Update for 00Meta, Botan, Botan.16333, DisplayCA... recommended moderate

Recommended update for gsoap, kopano, kopano-python-services

This update for gsoap, kopano, kopano-python-services fixes the following issues:

kopano was updated to release 10.0.5:

* Enhancements:
* gateway: support loading MAPI folders with slash in their name.
* Fixes:
* admin: fix stack exhaustion calling AclRightsToString.
* admin: fix out-of-bounds access in ConsoleTable.
* dagent: change SMTP error code for plugin failure from
permanent to transient category.
* server: recognize more MariaDB-specific status codes and
initiate reconnect if needed.
* server: fix a cache pollution with PR_HTML and
PR_RTF_COMPRESSED.
* dagent: failure to run actions will no longer stop rule
processing.
* mapi4linux: avoid M4LMAPISession going away while ECMsgStore
object(s) still alive.

Update to release 10.0.4

* Enhancements:
* daemons: service units now run with systemd protections on.
* icalmapi: support reading multi-iCal and multi-vCard files.
* Fixes:
* dagent, spooler: workaround crash during Python GC.
* dagent, gateway: avoid stack exhaustion in HTML filter.
* gateway: avoid non-atomic replacement of SSL context.
* gateway: avoid one crash case for deeply-nested HTML mail.
* server: cure a mysql wait phase during shutdown.
* server: cure a crash when the SQL server has shut down.
* daemons: avoid deadlock during signal handling.
* libserver: fix use-after-free and crash on shutdown.
* Various null deref warnings from clang --analyze were fixed.
* libserver: resolve memory leak of MYSQL objects.

Update to release 10.0.3

* Enhancements:
* server: new config directive request_log_method and
request_log_file.
* server: The log_level=0x100000 bit (SOAP) no longer has a
meaning; use the request_log_file mechanism instead.

Update to release 10.0.2

* dagent: add processing time stats and publish via surveyclient
* common: fix a malloc/delete[] mismatch in kc_utf8_to_punyaddr
* Respect KOPANO_SOCKET environment variable in all programs
* server: support numeric UID/GID for local_admin_users directive
* daemons: support numeric UID/GID for run_as_* directives

Update to release 10.0.1

* common: avoid computing log messages that will not get
shown [KC-1674]
* freebusy: fix crash in RecurrenceState::Exception instantiation
* client: IDN support [KC-1659]
* In config files, fractional values can now be used
for sizes ("0.5G").

Update to release 9.0.2

* Enhancements:
* storeadm: print entity types in orphan list [KC-718]
* client: improve dreaded "gsoap connect: ()" reporting
* server: fix dreaded "SSL_accept: (null)" reporting
* ECtools: add kopano-vcfimport
* Fixes:
* client: resolve rogue file descriptor closing [KC-1397,
KC-1462, KC-1518, KC-1584, KS-42330, KS-43193, KS-43409,
KS-43618, KS-43677, KS-43693, KS-43907, KS-43925, KS-43936]
* dagent: resolve crash when appointment has empty
organizer [KC-1637]
* spooler: regard redirected messages as having
recipients [KC-1638]

- Drop chown calls from scriptlets [boo#1154309]

Update to release 8.7.85

* daemons: support "%xxx"-style interface identifiers in bindspecs
(the "server_listen" or similarly-named directives in
.cfg files)
* client: send fewer logoff calls [KC-1590]
* daemons: AF_LOCAL sockets were erroneously owned by root
rather than run_as_user [KC-1616]
* pyko: avoid circular strong reference from notification
to store [KC-1572]
* php: add missing successful return value for
zif_mapi_vcfstomapi [KC-1487]
* client: unbreak translation of newly created store
folder names [KC-1607]
* dagent: the server_bind_intf option is removed in favor of %xxx
* search: put back the old value for limit_results=1000

- Update to release 8.7.84
* server: new installations will use files_v2 by default [KC-567]
* icalmapi: vCard 4.0 (RFC 6350) is now emitted
* kopano-set-oof has been removed; use `kopano-oof` instead [KC-981]
* kopano-localize-folders has been removed;
use `kopano-storeadm -Y` instead
* admin: the --mr-process option has been added
* dbadm: the "populate" action has been added
* daemons: the {pop3,imap,etc.}_listen directives can now take an
interface specifier similar to ping(8), e.g. "%eth0"
* server/ldapplugin: LDAP group membership cache [KC-1588]

- Update to release 8.7.83
* libserver: fix "withholding" of properties from clients [KC-1547]
* dagent, spooler: threaded more is enabled by default now [KC-1475]
* ldapplugin: 22% speedup in retriving the entire user list [KC-1399]
* client: enable write-caching for properties on stores and folders;
improves e.g. store creation time by 17% [KC-1585]
* Dropped Python2 and PHP5 support

- Update to new upstream release 8.7.3
* Fixes:
* dagent: standard casing for RFC 5322 headers [KF-2100]
* daemons: do not fail startup on IPv4-only systems [KC-1400]
* Feed HTML through libtidy before using it for the to-plaintext
conversion stage [KS-40722]
* server: fix crash on shutdown [KF-2179]
* server: address a potential crash due to type mismatch [KF-2151]
* server: use utf8mb3 with mysql 5.1 [KC-1423]
* server: avoid entering truncated tproperties data into the
cache [KC-1417]
* server: avoid using OpenLDAP-specific filters that 389-ds
does not know about [KC-1402]
* server: fixed TLS negotiation errors with openSSL 1.1.1 [KC-1439]
* spooler: avoid unnecessary QP encoding in header fields [KC-1430]
* spooler: fix hang on process termination [KC-1449]
* srvadm: do not complain about default_store_locale [KC-1416]
* dbadm: some long-running statements can now be run in parallel
with the new -j option [KS-42617]
* pyko: expand stubbed messages when dumping [KC-1159,KC-1168]
* pyko: don't mix str/int busy statuses [KC-1433]
* oof: fix erroneous -u parsing [KC-1425]
* oof: make --message option set the right property [KC-1435]
* server: complete utf8mb4->utf8 fallback for RHEL6 [KC-1423]
* inetmapi: modified appointments need to produce a new
Message-ID [KC-1458]
* dagent: set Bcc/RecipMe flags appropriately [KC-319]
* inetmapi: restore FQDN in Message-IDs [KC-1393]
* inetmapi: parse fake "From:" header better to hinder
proliferation of impersonations [KC-1350]
* stats: print "PR_..." instead of proptag numbers [KC-1495]
* server: no more unbounded thread number increase [KC-1446]
* php: fix crash in zif_mapi_getprops [KC-1507]
* Enhancements:
* backup: do record outofoffice settings
* php-ext: performance measurement log now contains a
timestamp, thread identifier, and global monotonic counter.
This can be used for estimating the achieved command rate.

- Update to 8.7.0 stable git HEAD
* dagent: standard casing for RFC 5322 headers [KF-2100]
* daemons: do not fail startup on IPv4-only systems [KC-1400]
* Feed HTML through libtidy before using it for the to-plaintext
conversion stage [KS-40722]
* server: fix crash on shutdown [KF-2179]
* server: address a potential crash due to type
mismatch [KF-2151]
* server: use utf8mb3 with mysql 5.1 [KC-1423]
* srvadm: do not complain about default_store_locale [KC-1416]
* dbadm: some long-running statements can now be run in parallel
with the new -j option [KS-42617]
* pyko: expand stubbed messages when dumping [KC-1159,KC-1168]

- Update to 8.7.0 stable
* server: fix disappearing inbox rules [KC-1359]
* kopano-dbadm: new action "usmp" and "usmp-charset"
* server: no more automatic upgrade to utf8mb4,
use `kopano-dbadm usmp` instead [KF-1394]
* dagent: the spam_header_name was not matched
correctly [KF-1961]
* dagent/client/libserver: fix inadvertent AF_LOCAL->SSL
redirect [KC-1368]
* client: ABEIDs were parsed wrong (and it broke with
gcc8) [KC-1386]
* php7-ext: cease modifying potentially-immutable
PHP variables [KC-1355]

- Update to 8.7~beta release (8.6.90)
* dagent, gateway, ical: modern socket specification in .cfg
with lmtp_listen=, pop3_listen=, imap_listen=, ical_listen=,
etc.
* dagent: PF_LOCAL socket support for communicating with postfix
* dagent: limited support for RFC 6531 (SMTPUTF8)
* server: LDAP STARTTLS support for user backend
* spooler: new config value log_raw_message=error
* daemons: coredumps no longer rely on fs.suid_dumpable
* server: support for Unicode supplemental plane (Emojis)
* spooler: add copy_delegate_mails=move-to-rep config directive
* kopano-ibrule: new utility for MAPI rules
* server: experimental "files_v2" attachment storage
* kopano-statsd: new daemon that records dagent/server/spooler
statistics
* This is an abridged list; there are more changes to
configuration and behavior; see RELNOTES.txt in the
"kopano-common" package for more details.

- Update to new snapshot 8.6.7.2
* Fixes:
* gateway, spooler: (re-)activate RFC 2047 header generation
(Outlook is still unable to read the RFC 2231 headers that
are generated normally) [KC-1226]
* srvadm: make --purge-softdelete=0 work
* Enhancements:
* dagent: advertise 8BITMIME/RFC6152 support [KS-41452]
* dagent/client: fixed broken umlauts in PR_EC_BODY_FILTERED
when input was not UTF-8 [KC-1225]

- Update to new upstream release 8.6.6
* ical: handle double quotes in Content-Type header
* server: repair broken timing log messages for ldapplugin
* php7-ext: cure stack corruption in mapi_vcftomapi
* gateway: avoid uncaught exception when client disconnects midway
* dagent: avoid always running into K-2383
* server: avoid SSL crash near ERR_clear_error on shutdown

- Update to new upstream snapshot 8.6.2.25
* Fixes:
* ical: handle double quotes in Content-Type header
* Enhancements:
* client: now emits warnings about own incomplete PR_RULES_DATA
processing
* inetmapi: now emits a warning when runtime vmime is too old
* server: fewer stat calls to the attachment backend
* Changes:
* dagent: default for log_timestamp changed to "yes"

- Update to new upstream snapshot 8.6.1.99
* Fixes:
* Fix crash due to ODR violation
* libserver: drop all remains of clientupdatestatus table
* gateway: fix crash when new client immediately disconnects
* mapi: avoid garbage at end of malformed RTF
* Enhancements:
* kopano-dbadm: new diagnostics program for offline database
modification
* kopano-server: allow use of --ignore-da to skip schema update
that won't complete
* build: support ICU 61
* propmap: expose kopanoHidden LDAP attribute as PR_EC_AB_HIDDEN
* Changes:
* daemons: disable SSL renegotiation for OpenSSL 1.1+
* server: invalid port strings are now rejected
* client: quiesce verbose logon failure messages
* boot: set default and UTF-8 locale for services

- Update to new upstream release 8.6.1
* Fixes:
* backup: ignore error when server cannot find attachments
* server: search folders were not loaded on startup
* monitor: handle absence of config file
* dagent: do not treat -d option like -c was given
* server: fix a case where an old kopano-server would refuse to
start with a newer database even if --ignore-da was used
* server: fix server/client getting slower when named properties
are created multiple times [KC-1108]
* client: fix data corruption when server returns high named
property IDs [KC-1107]
* Changes (generally requires admin action):
* inetmapi: stop treating empty indexed_headers as "X-*"
* dagent: cease indexing X-Headers by default
* dagent: turn indexed_headers from a prefix list into an
exact-match set
* If you need certain e-mail headers copied into named
properties, they MUST be explicitly listed _one by one_ in
dagent.cfg:indexed_headers now.
* Enhancements:
* server: reorder SQL log messages so the error is shown first,
and do say when the message was truncated

Changes in kopano-python-services:

- Drop chown calls from scriptlets [boo#1154309]

- Update to release 10.0.1
* Sync up with kopanocore-10.0.1. No user visible changes to
pytils.
* Drop kopano-dagent-pytils:/usr/sbin/kopano-autorespond.
This program is already provided by the kopano-dagent package.

- Update to release 9.0.2
* Fix broken property getter for public:OnlineMeetingExternalLink
* Replace cpickle by pickle
* pyko: avoid circular strong reference from notification to store
* pyko: add text and onlineMeetingUrl setter to Ocurrence(s)

- Update to upstream snapshot 8.7.83
* Split Python services into their own RPM package

gsoap was updated to release 2.8.102:

* Improved HTTP digest authentication plugin to cover
additional HTTP methods.

Update to release 2.8.101:

* Fix read beyond end-of-buffer in soap_accept
* Other unspecified improvements

Update to release 2.8.100:

* Improved proxy connectivity on the client side to handle bearer
authentication.
* Improved soapcpp2 handling of the `#module` directive.
* Fixed an MTOM flag clearing issue hampering MTOM usability.

Update to release 2.8.99:

* Improved performance of the soapcpp2 tool.
* Improved proxy connectivity on the client side with
`soap::proxy_host`, `soap::proxy_port`, and NTLM, to maintain
HTTP headers, e.g. `soap::http_content` and
`soap::http_extra_header`.
* Fixed a bug in HTTP cookie handling when the optional
`-DWITH_COOKIES` flag is used. Note that cookie support is
disabled by default or has no effect when deploying robust
services with the gSOAP Apache modules and ISAPI extensions
that handle cookies differently.

Update to release 2.8.98:

* Updated the WS-Security and WS-Trust APIs that use SAML with
higher precision timestamps in microseconds, using the
`custom/struct_timeval.h` serializer for `xsd__dateTime`. The
WS-Security and WS-Trust updates require compiling and
linking with `custom/struct_timeval.c`.
* Fixed an issue with soapcpp2 code generation of `wchar_t*`
serializers when combined with a custom serializer with base
type `wchar_t*`, i.e. when `extern typedef wchar_t* name` is
declared.
* Fixed an issue with soapcpp2 code generation when an element
tag names starts with an underscore and the element is
namespace qualified.

Update to release 2.8.97:

* Fixed wsdl2h processing of schemas with a cyclic schema
`` that may cause wsdl2h to hang when schemas
have no `targetNamespace` attribute.
* Improved wsdl2h code generation of unqualified types and
names defined in imported schemas (with ``) when
these schemas have no `targetNamespace`. Use wsdl2h option
`-z10` or lesser to revert to the code generation behavior of
versions prior to 2.8.97.

Update to release 2.8.96

* Improved `soap_check_mime_attachments()` and
`soap_recv_mime_attachment()` functions and documentation,
ensure proper close when MIME/MTOM errors occur.

Update to release 2.8.95

* Upgraded smdevp.c to replace deprecated OpenSSL API function.
* Updated WS-Security WSSE plugin, documentation, and demo.
* Improved soapcpp2 execution speed to generate WSDL and
XSD files.

Update to release 2.8.94

* Fixed a wsdl2h issue that caused it to omit names for local
simpleType restrictions in the generated `enum` types of
struct/class members; improved soapcpp2 to avoid `enum`
symbol numbering clashes in the generated source code.
* Removed unnecessary namespace prefixes from some class/struct
members in the source code generated by wsdl2h in a specific
case, to prevent XML validation issues.
* Added wsdl2h option `-z9` for backward compatibility of
2.8.94 and greater to versions 2.8.93 and lesser, which
reverts the namespace change.

Update to release 2.8.93

* Fixed a wsdl2h schema import/include issue when a `./` occurs
in schemaLocation` and schema import/include dependencies are
cyclic, causing wsdl2h to not be able to locate and read
schema files.
* Removed empty substitutionGroup and duplicate
substitutionGroup elements in wsdl2h-generated
`SUBSTITUTIONS` sections.

Update to release 2.8.92

* Fixed soapcpp2-generated call to `soap_DELETE` for REST
DELETE operations.

Update to new upstream release 2.8.91

* Correction to fix soapcpp2 2.8.90 `-z#` flag enforcement
problem.

Update to new upstream release 2.8.89

* Added wsdl2h option `-X` to do not qualify part names in
order to disambiguate document/literal wrapped patterns (as
the other choice to disambiguate instead of the default
qualification with schema namespaces).
* Added wsdl2h option `-z8` for backward compatibility with
2.8.74 and earlier: don't qualify part names to disambiguate
doc/lit wrapped patterns and revert to the old wrapper
class/struct naming used for `xs:anyType` inheritance.

Update to new upstream release 2.8.87

* Added `soap::connect_retry` to specify a number of retries at
the client side when connecting to a server fails, with
exponential backoff of 2^n seconds between retries.
Zero by default, meaning no retries.
* Added `soap::client_addr_ipv6` to optionally specify a IPv6 or
host address to bind to at the client side, when the
destination is a IPv6 server. Otherwise uses
`soap::client_addr` to bind.

Update to new upstream release 2.8.86

* Added `soap::client_addr` string to specify a IPv4 or IPv6 or
a host address to bind to before connecting. This can be used
at the client side to bind to an address before connecting to
a server endpoint, similar to `soap::client_port`.
* Fixed wsdl2h compilation issue with C++17.
* Fixed a problem with the `SOAP_SSL_DEFAULT` settings
parameter used with `soap_ssl_client_context` and
`soap_ssl_server_context` that may lead to a weaker setting
than specified.

Update to new upstream release 2.8.83

* Added wsdl2h optimization options `-Ow2`, `-Ow3`, and `-Ow4`
to optimize the generated source code by schema slicing,
while retaining all derived extensions of base types.
* Added wsdl2h option `-Q` to make `xsd__anySimpleType` equal
to `xsd__anyType` to use as the base type for derived types,
so that elements of type `xsd:anySimpleType` can be
serialized with a derived type, using inheritance in C++ and
by using simulated inheritance in C using wsdl2h option `-F`.
* Updated wsdl2h options `-p` and `-F` to generate additional
wrappers for primitive types that aren't XSD primitive types,
such as `SOAP-ENC:base64`.
* Improved wsdl2h output for the infrequently-used
`SOAP-ENC:Array` type.
* Fixed an issue with soapcpp2 option `-A` that resulted in
error 13 `SOAP_NO_METHOD`.

Update to new upstream release 2.8.81

* Added the ability to specify `nullptr` web service operation
arguments, similar to `nullptr` struct and class members.
This enables `xs:nillable="true"` elements corresponding to
web service operation arguments.
* Updated wsdl2h `import schemaLocation` logic to handle
relative paths.
* Updated DOM API for embedded serializable data types:
`SOAP_DOM_ASIS` removes XML namespace bindings (`xmlns`) from
the XML output of the embedded data type, which are normally
added to ensure namespace prefixes are always valid.
`SOAP_DOM_ASIS` requires the DOM to specify the namespace
bindings explicitly.

Update to new upstream release 2.8.80

* Updated to remove GCC 8.2 warnings.
* Improved wsdl2h handling of relative file paths.

Update to new upstream release 2.8.79

* Fixed a bug in wsdl2h option `-c` for C source code output,
resulting in a missing `*` pointer for `_XML __any` member
declaration when declared after the `$ int __size` array size
member. The bug may lead to validation errors in extensible
types when extra elements are present in the XML payload
received. The fix produces the correct `_XML *__any` member
declaration.

Update to new upstream release 2.8.78

* wsdl2h: WSDL and schema imports of files on relative paths:
file name without path or file name with path stating with
../ are considered relative locations with respect to the
current WSDL and schema that is importing, otherwise imported
files are considered relative to the directory in which
wsdl2h is run (the `-I` option can be used to change that
location).
* wsdl2h: to display warnings for invalid complexType and
simpleType extensions/restrictions but generates valid code
in such cases by inference, the update also fixes a valid
extension case.
* Fixed compilation error for soapcpp2 options `-i` and `-j`
caused by special case with empty input arguments to service
operations.
* Added jsoncpp new option `-k`.

Update to new upstream release 2.8.75

* Added wsdl2h option `-F` to add transient pointer members to
structs to simulate type derivation with structs in C.
* Added wsdl2h option `-L` to generate less documentation in
interface header files.
* Added `WITH_NOEMPTYNAMESPACES` compile-time flag to disable
`xmlns=""`, this is intended for backward compatibility with
old XML parsers and old gSOAP versions that do not support
`xmlns=""` empty default namespaces.
* Updated wsdl2h option `-D` to make attributes with fixed
values pointer members in structs and classes, not just
attributes with default values.
* Updated wsdl2h option `-f` to flatten C++ class hierarchy by
removing inheritance. This option removes support for type
derivation with `xsi:type` in XML.
* Updated soapcpp2 to split up the `soap_call_ns__webmethod`
functions into new `soap_send_ns__webmethod` and
`soap_recv_ns__webmethod` functions called by
`soap_call_ns__webmethod`. The new functions can be used for
asynchronous messaging.
* Updated soapcpp2 option `-j` to call `destroy()` in
destructor to deallocate managed heap data.
* Updated call to OpenSSL `ERR_remove_state` (deprecated) by
`ERR_remove_thread_state`.
* Fixed a bug in HTTP cookie handling by the engine. HTTP
cookies are disabled by default, but enabled with the
`-DWITH_COOKIES` compile-time flag or when using the C/C++
`libgsoapck`/`libgsoapck++` and `libgsoapssl`/`libgsoapssl++`
libraries.

Update to new upstream release 2.8.74:

* Fixed an issue with MIME/MTOM attachment sending when the
HTTP-digest plugin is used or when compression is enabled,
returning incorrect `SOAP_EOM` error (i.e. not caused by
out-of-memory). The problem had been introduced in 2.8.70.

Update to new upstream release 2.8.73

* Improved `soap_ssl_accept()` timeout settings to improve the
performance of gSOAP stand-alone HTTPS servers.
* Renamed `soap_get_http_body()` to `soap_http_get_body()` to
avoid name clashes with soapcpp2-generated `soap_get_T`
functions.
* Renamed `soap_get_form()` to `soap_http_get_form()` to avoid
name clashes with soapcpp2-generated `soap_get_T` functions.
* Renamed `soap_get_mime_attachment()` to
`soap_recv_mime_attachment()` to avoid name clashes with
soapcpp2-generated `soap_get_T` functions.
* Renamed `soap_get_stats()` to `soap_http_get_stats()` of the
httpget plugin to avoid name clashes with soapcpp2-generated
`soap_get_T` functions.
* Renamed `soap_get_logging_stats()` to `soap_logging_stats()`
of the logging plugin to avoid name clashes with
soapcpp2-generated `soap_get_T` functions.
* Moved `soap_http_get_form()`, `soap_query()`,
`soap_query_key()`, and `soap_query_val()` functions from the
httpget and httpform plugin APIs to the stdsoap2.c[pp]
library API. No project rebuilds should be necessary when
using these plugins with this upgrade.

Update to new upstream release 2.8.72

* Improved the HTTP GET `http_get` and HTTP POST `http_post`
plugins, handling of a HTTP POST request that has an empty
body is now supported.
* Updated user guide, corrected `soap_rand_uuid` description:
string returned is stored in a temporary buffer, not stored
in managed memory.
* Fixed spurious constant initialization problem for `enum`
types in soapcpp2-generated code, the problem was introduced
with soapcpp2 2.8.71 C/C++ grammar expansion.
* Fixed a CURL plugin issue that prevented PUT and DELETE
methods to work properly.

Update to new upstream release 2.8.71

* Added TLSv1.3 support with OpenSSL 1.1.1.
* Added HTTP PATCH support.
* Updated SSL/TLS options for `soap_ssl_client_context` and
`soap_ssl_server_context` to allow combinations of
`SOAP_TLSv1_0`, `SOAP_TLSv1_1`, `SOAP_TLSv1_2`,
`SOAP_TLSv1_3` protocols (v1.3 only available with OpenSSL
1.1.1 and greater), a change from the single TLS protocol
flag.
* Fixed soapcpp2 code generation issue for single- and
multi-dimensional fixed-size arrays.

Update to new upstream release 2.8.70

* Updated `typemap.dat` for ONVIF and upgraded `wsdd10.h`
(WS-Discovery 1.0 with WS-Addressing 2004/08) to `wsdd5.h`
(WS-Discovery 1.0 with WS-Addressing 2005/08).
* Fixed a deserialization issue with Qt `QString` used in a
wrapper class (as `__item` member), when the wrapper class is
used in a container, such as `std::vector`.

Update to new upstream relesae 2.8.69

* Improved `xs:redefine` processing, fixing the remaining
"circular group reference" warnings.
* Improved XML sample message generation.

Update to new upstream release 2.8.67

* Changed `typemap.dat` to disable `xsd__duration` custom
serializer by default, meaning that `xsd__duration` is
serialized as a string by default.
* Fixed an issue where the 64-bit integer types `LONG64` and
`ULONG64` and their serializers would be downcast to to 32-bit
when compiling C code with newer GCC versions, due to
`__STDC_VERSION__` no longer being defined by the compiler.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Fixed bugs
bnc#1154309
AUDIT-FIND: kopano-python-services: Local privilege escalation from kopano to root
Selected Binaries
openSUSE Build Service is sponsored by