Packages changed: MozillaThunderbird (68.5.0 -> 68.6.0) chromium (80.0.3987.132 -> 80.0.3987.149) libkcddb libqt5-qtbase libvirt python-python-stdnum (1.11 -> 1.13) python-pyxdg (0.25 -> 0.26) qqc2-desktop-style (5.67.0 -> 5.68.0) ruby2.5 (2.5.5 -> 2.5.7) samba (4.11.5+git.123.a7233352c28 -> 4.11.5+git.137.297c522339b) xfce4-screensaver (0.1.8 -> 0.1.9) zimg === Details === ==== MozillaThunderbird ==== Version update (68.5.0 -> 68.6.0) Subpackages: MozillaThunderbird-translations-common MozillaThunderbird-translations-other - Mozilla Thunderbird 68.6 * new: Thunderbird now displays a popup window when starting up on a new profile (bmo#1590036) * changed: Thunderbird now provides partial updates resulting in smaller downloads (bmo#1410512) * fixed: Searching in message bodies led to false negatives under some circumstances in quoted-printable encoded HTML bodies (bmo#1614796) * fixed: "Get New Messages for All Accounts" not working for OAuth2-authenticated IMAP accounts (bmo#1593611) * fixed: Various security fixes MFSA 2020-10 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636, bmo#1614339) Memory safety bugs fixed in Thunderbird 68.6 ==== chromium ==== Version update (80.0.3987.132 -> 80.0.3987.149) - Update to 80.0.3987.149 (bsc#1167090): * High CVE-2020-6422: Use after free in WebGL. * High CVE-2020-6424: Use after free in media. * High CVE-2020-6425: Insufficient policy enforcement in extensions. * High CVE-2020-6426: Inappropriate implementation in V8. * High CVE-2020-6427: Use after free in audio. * High CVE-2020-6428: Use after free in audio. * High CVE-2020-6429: Use after free in audio. * High CVE-2019-20503: Out of bounds read in usersctplib. * High CVE-2020-6449: Use after free in audio. * Various fixes from internal audits, fuzzing and other initiatives - Do not pull in python deps except interpreter, the bundles are patched anwyays ==== libkcddb ==== Subpackages: libKF5Cddb5 libkcddb-lang - Add Switch-from-freedb.org-to-gnudb.org.patch to use gnudb.org by default, freedb.org will be shutdown at the end of March (kde#418421) ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Fix builds of packages using qt5_make_output_file, e.g. FreeCAD. * Fix-qt5_make_output_file-macro-for-paths-containing-dots.patch ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs - qemu: Create multipath targets for PRs a30078cb-qemu-create-mp-target.patch, aeb909bf-qemu-multipath-fix.patch bsc#1161883 ==== python-python-stdnum ==== Version update (1.11 -> 1.13) - Drop not really needed nose dependency - version update to 1.13 * Add modules for the following number formats: - ESR, ISR, QR-reference (reference number on Swiss payment slips) (thanks Kurt Keller) - ID number (South African Identity Document number) * Add format function for ISO 11649 numbers (thanks Kurt Keller) * Add support for Python 3.8 (thanks Sergi Almacellas Abellana) * Clarify that the Italian Codice Fiscale can also be the IVA for companies (thanks Nicholas Fiorentini) * Support the new Dutch btw-identificatienummer (thanks Cas Vissers, Jeroen van Heiningen, Jerome Hanke, Nicolas Martinelli, Ronald Portier and Tim Muller) * Extend test for Argentinian CUIT to check first two digits * Add more country codes to ISIN (thanks nocluebutalotofit, Anwar Baroudi and alexbond73) * Add modules for the following number formats: - NRT (Número de Registre Tributari, Andorra tax number) (thanks Leandro Regueiro) - CPF (Cédula de Persona Física, Costa Rica physical person ID number) (thanks Leandro Regueiro) - CPJ (Cédula de Persona Jurídica, Costa Rica tax number) (thanks Leandro Regueiro) - CR (Cédula de Residencia, Costa Rica foreigners ID number) (thanks Leandro Regueiro) - NIT (Número de Identificación Tributaria, Guatemala tax number) (thanks Leandro Regueiro) - Identity Number (Mispar Zehut, ???? ????, Israeli identity number) - CN (????, h?jin bang?, Japanese Corporate Number) (thanks Alan Hettinger) - RRN (South Korean resident registration number) (thanks Dimitri Papadopoulos) - IRD number (New Zealand Inland Revenue Department (Te Tari T?ke) number) (thanks Leandro Regueiro) - CUI (Cédula Única de Identidad, Peruvian identity number) - RUC (Registro Único de Contribuyentes, Peruvian company tax number) - RUC number (Registro Único de Contribuyentes, Paraguay tax number) (thanks Leandro Regueiro) - VKN (Vergi Kimlik Numaras?, Turkish tax identification number) (thanks Leandro Regueiro) - RUT (Registro Único Tributario, Uruguay tax number) (Leandro Regueiro) - RIF (Registro de Identificación Fiscal, Venezuelan VAT number) (thanks Kevin Kaiser) - TIN (South African Tax Identification Number) (thanks Leandro Regueiro) * Support GTIN (EAN-14) validation as part of EAN (thanks Sergi Almacellas Abellana) * Support Dominican Republic e-CF within NCF (thanks Jeffry Jesus De La Rosa) * Fix Dominican Republic DGII lookups of NCF (thanks Jeffry Jesus De La Rosa) * Fix German Handelsregisternummer to not confuse Hamburg with Homburg and to accept shorter numbers (thanks Kevin Kaiser) * Support lookups of German Handelsregisternummer in OffeneRegister.de web service * Handle - and + sign correctly in Swedish Personnummer (thanks Amin Solhizadeh) * Provide various personalid and vat aliases for existing numbers (thanks Andreas Häber) * Improve descriptions of Spanish codes (thanks Gerard Dalmau) * Fix handling and normalisation of various Unicode digit representations (thanks Helge Munk Jacobsen) ==== python-pyxdg ==== Version update (0.25 -> 0.26) - Add setuptools dependency - Use pytest to run tests rather than nose that will break with python 3.10 - Fix Menu.py using attributes that no longer exist Patch from https://gitlab.freedesktop.org/xdg/pyxdg/-/merge_requests/2 * new-api.patch - Fix test data to use sys.executable - add resource_leak.patch - Fix several ResourceWarnings: unclosed file - Remove superfluous devel dependency for noarch package - Update to 0.26.0: * IconTheme: Add support for Scale and ScaledDirectories keys. * DesktopEntry: New method findTryExec() * Menu: More efficient processing of filter rules by building a Python AST * Mime: Prefer the first mimetype found for a file extension, instead of the last * Mime: Allow unknown magic-matching rule formats * Mime: GlobDB has new methods first_match and all_matches for matching paths * Mime: New function get_extensions to get extensions for a given mime type * Mime: Fix MagicDB.match_data crashing with an unknown 'possible' mimetype * Mime: Correctly handle __NOMAGIC__ rule removing previous magic matches * Menu: XML parsing reworked * BaseDirectory: More secure creation of a fallback runtime directory with get_runtime_dir(strict=False) * Various miscellaneous improvements to testing. - Fix provides/obsoletes to actually provide python2-xdg too ==== qqc2-desktop-style ==== Version update (5.67.0 -> 5.68.0) - Update to 5.68.0 * New feature release * For more details please see: * https://www.kde.org/announcements/kde-frameworks-5.68.0.php - Changes since 5.67.0: * ScrollView: Use scrollbar height as bottom padding, not width - Drop 0001-ScrollView-Use-scrollbar-height-as-bottom-padding-no.patch ==== ruby2.5 ==== Version update (2.5.5 -> 2.5.7) Subpackages: libruby2_5-2_5 ruby2.5-stdlib - Fix CVE-2020-8130 (boo# 1164804) for the intree copy of rake: - add CVE-2020-8130.patch and rake-12.3.0.gem - remove test files which are not needed at runtime (boo#1162396) - adds remove-unneeded-files.patch and did_you_mean-1.2.0.gem - update to 2.5.7 - https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/ - CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test (boo#1152990) - CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix) (boo#1152992) - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch? (boo#1152994) - CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick?s Digest access authentication (boo#1152995) - https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-5-6-released/ - Multiple jQuery vulnerabilities in RDoc (CVE-2012-6708 CVE-2015-9251) - fix running tests (boo#1140844) just passing the DISABLED_TESTS variable is wrong. probably a relict from calling the test scripts directly. use TESTOPTS now. ==== samba ==== Version update (4.11.5+git.123.a7233352c28 -> 4.11.5+git.137.297c522339b) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit - Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). - CTDB doesn't retry outgoing connections on bind (and some other) failures; (bso#14274); (bsc#1162680). ==== xfce4-screensaver ==== Version update (0.1.8 -> 0.1.9) - Update to version 1.9.0 * Replace deprecated GTimeVal usage * Rebuild windows on monitor reconfiguration * Draw overlays during window reconstruction to protect screen * Do not activate DPMS when screensaver is inactive (bxo#16327) * Better handling of multi-monitor and lid-close events (bxo#16102) * Update LINGUAS (bxo#15949) * Fix decimal properties when running through atof * Return 1 on lock command failure (bxo#15945) * Rename 'Pictures folder' to 'Slideshow' (bxo#15589) * Raise NameError and TypeError (bxo#15830) * Fix float parsing error (bxo#16295) * Fix inhibitor proxying (bxo#16356) * Fix inhibitor listing in xfce4-screensaver-command (bxo#16355) * Add systemd sleep inhibitor (bxo#15929) * Fix dbus inhibition (bxo#16365) * dbus: Prevent overzealous activation (bxo#16365) * Translation Updates ==== zimg ==== - Add colorspace-fix-assertion-part2.patch in order to address gh#sekrit-twc/zimg#123. - Add colorspace-fix-assertion.patch in order to fix build with GCC10. See gh#sekrit-twc/zimg#122.