Packages changed: ceph (15.1.0.1521+gcdf35413a0 -> 15.2.0.29+g274f7bc2e7) gnuhealth grub2 ibus kdiagram (2.6.0 -> 2.6.1) libstorage-ng (4.2.68 -> 4.2.71) libvirt libyui-qt-graph (2.46.0 -> 2.46.1) libyui-qt-pkg (2.47.3 -> 2.47.4) mutter pipewire (0.2.7 -> 0.3.1) python-PyICU (2.4.2 -> 2.4.3) python-cryptography (2.1.4 -> 2.8) python-pysmbc (1.0.18 -> 1.0.19) xdg-desktop-portal xen (4.13.0_10 -> 4.13.0_11) xfce4-pulseaudio-plugin (0.4.2 -> 0.4.3) xfce4-screensaver (0.1.9 -> 0.1.10) xfce4-session (4.14.1 -> 4.14.2) xfce4-terminal (0.8.9.1 -> 0.8.9.2) yast2 (4.2.76 -> 4.2.78) yast2-bootloader (4.2.18 -> 4.2.20) yast2-packager (4.2.58 -> 4.2.60) yast2-storage-ng (4.2.100 -> 4.2.104) === Details === ==== ceph ==== Version update (15.1.0.1521+gcdf35413a0 -> 15.2.0.29+g274f7bc2e7) Subpackages: librados2 librbd1 - Update to 15.2.0-29-g274f7bc2e7: + rebase on tip of upstream "octopus" branch, SHA1 a8062613c81ad08815edcdf06e668fcc77270a03 * upstream 15.2.0 (first Octopus stable) release https://ceph.io/releases/v15-2-0-octopus-released/ - Update to 15.1.1-220-g0f87374dc1: + rebase on tip of upstream "octopus" branch, SHA1 243cbd6224921f7f5c2463705c75cb9eafd0db5c * upstream 15.1.1 (Octopus release candidate) release https://github.com/ceph/ceph/releases/tag/v15.1.1 + cephadm: read everything when calling "ceph mgr dump" - Update to 15.1.0-2160-g310e512e18: + rebase on tip of upstream "octopus" branch, SHA1 465f3855623e30f3b4694f3090adbe27c8cd49c3 - Update to 15.1.0-1766-g3d31471523: + rebase on tip of upstream master, SHA1 25b8ecc216b02e848f9719ced8c84670de656e78 ==== gnuhealth ==== - update for boo#1167126, 1167128 - clean up of spec file to get rid of warnings added gnuhealth-rpmlintrc - gnuhealth-control 3.6.3 - added chmod after getlang command - modified getlang to exclude 2 directories (otherwise initialization fails after language installation) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Backport to support searching for specific config files for netboot (bsc#1166409) * 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch * 0002-kern-Add-X-option-to-printf-functions.patch * 0003-normal-main-Search-for-specific-config-files-for-net.patch * 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch - move *.module files to separate -debug subpackage (boo#1166578) - Fix EFI console detection to make it a runtime decision (bsc#1164385) * grub2-SUSE-Add-the-t-hotkey.patch - Downgrade mtools to Suggests for consistency with xorriso (boo#1165839) - remove info requirements, file triggers are used now (boo#1152105) ==== ibus ==== Subpackages: ibus-dict-emoji ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 - Enable wayland and emoji features in SLE 15 SP2 (boo#1165844, SLE-11652) - Remove the with_kde option in the spec file and add a patch to remove an unneeded qt5 dependency * 0001-Replace-the-Qt-check-for-appindicator-engine-icon-wi.patch - Enable emoji also on ppc - Enable emoji support on armv6l and riscv64, nodejs-emojione is no longer BuildRequires - Remove invalid build options - cleanup spec ==== kdiagram ==== Version update (2.6.0 -> 2.6.1) Subpackages: libKGantt2 libkgantt-lang - Update to 2.6.1 bugfix release * KChart: Honor Orientation when laying out legend items * KGantt: Use old ForwardingProxyModel when setting new GraphicsView * KGantt: Also remove constraints from children of removed row * Replace constraint if data is not identical * Fix constraints not always removed * Don't leak the stacked plotter * Do not access graphics view after it is deleted * Avoid crash if leftView() is not a KGanttTreeView * Don't leak symbols of private classes * Shorten thick pens lines in legend * Optimize: do not call potentially detaching QVector::operator() * New: optional feature to create API dox QCH files during the build - Unconditionally Recommend -lang subpackages ==== libstorage-ng ==== Version update (4.2.68 -> 4.2.71) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#714 - simplify combining disks with different block sizes into RAID (bsc#1164295) - Revert "add tests for adjust_block_size()" - Revert "add adjust_block_size() method to Region class (bsc#1164295)" - update doc - 4.2.71 - merge gh#openSUSE/libstorage-ng#713 - Make BlkDevice::possible_mount_bys public (for bsc#1166096) - Increase minor so version - 4.2.70 - merge gh#openSUSE/libstorage-ng#712 - update doc on RAID block size - 4.2.69 ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs - libxl: Bump minimum supported Xen version to 4.9, allowing use of newer libxl APIs for retrieving memory statistics suse-bump-xen-version.patch bsc#1157490, bsc#1167007 ==== libyui-qt-graph ==== Version update (2.46.0 -> 2.46.1) - Fixed Qt 5.15 deprecated warnings (bsc#1165118) - 2.46.1 ==== libyui-qt-pkg ==== Version update (2.47.3 -> 2.47.4) - Fixed Qt 5.15 deprecated warnings (bsc#1165118) - 2.47.4 ==== mutter ==== Subpackages: libmutter-5-0 mutter-data mutter-lang - Add mutter-wayland-fix-keyboard-move-resize-window.patch: move some common code out of X11 only code blocks to fix it (bsc#1159976, glgo#GNOME/mutter!997). - Build with pipewire 0.3.0: * Add 0001-Update-to-PipeWire-0.3-API.patch - Rework mutter-fix-mesa20.patch: base it on mutter upstream commit a444a4c. - Add mutter-fix-mesa20.patch: fixes build against Mesa 20 (boo#1164688). ==== pipewire ==== Version update (0.2.7 -> 0.3.1) Subpackages: pipewire-modules pipewire-spa-tools pipewire-tools - Repackage sources to remove a file with invalid license (spa/plugins/vulkan/shaders/mandelbrot-distance.comp) . The file has already been replaced by upstream with a valid licensed file so the patch from upstream was added too: * 0001-Add-MIT-licensed-compute-example.patch - The patch above adds a binary file, but binary diffs are not supported, so the source file is also added directly: * main.spv - Do not build/package man pages in SLE since xmltoman is not available. - Switch license to MIT and actually package it. - Add doxygen, graphviz and xmltoman BuildRequires and pass docs and man = true to meson, build documentation. Package docs in a new docs sub-package. - Add check section and run meson_test macro, run tests during build. - Add fdupes BuildRequires and pass fdupes macro, remove duplicate files. - Update to version 0.3.1: + This is a bugfix release that is API and ABI compatible with previous 0.3.x releases. + Don't load the rtkit module by default. It can cause a sigkill, which is not desirable for mutter, for example. Only enable this for the jack library for now. + Don't use pthread cancel by default because it uses a signal that might crash some apps. Only use it for the jack library because jack clients really expect this. + Build fixes for -Werror=suggest-attribute=format + improve error messages, don't report harmless errors and warnings. Try to send error messages to the proxy that started the operation or is the owner of the object. + pw-cat: midi improvement, add midi recording and dump in verbose mode + fix properties when loading spa-nodes from the config + Fix and update some examples + jack: check arguments and don't crash when invalid + Fix buffer memory upload. + jack: fix compatibility with zrythm. Fix timemaster install, improve sample_rate callback. Fix reposition handling. + fix crash in port after buffer negotiation error. + add support for control ports in pw_filter + fix cleanup of the metadata module + improve param enumeration. + Clear stream buffers when the format is cleared. + Add create-object command in the config file to create object from a factory. + Fix crash after the driver was not removed from unassigned nodes. Also properly pause inactive nodes. + Use "true" and "false" in properties when we are talking about a boolean. + pulseaudio: improve compatibility - Add patch to build correctly with glibc < 2.27 (like in SLE/Leap): * fix-memfd_create-call.patch - Add BuildRequires for pkgconfig(sndfile) and pkgconfig(vulkan) so the vulkan plugin is built. - Version the spa-plugins subpackage so different versions of the plugins can be co-installed in the future. - Update to version 0.3.0: + The 0.3 release is a major milestone in the developement of PipeWire. It features a complete redesign of the scheduling mechanisms that make it possible to run a JACK compatibility layer with comparable performance to JACK2. + The API has been reworked and is declared stable now. All developement files and runtime paths are versioned so that future incompatible changes can be done without breaking exising applications. + PipeWire 0.3 also includes a (now mandatory) session manager that populates and controls the PipeWire graph. This example session manager is very simple and not configurable. It is expected that future version will either switch to a more flexible session manager (like WirePlumber) or improve the configuration options of the example session manager. + PipeWire 0.3 includes both PulseAudio, JACK and ALSA compatibility libraries that are known to support a wide range of applications. The ALSA library is pretty complete at this point. The JACK and mostly the PulseAudio compatibility libraries need more work. See the Wiki pages for the current compatibility problems. We do not yet encourage people to switch away from their existing audio solutions (PulseAudio or JACK) but we would love to hear from people who try it anyways. Future versions will mostly focus on improving compatibility further to make PipeWire a drop-in replacement. PipeWire comes with some GStreamer plugins to consume and produce data for PipeWire. The consumer (pipewiresrc) is working well in most cases. The sink (pipewiresink) is known to be somewhat problematic for now. - Add pkgconfig(bluez) and pkgconfig(libpulse) BuildRequires: New dependencies. - Bump libpipewire, apiver and spa_ver define following upstreams changes. Also add a new sover define. - Package new subpackages: libjack-pw0_3_0, libpulse-mainloop-glib-pw0_3_0, libpulse-pw0_3_0 and libpulse-simple-pw0_3_0, as well as handle them in post(un). - Adjust options passed to meson following upstreams changes. ==== python-PyICU ==== Version update (2.4.2 -> 2.4.3) - update to 2.4.3 * added Char.getPropertyValueName() and Char.getPropertyValueEnum() * fixed build errors with PythonReplaceable for ICU < 55 ==== python-cryptography ==== Version update (2.1.4 -> 2.8) - update to 2.8 * Added support for Python 3.8. * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations. * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9. * We now ship manylinux2010 wheels in addition to our manylinux1 wheels. * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder. * cryptography no longer depends on asn1crypto. * FreshestCRL is now allowed as a CertificateRevocationList extension. - update to 2.7 * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface. The CMAC and HMAC APIs have not changed, but they are no longer registered as MACContext instances. * Removed support for running our tests with setup.py test. * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305` when using OpenSSL 1.1.1 or newer. * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH in :meth:`Ed25519PublicKey.public_bytes ` . * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier` and deprecate passing an Extension object. - Simplify the test execution to be more understandable - update to 2.6.1: * BACKWARDS INCOMPATIBLE: Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature, which had been deprecated for nearly 4 years. Use encode_dss_signature() and decode_dss_signature()instead. * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which had been deprecated for nearly 3 years. Use serial_number instead. * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1b. * Added support for Ed448 signing when using OpenSSL 1.1.1b or newer. * Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer. * load_ssh_public_key() can now load ed25519 public keys. * Add support for easily mapping an object identifier to its elliptic curve class viaget_curve_for_oid(). * Add support for OpenSSL when compiled with the no-engine (OPENSSL_NO_ENGINE) flag. - Dependency on python-idna changed to "Recommends" aligned with change in upstream source (see below) - update to 2.5: * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1, but this version removes the default idna dependency as well. If you still need this deprecated path please install cryptography with the idna extra: pip install cryptography[idna]. * BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4. * Numerous classes and functions have been updated to allow bytes-like types for keying material and passwords, including symmetric algorithms, AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes. * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a. * Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1. * Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1. * Added support for X448 key exchange when using OpenSSL 1.1.1. * Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1. * Added initial support for parsing PKCS12 files with load_key_and_certificates(). * Added support for IssuingDistributionPoint. * Added rfc4514_string() method to x509.Name, x509.RelativeDistinguishedName, and x509.NameAttribute to format the name or component an RFC 4514 Distinguished Name string. * Added from_encoded_point(), which immediately checks if the point is on the curve and supports compressed points. Deprecated the previous method from_encoded_point(). * Added signature_hash_algorithm to OCSPResponse. * Updated X25519 key exchange support to allow additional serialization methods. Calling public_bytes() with no arguments has been deprecated. * Added support for encoding compressed and uncompressed points via public_bytes(). Deprecated the previous method encode_point(). - Update to version 2.4.2: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0j. - Update to 2.4.1: * Dropped support for LibreSSL 2.4.x. * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no longer supported by the OpenSSL project. At this time there is no time table for dropping support, however we strongly encourage all users to upgrade or install cryptography from a wheel. * Added initial :doc:`OCSP ` support. * Added support for cryptography.x509.PrecertPoison. - Fix fdupes call - Update to 2.3.1: * updated tests for upstream wycheproof changes * many other tiny test tweaks - update to 2.3: * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the min_tag_length provided to the GCM constructor. * Added support for Python 3.7. * Added extract_timestamp() to get the authenticated timestamp of a Fernet token. * Support for Python 2.7.x without hmac.compare_digest has been deprecated. We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next cryptography release. * Fixed multiple issues preventing cryptography from compiling against LibreSSL 2.7.x. * Added get_revoked_certificate_by_serial_number for quick serial number searches in CRLs. * The RelativeDistinguishedName class now preserves the order of attributes. Duplicate attributes now raise an error instead of silently discarding duplicates. * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap if the wrapped key is an invalid length, instead of ValueError. - update to 2.2.2 * fix build on some systems with openssl 1.1.0h - Cleanup with spec-cleaner - Use %setup to unpack all archives do not rely on tar calls - Update to upstream release 2.2.1: * Reverted a change to GeneralNames which prohibited having zero elements, due to breakages. * Fixed a bug in :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` that caused it to raise InvalidUnwrap when key length modulo 8 was zero. * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped. * Resolved a bug in HKDF that incorrectly constrained output size. * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to support inter-operating with systems like German smart meters. * Added token rotation support to :doc:`Fernet ` with :meth:`~cryptography.fernet.MultiFernet.rotate`. * Fixed a memory leak in :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`. * Added support for AES key wrapping with padding via :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` . * Allow loading DSA keys with 224 bit q. - fix deps for hypothesis, pytest - Fix previous change and explicitly require python2 instead of python because python itself is also provided by python3. This fixes: ImportError: No module named _ssl when using python-cryptography in a python2 build environment - Fix the previous change to not pull in py2 on py3 enviroment - fix requires on python ssl once more after the last change - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL?s stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) * add skip_openssl_memleak_test.patch - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires - update to 1.7.2 - update to 1.7.1 which contains regression fix for 1.7 - update to 1.7 * support for OpenSSL 1.0.0 has been removed. * Added support for Diffie-Hellman key exchange * The OS random engine for OpenSSL has been rewritten - update to 1.6 - update to 1.5.3 - python-cryptography-enable-gost.patch is obsolete - python-cryptography-enable-gost.patch: temporary patch to run tests against 1.0.2i, GOST cert extraction now works. - Introduce requirement setuptools >= 11.3 to follow egg-info/requires.txt content - fix download urls - update to upstream release 1.3.4 * Added new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. - correct source urls - update to upstream release 1.3.2 * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h. * Fixed an issue preventing ``cryptography`` from compiling against LibreSSL 2.3.x. - removed obsolete cryptography-new-bio-new-type.patch - update to upstream release 1.3.1 * Fixed a bug that caused an AttributeError when using mock to patch some cryptography modules. * Added support for padding ANSI X.923 with ANSIX923. * Deprecated support for OpenSSL 0.9.8. Support will be removed in cryptography 1.4. * Added support for the PolicyConstraints X.509 extension including both parsing and generation using CertificateBuilder and CertificateSigningRequestBuilder. * Added is_signature_valid to CertificateSigningRequest. * Fixed an intermittent AssertionError when performing an RSA decryption on an invalid ciphertext, ValueError is now correctly raised in all cases. * Added from_issuer_subject_key_identifier(). - fix license - Add pkg-config BuildRequires: in order for the last introduced condition to apply the patch to work, pkg-config has to be present. - cryptography-new-bio-new-type.patch: openssl 1.0.2g changed the type of BIO_new_mem_buf() (added a const). - update to upstream release 1.2.1 1.2.1 - 2016-01-08 * Reverts a change to an OpenSSL EVP_PKEY object that caused errors with pyOpenSSL. 1.2 - 2016-01-08 * BACKWARDS INCOMPATIBLE: RevokedCertificate extensions now uses extension classes rather than returning raw values inside the Extension value. The new classes are: o CertificateIssuer o CRLReason o InvalidityDate * Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time there is no time table for actually dropping support, however we strongly encourage all users to upgrade, as those versions no longer receive support from the OpenSSL project. * The Certificate class now has signature and tbs_certificate_bytes attributes. * The CertificateSigningRequest class now has signature and tbs_certrequest_bytes attributes. * The CertificateRevocationList class now has signature and tbs_certlist_bytes attributes. * NameConstraints are now supported in the CertificateBuilder and CertificateSigningRequestBuilder. * Support serialization of certificate revocation lists using the public_bytes() method of CertificateRevocationList. * Add support for parsing CertificateRevocationList extensions () in the OpenSSL backend. The following extensions are currently supported: o AuthorityInformationAccess o AuthorityKeyIdentifier o CRLNumber o IssuerAlternativeName * Added CertificateRevocationListBuilder and RevokedCertificateBuilder to allow creation of CRLs. * Unrecognized non-critical X.509 extensions are now parsed into an UnrecognizedExtension object. - update to 1.1.2: * Fixed a SIGBUS crash with the OS X wheels caused by redefinition of a method. * Fixed a runtime error ``undefined symbol EC_GFp_nistp224_method`` that occurred with some OpenSSL installations. * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e. - update to 1.1.1: * Fixed several small bugs related to compiling the OpenSSL bindings with unusual OpenSSL configurations. * Resolved an issue where, depending on the method of installation and which Python interpreter they were using, users on El Capitan (OS X 10.11) may have seen an ``InternalError`` on import. - fix build for sle11 (disable testsuite as it depends on python-hypothesis which is not available for sle11 anymore) - update to 1.1: * Added support for Elliptic Curve Diffie-Hellman with :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`. * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. * Added support for parsing certificate revocation lists (CRLs) using :func:`~cryptography.x509.load_pem_x509_crl` and :func:`~cryptography.x509.load_der_x509_crl`. * Add support for AES key wrapping with :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`. * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`. * Add support for encoding and decoding elliptic curve points to a byte string form using :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point` and :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`. * :class:`~cryptography.x509.CertificatePolicies` are now supported in the :class:`~cryptography.x509.CertificateBuilder`. * ``countryName`` is now encoded as a ``PrintableString`` when creating subject and issuer distinguished names with the Certificate and CSR builder classes. * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use of assertions to check response codes where our tests could not trigger a failure. However, when Python is run with ``-O`` these asserts are optimized away. If a user ran Python with this flag and got an invalid response code this could result in undefined behavior or worse. Accordingly, all response checks from the OpenSSL backend have been converted from ``assert`` to a true function call. Credit **Emilia Käsper (Google Security Team)** for the report. * We now ship OS X wheels that statically link OpenSSL by default. When installing a wheel on OS X 10.10+ (and using a Python compiled against the 10.10 SDK) users will no longer need to compile. See :doc:`/installation` for alternate installation methods if required. * Set the default string mask to UTF-8 in the OpenSSL backend to resolve character encoding issues with older versions of OpenSSL. * Several new OpenSSL bindings have been added to support a future pyOpenSSL release. * Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+. - Remove 2293.patch . Applied in a different way upstream. - Add BuildRequires for python-hypothesis and python-pyasn1-modules for running unittests - require the cffi version it was built against to avoid (bsc#948198) - Add 2293.patch for "osrandom engine already registered" (bnc#947679) - Add disable-uneven-sizes-tests.patch (bnc#944204) openssl in SLE12SP1 doesn't allow uneven bit sizes for rsa keys - update to 1.0 (fate#318838): * Switched to the new `cffi`_ ``set_source`` out-of-line API mode for compilation. This results in significantly faster imports and lowered memory consumption. Due to this change we no longer support PyPy releases older than 2.6 nor do we support any released version of PyPy3 (until a version supporting cffi 1.0 comes out). * Fix parsing of OpenSSH public keys that have spaces in comments. * Support serialization of certificate signing requests using the ``public_bytes`` method of :class:`~cryptography.x509.CertificateSigningRequest`. * Support serialization of certificates using the ``public_bytes`` method of :class:`~cryptography.x509.Certificate`. * Add ``get_provisioning_uri`` method to :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP` and :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP` for generating provisioning URIs. * Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`. * Raise a ``TypeError`` when passing objects that are not text as the value to :class:`~cryptography.x509.NameAttribute`. * Add support for :class:`~cryptography.x509.OtherName` as a general name type. * Added new X.509 extension support in :class:`~cryptography.x509.Certificate` The following new extensions are now supported: * :class:`~cryptography.x509.OCSPNoCheck` * :class:`~cryptography.x509.InhibitAnyPolicy` * :class:`~cryptography.x509.IssuerAlternativeName` * :class:`~cryptography.x509.NameConstraints` * Extension support was added to :class:`~cryptography.x509.CertificateSigningRequest`. * Add support for creating signed certificates with :class:`~cryptography.x509.CertificateBuilder`. This includes support for the following extensions: * :class:`~cryptography.x509.BasicConstraints` * :class:`~cryptography.x509.SubjectAlternativeName` * :class:`~cryptography.x509.KeyUsage` * :class:`~cryptography.x509.ExtendedKeyUsage` * :class:`~cryptography.x509.SubjectKeyIdentifier` * :class:`~cryptography.x509.AuthorityKeyIdentifier` * :class:`~cryptography.x509.AuthorityInformationAccess` * :class:`~cryptography.x509.CRLDistributionPoints` * :class:`~cryptography.x509.InhibitAnyPolicy` * :class:`~cryptography.x509.IssuerAlternativeName` * :class:`~cryptography.x509.OCSPNoCheck` * Add support for creating certificate signing requests with :class:`~cryptography.x509.CertificateSigningRequestBuilder`. This includes support for the same extensions supported in the ``CertificateBuilder``. * Deprecate ``encode_rfc6979_signature`` and ``decode_rfc6979_signature`` in favor of :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature` and :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. - Adjust Requires according to requires.txt - update to 0.9.3: * Updated Windows wheels to be compiled against OpenSSL 1.0.2d. * Updated Windows wheels to be compiled against OpenSSL 1.0.2c. * **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA to verify signatures. Note that this only affects PyPy 2.6.0 and (presently unreleased) CFFI versions greater than 1.1.0. * Removed support for Python 3.2. This version of Python is rarely used and caused support headaches. Users affected by this should upgrade to 3.3+. * Deprecated support for Python 2.6. At the time there is no time table for actually dropping support, however we strongly encourage all users to upgrade their Python, as Python 2.6 no longer receives support from the Python core team. * Add support for the :class:`~cryptography.hazmat.primitives.asymmetric.ec.SECP256K1` elliptic curve. * Fixed compilation when using an OpenSSL which was compiled with the ``no-comp`` (``OPENSSL_NO_COMP``) option. * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` serialization of public keys using the ``public_bytes`` method of :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. * Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER` serialization of private keys using the ``private_bytes`` method of :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. * Add support for parsing X.509 certificate signing requests (CSRs) with :func:`~cryptography.x509.load_pem_x509_csr` and :func:`~cryptography.x509.load_der_x509_csr`. * Moved ``cryptography.exceptions.InvalidToken`` to :class:`cryptography.hazmat.primitives.twofactor.InvalidToken` and deprecated the old location. This was moved to minimize confusion between this exception and :class:`cryptography.fernet.InvalidToken`. * Added support for X.509 extensions in :class:`~cryptography.x509.Certificate` objects. The following extensions are supported as of this release: * :class:`~cryptography.x509.BasicConstraints` * :class:`~cryptography.x509.AuthorityKeyIdentifier` * :class:`~cryptography.x509.SubjectKeyIdentifier` * :class:`~cryptography.x509.KeyUsage` * :class:`~cryptography.x509.SubjectAlternativeName` * :class:`~cryptography.x509.ExtendedKeyUsage` * :class:`~cryptography.x509.CRLDistributionPoints` * :class:`~cryptography.x509.AuthorityInformationAccess` * :class:`~cryptography.x509.CertificatePolicies` Note that unsupported extensions with the critical flag raise :class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions set to non-critical are silently ignored. Read the :doc:`X.509 documentation` for more information. - add python-pyasn1, python-ipaddress and python-idna as Requires/BuildRequires - Update to 0.8.2: * Fixed a race condition when initializing the OpenSSL or CommonCrypto backends in a multi-threaded scenario. - update to 0.8.1: * Updated Windows wheels to be compiled against OpenSSL 1.0.2a. * func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can now load elliptic curve public keys. * Added :attr:`~cryptography.x509.Certificate.signature_hash_algorithm` support to :class:`~cryptography.x509.Certificate`. * Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factor s` * :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.kdf`. * Added support for parsing X.509 names. See the :doc:`X.509 documentation` for more information. * Added :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` to support loading of DER encoded private keys and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` to support loading DER encoded public keys. * Fixed building against LibreSSL, a compile-time substitute for OpenSSL. * FreeBSD 9.2 was removed from the continuous integration system. * Updated Windows wheels to be compiled against OpenSSL 1.0.2. * :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` now support PKCS1 RSA public keys (in addition to the previous support for SubjectPublicKeyInfo format for RSA, EC, and DSA). * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`. * Added :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`. * Added :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`. * Added :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization.public_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`. * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization.public_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`. * Added :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization` and deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers`. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization.public_bytes` to :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`. * :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and :class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.hashes`. * :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`, :class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`, :class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`, :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.ciphers`. * :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`, :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`, :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and :class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.ciphers.modes`. * :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.padding`. * :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding` was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric.padding`. * :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` and :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric`. * :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric.dsa` * :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric.ec`. * :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`, :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers` were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to :mod:`~cryptography.hazmat.primitives.asymmetric.rsa`. * Updated Windows wheels to be compiled against OpenSSL 1.0.1l. * ``enum34`` is no longer installed on Python 3.4, where it is included in the standard library. * Added a new function to the OpenSSL bindings to support additional functionality in pyOpenSSL. - update to 0.7.1 * backwards-incompatible change: GCM module doesn't truncate tags by default anymore * removed deprecated arguments to MFG1 constructor * ECC support * added PEM and openssh key loading convenience methods * support for many new ciphers and new features of existing ones see CHANGELOG.rst for details - spec cleanup - reworked %check section - added changelog to docs ==== python-pysmbc ==== Version update (1.0.18 -> 1.0.19) - version update to 1.0.19 * no upstream changelog found (NEWS not updated) ==== xdg-desktop-portal ==== Subpackages: xdg-desktop-portal-lang - Add xdg-dp-port-pipewire-3-api.patch: Port to use new pipewire-3.0 api. Following this, replace pkgconfig(libpipewire-2.0) with pkgconfig(libpipewire-3.0) BuildRequires. Also add libtool BuildRequires and pass autoreconf as the patch touches the buildsystem. ==== xen ==== Version update (4.13.0_10 -> 4.13.0_11) - bsc#1161480 - Fix xl shutdown for HVM without PV drivers add libxl.libxl__domain_pvcontrol.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 01-xen-credit2-avoid-vcpus-to.patch ==== xfce4-pulseaudio-plugin ==== Version update (0.4.2 -> 0.4.3) Subpackages: xfce4-pulseaudio-plugin-lang - Update to version 0.4.3 * Build now requires exo-2 0.11 or newer * Fixed various memory leaks and warnings * Removed unused dbus-glib include (bxo#15343) * Replaced g_type_class_add_private deprecations * Updated copyright years * Updated URLs from goodies.x.o to docs.x.o (bxo#16173) * MPRIS: Added support for filename icons (bxo#14329) * MPRIS: Added support for single-string variants on xesam:artist * MPRIS: Added support for the DesktopEntry property (bxo#14412) * MPRIS: Added support for the plasma-browser-integration plugin (bxo#15487) * MPRIS: Added title/artist conditioning from the track title * Preferences: Fixed icon rendering known players * Translation Updates ==== xfce4-screensaver ==== Version update (0.1.9 -> 0.1.10) - Update to version 0.1.10 * Send DBus lock responses for xfce4-session support (bxo#16522) * Translation Update ==== xfce4-session ==== Version update (4.14.1 -> 4.14.2) Subpackages: xfce4-session-lang - Update to version 4.14.2 * Add support for xfce4-screensaver (bxo#16522) * Try xfce screensaver before cinnamon (bxo#16223) * Translation Updates ==== xfce4-terminal ==== Version update (0.8.9.1 -> 0.8.9.2) Subpackages: xfce4-terminal-lang - Update to version 0.8.9.2 * Allow to create window with 1 line height. One should also disable the scrollbar (--hide-scrollbar) to get 1 row window. (bxo#16447) * Fix 'Transparency setting ignored when using --color-bg' (bxo#16309) * Translation updates ==== yast2 ==== Version update (4.2.76 -> 4.2.78) Subpackages: yast2-logs - Remove no longer needed multi status selector since it does not work as expected (bsc#1167523). - 4.2.78 - Fixed alignment in the multi selection CWM widget (part of bsc#1167523) - 4.2.77 ==== yast2-bootloader ==== Version update (4.2.18 -> 4.2.20) - Reverted the changes to delegate to yast2-storage-ng the calculation of udev links. See previous entries for versions 4.2.16 and 4.2.19. - This fixes bsc#1167779 and is related to bsc#1166096 and bsc#1151075. - 4.2.20 - Fixed the calculation of the udev name used to reference devices that are not formatted, like PReP partitions (bsc#1166096). - 4.2.19 ==== yast2-packager ==== Version update (4.2.58 -> 4.2.60) - Reverts changes made in 4.2.59 to improve the addons selection, keeping it as it was (bsc#1167523). - 4.2.60 - Improve the product selection dialog (related to bsc#1157780). - 4.2.59 ==== yast2-storage-ng ==== Version update (4.2.100 -> 4.2.104) - Reverted the changes done to support the calculation of udev links from yast2-bootloader, since the changes in that module were also reverted. See previous entries for versions 4.2.90 and 4.2.102. - Related to bsc#1167779, bsc#1166096 and bsc#1151075. - 4.2.104 - Reanimate saving USED_FS_LIST (bsc#1161533). - 4.2.103 - Extend and improve the API to get udev names for a block device (needed for bsc#1166096). - 4.2.102 - Prevents to put /boot in a bcache (bsc#1165903). - 4.2.101