Packages changed: busybox (1.33.1 -> 1.34.1) libfido2 (1.8.0 -> 1.9.0) libqt5-qtwebengine (5.15.6 -> 5.15.7) python-Pillow (8.3.2 -> 8.4.0) python-pyOpenSSL (20.0.1 -> 21.0.0) python-urllib3 (1.26.6 -> 1.26.7) rav1e (0.4.1 -> 0.5.0) rpm syntax-highlighting === Details === ==== busybox ==== Version update (1.33.1 -> 1.34.1) - Disable crc32 to avoid conflict with perl-Archive-Zip (until some project really requires crc32) - Build busybox-warewulf3 for i586 as well. This allowes to set up i586 nodes. - Enable fdisk (jsc#CAR-16) - Add testsuite-gnu-echo.patch: testing.sh to use GNU echo - Remove the duplicated config entries and construct the snippets on the fly based on the main config. This way it's easier to keep track of what's different - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional ==== libfido2 ==== Version update (1.8.0 -> 1.9.0) - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Added OpenSSL 3.0 compatibility. * Removed OpenSSL 1.0 compatibility. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. * Fixed detection of Windows?s native webauthn API; gh#382. ==== libqt5-qtwebengine ==== Version update (5.15.6 -> 5.15.7) - Update to version 5.15.7: * Update Chromium: [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms [Backport] sandbox: linux: allow clock_nanosleep & gettime64 [Backport] Linux sandbox: update syscall numbers for all platforms. [Backport] Ease HarfBuzz API change with feature detection [Backport] Security bug 1248665 [Backport] CVE-2021-37975 : Use after free in V8 [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) [Backport] CVE-2021-37978 : Heap buffer overflow in Blink [Backport] CVE-2021-30616: Use after free in Media. [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) [Backport] CVE-2021-37973 : Use after free in Portals [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API [Backport] Linux sandbox: return ENOSYS for clone3 [Backport] Linux sandbox: fix fstatat() crash [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" [Backport] Security bug 1238178 (2/2) [Backport] Security bug 1238178 (1/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) [Backport] CVE-2021-30630: Inappropriate implementation in Blink [Backport] CVE-2021-30629: Use after free in Permissions [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE [Backport] CVE-2021-30627: Type Confusion in Blink layout [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE [Backport] CVE-2021-30625: Use after free in Selection API [Backport] Security bug 1206289 [Backport] CVE-2021-30613: Use after free in Base internals [Backport] Security bug 1227228 [Backport] CVE-2021-30618: Inappropriate implementation in DevTools * Update patch level * Blacklist certificate test until certicates have been renewed * Block CORS from local URLs when remote access is not enabled * Do not wait on weak_pointer for termination errors * Support MSVC_VER 16.8 * Fix wrong save file filter for Markdown Editor example * Add Chromium version source documentation * Bump version from 5.15.6 to 5.15.7 * Fix crash when clicking on a link in PDF - Drop openSUSE patches: * fix1163766.patch. Should be addressed with: https://github.com/qt/qtwebengine-chromium/commit/652f834de https://github.com/qt/qtwebengine-chromium/commit/faae106ed https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf * chromium-glibc-2.33.patch. Should be addressed with the [Backport] Linux sandbox: fix fstatat() crash and Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" changes. * chromium-older-harfbuzz.patch - Drop upstream changes: * 0001-return-ENOSYS-for-clone3.patch * chromium-harfbuzz-3.0.0.patch * skia-harfbuzz-3.0.0.patch - Rebase patches: * sandbox-statx-futex_time64.patch ==== python-Pillow ==== Version update (8.3.2 -> 8.4.0) - update to 8.4.0: - Prefer global transparency in GIF when replacing with background color #5756 - Added "exif" keyword argument to TIFF saving #5575 - Copy Python palette to new image in quantize() #5696 - Read ICO AND mask from end #5667 - Actually check the framesize in FliDecode.c #5659 - Determine JPEG2000 mode purely from ihdr header box #5654 - Fixed using info dictionary when writing multiple APNG frames #5611 - Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655 - For GIF save_all with palette, do not include palette with each frame #5603 - Keep transparency when converting from P to LA or PA #5606 - Copy palette to new image in transform() #5647 - Added "transparency" argument to EpsImagePlugin load() #5620 - Corrected pathlib.Path detection when saving #5633 - Added WalImageFile class #5618 - Consider I;16 pixel size when drawing text #5598 - If default conversion from P is RGB with transparency, convert to RGBA #5594 - Speed up rotating square images by 90 or 270 degrees #5646 - Add support for reading DPI information from JPEG2000 images - Catch TypeError from corrupted DPI value in EXIF #5639 - Do not close file pointer when saving SGI images #5645 - Deprecate ImagePalette size parameter #5641 - Prefer command line tools SDK on macOS #5624 ==== python-pyOpenSSL ==== Version update (20.0.1 -> 21.0.0) - Add check_inv_ALPN_lists.patch checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). - update to 21.0.0: - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ==== python-urllib3 ==== Version update (1.26.6 -> 1.26.7) - update to 1.26.7: * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. * Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching. ==== rav1e ==== Version update (0.4.1 -> 0.5.0) - Update to version 0.5.0 * https://github.com/xiph/rav1e/releases/tag/v0.5.0 - Removed f553646d70fba8e265d436103a73520eb7adec8c.patch ==== rpm ==== - Add support for using a thread pool for threaded zstd compression new patch: zstdpool.diff - Switch to threaded zstd compression with a pool of 8 threads new patch: zstdthreaded.diff ==== syntax-highlighting ==== Subpackages: libKF5SyntaxHighlighting5 - Add the optional QtQuick dependency. (boo#1192170)