Packages changed: boost-base mozilla-nss (3.58 -> 3.59) python-importlib-metadata (3.1.1 -> 3.3.0) python-more-itertools (8.5.0 -> 8.6.0) python-pyOpenSSL sudo (1.9.4 -> 1.9.4p2) timezone (2020d -> 2020e) xmlsec1 (1.2.30 -> 1.2.31) === Details === ==== boost-base ==== Subpackages: boost-license1_75_0 libboost_thread1_75_0 - libboost_nowide now uses same pattern of Provides/Conflicts and version numbers as other Boost libraries - Add missing conflicts for Boost 1.66 - Boost.Build (jam) implementation is now obsoletes older versions ==== mozilla-nss ==== Version update (3.58 -> 3.59) - update to NSS 3.59 Notable changes * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. ==== python-importlib-metadata ==== Version update (3.1.1 -> 3.3.0) - New version requires typing_extensions for Python < 3.8 (Leap and TW python36 flavor) - update to 3.3.0: * * #265: ``EntryPoint`` objects now expose a ``.dist`` object referencing the ``Distribution`` when constructed from a Distribution. * The object returned by ``metadata()`` now has a formally-defined protocol called ``PackageMetadata`` with declared support for the ``.get_all()`` method. Fixes #126. - add typing-extensions dependency for older python versions ==== python-more-itertools ==== Version update (8.5.0 -> 8.6.0) - update to 8.6.0: * :func:`all_unique` (thanks to brianmaissy) * :func:`nth_product` and :func:`nth_permutation` (thanks to N8Brooks) * :func:`chunked` and :func:`sliced` now accept a ``strict`` parameter (thanks to shlomif and jtwool) * Python 3.5 has reached its end of life and is no longer supported. * Python 3.9 is officially supported. ==== python-pyOpenSSL ==== - Adjust metadata for skip-networked-test.patch and refer to the proper upstream ticket gh#pyca/pyopenssl#68. ==== sudo ==== Version update (1.9.4 -> 1.9.4p2) - Update to 1.9.4p2 * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash if the sudoers file contains a runas user-specific Defaults entry. Bug #951. - News in 1.9.4p1 * Fixed a regression introduced in version 1.9.4 where sudo would not build when configured using the --without-sendmail option. Bug #947. * Fixed a problem where if I/O logging was disabled and sudo was unable to connect to sudo_logsrvd, the command would still be allowed to run even when the "ignore_logfile_errors" sudoers option was enabled. * Fixed a crash introduced in version 1.9.4 when attempting to run a command as a non-existent user. Bug #948. * The installed sudo.conf file now has the default sudoers Plugin lines commented out. This fixes a potential conflict when there is both a system-installed version of sudo and a user-installed version. GitHub issue #75. * Fixed a regression introduced in sudo 1.9.4 where sudo would run the command as a child process even when a pseudo-terminal was not in use and the "pam_session" and "pam_setcred" options were disabled. GitHub issue #76. * Fixed a regression introduced in sudo 1.8.9 where the "closefrom" sudoers option could not be set to a value of 3. Bug #950. ==== timezone ==== Version update (2020d -> 2020e) - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ==== xmlsec1 ==== Version update (1.2.30 -> 1.2.31) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Update to version 1.2.31: + Unload error strings in OpenSSL shutdown. + Make userData available when executing preExecCallback function. + Add an option to use secure memset. - Pass --disable-md5 to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1