openSUSE Factory
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
April 2023
- 95 participants
- 87 discussions
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ImageMagick (7.1.1.5 -> 7.1.1.6)
binutils
btrfsprogs (6.2.2 -> 6.1.3)
gnome-control-center
isl (0.25 -> 0.26)
libXpm
libgcrypt (1.10.1 -> 1.10.2)
libgit2 (1.6.3 -> 1.6.4)
libgpg-error (1.46 -> 1.47)
libsolv (0.7.23 -> 0.7.24)
libva (2.17.0 -> 2.18.0)
libva-gl (2.17.0 -> 2.18.0)
libvirt
libzypp (17.31.8 -> 17.31.10)
microos-tools (2.20 -> 2.20+git20230413.2a43cdb)
ncurses (6.4.20230311 -> 6.4.20230408)
xdg-desktop-portal-gtk
zypper (1.14.59 -> 1.14.60)
=== Details ===
==== ImageMagick ====
Version update (7.1.1.5 -> 7.1.1.6)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.1.6
- https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-6---2023-…
- fixes CVE-2023-1906 [bsc#1210308]
==== binutils ====
Subpackages: libctf-nobfd0 libctf0
- Rebase branch patch (includes fix for PR30281).
==== btrfsprogs ====
Version update (6.2.2 -> 6.1.3)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces
- Rebase gnome-control-center-disable-error-message-for-NM.patch
- Add gnome-control-center-fix-6f1567f23.patch:
network/connection-editor: fix crash when removing a connection
(glgo#GNOME/gnome-control-center/commit/8cb77b4d3, bsc#1210377).
==== isl ====
Version update (0.25 -> 0.26)
- update to 0.26:
* fix inherited overloaded methods in Python bindings
* decompose topological sort of clusters in incremental
scheduler
* improved isl_pw_aff_list_{min,max}
* add some convenience functions
* more exports to (templated C++) bindings
* slightly improved conversion from binary relation to function
==== libXpm ====
- with switching to suggests making use of (n)compress no longer
needs to be limited to openSUSE
- suggests instead of require compress (see changelog below)
- require compress (ncompress package) on openSUSE; it's not
supported on SLE
- Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead
(xpmPipeThrough function returns NULL when the command is not
available; so same result as with the patch applied; that the
child process for executing 'compress' returns with exit(1)
doesn't matter much; it might even be useful to see the error
message ...)
- Depend also on /usr/bin/uncompress, not only /usr/bin/gzip;
Requiring binaries instead of packages resolves the file
conflict with busybox-gzip, which is used when building nginx
opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip
==> conflict with busybox-gzip
- Depend on /usr/bin/gzip, not gzip
==== libgcrypt ====
Version update (1.10.1 -> 1.10.2)
Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac
- Update to 1.10.2:
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
- Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
* Release-info: https://dev.gnupg.org/T5905
* Rebase FIPS patches:
- libgcrypt-FIPS-SLI-hash-mac.patch
- libgcrypt-FIPS-SLI-kdf-leylength.patch
- libgcrypt-FIPS-SLI-pk.patch
==== libgit2 ====
Version update (1.6.3 -> 1.6.4)
- Update to 1.6.4:
* config: return GIT_ENOTFOUND for missing programdata
- move experimental cli into libgit2-tools as intended
==== libgpg-error ====
Version update (1.46 -> 1.47)
Subpackages: libgpg-error0 libgpg-error0-32bit
- Update to 1.47:
* New error codes for PUKs and reset codes. [T6421]
* Avoid segv in logging with improper use of the "socket://".
* Fixed translation of argparse's internal option --help.
* Interface changes relative to the 1.46 release:
- GPG_ERR_SOURCE_TKD NEW.
- GPG_ERR_BAD_PUK NEW.
- GPG_ERR_NO_RESET_CODE NEW.
- GPG_ERR_BAD_RESET_CODE NEW.
- GPGRT_SPAWN_KEEP_STDIN NEW.
- GPGRT_SPAWN_KEEP_STDOUT NEW.
- GPGRT_SPAWN_KEEP_STDERR NEW.
- GPGRT_SPAWN_INHERIT_FILE NEW.
* Release-info: https://dev.gnupg.org/T6231
==== libsolv ====
Version update (0.7.23 -> 0.7.24)
Subpackages: libsolv-tools python3-solv ruby-solv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
[bsc#1195633]
- bump version to 0.7.24
==== libva ====
Version update (2.17.0 -> 2.18.0)
Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2
- Update to version 2.18.0:
* doc: Add build and install libva informatio in home page.
* fix:
- Add libva.def into distribution package
- NULL check before calling strncmp.
- Remove reference to non-existent symbol
* meson: docs:
- Add encoder interface for av1
- Use libva_version over project_version()
* va:
- Add VAProfileH264High10
- Always build with va-messaging API
- Fix the codying style of CHECK_DISPLAY
- Remove Android pre Jelly Bean workarounds
- Remove dummy isValid() hook
- Remove unused drm_sarea.h include & ANDROID references in
va_dricommon.h
- va/sysdeps.h: remove Android section
* x11:
- Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var
- Use LIBVA_DRI3_DISABLE in GetNumCandidates
- Switch to multibuild style. Drop libva-gl.spec|changes and
pre_checkin.sh.
- Switch to meson build system, add meson BuildRequires, drop
libtool and xz BuildRequires, and replace gcc-c++ with generic
c++_compiler.
- Use autosetup and ldconfig_scriptlets macros.
- Add libva-wayland to baselibs.conf, now that its build have moved
to the main part of spec, source validator should no longer
complain on SLE.
- Drop propagate-dpy.patch: The upstream issue was closed without
the patch ever getting applied, and the issue that it fixed was
deemed to not be a libva issue. See upstream issue:
https://github.com/intel/libva/issues/479
==== libva-gl ====
Version update (2.17.0 -> 2.18.0)
- Update to version 2.18.0:
* doc: Add build and install libva informatio in home page.
* fix:
- Add libva.def into distribution package
- NULL check before calling strncmp.
- Remove reference to non-existent symbol
* meson: docs:
- Add encoder interface for av1
- Use libva_version over project_version()
* va:
- Add VAProfileH264High10
- Always build with va-messaging API
- Fix the codying style of CHECK_DISPLAY
- Remove Android pre Jelly Bean workarounds
- Remove dummy isValid() hook
- Remove unused drm_sarea.h include & ANDROID references in
va_dricommon.h
- va/sysdeps.h: remove Android section
* x11:
- Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var
- Use LIBVA_DRI3_DISABLE in GetNumCandidates
- Switch to multibuild style. Drop libva-gl.spec|changes and
pre_checkin.sh.
- Switch to meson build system, add meson BuildRequires, drop
libtool and xz BuildRequires, and replace gcc-c++ with generic
c++_compiler.
- Use autosetup and ldconfig_scriptlets macros.
- Add libva-wayland to baselibs.conf, now that its build have moved
to the main part of spec, source validator should no longer
complain on SLE.
- Drop propagate-dpy.patch: The upstream issue was closed without
the patch ever getting applied, and the issue that it fixed was
deemed to not be a libva issue. See upstream issue:
https://github.com/intel/libva/issues/479
- update to 2.17.0:
* win: Simplify signature for driver name loading
* win: Rewrite driver registry query and fix some
bugs/leaks/inefficiencies
* win: Add missing null check after calloc
* va: Update security disclaimer
* dep:remove the file .cvsignore
* pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx
* meson: add 'with-legacy' for emgd, nvctrl and fglrx
* x11: move all FGLRX code to va_fglrx.c
* x11: move all NVCTRL code to va_nvctrl.c
* meson: stop using deprecated meson.source_root()
* meson: stop using configure_file copy=true
* va: correctly include the win32 (local) headers
* win: clean-up the coding style
* va: dos2unix all the files
* drm: remove unnecessary dri2 version/extension query
* trace: annotate internal functions with DLL_HIDDEN
* build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_
support level attribute instead
* meson: Check support for -Wl,-version-script and build link_args
accordingly
* meson: Set va_win32 soversion to '' and remove the install_data rename
* fix: resouce check null
* va_trace: Add Win32 memory types in va_TraceSurfaceAttributes
* va_trace: va_TraceSurfaceAttributes should check the
VASurfaceAttribMemoryType
* va: Adds Win32 Node and Windows build support
* va: Adds compat_win32 abstraction for Windows build and prepares va
common code for windows build
* pkgconfig: Add Win32 package for when WITH_WIN32 is enabled
* meson: Add with_win32 option, makes libdrm non-mandatory on Win
* x11: add basic DRI3 support
* drm: remove VA_DRM_IsRenderNodeFd() helper
* drm: add radeon drm + radeonsi mesa combo
==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- qemu: Fix potential crash during driver cleanup
bsc#1209861
==== libzypp ====
Version update (17.31.8 -> 17.31.10)
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
(boo#1127591)
Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
[#439])
Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
==== microos-tools ====
Version update (2.20 -> 2.20+git20230413.2a43cdb)
- Update to version 2.20+git20230413.2a43cdb:
* Drop extra sysctl file for coredumps (boo#1091684)
==== ncurses ====
Version update (6.4.20230311 -> 6.4.20230408)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20230408
+ document limitations of tparm, and error-returns in curs_terminfo.3x
+ document limitations of tgoto, and error-returns in curs_termcap.3x
+ add xterm+focus to alacritty+common (patch by Christian Duerr).
+ add "-v" option to tput, to show warnings.
> improve checks for malformed terminfo data (report/analysis by
Jonathan Bar Or, Michael Pearse, Emanuele Cozzi).
+ make the parameter type/count checks in _nc_tiparm() more stringent
+ update tgoto() to account for _nc_tiparm() changes
+ add checks in tparm() and tiparm() for misuse of string parameters
+ add special cases in tput to handle extensions Cs/Ms parameters
+ ignore compiled-terminfo where the array sizes exceed the standard
- Skip gzipping manual pages as brp-compress does the job
- Add ncurses patch 20230401
+ modify experimental Windows driver to work with xterm mouse protocol.
+ remove DECCOLM+DECSCLM from foot (patch by Daniel Ekloef).
==== xdg-desktop-portal-gtk ====
Subpackages: xdg-desktop-portal-gtk-lang
- Change Supplements: Replace gtk3 with gtk3-schema, ensure the
supplements gets triggered.
- Add (gtk4-schema and (flatpak or snapd)) Supplements:
Futureproof the supplements, as more and more of GNOME moves to
gtk4.
==== zypper ====
Version update (1.14.59 -> 1.14.60)
Subpackages: zypper-log zypper-needs-restarting
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60
1
0
Dear Tumbleweed users and hackers,
This week we have seen quite a low number of submit requests coming to
Tumbleweed, which resulted in the snapshots being built and tested
rather quickly and us thus managing to release 8 snapshots in the day
(usually the Thursday snapshot is only published later on Friday
evening, this week it was all built and tested before lunch). So the 8
snapshots are not something really special. The versioning for
snapshots limits us to one snapshot per day after all (and I doubt
anybody would ask for more than that).
The snapshots covered in this review are 0406…0413 and contain these
changes:
* Poppler 23.04.0
* Libvirt 9.2.0
* Apache 2.4.57
* mutter 44.0 git snapshot (44 commits after 44.0: avoid some crashes
on gnome-shell)
* systemd 253.3
* LLVM 16.0.1
* KDE Frameworks 5.105.0
* Pipewire 0.3.68
* 389-ds 2.3.2
* gnutls 3.8.0
* Mozilla Firefox 112.0
* Linux kernel 6.2.10
Staging projects are not overwhelmed at the moment, so if you have
anything that you want to be integrated into Tumbleweed, now is a good
time (as ever): we will; find staging space for your needs. The current
updates being tested include the following:
* GStreamer 1.22.2
* openSSL 3.1
* Zypper 1.14.60 / libzypp 17.31.9: support for x86-64-vN sub-
architectures
Wayland 1.22.0: crashes Firefox
(https://bugzilla.mozilla.org/show_bug.cgi?id=1826583, fixed for FF
113)
And that’s already all the interesting things I could find in staging…
Cheers,
Dominique
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (111.0.1 -> 112.0)
acpid
autoyast2 (4.6.0 -> 4.6.1)
avahi
avahi-glib2
btrfsprogs (6.1.3 -> 6.2.2)
glslang
grub2
gvfs
ibus-table-chinese (1.8.11 -> 1.8.12)
kernel-source (6.2.9 -> 6.2.10)
kimageformats
libqt5-qtwebengine
mozilla-nss (3.88.1 -> 3.89)
mozjs102 (102.9.0 -> 102.10.0)
postgresql15
sane-backends (1.1.1 -> 1.2.1)
snapper
vim (9.0.1430 -> 9.0.1443)
yast2-drbd (4.6.0 -> 4.6.1)
yast2-pkg-bindings (4.6.0 -> 4.6.1)
yast2-update (4.6.0 -> 4.6.1)
=== Details ===
==== MozillaFirefox ====
Version update (111.0.1 -> 112.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 112.0
* https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
MFSA 2023-13 (bsc#1210212)
* CVE-2023-29531 (bmo#1794292)
Out-of-bound memory access in WebGL on macOS
* CVE-2023-29532 (bmo#1806394)
Mozilla Maintenance Service Write-lock bypass
* CVE-2023-29533 (bmo#1798219, bmo#1814597)
Fullscreen notification obscured
* CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
bmo#1821906, bmo#1822298, bmo#1822305)
Fullscreen notification could have been obscured on Firefox
for Android
* MFSA-TMP-2023-0001 (bmo#1819244)
Double-free in libwebp
* CVE-2023-29535 (bmo#1820543)
Potential Memory Corruption following Garbage Collector compaction
* CVE-2023-29536 (bmo#1821959)
Invalid free from JavaScript code
* CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
Data Races in font initialization code
* CVE-2023-29538 (bmo#1685403)
Directory information could have been leaked to WebExtensions
* CVE-2023-29539 (bmo#1784348)
Content-Disposition filename truncation leads to Reflected
File Download
* CVE-2023-29540 (bmo#1790542)
Iframe sandbox bypass using redirects and sourceMappingUrls
* CVE-2023-29541 (bmo#1810191)
Files with malicious extensions could have been downloaded
unsafely on Linux
* CVE-2023-29542 (bmo#1810793, bmo#1815062)
Bypass of file download extension restrictions
* CVE-2023-29543 (bmo#1816158)
Use-after-free in debugging APIs
* CVE-2023-29544 (bmo#1818781)
Memory Corruption in garbage collector
* CVE-2023-29545 (bmo#1823077)
Windows Save As dialog resolved environment variables
* CVE-2023-29546 (bmo#1780842)
Screen recording in Private Browsing included address bar on
Android
* CVE-2023-29547 (bmo#1783536)
Secure document cookie could be spoofed with insecure cookie
* CVE-2023-29548 (bmo#1822754)
Incorrect optimization result on ARM64
* CVE-2023-29549 (bmo#1823042)
Javascript's bind function may have failed
* CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217,
bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602,
bmo#1821448, bmo#1822413, bmo#1824828)
Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
* CVE-2023-29551 (bmo#1763625, bmo#1814314, bmo#1815798, bmo#1815890,
bmo#1819239, bmo#1819465, bmo#1819486, bmo#1819492, bmo#1819957,
bmo#1820514, bmo#1820776, bmo#1821838, bmo#1822175, bmo#1823547)
Memory safety bugs fixed in Firefox 112
- requires
* NSS 3.89
* Python >= 3.7 (for build)
- removed obsolete mozilla-bmo1807652.patch
- Fix Icons displayed incorrectly on GNOME/wayland via WMCLASS
in desktop file
==== acpid ====
- do not ship thinkpad_handler script or config, it's broken since
libexecdir changed and nobody noticed, most likely it's not doing
anything on recent thinkpads, put it into the examples instead
- fix file timestamps to not change with every rebuild
==== autoyast2 ====
Version update (4.6.0 -> 4.6.1)
Subpackages: autoyast2-installation
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.6.1
==== avahi ====
Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7
- Add avahi-CVE-2023-1981.patch: emit error if requested service
is not found (boo#1210328 CVE-2023-1981).
==== avahi-glib2 ====
Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0
- Add avahi-CVE-2023-1981.patch: emit error if requested service
is not found (boo#1210328 CVE-2023-1981).
==== btrfsprogs ====
Version update (6.1.3 -> 6.2.2)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- Use pre-generated documentation from tarball, fixes build on SLE targets
where sphinx might not be available
- update to 6.2.2
* fix build on old x86 architectures with builtin crypto
* device stats: fix printing wrong values in tabular output
* qgroup show: fix qgroup id formatting in json output
* restore: fix restoring xattrs on directories
* restore: don't modify metadata in dry-run mode
* balance: fix some cases wrongly parsed as old syntax
* balance: warn when deprecated syntax is used
* seeding: fall back to old way if sysfs device fsid is not available
* convert: handle orphan file ext4 feature
* other:
* sync ioctl definitions
* enable github CI
* update documentation
- update to 6.2.1
* fix build with crypto libraries
* CI images updated, build tests extended
- update to 6.2:
* receive: fix a corruption when decompressing zstd extents
* subvol sync: print total number and deletion progress
* accelerated hash algorithm implementations in fallback mode on x86_64
* fi mkswapfile: new option --uuid
* new global option --log=level to set the verbosity level directly
* other:
* experimental: update checksum conversion (not usable yet)
* build actually requires -std=gnu11
* refactor help option formatting, auto wrap long lines
==== glslang ====
- Add StandAlone/ to glslang-nonstd-devel
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen
- Resolve some issues with OS boot failure on PPC NVMe-oF disks and made
enhancements to PPC secure boot's root device discovery config (bsc#1207230)
- Ensure get_devargs and get_devname functions are consistent
* 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch
- Fix regex for Open Firmware device specifier with encoded commas
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution.
* 0004-Introduce-prep_load_env-command.patch
- Refreshed
* 0005-export-environment-at-start-up.patch
==== gvfs ====
Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang
- Add 41862c0179f834d8bc3bd84ce78ee495050f2676.patch: trash: Sync
trash dir items when files change.
- Use auto(setup|patch) macros.
==== ibus-table-chinese ====
Version update (1.8.11 -> 1.8.12)
Subpackages: ibus-table-chinese-array ibus-table-chinese-cangjie ibus-table-chinese-cantonese ibus-table-chinese-easy ibus-table-chinese-erbi ibus-table-chinese-jyutping ibus-table-chinese-quick ibus-table-chinese-scj ibus-table-chinese-stroke5 ibus-table-chinese-wu ibus-table-chinese-wubi-haifeng ibus-table-chinese-wubi-jidian ibus-table-chinese-yong
- Update version to 1.8.12
* Add appdata.xml files
* Convert license tags to SPDX format
* Add .svg icon files for use in appdata.xml files
==== kernel-source ====
Version update (6.2.9 -> 6.2.10)
- Linux 6.2.10 (bsc#1012628).
- thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host
routers (bsc#1012628).
- cifs: update ip_addr for ses only for primary chan setup
(bsc#1012628).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1012628).
- cifs: avoid race conditions with parallel reconnects
(bsc#1012628).
- zonefs: Reorganize code (bsc#1012628).
- zonefs: Simplify IO error handling (bsc#1012628).
- zonefs: Reduce struct zonefs_inode_info size (bsc#1012628).
- zonefs: Separate zone information from inode information
(bsc#1012628).
- zonefs: Fix error message in zonefs_file_dio_append()
(bsc#1012628).
- btrfs: rename BTRFS_FS_NO_OVERCOMMIT to
BTRFS_FS_ACTIVE_ZONE_TRACKING (bsc#1012628).
- btrfs: zoned: count fresh BG region as zone unusable
(bsc#1012628).
- btrfs: zoned: drop space_info->active_total_bytes (bsc#1012628).
- fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
(bsc#1012628).
- cifs: fix missing unload_nls() in smb2_reconnect()
(bsc#1012628).
- xfrm: Zero padding when dumping algos and encap (bsc#1012628).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
(bsc#1012628).
- ASoC: Intel: avs: max98357a: Explicitly define codec format
(bsc#1012628).
- ASoC: Intel: avs: da7219: Explicitly define codec format
(bsc#1012628).
- ASoC: Intel: avs: rt5682: Explicitly define codec format
(bsc#1012628).
- ASoC: Intel: avs: ssm4567: Remove nau8825 bits (bsc#1012628).
- ASoC: Intel: avs: nau8825: Adjust clock control (bsc#1012628).
- lib: zstd: Backport fix for in-place decompression
(bsc#1012628).
- zstd: Fix definition of assert() (bsc#1012628).
- ACPI: video: Add backlight=native DMI quirk for Dell Vostro
15 3535 (bsc#1012628).
- ACPI: x86: Introduce an acpi_quirk_skip_gpio_event_handlers()
helper (bsc#1012628).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 7
B1-750 (bsc#1012628).
- ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Book X90
(bsc#1012628).
- ASoC: SOF: ipc3: Check for upper size limit for the received
message (bsc#1012628).
- ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit
(bsc#1012628).
- ASoC: SOF: Intel: pci-tng: revert invalid bar size setting
(bsc#1012628).
- ASoC: SOF: Intel: hda-dsp: harden D0i3 programming sequence
(bsc#1012628).
- ASoC: SOF: Intel: hda-ctrl: re-add sleep after entering and
exiting reset (bsc#1012628).
- ASoC: SOF: IPC4: update gain ipc msg definition to align with fw
(bsc#1012628).
- ASoC: hdmi-codec: only startup/shutdown on supported streams
(bsc#1012628).
- wifi: mac80211: check basic rates validity (bsc#1012628).
- md: avoid signed overflow in slot_store() (bsc#1012628).
- x86/PVH: obtain VGA console info in Dom0 (bsc#1012628).
- drm/amdkfd: Fix BO offset for multi-VMA page migration
(bsc#1012628).
- drm/amdkfd: fix a potential double free in pqm_create_queue
(bsc#1012628).
- drm/amdgpu/vcn: custom video info caps for sriov (bsc#1012628).
- drm/amdkfd: fix potential kgd_mem UAFs (bsc#1012628).
- drm/amd/display: Fix HDCP failing to enable after suspend
(bsc#1012628).
- net: hsr: Don't log netdev_err message on unknown prp dst node
(bsc#1012628).
- ALSA: asihpi: check pao in control_message() (bsc#1012628).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
(bsc#1012628).
- fbdev: tgafb: Fix potential divide by zero (bsc#1012628).
- ACPI: tools: pfrut: Check if the input of level and type is
in the right numeric range (bsc#1012628).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
initialized (bsc#1012628).
- nvme-pci: fixing memory leak in probe teardown path
(bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620
(bsc#1012628).
- drm/amdkfd: Fixed kfd_process cleanup on module exit
(bsc#1012628).
- net/mlx5e: Lower maximum allowed MTU in XSK to match XDP
prerequisites (bsc#1012628).
- fbdev: nvidia: Fix potential divide by zero (bsc#1012628).
- fbdev: intelfb: Fix potential divide by zero (bsc#1012628).
- fbdev: lxfb: Fix potential divide by zero (bsc#1012628).
- fbdev: au1200fb: Fix potential divide by zero (bsc#1012628).
- tools/power turbostat: Fix /dev/cpu_dma_latency warnings
(bsc#1012628).
- tools/power turbostat: fix decoding of HWP_STATUS (bsc#1012628).
- tracing: Fix wrong return in kprobe_event_gen_test.c
(bsc#1012628).
- btrfs: fix uninitialized variable warning in
... changelog too long, skipping 235 lines ...
- commit f0487ac
==== kimageformats ====
- Add support for RAW image formats
==== libqt5-qtwebengine ====
- Add patch to fix build with GCC 13 (boo#1207469):
* 0001-Fixes-for-building-with-GCC-13.patch
==== mozilla-nss ====
Version update (3.88.1 -> 3.89)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.89
* bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
* bmo#1820175 - PR_STATIC_ASSERT is cursed
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1820175 - Fix unreachable code warning in fuzz builds
* bmo#1820175 - Fix various compiler warnings in NSS
* bmo#1820175 - Enable various compiler warnings for clang builds
* bmo#1815136 - set PORT error after sftk_HMACCmp failure
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
* bmo#1804660 - Make high tag number assertion failure an error
* bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
length from 284 to 384
* bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
* bmo#1789436 - Fix build failure on Windows
* bmo#1811337 - migrate Win 2012 tasks to Azure
* bmo#1810702 - fix title length in doc
* bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
* bmo#1570615 - Add presence/absence tests for TLS GREASE
* bmo#1804688 - Correct addition of GREASE value to ALPN xtn
* bmo#1789436 - CH extension permutation
* bmo#1570615 - TLS GREASE (RFC8701)
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
==== mozjs102 ====
Version update (102.9.0 -> 102.10.0)
- Update to version 102.10.0:
+ Various security fixes.
+ CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
+ CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
+ CVE-2023-29533: Fullscreen notification obscured
+ MFSA-TMP-2023-0001: Double-free in libwebp
+ CVE-2023-29535: Potential Memory Corruption following Garbage
Collector compaction
+ CVE-2023-29536: Invalid free from JavaScript code
+ CVE-2023-29539: Content-Disposition filename truncation leads
to Reflected File Download
+ CVE-2023-29541: Files with malicious extensions could have been
downloaded unsafely on Linux
+ CVE-2023-29542: Bypass of file download extension restrictions
+ CVE-2023-29545: Windows Save As dialog resolved environment
variables
+ CVE-2023-1945: Memory Corruption in Safe Browsing Code
+ CVE-2023-29548: Incorrect optimization result on ARM64
+ CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and
Firefox ESR 102.10
- Replace clang-devel and llvm-devel with clang and llvm-gold
BuildRequires.
==== postgresql15 ====
Subpackages: libpq5 postgresql15-contrib postgresql15-server
- Include -mini in Name: to avoid conflicts in the source package
name and OBS internal dependency tracking.
==== sane-backends ====
Version update (1.1.1 -> 1.2.1)
Subpackages: libsane1 sane-backends-autoconfig
- Updated to sane-backends version 1.2.1
* Backends
+ avision:
- Minor fix for protocol packet length.
- Added âbasicâ support for Avision AD345F. Note that multi-sheet scanning is problematic.
- Fix for 32-bit limitation on scan line size which caused early abort of scan.
- Fix for minimum resolution for devices with AV_ASIC_C6.
- Various small logic errors addressed.
+ canon: Use the common model name instead of string from the device.
+ canon_lide70: Some small corrections to option support.
+ canon_pp: Potential buffer overrun issue addressed.
+ canon-dr: Added support for lifecycle counters for dr-x10c scanners.
+ epjitsu: Hang fix for Scansnap S1300i.
+ epsonds: Added support for Epson XP-2200 Series devices.
+ escl:
- Fixes related to support for HP M277dw.
- Fix for Canon TS-3400 series resolution support.
- Added support for Epson EcoTank L3160.
- Fix for segfault crash.
- Performance and memory use enhancements through the use of memory-mapped I/O.
- Fix for TIFF file type generation failure.
- IPv6 detection improvements.
+ fujitsu:
- Contrast/brightness fixes for Fujitsu ix500.
- Support confirmed for Fujitsu fi-7300NX.
- Support added for ScanSnap ix1400.
- Added support for ScanPartner SP30.
+ genesys:
- Fixes for unit test build errors related to GCC 12.
- Fix for 32-bit limitation on scan line size which caused early abort. of scan.
- Build issue fix for OSX.
- Button support for Canon 8400f scanner corrected.
- Support added back in for Plustek OpticFilm 7600i: config file entry was missing.
+ kvs40xx: Compiler warnings fixed.
+ mustek_usb2: Compiler warnings fixed.
+ pixma:
- Fix for Canon TS-3400 series resolution support.
- Button support for Canon MG5700 series corrected.
- Added support for Canon imageRUNNER 1018/1022/1023.
- Added support for Canon PIXMA TS2400 Series.
- Added support for Canon PIXMA TS2600 Series.
- Testing confirmed for Canon TS6400 series devices.
- Testing confirmed for Canon TS3400 series devices.
- Various devicesâ max resolutions fixed.
- Minor fix for broadcast buffer size error.
+ plustek_pp: Support removed for deprecated Linux kernel driver build.
+ test: Fix for 32-bit limitation on scan line size which caused early abort of scan.
+ xerox_mfp:
- JPEG support fix for Samsung SCX-4828 FN and similar.
- JPEG support fix for Samsung SCX-4824 FN and similar.
* Frontends
+ sane-find-scanner: Alteration to output to indicate that indicated devices are potentially
scanners.
+ saned: Fix for poll.h header file, which caused problems on Alpine Linux.
+ scanimage:
- Attempts to set readonly options will give a warning about readonly option set attempt now,
instead of the misleading "unknown option" error.
- Header file build fixes for FreeBSD.
- Fix for backends presenting NULL attributes in deactivated options.
* Miscellaneous
+ Updated translation to Russian, Italian, British English and Ukraine.
+ Compiler warnings addressed for a number of backends.
+ A number of fixes for the build system:
- Fix to ignore LDFLAGS environment variable in build.
- Fix to not build umax_pp tool when disabled.
- Fix for CLANG compiler warnings.
- Various small improvements to dependency checking and CI builds.
- General corrections for backendsâ use of mkstemp() function.
- Added support for autotoolsâ silent build option.
- Remove âwith-group configure option, since it is no longer used.
- Autotools fixes for backend library installation.
==== snapper ====
Subpackages: libsnapper6 snapper-zypp-plugin
- fixed error message (gh#openSUSE/snapper#801)
==== vim ====
Version update (9.0.1430 -> 9.0.1443)
Subpackages: vim-data vim-data-common xxd
- Updated to version 9.0.1443, fixes the following problems
* Livebook files are not recognized.
* getscriptinfo() loops even when specific SID is given.
* Completion popup in wrong position with virtual text "above".
* On some systems the Lua library is not found.
* Crash when adding package already in 'runtimepath'.
* Scrolling too many lines when 'wrap' and 'diff' are set.
* Cannot compare a typed variable with v:none.
* Test fails with different error number.
* .fs files are falsely recognized as forth files.
* Start Insert mode when accessing a hidden prompt buffer.
* "rvim" can execute a shell through :diffpatch.
* mapset() does not restore non-script context.
* Ending Insert mode when accessing a hidden prompt buffer.
==== yast2-drbd ====
Version update (4.6.0 -> 4.6.1)
- Validate DRBD Device name (bsc#1207952)
- 4.6.1
==== yast2-pkg-bindings ====
Version update (4.6.0 -> 4.6.1)
- Pkg.TargetInitializeOptions() - added a new option for
rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.6.1
==== yast2-update ====
Version update (4.6.0 -> 4.6.1)
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.6.1
1
0
Hi,
I don't know if anybody here did read my blogs about this, but 64bit
systems using glibc have still at minimum three Y2038 problems:
utmp, wtmp and lastlog.
More details can be found here:
https://www.thkukuk.de/blog/Y2038_glibc_utmp_64bit/
https://www.thkukuk.de/blog/Y2038_glibc_wtmp_64bit/
https://www.thkukuk.de/blog/Y2038_glibc_lastlog_64bit/
Over the weekend we activated lastlog2 as lastlog successor in
Tumbleweed and MicroOS. On MicroOS we even auto-import the old lastlog
file into the new lastlog2 database during the next boot, on Tumbleweed,
if you want, you have to that manual: "systemctl start lastlog2-import"
The old lastlog implementation will be deactivated after gdm get's
submitted to Factory and somebody finally accepts openssh.
Upcoming:
wtmp: wtmp will be replaced with "wtmpdb". It's currently in security
review and the manual pages for it are missing. This will come next.
utmp: this is WIP. systemd v254 will contain the necessary additional
interfaces. First upstream projects accepted already the first patches.
There are currently two problems: "w" from procps and openssh...
Thorsten
--
Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany
Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
(HRB 36809, AG Nürnberg)
6
9
Hi,
I need gtk-doc as a dependency and need the pdf target from automake
for the manual.
https://build.opensuse.org/package/show/home:jkraehemann/gsequencer
This file needs to have dblatex or fop to be configured:
$ cat /usr/share/gtk-doc/python/gtkdoc/config_data.py
version = "1.33.1"
# tools
dblatex = ''
fop = ''
pkg_config = '/usr/bin/pkg-config'
xsltproc = '/usr/bin/xsltproc'
Further I can't access bugzilla.
regards, Joël
2
1
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SDL2 (2.26.4 -> 2.26.5)
amavisd-new
apache2 (2.4.56 -> 2.4.57)
apache2-manual (2.4.56 -> 2.4.57)
apache2-prefork (2.4.56 -> 2.4.57)
apache2-utils (2.4.56 -> 2.4.57)
cheese (43.0 -> 44.0)
ghostscript
kwin5
lastlog2 (1.0.1 -> 1.1.0)
libtomcrypt
mutter (44.0+18 -> 44.0+24)
plasma5-workspace
rav1e (0.6.2+0 -> 0.6.4+0)
rsync
talloc
yast2-storage-ng (4.6.4 -> 4.6.5)
=== Details ===
==== SDL2 ====
Version update (2.26.4 -> 2.26.5)
- Update to release 2.26.5
* Fixed handling of third party PS4 controller input reports
* Added support for the trigger buttons on the Victrix Pro FS
for PS5
* Added mapping for Flydigi Vader 2 with the latest firmware
(6.0.4.9)
* Added mapping for DualSense Edge Wireless Controller on Linux
* Added mapping for Hori Pokken Tournament DX Pro Pad
* Improved the speed and quality of audio resampling
* Fixed crash on Linux if dbus can't be initialized
==== amavisd-new ====
Subpackages: amavisd-new-docs
- apply replacement for default install directories correctly
(boo#1210267)
==== apache2 ====
Version update (2.4.56 -> 2.4.57)
- Update to 2.4.57:
* ) mod_proxy: Check before forwarding that a nocanon path has not been
rewritten with spaces during processing. [Yann Ylavic]
* ) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend. [Ruediger Pluem]
* ) mod_http2: fixed a crash during connection termination. See PR 66539.
[Stefan Eissing]
* ) mod_rewrite: Fix a 2.4.56 regression for substitutions ending
in a question mark. PR66547. [Eric Covener]
* ) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded
characters on redirections without the "NE" flag.
[Yann Ylavic, Eric Covener]
* ) mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet. [Yann Ylavic]
* ) mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
[Ruediger Pluem]
==== apache2-manual ====
Version update (2.4.56 -> 2.4.57)
- Update to 2.4.57:
* ) mod_proxy: Check before forwarding that a nocanon path has not been
rewritten with spaces during processing. [Yann Ylavic]
* ) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend. [Ruediger Pluem]
* ) mod_http2: fixed a crash during connection termination. See PR 66539.
[Stefan Eissing]
* ) mod_rewrite: Fix a 2.4.56 regression for substitutions ending
in a question mark. PR66547. [Eric Covener]
* ) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded
characters on redirections without the "NE" flag.
[Yann Ylavic, Eric Covener]
* ) mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet. [Yann Ylavic]
* ) mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
[Ruediger Pluem]
==== apache2-prefork ====
Version update (2.4.56 -> 2.4.57)
- Update to 2.4.57:
* ) mod_proxy: Check before forwarding that a nocanon path has not been
rewritten with spaces during processing. [Yann Ylavic]
* ) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend. [Ruediger Pluem]
* ) mod_http2: fixed a crash during connection termination. See PR 66539.
[Stefan Eissing]
* ) mod_rewrite: Fix a 2.4.56 regression for substitutions ending
in a question mark. PR66547. [Eric Covener]
* ) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded
characters on redirections without the "NE" flag.
[Yann Ylavic, Eric Covener]
* ) mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet. [Yann Ylavic]
* ) mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
[Ruediger Pluem]
==== apache2-utils ====
Version update (2.4.56 -> 2.4.57)
- Update to 2.4.57:
* ) mod_proxy: Check before forwarding that a nocanon path has not been
rewritten with spaces during processing. [Yann Ylavic]
* ) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend. [Ruediger Pluem]
* ) mod_http2: fixed a crash during connection termination. See PR 66539.
[Stefan Eissing]
* ) mod_rewrite: Fix a 2.4.56 regression for substitutions ending
in a question mark. PR66547. [Eric Covener]
* ) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded
characters on redirections without the "NE" flag.
[Yann Ylavic, Eric Covener]
* ) mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet. [Yann Ylavic]
* ) mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
[Ruediger Pluem]
==== cheese ====
Version update (43.0 -> 44.0)
Subpackages: cheese-lang libcheese-common libcheese-gtk25 libcheese8 typelib-1_0-Cheese-3_0
- Update to version 44.0:
+ Avoid creating duplicated camera devices. Devices detected in
`cheese_camera_device_monitor_coldplug()` may get duplicated,
as Gstreamer will emit `GST_MESSAGE_DEVICE_ADDED` for them.
While this issue could be fixed by reorganizing the
initialization code, let's go with a simple and robust solution
and check if a `CheeseCameraDevice` using the `GstDevice` is
already present.
- build: Use GNOME module post_install().
+ Updated translations.
- Replace update-desktop-files with desktop-file-utils, add
appstream-glib BuildRequires and check section where we validate
desktopfile and appdata.
==== ghostscript ====
Subpackages: ghostscript-x11
- CVE-2023-28879.patch fixes CVE-2023-28879
Buffer Overflow in s_xBCPE_process
cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494
(bsc#1210062)
==== kwin5 ====
Subpackages: kwin5-lang
- Add patch to fix monitor settings issue on amdgpu (kde#468235):
* 0001-backends-drm-set-the-scaling-mode-to-none.patch
==== lastlog2 ====
Version update (1.0.1 -> 1.1.0)
Subpackages: liblastlog2-1
- Version 1.1.0
- Add option to install lastlog compat symlink
- lastlog2: add --service option
- liblastlog2: sort output according to user names
==== libtomcrypt ====
- Modernise spec file
- Run tests during build
==== mutter ====
Version update (44.0+18 -> 44.0+24)
Subpackages: mutter-lang
- Update to version 44.0+24:
+ x11: Wrap X call with error traps. And pass Atom directly. This
should make Mutter more resilient and avoid a type of crash on
gnome-shell.
+ frames/window-tracker: Select StructureNotifyMask X11 events.
+ Updated translations.
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy
- Recommend filelight (boo#1210331)
==== rav1e ====
Version update (0.6.2+0 -> 0.6.4+0)
- Update to version 0.6.4+0:
* Safety critical bounds checking is off-by-one in sgrproj_box_ab_internal
* Initialize `low` array in a more rust-like way in `kmeans`
* Rework mutable borrows for symbol_with_update
* Drop explicit size for macro symbol_with_update
* Use const generics for CDFContextLog
* Fix undefined behavior in CDFContextLogOps
* ec: Simplify lr_compute function
* Use a bit counter instead of a byte counter in WriterRecorder
* Minimize bounds checks in pred functions
* Use generics for BD-8 on sgrproj functions
* Use saturating_sub in sgrproj_sum_finish
* Move bounds checks out of hot loop in sgrproj
* Ensure quantizer values are non-zero with a const fn
* Optimize base quants using NonZero integers (#3115)
* Move quant tables to separate file to improve organization (#3113)
* Use is_power_of_two method in divu_gen
* Fix rounding issue in HBD CDEF code
* Hint that creating a region from an empty plane is unlikely
* Minor optimization to take_slice
* Clean up cdef_dist
* Minor optimizations
* Optimizations for weighted_sse
* Add HBD AVX2 assembly for SAD (#3099)
* ec: Manually inline `msb()` and `ilog()` for clarity (#3104)
* Comment regarding cnt being unused
* Improve naming
* Use a bit counter instead of a byte counter in EC
* Add 10-bit cdef_dist ASM
* Optimise sad_plane_internal
* Save some bounds checks on me_stats
* Minor optimization to av1_get_mv_joint
* Use chunks_exact for performance in diff method
* Integrate CfL AC x86 assembly functions
* benches: Fix alignment issue for cfl_rdo
* Move luma_ac to predict module
* Extract luma_ac_internal with const generics
* Optimise plane::as_region
* Optimise BlockSize::from_width_and_height_opt
* Improve vectorization in get_sad
* Template entropy coding functions to help optimiser
* Enable SSE2/AVX512ICL put/prep/avg x86 assembly
* Enable AVX2 12-bit Inverse Transform x86 assembly
* Enable new SSE4.1 HBD Inverse Transform x86 assembly
* Pin assert_cmd, predicates and clap in Cargo.toml for rust 1.60.0
* Prepare for release
* Fix header coding for level_idx < 7.
==== rsync ====
- Switch rsyncd symlink to a wrapper script to allow setting a distinct
SELinux type (bsc#1209654)
==== talloc ====
Subpackages: libtalloc2 libtalloc2-32bit python3-talloc
- Build AVX2 enabled hwcaps library for x86_64-v3
==== yast2-storage-ng ====
Version update (4.6.4 -> 4.6.5)
- Adjusted detection of Dell BOSS devices (bsc#1200975).
- Partitioner: improved column Type for disks (bsc#1200975).
- 4.6.5
1
0
All meeting minutes can be found here:
https://etherpad.opensuse.org/p/ReleaseEngineering-meeting
The meeting is hosted here
https://meet.opensuse.org/ReleaseEngineeringMeeting
## Attendees
lkocman, guillaumeg, Sarah, DimStar, rbrown, dirk
## Leap
Leap 15.5 Build456.1 looks good
The roadmap suggests that RC submission deadline would be tomorrow
(originally planned two weeks prior to SLES Public RC deadline). But
we're not in shape to meet it regarding build failures. Therefore I
suggest deferring it to the same week as SLES (two weeks from now).
I'll write annoucement later today.
Further submissions for our ~20 build failures (half of them are
already reported)
Discussing growth of downloads (metrics-o-o)? So far it seems that
numbers are legit based on the conversation.
Leap Micro 5.4 is Ready for transition to RC
Seems like we'll have issue with IPRQ (legal staffing)
https://news.opensuse.org/2023/03/28/leapmicro-54-beta-hands-on/
We could do something similar as ^
Doug do we know if the article had increased amount of views compared
to the usual numbers ^?
Devconf mini conference @Brno on Friday went well!
https://twitter.com/openSUSE/status/1642822371391295488?s=20
15.4 image respin based on QU2 - TBD
Leap 16.0 - Waiting for further info from Richard (our new Distro
architect), so far it seems that we can continue with what we have. I'm
personally currently at no capacity (this particular week) to work on
it further.
Meeting with Czech OSPO (Open Source Program Office) tomorrow at 14:30
as Czech SUSE office wants to be a sponsor. Czech branch can offer
monetary as well as potential legal support (the latter depends on the
scope).
## openSUSE Tumbleweed
openSUSE:Factory build fail stats: 133 failed 29 unresolvable (one week
ago: 200 / 53) (number dropped as i586 is now only < 2k packages
instead of 15k)
https://tinyurl.com/ysy4nnnz
* List of packages built for i586 has been set to a bare minimum based
on what wine/steam has declared as build- and runtime dependencies.
There are high chances some -32bit packages people rely on are missing
now. Please file bug reports, assigned to dimstar(a)o.o, with
justification to enable the additional -32bit package (i.e what
functionality are you missing; not just package names missing)
* python38-* modules are no longer built for Tumbleweed. The python 3.8
interpreter is still there for now, but will likely be removed not too
far in the future
* Staging:C: openssl 3.1 incoming; a few packages failing to build
* i586 carve-out (LegacyX86 port)
from my PoV this is now considered complete. I will no longer
actively look after that port and expect the community to pick this up
(look after buiild fails specific to i586, monitor openQA, reach out
when questions arise. I'll be there to help
Letter staging projects still build for i586 (build-only, no QA),
to have at least a minimal level of confidence (would love to do that
for other arches too, but build power there is too limited)
## Richard (MicroOS)
The MicroOS Desktop Plasma/KDE is in desperate need of help else could
be at risk of being dropped (again)
https://microos.opensuse.org/blog/2023-04-02-state-of-microOS-Desktop-Plasm…
## Richard (ALP Architecture)
Richard in his new role as SUSE's Distribution Architect is looking at
ways of improving ALP's contribution story and use by openSUSE as a
base for future offerings. This is particually urgent as OBS's SUSE:ALP
project is effectively in progress of being 'moved' to SUSE's internal
IBS in order to comply with all the certifications SUSE need for ALP.
For those who need a very brief understanding of how ALP is built -
this is rather different from previous SUSE/openSUSE Products
SUSE:ALP:Workbench is effectively the equivalent of Factory:Rings:0,
being used for bootstrapping
SUSE:ALP:Source:Standard is the name for the 'track', with there being
concepts for possible future 'tracks' like "Rolling/Fast" or "Premium"
or such
SUSE:ALP:Source:Standard:Core is the name for where 'core' packages are
built, the ones that will be used by all Products
SUSE:ALP:Products:<PRODUCTNAME> is the name for where products are
actually built, like a SUSE ALP Bedrock (aka Server) product and a SUSE
ALP Micro product
Current working plan is to recreate the above in an openSUSE:ALP
namespace
Everything SUSE does in their IBS equivalent namespaces will be synced
1:1 to the OBS openSUSE:ALP namespace
Contribution to these layers of ALP might not be implimented in time
for SUSE:ALP GA, but obviously we want that in the long term - we just
also want it to be done better than we did with Closed-Leap-Gap Leap
openSUSE will be able to create their own Products in the
openSUSE:ALP:Products namespace - this might be where/how we build a
"Leap 16.0" or maybe a more appropriately named traditional distro
based on ALP, assuming the contributions for it can be found.
After the above is implimented obvious next steps would include
investigating establishing an openSUSE:ALP:Source:Rolling track, and
mapping it to Tumbleweed so we can start using those projects for
developing the 'ALP+1' codebase
lkocman: Current solution for Leap 15.X is
https://en.opensuse.org/Portal:Jump:OBS:SRMirroring (the bi-directional
sync currently does not work). lkocman is the "feedback loop"
bottleneck here.
rbrown: ^ exactly - and we want to do something better than this, which
might mean doing nothing until we have the time to really do something
a lot better than that
Adrian: people who might be interested in designing contribution
process to ALP., should join the public meetings of
https://en.opensuse.org/openSUSE:ALP/Workgroups/Git-Packaging-Workflow
## Max
not available
Leap 15.5
* New snapshot 442.1 published with KDE updates
* Focus on build fails in Backports
* Build stats in Backports(x86_64): 3 unresolvables, 24 fails(last
week: 7 unresolvables, 38 fails)
## Guillaume - Arm
openQA:
* openqa-aarch64 worker is very slow. Likely related to btrfs
issues, investigating.
Tumbleweed:
* 20230330 was the 1st released snapshot which was rebuilt with
gcc13.
* GCC13 adds support for AArch64 LSE and LSE2 to libatomic.
Disable outline atomics, and use LSE ifuncs for 1-8 byte atomics and
LSE2 ifuncs for 16-byte atomics. (On Neoverse V1, 16-byte atomics are
~4x faster due to avoiding locks)
* NVIDIA: tester with aarch64 server and NVIDIA card wanted
- Proprietary drivers are now available for aarch64 (only G06):
https://download.nvidia.com/opensuse/tumbleweed/
- New opengpu driver also available in OBS:
https://build.opensuse.org/project/monitor/X11:Drivers:Video
lkocman to check on who is the aarch64 + nvidia effort blocked on. I
recall that there was a chosen point of contact. No update sorry.
Leap:
* 15.5 aarch64: No aarch64 specific issues
* 15.5 armv7: no blocker
ALP:
* No aarch64 specific issues
WSL:
* Works with x86 emulator since appx installer is x86-64, but this
is not really an issue since arm64 Win11 includes x86 emulator by
default.
=> Could we publish it on Microsoft store anyway?
lkocman: Team is okay, but we need to make sure that such case is
covered in openQA https://progress.opensuse.org/issues/126083.
Steps documented on the wiki to install the appx from download.o.o:
https://en.opensuse.org/openSUSE:WSL#With_Appx_from_openSUSE_download_server
## Sarah - s390x
Tumbleweed
* release is rolling
* kernel was not able to build because of gcc13 problems (fixed with a
workaround): https://bugzilla.opensuse.org/show_bug.cgi?id=1209724
Leap:
* working
* many build failures and unresolvables based on new gcc and LLVM
* New topic HPC packages (enablement) at the Linux Distributions
Working Group @ Open Mainframe Project (OpenMP has been enabled for
gcc and developed for LLVM, but forgotten to commit)
* IBM has released the IBM LinuxONE RockHopper 4 for Edge Computing and
Industry 4.0 (matching default server racks):
https://newsroom.ibm.com/2023-04-04-IBM-Furthers-Flexibility,-Sustainabilit…
## Doug
* Google Summer of Code
* 32 Proposals Submitted; some were submitted that were not listed on
101.opensuse.org
lkocman: Do we have any number for last year? Like are we growing or is
it about the same?
* If interested in mentoring, email ddemaio
* Lists of proposal titles not listed on 101.o.o:
* Container-Based Backend for openQA: Enhancing Automated Testing of
Containers.
* AES Technology
* Editing directory services with Yast2
* Contribute more about Rust FFI for RADIUS project
* Implementing an out-of-band identity verification system for Kanidm
* Name change history - openSUSE Kanidm
* Rancher Microservice Workload infrastructure to Medical/Industrial
areas using MQTT and HTTP
* Streamlining Software Development and Packaging with the openSUSE
Build Service
* Water leakage detection using IOT
* Ranking session planned for April 25 (deadline April 27)
* oSC23
* CfP closes this Sunday, April 9
* Uncertain whether Sunday will be neccessary
* 85 registered, 57 submissions
* Making mock schedule
* Sent package to Netherlands for 2 events
* Starting Leap 15..5 release annoucement
* Leap Micro 5.4 beta article had 2x views as TW update article!
Awesome, I'll prep the Nextcloud "spin" of the article.
Devconf.us - Boston / August cfp as extended to April 10th. We do have
a placeholder for talk.
## Dirk
Improved the CDN setup a bit further (https working now, caching issues
fixed) and in progress of collecting in put from early testers. It
looks like we have more issues to resolve.
Did a strategic benchmarking exercise with various zypper options and a
huge part of the slowness appears to be related to the choices of
zypper options. In evaluation with zypper folks. A > factor 5
improvement even for european is possible over current setup. Other
locations could be better.
Sarah can provide mainframe acess
* also todo announce tumbleweed maintainer policy draft
currently working on testing those in a private staging test project
* Started ALP:RISCV:* builds in the new build setup
Biggest speedup can be observed by switching zlib to zlib-ng, so
looked into fixing the build failures caused by switching to zlibo-ng-
compat
## Wolfgang (Package Hub), Scott Bahling
Not available
* Moved duplicated packages to subpackages for SLE-15-SP5 (thanks to
Max for the list of packages)
* Packages in subpackages for SP5 is up to the level of SP4
(still considering putting more packages there because of migration
from Leap to SLE)
* patterns-mate added to openSUSE:Backports:SLE-15-SP5 (thanks Max)
## Maintenance team (Marcus or Maurizio (m4u))
lkocman: we need to syncup on Leap Micro 5.4 GA. I believe SLE Micro is
only blocked on IPRQ and then they can go live. Our update channel
should receive all SLEM 5.4 updates from that point in time.
15.5 setup is done
- Do we want to swap key for the 4096 rsa key now?
Done
lkocman: We're still not in RC phase, so better now than later.
openSUSE:Leap15.5 would be affected for now, backports are bit more
challenging because of SLES.
Wolfgang: we're injecting the key. Marcus we probably want to do only
Backports 15 SP5 for now.
Marcus is working also on the SLES side, the update of package with the
new key was released last week, it's just not activated yet, but it
will be already trusted by Leap 15.5 systems.
15.4 is working
5.3 is working
5.4 testing is now passing as well
Leap 16.0 - we should revisit the update/sle repo as the current setup
not exactly mirror friendly. Solutions could be dropping not so popular
architectures or split repositories per architecture.
securebootkey for SLES was rotated, it should be autotrusted and not
noticeable. This will be in QU3, QU2 is already done.
15.5 setup is done (status 21.2.2023).
lkocman needs to do official 15.5 Maint setup request beta in ~2 weeks
lkocman: 15.3 EOL could lead to stopping our physical Source DVD
effort, as it seems we will not produce. As this was the last release
which you could still get on a physical media.
Lkocman: anything against decomissioning it?
Configuration setup problem for Maintenance of Leap 15.4 maintenance
updates / openQA
Marcus regarding Leap 15.4 Image respin - package set will change, we
do need to refresh the packagelist
* Lubos to talk to Jan Stehlik, we can't put all on Marcuses shoulder.
https://etherpad.opensuse.org/p/ReleaseEngineering-20221110-maintenance-dis…
Confirmation that QA/QA-maint team will oversee the setup (issues)
Lubos: I was asked to provide requirements for the QA team. Mostly for
the GA/current release but also for the update. Lubos will make wiki
with requirements (something like maintenance plan perhaps). Marcus
will review it.
* Leap Micro 5.3 maint setup done
ffmpeg - (still unsolved) possible file conflict on the next update, no
idea how to avoid vendor switching at the moment.
Removing the patch on the openSUSE side (that might contain security
fixes) or releasing update on the packman side could fix the issue.
Lubos to give Marcus some working contact for the team. (Was done, Olaf
Hering)
## Adrian - OBS
DimStar pointed Adrian to issue handled by Marco - unresolvables due to
python3.8 drop. So far it seems like a scheduler issue. Just wait for
fix, local builds are not affected.
## Open Floor
metrics-o-o
https://metrics.opensuse.org/
https://github.com/openSUSE/openSUSE-release-tools/tree/master/metrics/acce…
Bernhard provided couple of samples and it appears, that quite some
traffic is taken with a single entity using 500+ Leap 15.4
containers/day. Most of these seem to live just for a few minutes.
Intention is to collect more detailed information what kind of usage do
we see. Also storing GEO location would be good.
7
8
All meeting minutes can be found here:
https://etherpad.opensuse.org/p/ReleaseEngineering-meeting
The meeting is hosted here
https://meet.opensuse.org/ReleaseEngineeringMeeting
## Attendees
bittin, Sarah, DimStar, Doug, Lubos, Adrian, Marcus, maxlin, Wolfgang
## Leap
Leap 15.5 RC code submission deadline is today.
We'll take only furher translations and bug fixes.
Leap Micro 5.4 is Ready for transition to RC (waiting for SLE Micro 5.4
GA)
Seems like we'll have issue with IPRQ (legal staffing)
https://news.opensuse.org/2023/03/28/leapmicro-54-beta-hands-on/
We could do something similar as ^
Doug do we know if the article had increased amount of views compared
to the usual numbers ^?
15.4 image respin based on QU2 - TBD
Leap 16.0 - In discussions after recent changes in ALP development. As
of today it seems that we will work on a more tranditional-style
distribution based on ALP's core (Grassy Knoll). See my oSC2023 talk.
Meeting with Czech National OSPO (Open Source Program Office) - went
well we did discuss multiple ways to support the effort. I'll get
further data during this week.
## openSUSE Tumbleweed
openSUSE:Factory build fail stats: 111 failed 15 unresolvable (one week
ago: 133 / 29)
https://tinyurl.com/ysy4nnnz
* As expectged, some -32bit packages were missing. So far I have
received 5 bug reports, the mentioned packages (and deps) have been
build-enabled.
* Staging:C: openssl 3.1 incoming; a few packages failing to build
i586 port:
* No dedicated release manager - any volunteers?
* Currently not passing openQA; Firefox has been marked ExcludeArch
%ix86, openQA expects firefox to be tested though, thus does not let
the snapshot pass. Call for help: anybody there to make Firefox build
on i586 again?
## Richard (MicroOS)
Not available
The MicroOS Desktop Plasma/KDE is in desperate need of help else could
be at risk of being dropped (again)
https://microos.opensuse.org/blog/2023-04-02-state-of-microOS-Desktop-Plasm…
## Richard (ALP Architecture)
Not available
Richard in his new role as SUSE's Distribution Architect is looking at
ways of improving ALP's contribution story and use by openSUSE as a
base for future offerings. This is particually urgent as OBS's SUSE:ALP
project is effectively in progress of being 'moved' to SUSE's internal
IBS in order to comply with all the certifications SUSE need for ALP.
For those who need a very brief understanding of how ALP is built -
this is rather different from previous SUSE/openSUSE Products
SUSE:ALP:Workbench is effectively the equivalent of Factory:Rings:0,
being used for bootstrapping
SUSE:ALP:Source:Standard is the name for the 'track', with there being
concepts for possible future 'tracks' like "Rolling/Fast" or "Premium"
or such
SUSE:ALP:Source:Standard:Core is the name for where 'core' packages are
built, the ones that will be used by all Products
SUSE:ALP:Products:<PRODUCTNAME> is the name for where products are
actually built, like a SUSE ALP Bedrock (aka Server) product and a SUSE
ALP Micro product
Current working plan is to recreate the above in an openSUSE:ALP
namespace
Everything SUSE does in their IBS equivalent namespaces will be synced
1:1 to the OBS openSUSE:ALP namespace
Contribution to these layers of ALP might not be implimented in time
for SUSE:ALP GA, but obviously we want that in the long term - we just
also want it to be done better than we did with Closed-Leap-Gap Leap
openSUSE will be able to create their own Products in the
openSUSE:ALP:Products namespace - this might be where/how we build a
"Leap 16.0" or maybe a more appropriately named traditional distro
based on ALP, assuming the contributions for it can be found.
After the above is implimented obvious next steps would include
investigating establishing an openSUSE:ALP:Source:Rolling track, and
mapping it to Tumbleweed so we can start using those projects for
developing the 'ALP+1' codebase
lkocman: Current solution for Leap 15.X is
https://en.opensuse.org/Portal:Jump:OBS:SRMirroring (the bi-directional
sync currently does not work). lkocman is the "feedback loop"
bottleneck here.
rbrown: ^ exactly - and we want to do something better than this, which
might mean doing nothing until we have the time to really do something
a lot better than that
Adrian: people who might be interested in designing contribution
process to ALP., should join the public meetings of
https://en.opensuse.org/openSUSE:ALP/Workgroups/Git-Packaging-Workflow
## Max
Leap 15.5
* Build 459.1 is latest published snapshot
* Build fails in Backports: 2 unresolvables, 16 fails
* Last round of /usr/bin/python shebang cleanup
* rpmlint-backports got a update for a better way to address package
conflicts to SLE packages what aren't released in SLE products,
therefore the build number in Backports grows
## Guillaume - Arm
Not available
openQA:
* openqa-aarch64 worker is very slow. Likely related to btrfs
issues, investigating.
Tumbleweed:
* 20230330 was the 1st released snapshot which was rebuilt with
gcc13.
* GCC13 adds support for AArch64 LSE and LSE2 to libatomic.
Disable outline atomics, and use LSE ifuncs for 1-8 byte atomics and
LSE2 ifuncs for 16-byte atomics. (On Neoverse V1, 16-byte atomics are
~4x faster due to avoiding locks)
* NVIDIA: tester with aarch64 server and NVIDIA card wanted
- Proprietary drivers are now available for aarch64 (only G06):
https://download.nvidia.com/opensuse/tumbleweed/
- New opengpu driver also available in OBS:
https://build.opensuse.org/project/monitor/X11:Drivers:Video
lkocman to check on who is the aarch64 + nvidia effort blocked on. I
recall that there was a chosen point of contact. No update sorry.
Leap:
* 15.5 aarch64: No aarch64 specific issues
* 15.5 armv7: no blocker
ALP:
* No aarch64 specific issues
WSL:
* Works with x86 emulator since appx installer is x86-64, but this
is not really an issue since arm64 Win11 includes x86 emulator by
default.
=> Could we publish it on Microsoft store anyway?
lkocman: Team is okay, but we need to make sure that such case is
covered in openQA https://progress.opensuse.org/issues/126083.
Steps documented on the wiki to install the appx from download.o.o:
https://en.opensuse.org/openSUSE:WSL#With_Appx_from_openSUSE_download_server
## Sarah - s390x
Tumbleweed
* release is rolling
Leap:
* working
* new (waiting) Submissisions with fixes for gtkd and gnu-cobol
* New topic HPC packages (enablement) at the Linux Distributions
Working Group @ Open Mainframe Project
* The Open Source CTO at IBM is looking for mainframe users, who want
to use MPI and OpenMP for parallelism and optimizing builds/runs of
open source software (example Kafka in the case of an Open Source
Contributor in our Working Group)
* 2 accepted presentations at the oSC
lkocman: to reach out to Software AG regarding their s390x / openSUSE
usecase
Sarah will reach out to Mike Friesenegger
## Doug
* Google Summer of Code
* Processing for rankings
* Ranking session planned for April 25 (deadline April 27)
* oSC23
* CfP closed
* Sunday is necessary
* 107 registered, 87 submissions
* Approving talks
* Reaching out to people about talks
* Making plan according to moch schedule
* Need to eliminate a couple talks
* arm is sponsoring
* in discussions with amazon
* openSUSE.Asia Summit
* Waiting on location & dates
* arm will sponsor
* Continuing Leap 15.5 release annoucement
* Processing TSP requests
## Dirk
Not available
Improved the CDN setup a bit further (https working now, caching issues
fixed) and in progress of collecting in put from early testers. It
looks like we have more issues to resolve.
Did a strategic benchmarking exercise with various zypper options and a
huge part of the slowness appears to be related to the choices of
zypper options. In evaluation with zypper folks. A > factor 5
improvement even for european is possible over current setup. Other
locations could be better.
Sarah can provide mainframe acess - he has received VM from Sarah
* also todo announce tumbleweed maintainer policy draft
currently working on testing those in a private staging test project
* Started ALP:RISCV:* builds in the new build setup
Biggest speedup can be observed by switching zlib to zlib-ng, so
looked into fixing the build failures caused by switching to zlibo-ng-
compat
## Wolfgang (Package Hub), Scott Bahling
* Moved duplicated packages to subpackages for SLE-15-SP5 (thanks to
Max for the list of packages)
* Packages in subpackages for SP5 is up to the level of SP4
(still considering putting more packages there because of migration
from Leap to SLE)
* patterns-mate added to openSUSE:Backports:SLE-15-SP5 (thanks Max)
## Maintenance team (Marcus or Maurizio (m4u))
lkocman: we need to syncup on Leap Micro 5.4 GA. I believe SLE Micro is
only blocked on IPRQ and then they can go live. Our update channel
should receive all SLEM 5.4 updates from that point in time.
15.5 setup is done
lkocman: We're still not in RC phase, so better now than later.
Key rotation:
openSUSE:Leap:15.5 is done, Backports are bit more challenging because
of SLES.
Wolfgang: we're injecting the key. Marcus we probably want to do only
Backports 15 SP5 for now.
Marcus is working also on the SLES side, the update of package with the
new key was released last week, it's just not activated yet, but it
will be already trusted by Leap 15.5 systems.
Leap 15.4 is working
Leap Micro 5.3 is working
Leap Micro 5.4 testing is now passing as well
Leap 16.0 - we should revisit the update/sle repo as the current setup
not exactly mirror friendly. Solutions could be dropping not so popular
architectures or split repositories per architecture.
securebootkey for SLES was rotated, it should be autotrusted and not
noticeable. This will be in QU3, QU2 is already done.
lkocman: 15.3 EOL could lead to stopping our physical Source DVD
effort, as it seems we will not produce. As this was the last release
which you could still get on a physical media.
Lkocman: anything against decomissioning it?
Not a single valid request since I've joined SUSE. We did receive only
requests for binary install media which are not subject to ^. We do not
plan to offer this for any new releases.
## Adrian - OBS
DimStar pointed Adrian to issue handled by Marco - unresolvables due to
python3.8 drop. So far it seems like a scheduler issue. Just wait for
fix, local builds are not affected.
## Open Floor
metrics-o-o
https://metrics.opensuse.org/
https://github.com/openSUSE/openSUSE-release-tools/tree/master/metrics/acce…
Bernhard provided couple of samples and it appears, that quite some
traffic is taken with a single entity using 500+ Leap 15.4
containers/day. Most of these seem to live just for a few minutes.
Intention is to collect more detailed information what kind of usage do
we see. Also storing GEO location would be good.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
389-ds (2.3.0~git22.8fedec0 -> 2.3.2~git53.a01e230)
arj
dracut (059+suse.366.gf45bc67a -> 059+suse.368.g2e7ac134)
edict (20211231 -> 20230411)
gnutls (3.7.9 -> 3.8.0)
hxtools (20221120 -> 20230411)
libXt (1.2.1 -> 1.3.0)
libopenraw
libpcap (1.10.3 -> 1.10.4)
libvirt
xf86-video-neomagic (1.3.0 -> 1.3.1)
yast2-trans (84.87.20230401.d443fd75ae -> 84.87.20230408.14f26575c7)
zvbi
=== Details ===
==== 389-ds ====
Version update (2.3.0~git22.8fedec0 -> 2.3.2~git53.a01e230)
Subpackages: lib389 libsvrcore0
- bsc#1210027 - apply upstream fix for setuptools
- Update to version 2.3.2~git53.a01e230:
* Issue 5705 - Add config parameter to close client conns on failed bind (#5712)
* Issue 4758 - Add tests for WebUI
* Issue 5643 - Memory leak in entryrdn during delete (#5717)
* Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations
* Issue 5701 - CLI - Fix referral mode setting (#5708)
* Bump openssl from 0.10.45 to 0.10.48 in /src (#5709)
* Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711)
* Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698)
* Issue 1081 - Stop schema replication from overwriting x-origin
* Issue 4812 - Listener thread does not scale with a high num of established connections (#5706)
- Update to version 2.3.2~git44.5e4551e:
* Issue 4812 - Listener thread does not scale with a high num of established connections (#5706)
* Issue 4812 - Listener thread does not scale with a high num of established connections (#5681)
* Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699)
* Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692)
* Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691)
* Issue 5687 - UI - sensitive information disclosure
* Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676)
* Issue 5554 - Add more tests to security_basic_test suite
* Issue 4583 - Update specfile to skip checks of ASAN builds
* Issue 4758 - Add tests for WebUI
==== arj ====
- Extend arj-3.10.22-fixstrcpy.patch to avoid trouble with strcpy
in two more places
==== dracut ====
Version update (059+suse.366.gf45bc67a -> 059+suse.368.g2e7ac134)
- Update to version 059+suse.368.g2e7ac134:
* chore(suse): remove mkinitrd wrapper (bsc#1202351) (jsc#PED-1919)
==== edict ====
Version update (20211231 -> 20230411)
Subpackages: edict2 jmdict
- Update to snapshot 20230411
* No changelog recorded.
==== gnutls ====
Version update (3.7.9 -> 3.8.0)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac
- Temporarily disable GNULIB's year2038 support for 64bit time_t
by using the --disable-year2038 flag. This omits support for
timestamps past the year 2038:
* Fixes the public API on 32-bit architectures avoiding to
change the size of time_t as it cannot be changed without
breaking the ABI compatibility.
* Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. Reported by Hubert Kario (#1050). Fix developed by
Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
[CVE-2023-0361]
* libgnutls: C++ library is now header only. All definitions
from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
C++ interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
* libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
* libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used
given other implementations dropped support for it. To enable
back support for it, supply --enable-heartbeat-support to
configure script.
* libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not
up to date with the latest TLS standards and its ciphersuites
are based on the CBC mode and SHA-1. To enable it back, supply
- -enable-srp-authentication option to configure script.
* libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.ymlâs
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
* guile: Guile-bindings removed. They have been extracted into a
separate project to reduce complexity and to simplify maintenance,
see <https://gitlab.com/gnutls/guile/>.
* minitasn1: Upgraded to libtasn1 version 4.19.
* API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
* Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
and gnutls-FIPS-jitterentropy-threadsafe.patch into the main
patch gnutls-FIPS-jitterentropy.patch
* Rebase gnutls-FIPS-140-3-references.patch
* Rebase patches with upstream version:
- gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch
* Remove patches merged/fixed upstream:
- gnutls-FIPS-disable-failing-tests.patch
- gnutls-verify-library-HMAC.patch
- gnutls_ECDSA_signing.patch
- gnutls-Make-XTS-key-check-failure-not-fatal.patch
- gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
* Update keyring with https://gnutls.org/gnutls-release-keyring.gpg
- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
* Add gnutls-FIPS-jitterentropy-threadsafe.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
* Rebase patches with the version submitted upstream.
* Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
* Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
==== hxtools ====
Version update (20221120 -> 20230411)
Subpackages: fd0ssh ofl
- Update to release 20230411
* checkbrack: remove -p option
* gpsh: avoid spurious "mkvmerge failed" report
* wktimer: -S option behavior split off to -X
==== libXt ====
Version update (1.2.1 -> 1.3.0)
- update to 1.3.0
* gitlab CI: add a basic build test
* Fix spelling/wording issues
* gitlab CI: stop requiring Signed-off-by in commits
* Use memcpy() instead of memmove() when buffers are known not to overlap
* Use memcpy() instead of XtMemmove() when buffers are known to differ
* tests: update g_test_bug_base url from bugzilla to gitlab
* tests: Use XORG_MEMORY_CHECK_FLAGS from xorg-macros 1.16
* tests: Replace g_assert() calls with g_assert_*() calls
* configure.ac: Replace HAVE_LIBRARY with AC_CHECK_LIB
* Add xfilesearchpath to xt.pc
* TMstate.c: Handle -Wduplicated-branches warnings
* Remove "All rights reserved" from Oracle copyright notices
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* test: Add unit tests for XtMalloc, XtCalloc, & XtRealloc
* Add XtReallocArray() for overflow checking of multiplied args
* Replace XtRealloc() calls with XtReallocArray()
* Replace XtMalloc() calls with XtMallocArray()
* Define LONG64 if __SIZEOF_LONG__ indicates 64-bit long
* XtArgVal: Support architectures where pointers are bigger than long
* Use XtUIntPtr for integer types that can hold pointers
* Cast via intptr_t when converting integers to pointers
* Fix XrmResource layout if pointers are bigger than long
* Fix InternalCallbackRec layout if pointers are bigger than 64 bits
* Support buttons > 5 in translation tables [v2]
* add _X_NORETURN to agree with header-file
* codespell-fixes
* cppcheck and clang --analyze fixes
* fixes for gcc13 warnings
* cppcheck fixes (const, null dereferencing, uninitialized, scope)
* cppcheck (revise IsDescendant() to fix possible null-dereference)
* update copyright-date
==== libopenraw ====
Subpackages: gdk-pixbuf-loader-libopenraw libopenraw9
- Add 03f8270d6bb255ca6618505e83169ab9d95ccef1.patch: Include
stdint.h where needed. This fixes an issue building with gcc 13.
==== libpcap ====
Version update (1.10.3 -> 1.10.4)
- update to 1.10.4:
* rpcap: Fix name of launchd service.
* documentation updates and build system tweaks
==== libvirt ====
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- service: Remove unnecessary auth token from github URL
==== xf86-video-neomagic ====
Version update (1.3.0 -> 1.3.1)
- Update to version 1.3.1
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* gitlab CI: stop requiring Signed-off-by in commits
* NEOGetRec: Fix -Wmisleading-indentation warning
* NEOPreInit: Handle -Wimplicit-fallthrough warning
* Use fabs() instead of abs() on double value.
==== yast2-trans ====
Version update (84.87.20230401.d443fd75ae -> 84.87.20230408.14f26575c7)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20230408.14f26575c7:
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Georgian)
* Translated using Weblate (Slovak)
* Translated using Weblate (Catalan)
* Translated using Weblate (Slovak)
* Translated using Weblate (Catalan)
* Translated using Weblate (Dutch)
* Translated using Weblate (Japanese)
* New POT for text domain 'snapper'.
* Translated using Weblate (Czech)
* Translated using Weblate (Dutch)
* Translated using Weblate (Japanese)
* New POT for text domain 'storage'.
* New POT for text domain 'country'.
* New POT for text domain 'cluster'.
* New POT for text domain 'base'.
==== zvbi ====
- Set minimum version for gettext
1
0
12 Apr '23
Hello openSUSE!
today at 15:00 CEST is the code drop *deadline for openSUSE Leap 15.5
RC which matches the code deadline for SUSE Linux Enterprise 15 SP5
Public RC.
Our *staging for Leap / Backports 15 SP5 already signalizes reduced
amount of submission so all seems to go according to the plan.
From that point in time we will focus on resolving any remaining build
failures, and will accept only bug fixes, release notes, and
translation related changes.
The release of the RC build will be in sync with SLES 15 SP5 Public RC.
**Updates to following packages are still pending the develproject /
maintainer review. There we'd appreciate help of maintainers. **
ddcutil ipcalc neard plantri terminus waf batctl f2c libeXosip2
rubygem-passenger alacritty
Thank you very much for your understanding!
[0]https://en.opensuse.org/openSUSE:Roadmap#Schedule_for_openSUSE_Leap_15.5
[1]
https://build.opensuse.org/staging_workflows/openSUSE:Backports:SLE-15-SP5
Best regards
Lubos Kocman
openSUSE Leap Release Manager
1
0