Packages changed: alsa apparmor at-spi2-core (2.40.1 -> 2.40.2) avahi compat-usrmerge cups gobject-introspection libX11 (1.7.1 -> 1.7.2) libapparmor libnettle (3.7.2 -> 3.7.3) librsvg (2.50.6 -> 2.50.7) openSUSE-build-key pam-config polkit python-attrs (20.3.0 -> 21.2.0) python-idna (3.1 -> 3.2) python-more-itertools (8.7.0 -> 8.8.0) python-oauthlib (3.1.0 -> 3.1.1) python38 python38-core setools u-boot-rpiarm64 === Details === ==== alsa ==== - Fix regression in config read and UCM handling on pipewire and pulseaudio (boo#1187079, boo#1187033): 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ==== at-spi2-core ==== Version update (2.40.1 -> 2.40.2) Subpackages: libatspi0 - Update to version 2.40.2: + README: Remove outdated links. + Key grab fixes for the new API. + registryd: Add a missing call to va_end. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 - Fix libavahi-devel requirements. The devel package installs libavahi-libevent.so but didn't require the library it's pointing to. ==== compat-usrmerge ==== - early exit in case of overlayfs (boo#1187027) - Avoid dependency on mountpoint from util-linux - Also check for availability of find - fix conversion with split /usr (boo#1186781) - exit early if one of the affected directories has mountpoint beneath it - add fallback for filesystems without renameat2 (boo#1186637) ==== cups ==== Subpackages: cups-config libcups2 - Provide /usr/share/cups/ppdc/ in the "cups" main package to avoid that "lpinfo -m" results in /var/log/cups/error_log things like "ppdc: Unable to find include file font.defs" or "ppdc: Unable to find include file hp.h" and then "Bad driver information file /usr/share/cups/drv/sample.drv" (bsc#1186843) ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports powerpc64 and powerpc64le: accept those strings as 64bit archs. ==== libX11 ==== Version update (1.7.1 -> 1.7.2) Subpackages: libX11-6 libX11-data - Update to version 1.7.2 * bug fix release, correcting a regression introduced by and improving the checks from the fix for CVE-2021-31535. - supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch ==== libapparmor ==== - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ==== libnettle ==== Version update (3.7.2 -> 3.7.3) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data. ==== librsvg ==== Version update (2.50.6 -> 2.50.7) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 - Update to version 2.50.7: + Two cairo-related bug fixes: - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore when running in inside the Cairo test suite. - glgo#GNOME/librsvg#746: Possible cairo_save() without cairo_restore() in render_layer(). ==== openSUSE-build-key ==== - remove dumpsigs, unused since SLE12+ (rpm 4.x) (bsc#1186827) - add URL - spec-cleaner run - Merge changes from openSUSE Leap 15.3 for rpm-repos-openSUSE (boo#1186593) - Refresh the SLE15 build@suse.de key * Updated gpg-pubkey-39db7c82-5847eb1f.asc ==== pam-config ==== - Add "revoke" to the option list for pam_keyinit (Remove some leftover debugs while we're at it) [pam-config-fix-pam_keyinit-options.patch] - prior to writing an service-specific config file, the main function calls access() on the destination file in /etc/pam.d. This will fail and no config file will be written when the original config file was installed in /usr/etc/pam.d. A similar problem exists when creating the new service file: create_service_file() wants to give the new service file the same user, group and mode as the old one, but the old one may not exist. In that case, set these to 0(root), 0(root), and 0644. [pam-config-remove-bad-access-call.patch] ==== polkit ==== Subpackages: libpolkit0 - Fix verifyscript: the path to the binary was wrongly defined as %{_libexecdir}/lib. - CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497) CVE-2021-3560.patch ==== python-attrs ==== Version update (20.3.0 -> 21.2.0) - update to 21.2.0: * We had to revert the recursive feature for ``attr.evolve()`` because it broke some use-cases -- sorry! * Python 3.4 is now blocked using packaging metadata because ``attrs`` can't be imported on it anymore. * The long-awaited, much-talked-about, little-delivered ``import attrs`` is finally upon us! * The *cmp* argument to ``attr.s()`` and `attr.ib()` has been **undeprecated** It will continue to be supported as syntactic sugar to set *eq* and *order* in one go. * Further smaller changes, see included Changelog.md ==== python-idna ==== Version update (3.1 -> 3.2) - update to 3.2: * Add type hints (Thanks, Seth Michael Larson!) * Remove support for Python 3.4 ==== python-more-itertools ==== Version update (8.7.0 -> 8.8.0) - update to 8.8.0: * :func:`countable` (thanks to krzysieq) * :func:`split_before` was updated to handle empy collections (thanks to TiunovNN) * :func:`unique_everseen` got a performance boost (thanks to Numerlor) * The type hint for :func:`value_chain` was corrected (thanks to vr2262) - %check: use %pyunittest rpm macro ==== python-oauthlib ==== Version update (3.1.0 -> 3.1.1) - update to 3.1.1: * #753: Fix acceptance of valid IPv6 addresses in URI validation * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently relies on the `scope` provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None `scope` in `prepare_authorization_request` or `prepare_refresh_token` does not override anymore `self.scope` forever, it is just used temporarily. * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in constructor. * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor * #711: client_credentials grant: fix log message * #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token * #756: Different prompt values are now handled according to spec (e.g. prompt=none) * #759: OpenID Connect - fix Authorization: Basic parsing * #716: improved skeleton validator for public vs private client * #720: replace mock library with standard unittest.mock * #727: build isort integration * #734: python2 code removal * #735, #750: add python3.8 support * #749: bump minimum versions of pyjwt and cryptography - drop o_switch_to_unitest_mock.patch (upstream) ==== python38 ==== - allow building against sphinx 3.x+ - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - allow building against sphinx 3.x+ - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ==== setools ==== - Fix dependency of python3-setools: require python3, not python (which is python2). ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Fix Ethernet PHY initialization on OdroidC2 (boo#1187095) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0015-arm64-dts-meson-odroidc2-readd-PHY-.patch