Packages changed: MozillaFirefox (76.0.1 -> 77.0.1) iagno (3.36.2 -> 3.36.3) krita libqt5-qtlocation libselinux libsemanage libvirt (6.3.0 -> 6.4.0) mozilla-nss (3.51.1 -> 3.52.1) nghttp2 (1.40.0 -> 1.41.0) openssh perl-Bootloader (0.927 -> 0.928) perl-CGI (4.47 -> 4.48) policycoreutils python-Mako python-Twisted (19.10.0 -> 20.3.0) python-appdirs (1.4.3 -> 1.4.4) python-certifi (2019.11.28 -> 2020.4.5.1) python-click (7.1.1 -> 7.1.2) python-distro python-fastimport python-keyring (21.2.0 -> 21.2.1) python-libvirt-python (6.3.0 -> 6.4.0) python-lxml (4.5.0 -> 4.5.1) python-matplotlib python-packaging (20.3 -> 20.4) python-pbr (5.4.4 -> 5.4.5) python-pyparsing python-python-memcached python-semanage python-six (1.14.0 -> 1.15.0) python-urllib3 (1.25.8 -> 1.25.9) qemu qemu-linux-user samba (4.12.2+git.152.c5bf9f6da52 -> 4.12.3+git.161.208cf9730ee) transmission (2.94 -> 3.00) xkeyboard-config (2.29 -> 2.30) === Details === ==== MozillaFirefox ==== Version update (76.0.1 -> 77.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 77.0.1 * Disable automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way (bmo#1642723) - Mozilla Firefox 77.0 * view and manage web certificates more easily on the new about:certificate page * improvements in accessibility * significant improvements to JavaScript debugging MFSA 2020-20 (bsc#1172402) * CVE-2020-12399 (bmo#1631576) Timing attack on DSA signatures in NSS library (fixed with external NSS >= 3.52.1) * CVE-2020-12405 (bmo#1631618) Use-after-free in SharedWorkerService * CVE-2020-12406 (bmo#1639590) JavaScript type confusion with NativeTypes * CVE-2020-12407 (bmo#1637112) WebRender leaking GPU memory when using border-image CSS directive * CVE-2020-12408 (bmo#1623888) URL spoofing when using IP addresses * CVE-2020-12409 (bmo#1619305, bmo#1632717) Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 * CVE-2020-12411 (bmo#1620972, bmo#1625333) Memory safety bugs fixed in Firefox 77 - requires * NSS >= 3.52.1 * rust-cbindgen >= 1.14.1 * clang >= 5 - added mozilla-bmo1634646.patch as part of fixing PGO build (still not working) ==== iagno ==== Version update (3.36.2 -> 3.36.3) Subpackages: iagno-lang - Update to version 3.36.3: + Updated translations. ==== krita ==== Subpackages: krita-lang - Add patch to fix build with Qt 5.15: * 0001-Fix-build-with-Qt-5.15.patch ==== libqt5-qtlocation ==== Subpackages: libQt5Location5 libQt5Positioning5 libQt5PositioningQuick5 - Bump disk constraints to 5G for everyone - Add ppc in _constraints to avoid "No space left on device" ==== libselinux ==== Subpackages: libselinux1 libselinux1-32bit selinux-tools - Added skip_cycles.patch to skip directory cycles and not error out ==== libsemanage ==== Subpackages: libsemanage-migrate-store libsemanage1 - Drop suse_path.patch: replace it with a grep/sed logic replacing /usr/libexec in all files with the correct value for all distros (taking into account that openSUSE is in progress of migrating from /usr/lib to /usr/libexec). - Apply suse_path.patch only for older distributions. Newer use libexec ==== libvirt ==== Version update (6.3.0 -> 6.4.0) Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - libxl: Normalize MAC address in device conf on netdev hotplug ec07aad8-libxl-normalize-mac-addr.patch bsc#1172052 - Update to libvirt 6.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: d677de9d-libxl-fix-driver-name-check.patch, d218a9c2-libxl-xen-driver-tables.patch, 836ea91d-libxl-xenlight-internal.patch, 57687260-xen-doc-improvements.patch ==== mozilla-nss ==== Version update (3.51.1 -> 3.52.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.52.1 * required for Firefox 77.0 Notable changes * Update NSS to support PKCS#11 v3.0 (bmo#1603628) * Support new PKCS #11 v3.0 Message Interface for AES-GCM and ChaChaPoly (bmo#1623374) * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL* (bmo#1612493) * CVE-2020-12399 - Force a fixed length for DSA exponentiation (bmo#1631576, boo#1171978) - removed obsolete nss-kremlin-ppc64le.patch ==== nghttp2 ==== Version update (1.40.0 -> 1.41.0) - Update to 1.41.0 * Fix CVE-2020-11080 * lib: Implement max settings option (Patch from James M Snell) * lib: Earlier check for settings flood (Patch from James M Snell) * lib: Fix receiving stream data stall (GH-1444) * build: cmake: Make hard-coded static lib suffix optional (Patch from Viktor Szakats) (GH-1418) * third-party: Bump llhttp to 2.0.4 (GH-1442) * nghttpx: Add PROXY-protocol v2 support (GH-1452) * nghttpx: Fix get_x509_serial for long serial numbers (Patch from Jacky Tian) (GH-1455) * h2load: Allow port in --connect-to * h2load: add --connect-to option (Patch from Lucas Pardue) (GH-1426) ==== openssh ==== Subpackages: openssh-helpers - add upstream signing key to actually verify source signature ==== perl-Bootloader ==== Version update (0.927 -> 0.928) - merge gh#openSUSE/perl-bootloader#127 - use correct target name on aarch64 (bsc#1172293) - 0.928 ==== perl-CGI ==== Version update (4.47 -> 4.48) - updated to 4.48 see /usr/share/doc/packages/perl-CGI/Changes 4.48 2020-06-02 [ FIX ] - fix CGI::Cookie->bake() doesn't work with mod_perl redirects (GH #240) - thanks to sherrardb for the PR (GH #241) ==== policycoreutils ==== Subpackages: policycoreutils-lang python3-policycoreutils - Pass the right value for LIBEXECDIR to make / make install instead of trying to move the file around post install. This caters for the planned change of libexecdir to change from /usr/lib to /usr/libexec by injecting the right value no matter what. - Move pp binary to libexec directory instead of lib ==== python-Mako ==== - %python3_only -> %python_alternative ==== python-Twisted ==== Version update (19.10.0 -> 20.3.0) - Update to 20.3.0 * drop Python 2 * twisted.news is deprecated. * twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). * many bugfixes and other miscelaneous fixes - Fixed update-alternatives mechanism - Added true-binary.patch - Dropped python-38-xml-namespace.patch - Reapplied python-38-hmac-digestmod.patch ==== python-appdirs ==== Version update (1.4.3 -> 1.4.4) - update to 1.4.4: - [PR #92] Don't import appdirs from setup.py Project officially classified as Stable which is important for inclusion in other distros such as ActivePython. First of several incremental releases to catch up on maintenance. ==== python-certifi ==== Version update (2019.11.28 -> 2020.4.5.1) - update to 2020.4.5.1: adds Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis Publics de Certificacio/Vegeu ==== python-click ==== Version update (7.1.1 -> 7.1.2) - update to 7.1.2: Revert applying shell quoting to commands for ``echo_with_pager`` and ``edit``. This was intended to allows spaces in commands, but caused issues if the string was actually a command and arguments, or on Windows. Instead, the string must be quoted manually as it should appear on the command line. :issue:`1514` ==== python-distro ==== - %python3_only -> %python_alternative ==== python-fastimport ==== - %python3_only -> %python_alternative ==== python-keyring ==== Version update (21.2.0 -> 21.2.1) - update to 21.2.1: * #426: Restored lenience on startup when entry point metadata is missing. * #423: Avoid RecursionError when initializing backends when a limit is supplied. - Fix the requirements to match reality of setup.cfg - %python3_only -> %python_alternative ==== python-libvirt-python ==== Version update (6.3.0 -> 6.4.0) - Update to 6.4.0 - Add all new APIs and constants in libvirt 6.4.0 ==== python-lxml ==== Version update (4.5.0 -> 4.5.1) - Update to 4.5.1 * LP#1570388: Fix failures when serialising documents larger than 2GB in some cases. * LP#1865141, GH#298: QName values were not accepted by the el.iter() method. Patch by xmo-odoo. * LP#1863413, GH#297: The build failed to detect libraries on Linux that are only configured via pkg-config. ==== python-matplotlib ==== Subpackages: python3-matplotlib python3-matplotlib-cairo python3-matplotlib-gtk3 - Skip tests that randomly fail - Run the tests on 64bit arm and intel only as elsewhere there are >100 test failures - Add patch no-builddir-freetype.patch to not require freetype in build/ subfolder which we use in python macros * This is SUSE specific patch - Make the package multibuild and execute the testsuite - Remove the is_opensuse literals as we don't want to have matplotlib behave differently between openSUSE and SLE jsc#SLE-11752 - Remove the qt4 code support as we do just Qt5 everywhere ==== python-packaging ==== Version update (20.3 -> 20.4) - update to 20.4: * Canonicalize version before comparing specifiers. (:issue:`282`) * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ==== python-pbr ==== Version update (5.4.4 -> 5.4.5) - update to 5.4.5: * Switch to Ussuri jobs ==== python-pyparsing ==== - unittest2 -> pytest ==== python-python-memcached ==== - replace nose with pytest ==== python-semanage ==== - Drop suse_path.patch: replace it with a grep/sed logic replacing /usr/libexec in all files with the correct value for all distros (taking into account that openSUSE is in progress of migrating from /usr/lib to /usr/libexec). - Apply suse_path.patch only for older distributions. Newer use libexec ==== python-six ==== Version update (1.14.0 -> 1.15.0) - update to 1.15.0: - Pull request #331: Optimize `six.ensure_str` and `six.ensure_binary`. ==== python-urllib3 ==== Version update (1.25.8 -> 1.25.9) - update to 1.25.9: * Added ``InvalidProxyConfigurationWarning`` which is raised when erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently support connecting to HTTPS proxies but will soon be able to and we would like users to migrate properly without much breakage. * Drain connection after ``PoolManager`` redirect (Pull #1817) * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) * Allow the CA certificate data to be passed as a string (Pull #1804) * Raise ``ValueError`` if method contains control characters (Pull #1800) * Add ``__repr__`` to ``Timeout`` (Pull #1795) ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-ui-spice-app qemu-vgabios qemu-vhost-user-gpu qemu-x86 - Work around gcc 10 bug (boo#1172411) build-Work-around-gcc10-bug-by-not-using.patch - Now that gcc10 compatibility is figured out, remove NO_WERROR=1 again from ipxe make. - Fix segfault when doing HMP wavcapture (boo#1171712) audio-fix-wavcapture-segfault.patch ==== qemu-linux-user ==== - Work around gcc 10 bug (boo#1172411) build-Work-around-gcc10-bug-by-not-using.patch - Now that gcc10 compatibility is figured out, remove NO_WERROR=1 again from ipxe make. - Fix segfault when doing HMP wavcapture (boo#1171712) audio-fix-wavcapture-segfault.patch ==== samba ==== Version update (4.12.2+git.152.c5bf9f6da52 -> 4.12.3+git.161.208cf9730ee) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr1 libndr1-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit - add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307) - Add system-user-nobody to samba package requirements - Update to samba 4.12.3 + Fix smbd panic on force-close share during async io; (bso#14301); + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array; (bso#14343); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + Fix smbd crashes when MacOS Catalina connects if iconv initialization fails; (bso#14372); + Exporting from macOS Adobe Illustrator creates multiple copies; (bso#14150); + smbd does a chdir() twice per request; (bso#14256); + smbd mistakenly updates a file's write-time on close; (bso#14320); + vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename(); (bso#14350); + Fix Windows 7 clients problem after upgrading samba file server; (bso#14375); + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359); + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155); + mit-kdc: Explicitly reject S4U requests; (bso#14342); + dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked(); (bso#14352); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:libads: Fix ads_get_upn(); (bso#14336); + ctdb: Fix a memleak; (bso#14348); + Malicous SMB1 server can crash libsmbclient; (bso#14366); + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds; (bso#14330); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); ==== transmission ==== Version update (2.94 -> 3.00) Subpackages: transmission-common transmission-gtk transmission-gtk-lang - Update to transmission 3.00: + Common: - Allow the RPC server to listen on an IPv6 address. - Change TR_CURL_SSL_VERIFY to TR_CURL_SSL_NO_VERIFY and enable verification by default. - Go back to using hash as base name for resume and torrent files. - Handle "fields" argument in "session-get" RPC request. - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks. - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients. - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients. - Announce INT64_MAX as size left if the value is unknown. - Add TCP_FASTOPEN support. - Improve ToS handling on IPv6 connections. - Abort handshake if establishing DH shared secret fails. - Don't switch trackers while announcing. - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote. - Change torrent location even if no data move is needed. - Support CIDR-notated blocklists. - Update the resume file before running scripts. - Make multiscrape limits adaptive. - Add label support to libtransmission and transmission-remote. - Parse session-id header case-insensitively. - Sanitize suspicious path components instead of rejecting them. - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL. - Fix building against OpenSSL 1.1.0+. - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing). - Bump miniupnpc version to 2.0.20170509. - Switch to submodules to manage (most of) third-party dependencies. + GTK: - Add queue up/down hotkeys. - Modernize the .desktop file. - Add AppData file. - Add symbolic icon variant for the Gnome top bar and. when the high contrast theme is in use. - Update file icon when its name changes. - Switch from intltool to gettext for translations. + QT: - Bump minimum Qt version to 5.2. - Fix dropping .torrent files into main window on Windows . - Fix prepending of drive letter to various user-selected paths on Windows. - Fix sorting by progress in presence of magnet transfers. - Fix .torrent file trashing upon addition. - Add queue up/down hotkeys. - Reduce torrent properties (file tree) memory usage. - Display tooltips in torrent properties (file tree) in case the names don't fit. - Improve UI look on hi-dpi displays. - Use session ID (if available) to check if session is local or not. - Use default (instead of system) locale to be more flexible. - Modernize the .desktop file. + Daemon: - Use libsystemd instead of libsystemd-daemon. - Harden transmission-daemon.service by disallowing privileges elevation. - Fix exit code to be zero when dumping settings. + Web Client: - Fix tracker error XSS in inspector. - Fix performance issues due to improper use of setInterval() for UI refresh. - Fix recognition of https:// links in comments field. - Fix torrent list style in Google Chrome 59+. - Show ETA in compact view on non-mobile devices. - Show upload file button on mobile devices. - Add keyboard hotkeys for web interface. - Disable autocompletion in torrent URL field. - Remove transmission-3rdparty-no-download.patch, transmission-appdata.patch andRemove transmission-systemd.patch: merged upstream. - Change build system from cmake to autoconf: replace %cmake/%cmake_build/%cmake_install with %configure/%make/%make_install. ==== xkeyboard-config ==== Version update (2.29 -> 2.30) Subpackages: xkeyboard-config-lang - Update to version 2.30 * bugfix release