Packages changed: MozillaThunderbird (78.8.0 -> 78.8.1) bison (3.7.5 -> 3.7.6) btrfsprogs (5.9 -> 5.11) curl (7.74.0 -> 7.75.0) drbd file git (2.30.1 -> 2.30.2) gpm libaom (2.0.0 -> 2.0.2) libisofs liblastfm-qt5 (1.0.9+20150206 -> 1.1.0) libmysofa (1.1 -> 1.2) libxfce4ui libxkbcommon (1.0.3 -> 1.1.0) mozjs78 (78.7.0 -> 78.8.0) nano (5.6 -> 5.6.1) openssl-1_1 perl-HTML-Parser (3.75 -> 3.76) perl-URI (5.08 -> 5.09) postfix pulseaudio python-Pillow (8.1.0 -> 8.1.2) python-Twisted (20.3.0 -> 21.2.0) python-pandas (1.2.2 -> 1.2.3) python-pycurl python-zipp (3.4.0 -> 3.4.1) rebootmgr (1.3 -> 1.3.1) salt sddm shaderc (2020.4 -> 2020.5) snapper sssd (2.4.0 -> 2.4.2) vmaf (2.1.0 -> 2.1.1) wpa_supplicant yast2 (4.3.56 -> 4.3.59) === Details === ==== MozillaThunderbird ==== Version update (78.8.0 -> 78.8.1) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 78.8.1 * several bugfixes and improvements * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/ - updated create-tar.sh (bsc#1182357) ==== bison ==== Version update (3.7.5 -> 3.7.6) Subpackages: bison-lang - GNU bison 3.7.6: * Fix reused push parsers * Fix table generation ==== btrfsprogs ==== Version update (5.9 -> 5.11) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.11 * fix device path canonicalization for device mapper devices * receive: remove workaround for setting capabilities, all stable kernels have been patched * receive: fix duplicate mount path detection * rescue: new subcommand create-control-device * device stats: minor fix for plain text format output * build: detect if e2fsprogs support 64bit timestamps * build: drop libmount, required functionality has been reimplemented * mkfs: warn when raid56 is used * balance convert: warn when raid56 is used * other * new and updated tests * documentation updates * seeding device * raid56 status * CI updates * docker images for various distros - Update to 5.10.1 * static build works again * other: * add a way to test static binaries with the testsuite * clarify scrub docs * update dependencies, minimum version for libmount is 2.24, this may change in the future - Update to 5.10 * scrub status: * print percentage of progress * add size unit options * fi usage: also print free space from statfs * convert: copy full 64 bit timestamp from ext4 if availalble * check: * add ability to repair extent item generation * new option to remove leftovers from inode number cache (-o inode_cache) * check for already running exclusive operation (balance, device add/...) when starting one * preliminary json output support for 'device stats' * fixes: * subvolume set-default: id 0 correctly falls back to toplevel * receive: align internal buffer to allow fast CRC calculation * logical-resolve: distinguish -o subvol and bind mounts * build: new dependency libmount * other * doc fixes and updates * new tests * ci on gitlab temporarily disabled * debugging output enhancements ==== curl ==== Version update (7.74.0 -> 7.75.0) Subpackages: libcurl4 - Harden build, enable full RELRO - Never allow undefined symbols anywhere. - Update to 7.75.0 * Changes: - curl: add --create-file-mode [mode] - curl: add new variables to --write-out - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - gopher: implement secure gopher protocol - http: add Hyper as new optional HTTP backend - http: introduce AWS HTTP v4 Signature support * Bugfixes: - cmake: Add an option to disable libidn2 - cmake: enable gophers correctly in curl-config - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - digest_sspi: Show InitializeSecurityContext errors in verbose mode - getinfo: build with disabled HTTP support - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - http_proxy: Fix CONNECT chunked encoding race condition - httpauth: make multi-request auth work with custom port - lib: pass in 'struct Curl_easy *' to most functions - lib: remove Curl_ prefix from many static functions - lib: save a bit of space with some structure packing - libssh: avoid plain free() of libssh-memory - mime: make sure setting MIMEPOST to NULL resets properly - multi_runsingle: bail out early on data->conn == NULL - ngtcp2: Fix http3 upload stall - ngtcp2: Fix stack buffer overflow - openssl: lowercase the hostname before using it for SNI - socks: use the download buffer instead - speedcheck: exclude paused transfers - too?_writeout: fix the -w time output units - url: if IDNA conversion fails, fallback to Transitional - Refresh libcurl-ocloexec.patch ==== drbd ==== - bsc#1183429, compat to kernel v5.11 Add patch compat_to_v5_11.patch ==== file ==== Subpackages: file-magic libmagic1 - Remove patch file-5.12-zip.dif as it is upstream solved (boo#1183143) ==== git ==== Version update (2.30.1 -> 2.30.2) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - git 2.30.2: * CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (boo#1183026) ==== gpm ==== Subpackages: libgpm2 - remove unnecessary StandardOutput override in the unit definition file. (bsc#1182147) ==== libaom ==== Version update (2.0.0 -> 2.0.2) - Update to version 2.0.2: * Prepare for the libaom v2.0.2 release * Call av1_setup_frame_size() when dropping a frame * Avoid memset in filter_intra_predictor module * Fix a typo bug in apply_temporal_filter_planewise * Modify the assertion in temporal filter intrinsics * Fix unit test ThreadTestLarge.EncoderResultTest/49 * Add -Wimplicit-function-declaration as C flag only * Update CHANGELOG for libaom v2.0.1 * Set allow_screen_content_tools to 0 in rt mode * chroma_check: don't access UV planes if monochrome ==== libisofs ==== - Support building against libjte-1 or libjte-2. ==== liblastfm-qt5 ==== Version update (1.0.9+20150206 -> 1.1.0) - fix version number (the existing tarball was actually tagged as 1.1.0) ==== libmysofa ==== Version update (1.1 -> 1.2) - update to 1.2: * CVE-2020-36151: Incorrect handling of input data in mysofa_resampler_reset_mem function [boo#1181978] * CVE-2020-36148: Incorrect handling of input data in verifyAttribute function [boo#1181981] * CVE-2020-36152: Buffer overflow in readDataVar in hdf/dataobject.c [boo#1181977] * CVE-2020-36150: Incorrect handling of input data in loudness function [boo#1181979] * CVE-2020-36149: Incorrect handling of input data in changeAttribute function [boo#1181980] * Steinberg audio enhancements for symmetrical HRTFs ==== libxfce4ui ==== Subpackages: libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0 - Build package with glade support ==== libxkbcommon ==== Version update (1.0.3 -> 1.1.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 - Update to release 1.1.0 * Update keysym definitions to latest xorgproto. In particular, this adds many special keysyms corresponding to Linux evdev keycodes. * New XKB_KEY_* definitions. ==== mozjs78 ==== Version update (78.7.0 -> 78.8.0) - Update to version 78.8.0esr: + Fix build with Rust 1.50. ==== nano ==== Version update (5.6 -> 5.6.1) Subpackages: nano-lang - Fox signature sources - Drop no longer needed scriplets - GNU nano 5.6.1: * Search matches are properly colorized in softwrap mode too * Option 'highlightcolor' has been renamed to 'spotlightcolor' ==== openssl-1_1 ==== Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - Fix unresolved error codes [bsc#1182959] - Update patches: * openssl-1.1.1-fips.patch * openssl-1.1.1-evp-kdf.patch ==== perl-HTML-Parser ==== Version update (3.75 -> 3.76) - updated to 3.76 see /usr/share/doc/packages/perl-HTML-Parser/Changes 3.76 2021-03-04 * Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall and Chase Whitener) ==== perl-URI ==== Version update (5.08 -> 5.09) - updated to 5.09 see /usr/share/doc/packages/perl-URI/Changes 5.09 2021-03-03 15:16:47Z - Update Business::ISBN version requirements (GH#85) (brian d foy and Olaf Alders) ==== postfix ==== Subpackages: postfix-doc - (bsc#1183305) - config.postfix uses db as suffix for postmaps Depending on DEF_DB_TYPE uses lmdb or db - (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix still refers to /etc/services Use getent to detect if smtps is already defined. ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion - Upstream fixes for supporting HFP in native backend (bsc#1167940): 0001-bluetooth-use-consistent-profile-names.patch 0002-bluetooth-separate-HSP-and-HFP.patch 0003-bluetooth-add-correct-HFP-rfcomm-negotiation.patch 0004-bluetooth-make-native-the-default-backend.patch 0005-bluetooth-enable-module-bluez5-discover-argument-ena.patch 0006-bluetooth-fix-headset-auto-ofono-handover.patch 0007-bluetooth-prefer-headset-HFP-HF-connection-with-nati.patch 0008-bluetooth-complete-bluetooth-profile-separation.patch 0009-bluetooth-use-device-flag-to-prevent-assertion-failu.patch 0010-bluetooth-rename-enable_hs_role-to-enable_shared_pro.patch 0011-bluetooth-clean-up-rfcomm_write-usage.patch ==== python-Pillow ==== Version update (8.1.0 -> 8.1.2) - update to 8.1.2: - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins - Update to 8.1.1 Security * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c. * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0. There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu. Other Changes A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed ==== python-Twisted ==== Version update (20.3.0 -> 21.2.0) - Update to 21.2.0: * Features + The enableSessions argument to twisted.internet.ssl.CertificateOptions now + actually enables/disables OpenSSL's session cache. Also, due to + session-related bugs, it defaults to False. (#9583) + twisted.internet.defer.inlineCallbacks and ensureDeferred will now associate a contextvars.Context with the coroutines they run, meaning that ContextVar objects will maintain their value within the same coroutine, similarly to asyncio Tasks. This functionality requires Python 3.7+, or the contextvars PyPI backport to be installed for Python 3.5-3.6. (#9719, #9826) + twisted.internet.defer.Deferred.fromCoroutine has been added. This is similar to the existing ensureDeferred function, but is named more consistently inside Twisted and does not pass through Deferreds. (#9825) + trial now allows the @unittest.skipIf decorator to specify that an entire test class should be skipped. (#9829) + The twisted.python.deprecate.deprecatedKeywordParameter decorator can be used to mark a keyword paramater of a function or method as deprecated. (#9844) + Projects using Twisted can now perform type checking against a Twisted + installation, for example using mypy. (#9908) + twisted.python.util.InsensitiveDict now fully implements MutableMapping. (#9919) + Python 3.8 is now tested and supported. (#9955) + Support a coroutine function in twisted.internet.task.react (#9974) + PyPy 3.7 is now tested and supported. (#10093) * Bugfixes + twisted.web.twcgi.CGIProcessProtocol.processEnded(...) now handles an already-finished request, for example when request.connectionLost(...) was called previously. (#9468) + Twisted's dependency on PyHamcrest has been moved from the base package to the new "test" extra. Consequently the test extra must be installed for Twisted's test suite to pass. (#9509) + Fixed serialization of timedelta, date, and time objects in twisted.spread. (#9716) + twisted.internet.asyncioreactor.AsyncioSelectorReactor now raises an exception if instantiated with an event loop which is not compatible with asyncio.SelectorEventLoop. This fixes the AsyncioSelectorReactor in Python 3.8+ on Windows, where in bp-34687 the default Windows asyncio event loop was changed to ProactorEventLoop. Applications that use AsyncioSelectorReactor on Windows with Python 3.8+ must call asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy()) before instantiating and running AsyncioSelectorReactor. (#9766) + twisted.internet.process.registerReapProcessHandler and ._BaseProcess.reapProcess will no longer raise a TypeError when processing a None PID (#9775) + INotify will close its file descriptor if a directory is automatically removed by twisted from the watchlist because it's deleted, avoiding orphaned filedescriptors. (#9777) + DelayedCall.reset() is now working properly with asyncioreactor (#9780) + AsyncioSelectorReactor.seconds() now correctly returns an epoch time. (#9787) + The _connDone parameter has been removed from twisted.internet.abstract.FileDescriptor.loseConnection()'s signature in order to match the signature in the base class twisted.internet._newtls.ConnectionMixin loseConnection(). (#9849) + The Gtk3 reactor now runs on Wayland-only sessions (#9904) + Descriptive error messages from twisted.internet.error are now present when running with 'python -OO'. (#9918) + Comparator methods such as eq() now always return NotImplemented for uncomparable types. (#9919) + When installing Twisted it now requires a minimum Python 3.5.4 version to match the version used with automated testing. This is the minimum Python version that we know that Twisted works with. (#10098) - Drop patches no-pygtkcompat.patch, python-38-hmac-digestmod.patch, python-38-no-cgi-parseqs.patch, twisted-pr1369-remove-pyopenssl-npn.patch, twisted-pr1487-increase-ffdh-keysize.patch and test-mktime-invalid-tm_isdst.patch as they have been merged. - Refresh other patches. - Add no-cython_test_exception_raiser.patch to avoid another dependency. - Update URL and make use of sitelib, not sitearch macros ==== python-pandas ==== Version update (1.2.2 -> 1.2.3) - update to version 1.2.3: * Fixed regressions + Fixed regression in to_excel() raising KeyError when giving duplicate columns with columns attribute (GH39695) + Fixed regression in nullable integer unary ops propagating mask on assignment (GH39943) + Fixed regression in DataFrame.__setitem__() not aligning DataFrame on right-hand side for boolean indexer (GH39931) + Fixed regression in to_json() failing to use compression with URL-like paths that are internally opened in binary mode or with user-provided file objects that are opened in binary mode (GH39985) + Fixed regression in Series.sort_index() and DataFrame.sort_index(), which exited with an ungraceful error when having kwarg ascending=None passed. Passing ascending=None is still considered invalid, and the improved error message suggests a proper usage (ascending must be a boolean or a list-like of boolean) (GH39434) + Fixed regression in DataFrame.transform() and Series.transform() giving incorrect column labels when passed a dictionary with a mix of list and non-list values (GH40018) ==== python-pycurl ==== - Remove a failing test-case until fixed in curl: * Upstream issue: https://github.com/curl/curl/issues/6615 ==== python-zipp ==== Version update (3.4.0 -> 3.4.1) - update to 3.4.1: * refresh packaging ==== rebootmgr ==== Version update (1.3 -> 1.3.1) - Update to version 1.3.1 - Move all dbus config files to /usr/share/dbus-1 ==== salt ==== Subpackages: python3-salt salt-master salt-minion - virt.network_update: handle missing ipv4 netmask attribute - Added: * virt.network_update-handle-missing-ipv4-netmask-attr.patch - Set distro requirement to oldest supported version in requirements/base.txt - Added: * 3002-set-distro-requirement-to-oldest-supported-vers.patch - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi - Added: * do-not-monkey-patch-yaml-bsc-1177474.patch - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Added: * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE - Add patch to reintroduce /etc/profile reading if fish is shell: * 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch ==== shaderc ==== Version update (2020.4 -> 2020.5) - Update to release 2020.5 * Support newer glslang ==== snapper ==== Subpackages: libsnapper5 snapper-zypp-plugin - updated translations (bsc#1149754) ==== sssd ==== Version update (2.4.0 -> 2.4.2) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Update to release 2.4.2 * Default value of "user" config option was fixed into accordance with man page, i.e. default is "root". * pam_sss_gss now support authentication indicators to further harden the authentication. - Pass --with-pid-path=%{_rundir} to configure: adjust rundir according the distro settings, i.e. /run on modern systems. Eliminates a systemd warning like this one in the journal: Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13: PIDFile= references a path below legacy directory /var/run/, updating /var/run/sssd.pid ? /run/sssd.pid; please update the unit file accordingly. - Update to release 2.4.1 * New PAM module pam_sss_gss for authentication using GSSAPI. * case_sensitive=Preserving can now be set for trusted domains with AD and IPA providers. * krb5_use_subdomain_realm=True can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain. * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. * Added pam_gssapi_check_upn to enforce authentication only with principal that can be associated with target user. * Added pam_gssapi_services to list PAM services that can authenticate using GSSAPI. ==== vmaf ==== Version update (2.1.0 -> 2.1.1) - update to 2.1.1: * Fixes a SSIM/MS-SSIM precision bug where a lossless comparison did not always result in a perfect 1.0 score. (#796). * Adds feature extractor options to clip the dB scores for both PSNR/SSIM. - -aom_ctc v1.0 has been updated to use these clipping options according to the AOM CTC. (#802). - disable LTO build (fails at least since 2.1.0) ==== wpa_supplicant ==== Subpackages: wpa_supplicant-gui - Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) ==== yast2 ==== Version update (4.3.56 -> 4.3.59) Subpackages: yast2-logs - Use meaningful button labels when asking the user if would like to continue when an installation client is missing (related to bsc#1180594). - 4.3.59 - save_y2logs: Make modified content of log files just warning instead of fatal (bsc#1182710 see comment 2) - 4.3.58 - Ask the user if would like to continue when an installation client is missing (related to bsc#1180594). - 4.3.57