Removed rpms ============ - tftpboot-installation-SLE-15-SP3-aarch64 - wine-devel-32bit - wine-staging-devel-32bit - tftpboot-installation-SLE-15-SP3-x86_64 - libmunge2-32bit - libpipewire-0_3-0-32bit - pipewire-libjack-0_3-32bit - pipewire-spa-plugins-0_2-32bit - tftpboot-installation-SLE-15-SP3-ppc64le Added rpms ========== - libmunge2-32bit - libpipewire-0_3-0-32bit - pipewire-libjack-0_3-32bit - pipewire-spa-plugins-0_2-32bit - tftpboot-installation-SLE-15-SP3-ppc64le - kernel-obs-build - tftpboot-installation-SLE-15-SP3-aarch64 - tftpboot-installation-SLE-15-SP3-x86_64 - wine-devel-32bit - wine-staging-devel-32bit Package Source Changes ====================== 0ad +- BuildRequires nvidia-texture-tools only when needed + +- Enable nvidia-texture-tools only on supported archs + chromium +- Chromium 90.0.4430.93 (boo#1185398): + - CVE-2021-21227: Insufficient data validation in V8. + - CVE-2021-21232: Use after free in Dev Tools. + - CVE-2021-21233: Heap buffer overflow in ANGLE. + - CVE-2021-21228: Insufficient policy enforcement in extensions. + - CVE-2021-21229: Incorrect security UI in downloads. + - CVE-2021-21230: Type Confusion in V8. + - CVE-2021-21231: Insufficient data validation in V8. + - Reference: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html + +- Chromium 90.0.4430.85 (boo#1185047): + * CVE-2021-21222: Heap buffer overflow in V8 + * CVE-2021-21223: Integer overflow in Mojo + * CVE-2021-21224: Type Confusion in V8 + * CVE-2021-21225: Out of bounds memory access in V8 + * CVE-2021-21226: Use after free in navigation +- Chromium 90.0.4430.72 (boo#1184764): + * CVE-2021-21201: Use after free in permissions + * CVE-2021-21202: Use after free in extensions + * CVE-2021-21203: Use after free in Blink + * CVE-2021-21204: Use after free in Blink + * CVE-2021-21205: Insufficient policy enforcement in navigation + * CVE-2021-21221: Insufficient validation of untrusted input in Mojo + * CVE-2021-21207: Use after free in IndexedDB + * CVE-2021-21208: Insufficient data validation in QR scanner + * CVE-2021-21209: Inappropriate implementation in storage + * CVE-2021-21210: Inappropriate implementation in Network + * CVE-2021-21211: Inappropriate implementation in Navigatio + * CVE-2021-21212: Incorrect security UI in Network Config UI + * CVE-2021-21213: Use after free in WebMIDI + * CVE-2021-21214: Use after free in Network API + * CVE-2021-21215: Inappropriate implementation in Autofill + * CVE-2021-21216: Inappropriate implementation in Autofill + * CVE-2021-21217: Uninitialized Use in PDFium + * CVE-2021-21218: Uninitialized Use in PDFium + * CVE-2021-21219: Uninitialized Use in PDFiu + * drop chromium-89-quiche-private.patch + * drop chromium-89-quiche-dcheck.patch + * drop chromium-89-skia-CropRect.patch + * drop chromium-89-dawn-include.patch + * drop chromium-89-webcodecs-deps.patch + * drop chromium-89-AXTreeSerializer-include.patch + * drop libva-2.11.patch + * drop libva-2.11-nolegacy.patch + * drop chromium-84-blink-disable-clang-format.patch +- chromium-90-gslang-linkage-fixup.patch: fixed a weird static/nonpic error +- chromium-90-cstdint.patch: some cstd includes added +- chromium-90-fseal.patch: F_SEAL defines added + envoy-proxy +- Update _constraints for backports + flacon +- Update to version 7.0.1 + * Added informative error messages when the program can't load + an audio file: + + The audio file does not exist. + + The audio file may be corrupted or an unsupported audio + format. + + Decoder program is not installed. + + Decoder program is installed in the settings but binary + file does not exist. + * Improved warning messages: + + Do not show a warning if the output format does not + support the quality of the input HD audio, but you have + set the correct bits per sample and sample rate in the + preferences. + * Redesigned the logic of loading CUE files containing + multiple files, for example, 2 sides of an LP. Now they are + displayed as a single list, have a single track numbering, + and allow you to change album tags in a single operation. + * Fixed: Flacon refuses to compute ReplayGain for no good + reason. + * Improved search for covers arts. + * Added better icons for dark themes. + * Added a few codepages for some East Asian languages. + * Translations updated. + ganglia +- Do-not-use-var-run-but-run-as-path-for-PID-file.patch: + Change PID file for gmetad and gmond from /var/run to /run + (bsc#1185158 & bsc#1185159). + +- Only requires user(daemon) on major versions >= 15. +- Work around silly %autopatch bug in SLE 12. + +- Replace system-user-daemon with user(daemon): be resilient to + package name changes. + haruna +- Update to version 0.6.3 + * Set breeze icon theme before QApplication creation + installation-images:SLES +- merge gh#openSUSE/installation-images#507 +- Revert "trigger automatic nvme discovery (bsc#1184908)" +- trigger automatic nvme discovery in udev start script + (bsc#1184908) +- 16.56.9 + +- merge gh#openSUSE/installation-images#501 +- trigger automatic nvme discovery (bsc#1184908) +- 16.56.8 + +- merge gh#openSUSE/installation-images#499 +- fix NVMf autoconnect udev rule (bsc#1184908) + kernel-64kb +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-debug +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-default +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-docs +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-kvmsmall +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-obs-build +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-obs-qa +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-preempt +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-source +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-syms +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + miredo +- Add reproducible.patch to drop build host name (boo#1084909) +- Drop miredo-no-build-date.patch - not needed because of gcc patch + +- Set LogLevel to info in the systemd service files to prevent + miredo spamming syslog with debug messages (boo#1165313) + nfoview +- Update to 1.28: + * Switch default font from Terminus to Cascadia Code as Terminus is + most commonly a bitmap font, which no longer work with Pango 1.44: + https://gitlab.gnome.org/GNOME/pango/issues/386 + * Always fall back on the platform default monospace font + * Add Dutch translation (Heimen Stoffels) + +- Update to version 1.27.1: + * Fix CSS error with the abnormal weight of the Unscii font +- Drop nfoview-fix-css-font-abnormal-weight.patch + +- Update to version 1.27: + * New app icon, as full-color and symbolic SVGs. + * Use the reverse domain name "io.otsaloma.nfoview" for desktop + file, appdata file and icons. +- Changes from version 1.26.1: + * Updated translations. +- Modernize spec, use autosetup and python macros. +- Add fdupes BuildRequires and macro, remove duplicate files. +- Drop -lang Recommends: No longer needed, supplements in place. +- Drop hicolor-icon-theme and update-desktop-files + Requires(post(un)) and macros: No longer needed. +- Add nfoview-fix-css-font-abnormal-weight.patch: Fix CSS error + with the abnormal weight of the Unscii font. + +- Update to version 1.26: + * Use native file dialogs when available. +- Changes from version 1.25: + * Add support for building a Flatpak. + * Add 64x64 and 128x128 icons. + * Update AppData XML file. + * Fix build reproducibility. + * Updated translations. + +- Update to version 1.24: + * Avoid error output if not using header bars + * Set program name + * Sort input file list to make build reproducible (boo#1041090) + -- Initial package created - 1.9.5. -- Patch to correct font name and size. - nrpe +- fix apparmor profile to allow /run as well as /var/run + +- added nrpe-4.0.4-silence_wrong_package_version_messages.patch + NRPE logs 'packet version was invalid' and 'Could not read request + from client' if the NRPE version on the client does not match the + one on the server side. + This patch reduces the importance of the log entry to be just + informal, which should silent most client logs, while it makes + it still available for debugging. + +- update to 4.0.3 + ENHANCEMENTS + * Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam) + * Added IPv6 ip address to list of default allow_from hosts (Troy Lea) + * Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf) + * Added -3 option to force check_nrpe to use NRPE v3 packets + * OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky) + * OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht) + FIXES + * Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf) + * Fixed buffer length calculations/writing past memory boundaries + on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf) + * Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf) + * Fixed syslog flooding with CRC-checking errors when both plugin + and agent were updated to version 4 (Sebastian Wolf) + * Checks for '!' now only occur inside the command buffer (Joni Eskelinen) + * NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev) + * allowed_hosts will no longer test getaddrinfo records against the + wrong protocol (dombenson) + * nasty_metachars will now handle C escape sequences properly when + specified in the config file (Sebastian Wolf) + * Calculated packet sizes now struct padding/alignment when sending + and receiving messages (Sebastian Wolf) + * Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf) + * When using include_dir, individual files' errors do not prevent + the remaining files from being read (Sebastian Wolf) +- refreshed the following patches: + * nrpe-implicit_declaration.patch + * nrpe-improved_help.patch + * nrpe_check_control.patch +- renamed and refreshed the following patches/sources: + * nrpe-3.2.1-disable-chkconfig_in_Makefile.patch + - > nrpe-disable-chkconfig_in_Makefile.patch + * nrpe-3.2.1-static_dh_parameters.patch + - > nrpe-static_dh_parameters.patch + * nrpe-3.2.1-dh.h -> nrpe-dh.h +- enhanced README.SUSE with some words about Apparmor +- added an include directive in usr.sbin.nrpe apparmor config + and a basic local/usr.sbin.nrpe file in the docu-directory + +- Don't install SuSEfirewall2 service file, SuSEfirewall2 is gone + +- nrpe.xml firewalld file is handled by firewalld package +- Leap 15.1 is suse_version 1500 (thanks, dimstar) + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. + +- Do not package nrpe.xml for Leap 15.0, as it is included in + firewalld package there. + +- add nrpe.xml snipplet for firewalld +- still ship nrpe snipplet for SuSEfirewalld for now +- use systemd files directly from upstream: + + drop Requires=var-run.mount line from service file + + drop nrpe.service + + drop nrpe.socket + + do not create tmpfiles.d/nrpe in spec any longer +- handle migration from /etc/nagios/nrpe.cfg to /etc/nrpe.cfg also + for systemd case (triggerun) +- increase warn/crit level for processes to 350/400 in a default + installation +- added patch and dh.h file to NOT re-calculate dh.h parameters + during each build (for reproducable builds). + Can be enable/disable by setting the 'reproducable' build + condition. Default is: "on" for suse_version >= 15 + + nrpe-3.2.1-static_dh_parameters.patch + + nrpe-3.2.1-dh.h +- use _rundir and _tmpfilesdir macros everywhere +- do not create nagios user/group during install on (open)SUSE + systems and rely on the files section here instead +- rename nagios-nrpe-rpmlintrc and nagios-nrpe-SuSEfirewall2 to + nrpe-rpmlintrc and nrpe-SuSEfirewall2 +- simplify rpmlintrc +- build nrpe-doc package as noarch +- specfile cleanup & remove other distribution specials +- disable chkconfig call in Makefile on old distributions + nrpe-3.2.1-disable-chkconfig_in_Makefile.patch + +- only include %{_sysconfdir}/xinetd.d on newer distributions + (fixes submission of this package as update for SLE12-SP4 + and Leap 42.3 - boo#938906) + -- call tmpfiles_create in postinstall +- call tmpfiles_create in postinstall (bsc#1080637 and bsc#924649) openSUSE-xfce-icon-theme +- Update to version 4.16.1+git5.e82fd05: + * Remove unused entries (boo#1183828) + +- Update to version 4.16.1+git4.47431fc: + * Add temporary fix for missing file-roller icon + openscad +- openGL is required but Arm uses openGL ES, so exclude %arm + and aarch64 + +- fix build with new C++ compilers, add boost_include.diff + +- Use memoryperjob constraint instead of %limit_build macro. + openvswitch +- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177). + * 0001-Replace-deprecated-var-run-with-run.patch + pgn-extract +- Update to 20.02 + * Added --linenumbers + * Added --fixtagstrings. + * Date matches with -t and -T extended to match on month and day + as well as year. + * Added --wtm and --btm. + * Added limited relational TimeControl matching with -t + * Added missing 'ep' for en passant moves with -Wxlalg and -Wxolalg. + * Bug fix to eliminate illegal pawn moves in long algebraic notation. + * Added --startply. + * Added --fenpattern, --fenpatterni, --materialy and --materialz + as command-line arguments. + * Delete NAGs appearing before the first move of a game. +- Rebase patches: + * pgn-extract-no-buildtime.patch + * pgn-extract-set_eco.pgn_path.patch + pipewire +- Add %systemd_ordering so systemd is installed before pipewire + on fresh installations. This allows to set the service presets + correctly on new systems since the %systemd_user_* macros don't + do anything if systemd is not installed (boo#1185459). + plowshare +- Add reproducible.patch to override build date (boo#1047218) + python39 +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + python39:base +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + python39:doc +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + usbmuxd +- Add usbmuxd-add-socket-option.patch: allow socket to be + specified via the command line. Backported from upstream. +- Add usbmuxd-add-pid-option.patch: allow the pid file to be + specified via the command line. Taken from upstream. +- Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for + the socket and pid file (bsc#1185186). + -- remove _service, too fragile - -- Add 32bit compatibility libraries - -- Create and use "usbmux" user in %pre to fix bno#679159 - -- Update to version 1.0.7 - * Detect iPad 2 and upcoming next generation iPhone devices - * Fix support for ancient devices running iOS 1.x - * Optionally use inotify instead of polling to safe energy - -- Fix -devel package dependencies, libusb is only required at - runtime. -- disable static library creation instead of removing it. - -- ran spec-cleaner - -- Update to version 1.0.6 - * Bump udev rules to 0-9a-f, should last for a few device iterations - * Fix potential issue with USB transactions >=32k multiples of 16k -- remove patch no longer necessary - -- Update to version 1.0.5 - * Protocol version 1 support. Enables libusbmuxd to talk to - Apple's official usbmuxd on Windows and OSX - * Recovery mode support for idevicerestore firmware restores - * Detach kernel USB drivers to avoid USB issues - * Win32 support for libusbmuxd - * FreeBSD support - * Basic C++ support - * Fixes crasher bugs -- Added libplist dependancy -- Remove upstreamed patch - -- Fixed incorrect summary and description see bnc#611595 - -- Update to version 1.0.4 - * Fix aborts due to transmit window overflow - * libusbmuxd: close connection after enumerating devices - * Ignore SIGPIPE, otherwise usbmuxd might shut down - * OSX: add workaround for missing ppoll system call - * Detect the iPad and let usbmuxd talk to it - * libusbmuxd: support shorter device info record messages - -- Update to version 1.0.3 - * Set USBMUX_SUPPORTED in udev rules for user space to be - able to recognize devices supporting the usbmux protocol. - -- Update to version 1.0.2 - * Change documentation to mention libimobiledevice, add a - trademark notice, and make things more consistent - * Security fix: fix a potential buffer overflow that could - be triggered by a rogue device - * Fixed a crash when we get unexpected TCP packets early - (e.g. reconnected device). - * usbmuxd will not 'drop' privileges to root (-U root is - now a no-op) - * Made -U require an argument. The optional argument behavior - was causing some confusion (since -U didn't work, - it had to be -U), so now the argument is required. - Please make sure that you specify an explicit name from now - on ('-U' will not work). - * Removed debugging printfs in libusbmuxd - * Cleaned up and improved CMakeLists. Now it should honor the - CFLAGS environment variable if it is present and nonempty - * Add a missing include to libusbmuxd - -- Update to version 1.0.0 - * Workaround udev bug; fixes not reacting to signals - * Do not try to claim all Apple devices - * Fix libusbmuxd cleanup when usbmuxd shuts down -- Remove upstreamed patches - -- Update to version 1.0.0-rc2 - * Improved documentation - * Fix install target for 64bit architectures - * Fix underlinking of libusbmuxd - -- Update to version 1.0.0-rc1 - * completly new implementation - * uses cmake build system - * improved libusbmuxd API with device hotplug callbacks - * better performance and lower cpu usage - -- Update to version 0.1.4 - * udev operation mode - * better udev rules for non-Debian distributions - * debugging output refined with a mutex to prevent garbled output - * smaller buffer size in usbmuxd_client_handler_thread to fix - connection resets - -- Update to version 0.1.3 - * Proper fix for USB communication issue using wMaxPacketSize - -- Update to version 0.1.1 - * Fix USB communication issue with packet sizes of N*128 or N*512 - -- Update to version 0.1.0 - * First official release - * Adds iPhone 3GS support and exposes new tethering USB interface - * Fix race condition using multiple clients simultaneously - * Fix various usbmux protocol bugs - -- Initial package created - virtualbox +- Version bump to (released April 20 2021 by Oracle) + This is a maintenance release. The following items were fixed and/or added: + VMM: Fixed extremely poor VM performance depending on the timing of various actions (regression in 6.1.0) + VMM: Fixed guest OS hanging under certain circumstances when Hyper-V is present (bug #20141) + VMM: Fixed Guru Meditation error when using a nested hypervisor under certain circumstances (bug #20175) + VMM: Fixed a SMAP related host panic affecting Solaris 11.4 systems with Intel Haswell CPUs or later (bug #16068) + OCI: Add cloud-init support for export to OCI and for OCI instance creation + GUI: Fixed "Delete all files" leaving behind Logs/VBoxUI.log (bug #20235) + Audio: Multiple fixes and enhancements + Audio: Fixed detection of duplex audio devices on macOS (5.0 regression; bug #20171) + Network: Fixed link status reporting for "not attached" adapters + Network: Fixed connectivity issues with e1000 in OS/2 guests (6.1.18 regression; bug #20148) + Network: Fixed VxWorks e1000 driver compatibility issue (bug #20182) + Network: Fixed GUI checks for port forwarding rules rejecting IPv6 with "Nat Network" (bug #14847) + DHCP: Don't crash in the presence of fixed address assignments (bug #20128) + Serial: Fixed possible VM hang when using the a serial port in disconnected mode (bug #19854) + Webcam: Fixed interoperability with v4l2loopback and fixed a crash under certain circumstances (bug #20176) + NVMe: Fixed sporadic Windows VM hang or reboot on high CPU load + VBoxManage: Allow changing network adapter attachment of a saved VM with "modifyvm" + vboximg-mount: Fix for argument processing to honor the '--root' option (6.0 regression; bug #20073) + Linux host and guest: Support kernel versions 5.11 (bug #20198) and 5.12 + Linux host: Maximum MTU size increased to 16110 for host-only adapters on Linux kernels 4.10+ (bug #19122) + Linux Guest Additions: Fix vboxvideo module compilation for kernel version 5.10.x + Linux Guest Additions: Fixed kernel module build for RHEL 8.4 beta and CentOS Stream (bug #20289) + File "fixes-for-5.11.patch" is deleted. The issue is fixed upstream. + File "vboxautostart.sh" is replaced by "vboxautostart-service.sh" + File "vboxautostart.service" is replaced by "vboxautostart-service.service" + Fixes boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM" + Fixes boo#1183125 "Leap 15.3 installation in Virtualbox without VBox integration" + Fixes CVE-2021-2264 and boo#1184542. The directory for the .start files for + autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart + service is hardened (by Oracle). + virtualbox:kmp +- Version bump to (released April 20 2021 by Oracle) + This is a maintenance release. The following items were fixed and/or added: + VMM: Fixed extremely poor VM performance depending on the timing of various actions (regression in 6.1.0) + VMM: Fixed guest OS hanging under certain circumstances when Hyper-V is present (bug #20141) + VMM: Fixed Guru Meditation error when using a nested hypervisor under certain circumstances (bug #20175) + VMM: Fixed a SMAP related host panic affecting Solaris 11.4 systems with Intel Haswell CPUs or later (bug #16068) + OCI: Add cloud-init support for export to OCI and for OCI instance creation + GUI: Fixed "Delete all files" leaving behind Logs/VBoxUI.log (bug #20235) + Audio: Multiple fixes and enhancements + Audio: Fixed detection of duplex audio devices on macOS (5.0 regression; bug #20171) + Network: Fixed link status reporting for "not attached" adapters + Network: Fixed connectivity issues with e1000 in OS/2 guests (6.1.18 regression; bug #20148) + Network: Fixed VxWorks e1000 driver compatibility issue (bug #20182) + Network: Fixed GUI checks for port forwarding rules rejecting IPv6 with "Nat Network" (bug #14847) + DHCP: Don't crash in the presence of fixed address assignments (bug #20128) + Serial: Fixed possible VM hang when using the a serial port in disconnected mode (bug #19854) + Webcam: Fixed interoperability with v4l2loopback and fixed a crash under certain circumstances (bug #20176) + NVMe: Fixed sporadic Windows VM hang or reboot on high CPU load + VBoxManage: Allow changing network adapter attachment of a saved VM with "modifyvm" + vboximg-mount: Fix for argument processing to honor the '--root' option (6.0 regression; bug #20073) + Linux host and guest: Support kernel versions 5.11 (bug #20198) and 5.12 + Linux host: Maximum MTU size increased to 16110 for host-only adapters on Linux kernels 4.10+ (bug #19122) + Linux Guest Additions: Fix vboxvideo module compilation for kernel version 5.10.x + Linux Guest Additions: Fixed kernel module build for RHEL 8.4 beta and CentOS Stream (bug #20289) + File "fixes-for-5.11.patch" is deleted. The issue is fixed upstream. + File "vboxautostart.sh" is replaced by "vboxautostart-service.sh" + File "vboxautostart.service" is replaced by "vboxautostart-service.service" + Fixes boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM" + Fixes boo#1183125 "Leap 15.3 installation in Virtualbox without VBox integration" + Fixes CVE-2021-2264 and boo#1184542. The directory for the .start files for + autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart + service is hardened (by Oracle). + yast2-network +- Omit hidden networks from the list of wireless networks to be + selected preventing the dialog to crash (bsc#1185372) +- 4.3.67 + +- Do not crash when the BOOTPROTO or STARTMODE ar missing or + invalid (bsc#1181295). +- 4.3.66 + +- Do not require a MAC address when activating a qeth device + with layer2 support (bsc#1184474). +- 4.3.65 + yast2-pkg-bindings +- Pkg.ProvidePackage() - download the latest package version from + the repository, this ensures that the installer is updated with + the latest packages from the installer updates repository + (bsc#1185240) +- 4.3.11 + yast2-trans +- Update to version 84.87.20210425.616915ed60: + * Translated using Weblate (Portuguese) + * Translated using Weblate (Hindi) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Hindi) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Added translation using Weblate (Portuguese) + * Added translation using Weblate (Portuguese) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'packager'. + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * New POT for text domain 'ldap'. + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Slovak) + * New POT for text domain 'bootloader'. + * Translated using Weblate (Japanese) + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * New POT for text domain 'base'. + * Translated using Weblate (Portuguese) +