Packages changed:
coreutils
iproute2 (5.11 -> 5.12)
kernel-source
libical (3.0.9 -> 3.0.10)
libical-glib (3.0.9 -> 3.0.10)
libinput (1.17.1 -> 1.17.2)
libzypp (17.25.9 -> 17.25.10)
open-iscsi
python38 (3.8.8 -> 3.8.9)
python38-core (3.8.8 -> 3.8.9)
samba (4.14.2+git.159.2a8872214bf -> 4.14.4+git.162.18fd73a39a0)
snapper
zypper (1.14.43 -> 1.14.44)
=== Details ===
==== coreutils ====
- Use new packageand format
- coreutils-tests-fix-FP-in-ls-stat-free-color.patch: Add upstream patch
to avoid FP in testsuite.
- coreutils.spec:
- Reference the above patch.
- Change keyring URL to new GNU coreutils Group Release Keyring.
- coreutils.keyring: Update with the Group Release Keyring.
==== iproute2 ====
Version update (5.11 -> 5.12)
- Update to release 5.12
* devlink: Use library provided string processing APIs
* utils: Introduce helper routines for generic socket recv
* q_cake: Fix incorrect printing of signed values in class statistics
* json_print: Add print_tv()
* nexthop: Add support for nexthop buckets
* nexthop: Add support for resilient nexthop groups
* ip: xfrm: add support for tfcpad
* tc: e_bpf: fix memory leak in parse_bpf()
* lib: bpf_legacy: treat 0 as a valid file descriptor
* ip: drop 2-char command assumption
* bridge: vlan: dump port only if there are any vlans
==== kernel-source ====
- rpm/constraints.in: remove aarch64 disk size exception
obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails:
installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem
The stats say:
Maximal used disk space: 31799 Mbyte
By default, we require 35G. For aarch64 we had an exception to lower
this limit to 30G there. Drop this exception as it is obviously no
longer valid.
- commit ee00b50
- series.conf: cleanup
- fix Patch-mainline tag and move to "almost mainline" section:
patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch
- commit 3a48ed8
- crypto: ccp: Annotate SEV Firmware file names (bsc#1185282).
- commit 66154b6
==== libical ====
Version update (3.0.9 -> 3.0.10)
- update to 3.0.10:
* Fix generating wrong recurrence rules
* Fix a bug computing transitions in tzfiles
* Fix reading TZif files to use TZ string in the footer as the last
(non-terminating) transitions
* Fix reading TZif files to use more RRULEs and/or RDATEs whevever possible
* Built-in timezones updated to tzdata2021a
==== libical-glib ====
Version update (3.0.9 -> 3.0.10)
- update to 3.0.10:
* Fix generating wrong recurrence rules
* Fix a bug computing transitions in tzfiles
* Fix reading TZif files to use TZ string in the footer as the last
(non-terminating) transitions
* Fix reading TZif files to use more RRULEs and/or RDATEs whevever possible
* Built-in timezones updated to tzdata2021a
==== libinput ====
Version update (1.17.1 -> 1.17.2)
- Update to release 1.17.2
* Fix sensitivity for Dell Latitude 7490 pointing-stick
* Add palm size quirk for the Gigabyte Aero 15
==== libzypp ====
Version update (17.25.9 -> 17.25.10)
- Properly handle permission denied when providing optional files
(bsc#1185239)
- Fix sevice detection with cgroupv2 (bsc#1184997)
- version 17.25.10 (22)
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Local (SUSE) change: update iscsi.service so that it tries to
logon to any "onboot" and firmware targets, in case a target
was offline when booted but back up when the service is started.
(bsc#1153806)
- Merged with latest from upstream, which contains these fixes:
* Add "no wait" option to iscsiadm firmware login
* Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart
* Log proper error message when AUTH failure occurs
==== python38 ====
Version update (3.8.8 -> 3.8.9)
- Update to 3.8.9:
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
feature of the pydoc module which could be abused to read
arbitrary files on the disk (directory traversal
vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value
returned from the server in response to the PASV command by
default. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the
client network.
- Code that requires the former vulnerable behavior may set
a trust_server_pasv_ipv4_address attribute on their
ftplib.FTP instances to True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(),
gc.get_referrers() and gc.get_referents(). Patch by Pablo
Galindo.
- bpo-43660: Fix crash that happens when replacing sys.stderr
with a callable that can remove the object while an exception
is being printed. Patch by Pablo Galindo.
- bpo-35883: Python no longer fails at startup with a fatal
error if a command line argument contains an invalid Unicode
character. The Py_DecodeLocale() function now escapes byte
sequences which would be decoded as Unicode characters
outside the [U+0000; U+10ffff] range.
- bpo-43406: Fix a possible race condition where
PyErr_CheckSignals tries to execute a non-Python signal
handler.
- bpo-35930: Raising an exception raised in a ?future? instance
will create reference cycles.
- bpo-43577: Fix deadlock when using ssl.SSLContext debug
callback with ssl.SSLContext.sni_callback().
- bpo-43423: subprocess.communicate() no longer raises an
IndexError when there is an empty stdout or stderr IO buffer
during a timeout on Windows.
- bpo-27820: Fixed long-standing bug of smtplib.SMTP where
doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password
if provided with a challenge string, thus non-compliant with
the standard for AUTH LOGIN. Also fixes bug with the test for
smtpd.
- bpo-43399: Fix ElementTree.extend not working on iterators
when using the Python implementation
- bpo-43316: The python -m gzip command line application now
properly fails when detecting an unsupported extension. It
exits with a non-zero exit code and prints an error message
to stderr.
- bpo-43260: Fix TextIOWrapper can not flush internal buffer
forever after very large text is written.
- bpo-42782: Fail fast in shutil.move() to avoid creating
destination directories on failure.
- bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
introduced in Python 3.7.
- bpo-43199: Answer ?Why is there no goto?? in the Design and
History FAQ.
- bpo-43407: Clarified that a result from time.monotonic(),
time.perf_counter(), time.process_time(), or
time.thread_time() can be compared with the result from any
following call to the same function - not just the next
immediate call.
- bpo-27646: Clarify that ?yield from <expr>? works with any
iterable, not just iterators.
- bpo-36346: Update some deprecated unicode APIs which are
documented as ?will be removed in 4.0? to ?3.12?. See PEP 623
for detail.
- bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
skip the test if setlocale() fails. Patch by Victor Stinner.
- bpo-41561: Add workaround for Ubuntu?s custom OpenSSL
security level policy.
- bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
- bpo-43617: Improve configure.ac: Check for presence of
autoconf-archive package and remove our copies of M4 macros.
- bpo-41837: Update macOS installer build to use OpenSSL
1.1.1j.
- bpo-42225: Document that IDLE can fail on Unix either from
misconfigured IP masquerage rules or failure displaying
complex colored (non-ascii) characters.
- bpo-43283: Document why printing to IDLE?s Shell is often
slower than printing to a system terminal and that it can be
made faster by pre-formatting a single string before
printing.
==== python38-core ====
Version update (3.8.8 -> 3.8.9)
Subpackages: libpython3_8-1_0 python38-base
- Update to 3.8.9:
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
feature of the pydoc module which could be abused to read
arbitrary files on the disk (directory traversal
vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value
returned from the server in response to the PASV command by
default. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the
client network.
- Code that requires the former vulnerable behavior may set
a trust_server_pasv_ipv4_address attribute on their
ftplib.FTP instances to True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(),
gc.get_referrers() and gc.get_referents(). Patch by Pablo
Galindo.
- bpo-43660: Fix crash that happens when replacing sys.stderr
with a callable that can remove the object while an exception
is being printed. Patch by Pablo Galindo.
- bpo-35883: Python no longer fails at startup with a fatal
error if a command line argument contains an invalid Unicode
character. The Py_DecodeLocale() function now escapes byte
sequences which would be decoded as Unicode characters
outside the [U+0000; U+10ffff] range.
- bpo-43406: Fix a possible race condition where
PyErr_CheckSignals tries to execute a non-Python signal
handler.
- bpo-35930: Raising an exception raised in a ?future? instance
will create reference cycles.
- bpo-43577: Fix deadlock when using ssl.SSLContext debug
callback with ssl.SSLContext.sni_callback().
- bpo-43423: subprocess.communicate() no longer raises an
IndexError when there is an empty stdout or stderr IO buffer
during a timeout on Windows.
- bpo-27820: Fixed long-standing bug of smtplib.SMTP where
doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password
if provided with a challenge string, thus non-compliant with
the standard for AUTH LOGIN. Also fixes bug with the test for
smtpd.
- bpo-43399: Fix ElementTree.extend not working on iterators
when using the Python implementation
- bpo-43316: The python -m gzip command line application now
properly fails when detecting an unsupported extension. It
exits with a non-zero exit code and prints an error message
to stderr.
- bpo-43260: Fix TextIOWrapper can not flush internal buffer
forever after very large text is written.
- bpo-42782: Fail fast in shutil.move() to avoid creating
destination directories on failure.
- bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
introduced in Python 3.7.
- bpo-43199: Answer ?Why is there no goto?? in the Design and
History FAQ.
- bpo-43407: Clarified that a result from time.monotonic(),
time.perf_counter(), time.process_time(), or
time.thread_time() can be compared with the result from any
following call to the same function - not just the next
immediate call.
- bpo-27646: Clarify that ?yield from <expr>? works with any
iterable, not just iterators.
- bpo-36346: Update some deprecated unicode APIs which are
documented as ?will be removed in 4.0? to ?3.12?. See PEP 623
for detail.
- bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
skip the test if setlocale() fails. Patch by Victor Stinner.
- bpo-41561: Add workaround for Ubuntu?s custom OpenSSL
security level policy.
- bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
- bpo-43617: Improve configure.ac: Check for presence of
autoconf-archive package and remove our copies of M4 macros.
- bpo-41837: Update macOS installer build to use OpenSSL
1.1.1j.
- bpo-42225: Document that IDLE can fail on Unix either from
misconfigured IP masquerage rules or failure displaying
complex colored (non-ascii) characters.
- bpo-43283: Document why printing to IDLE?s Shell is often
slower than printing to a system terminal and that it can be
made faster by pre-formatting a single string before
printing.
==== samba ====
Version update (4.14.2+git.159.2a8872214bf -> 4.14.4+git.162.18fd73a39a0)
Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3
- Update to 4.14.4
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
(bso#14571); (bsc#1184677).
- Update to 4.14.3
* s3:modules:vfs_virusfilter: Recent New_VFS changes break
vfs_virusfilter_openat; (bso#14671).
* build: Notice if flex is missing at configure time; (bso#14586).
* Fix smbd panic when two clients open same file; (bso#14672).
* Fix memory leak in the RPC server; (bso#14675).
* s3: smbd: fix deferred renames; (bso#14679).
* s3-iremotewinspool: Set the per-request memory context;
(bso#14675)
* Fix memory leak in the RPC server; (bso#14675).
* third_party: Update socket_wrapper to version 1.3.2;
(bso#11899).
* third_party: Update socket_wrapper to version 1.3.3;
(bso#14640).
* samba-gpupdate: Test that sysvol paths download in
case-insensitive way; (bso#14665).
* smbd: Ensure errno is preserved across fsp destructor;
(bso#14662).
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663).
* build: Only add -Wl,--as-needed when supported; (bso#14288).
==== snapper ====
Subpackages: libsnapper5
- added systemd sandboxing for services
==== zypper ====
Version update (1.14.43 -> 1.14.44)
Subpackages: zypper-needs-restarting
- Rephrase needs-rebooting help and messages.
Try to point out that the need to reboot was not necessarily
triggered by the current transaction.
- man page: Recommend the needs-rebooting command to test whether
a system reboot is suggested.
- patch: Let a patch's reboot-needed flag overrule included packages
(bsc#1183268)
- Quickfix setting "openSUSE_Tumbleweed" as default platform for
"MicroOS" (bsc#1153687)
This fixes the guessed platform for "obs://<project>/" URLs.
- Protect against strict/relaxed user umask via sudo (bsc#1183589)
- zypper-log: protect against thread name indicators in a log.
- xml summary: add solvables repository alias (bsc#1182372)
- version 1.14.44