * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash if the sudoers file contains a runas user-specific Defaults entry. Bug #951. - News in 1.9.4p1 * Fixed a regression introduced in version 1.9.4 where sudo would not build when configured using the --without-sendmail option. Bug #947. * Fixed a problem where if I/O logging was disabled and sudo was unable to connect to sudo_logsrvd, the command would still be allowed to run even when the "ignore_logfile_errors" sudoers option was enabled. * Fixed a crash introduced in version 1.9.4 when attempting to run a command as a non-existent user. Bug #948. * The installed sudo.conf file now has the default sudoers Plugin lines commented out. This fixes a potential conflict when there is both a system-installed version of sudo and a user-installed version. GitHub issue #75. * Fixed a regression introduced in sudo 1.9.4 where sudo would run the command as a child process even when a pseudo-terminal was not in use and the "pam_session" and "pam_setcred" options were disabled. GitHub issue #76. * Fixed a regression introduced in sudo 1.8.9 where the "closefrom" sudoers option could not be set to a value of 3. Bug #950. ==== timezone ==== Version update (2020d -> 2020e) - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ==== xmlsec1 ==== Version update (1.2.30 -> 1.2.31) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Update to version 1.2.31: + Unload error strings in OpenSSL shutdown. + Make userData available when executing preExecCallback function. + Add an option to use secure memset. - Pass --disable-md5 to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1

1 0

New Kubic snapshot 20201224 released!
by Richard Brown 25 Dec '20

25 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: boost-base mozilla-nss (3.58 -> 3.59) python-importlib-metadata (3.1.1 -> 3.3.0) python-more-itertools (8.5.0 -> 8.6.0) python-pyOpenSSL sudo (1.9.4 -> 1.9.4p2) timezone (2020d -> 2020e) xmlsec1 (1.2.30 -> 1.2.31) === Details === ==== boost-base ==== Subpackages: boost-license1_75_0 libboost_thread1_75_0 - libboost_nowide now uses same pattern of Provides/Conflicts and version numbers as other Boost libraries - Add missing conflicts for Boost 1.66 - Boost.Build (jam) implementation is now obsoletes older versions ==== mozilla-nss ==== Version update (3.58 -> 3.59) - update to NSS 3.59 Notable changes * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. ==== python-importlib-metadata ==== Version update (3.1.1 -> 3.3.0) - New version requires typing_extensions for Python < 3.8 (Leap and TW python36 flavor) - update to 3.3.0: * * #265: ``EntryPoint`` objects now expose a ``.dist`` object referencing the ``Distribution`` when constructed from a Distribution. * The object returned by ``metadata()`` now has a formally-defined protocol called ``PackageMetadata`` with declared support for the ``.get_all()`` method. Fixes #126. - add typing-extensions dependency for older python versions ==== python-more-itertools ==== Version update (8.5.0 -> 8.6.0) - update to 8.6.0: * :func:`all_unique` (thanks to brianmaissy) * :func:`nth_product` and :func:`nth_permutation` (thanks to N8Brooks) * :func:`chunked` and :func:`sliced` now accept a ``strict`` parameter (thanks to shlomif and jtwool) * Python 3.5 has reached its end of life and is no longer supported. * Python 3.9 is officially supported. ==== python-pyOpenSSL ==== - Adjust metadata for skip-networked-test.patch and refer to the proper upstream ticket gh#pyca/pyopenssl#68. ==== sudo ==== Version update (1.9.4 -> 1.9.4p2) - Update to 1.9.4p2 * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash if the sudoers file contains a runas user-specific Defaults entry. Bug #951. - News in 1.9.4p1 * Fixed a regression introduced in version 1.9.4 where sudo would not build when configured using the --without-sendmail option. Bug #947. * Fixed a problem where if I/O logging was disabled and sudo was unable to connect to sudo_logsrvd, the command would still be allowed to run even when the "ignore_logfile_errors" sudoers option was enabled. * Fixed a crash introduced in version 1.9.4 when attempting to run a command as a non-existent user. Bug #948. * The installed sudo.conf file now has the default sudoers Plugin lines commented out. This fixes a potential conflict when there is both a system-installed version of sudo and a user-installed version. GitHub issue #75. * Fixed a regression introduced in sudo 1.9.4 where sudo would run the command as a child process even when a pseudo-terminal was not in use and the "pam_session" and "pam_setcred" options were disabled. GitHub issue #76. * Fixed a regression introduced in sudo 1.8.9 where the "closefrom" sudoers option could not be set to a value of 3. Bug #950. ==== timezone ==== Version update (2020d -> 2020e) - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ==== xmlsec1 ==== Version update (1.2.30 -> 1.2.31) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Update to version 1.2.31: + Unload error strings in OpenSSL shutdown. + Make userData available when executing preExecCallback function. + Add an option to use secure memset. - Pass --disable-md5 to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1

1 0