Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20220517 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: akonadi-server apparmor bind (9.16.25 -> 9.18.2) gnome-shell-extensions (42.0 -> 42.1) gnutls gtk4 (4.6.2 -> 4.6.4) hplip (3.21.10 -> 3.22.4) libapparmor libproxy libproxy-plugins lirc memcached (1.6.14 -> 1.6.15) open-iscsi plymouth python-Pygments (2.11.2 -> 2.12.0) python-kiwi (9.24.31 -> 9.24.35) python-stack-data (0.1.3 -> 0.2.0) rubygem-concurrent-ruby (1.1.9 -> 1.1.10) rubygem-nokogiri (1.13.4 -> 1.13.6) squashfs yast2-iscsi-client (4.5.1 -> 4.5.3) yast2-trans (84.87.20220507.8ff263ce4d -> 84.87.20220513.26f6bfaa16) === Details === ==== akonadi-server ==== Subpackages: akonadi-server-lang libKF5AkonadiAgentBase5 libKF5AkonadiCore5 libKF5AkonadiPrivate5 libKF5AkonadiWidgets5 libKF5AkonadiXml5 - Add akonadiserver-apparmor-typos-mr94.patch to ensure mariadbd_akonadi AppArmor profile actually gets used ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ==== bind ==== Version update (9.16.25 -> 9.18.2) Subpackages: bind-doc bind-utils - Add upstream patch bind-prevent-buffer-overflow.patch. - The named-checkconf had been moved from /usr/sbin to /usr/bin but that had not been reflected in scripts that called this, eg named.prep. So these scripts failed. Some installations still have "createNamedConfInclude" in the NAMED_INITIALIZE_SCRIPTS in /etc/sysconfig/named. The named.prep will now report this but continue. [bsc#1199044, vendor-files.tar.bz2] - Upgrade to 9.18.2: Most important bugs fixed: * The "starting maxtime timer" message related to outgoing zone transfers was incorrectly logged at the ERROR level instead of DEBUG(1). * Ensure that zone maintenance queries have a retry limit. * When using both the `+qr` and `+y` options `dig` could crash if the connection to the first server was not successful. * dig could hang in some cases involving multiple servers in a lookup, when a request fails and the next one refuses to start for some reason, for example if it was an IPv4 mapped IPv6 address. * dig +nssearch was hanging until manually interrupted. * When an UPDATE targets a zone that is not configured, the requested zone name is now logged in the "not authoritative" error message, so that it is easier to track down problematic update clients. * Quote the dns64 prefix in error messages that complain about problems with it, to avoid confusion with the following dns64 ACLs. * When encountering socket error while trying to initiate a TCP connection to a server, dig could hang indefinitely, when there were more servers to try. * When timing-out or having other types of socket errors during a query, dig wasn't trying to perform the lookup using other servers, in case they exist. * Resending a UDP request in the result of a timeout could cause an assertion failure when the resent query's result was SERVFAIL. * Replace single TCP write timer with per-TCP write timers. * Invalid dnssec-policy definitions were being accepted where the defined keys did not cover both KSK and ZSK roles for a given algorithm. This is now checked for and the dnssec-policy is rejected if both roles are not present for all algorithms in use. * Fix query context management issues in the TCP part of dig. Noteworthy functional changes: * Add new "reuseport" option to enable/disable load balancing of sockets. * Set the minimum MTU on UDPv6 and TCPv6 sockets and limit TCP maximum segment size (TCP_MAXSEG) to (1220) for both TCPv4 and TCPv6 sockets. Needed to define two macros in contrib code: FALLTHOUGH is a copy of how it is defined in <isc/util.h> UNREACHABLE follows the model used in MacOS /usr/include/c++/v1/cstdlib to determine if __builtin_ureachable is available [bind-9.18.2.tar.xz, bind-9.18.2.tar.xz.sha512.asc, bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch] - * When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. [CVE-2021-25220] * TCP connection slots may be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block, and as such, any hosts specified within it will be able to trigger this issue on affected versions. [CVE-2022-0396] * The RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) had been refactored and the default has been changed so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) [CVE-2022-0635] * The refactoring of the recursive client code introduced a "backstop lifetime timer." While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. [CVE-2022-0667] * Reset client TCP connection when data received cannot be parsed as a valid DNS request. For a complete list of changes, see * Bind Release Notes https://downloads.isc.org/isc/bind9/9.18.1/doc/arm/html/notes.html * The CHANGES file in the source RPM This obsoletes bind-define-missing-threads.patch Also, removed bind-python3 from the spec file as it is not build any longer. [bind.spec, bind-9.18.1.tar.xz, bind-9.18.1.tar.xz.sha512.asc, bind-define-missing-threads.patch] - Update to new MAJOR VERSION 9.18.0. This has many enhnancements, bug fixes and changes. The spec file also has mechanisms to run the integrated test suite. MAJOR CHANGES: * Support for securing DNS traffic using Transport Layer Security (TLS). TLS is used by both DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). * Support for zone transfers over TLS (XFR-over-TLS, XoT) for both incoming and outgoing zone transfers. * The dig tool is now able to send DoT queries (+tls option). * Support for OpenSSL 3.0 APIs was added. A number of utilities have been removed: dnssec-checkds, dnssec-coverage, dnssec-keymgr, which have been deprecated in favor of dnssec-policy feature, as well as python support (package python3-bind). A number of utilities have been moved from (/usr)/sbin to (/usr)/bin The DLZ modules have been put into seperate sub-packages to keep unwanted dependencies out of the main package: * bind-modules-perl: dlz_perl_driver.so * bind-modules-mysql: dlz_mysql_dynamic.so, dlz_mysqldyn_mod.so * bind-modules-ldap: dlz_ldap_dynamic.so * bind-modules-bdbhpt: dlz_bdbhpt_dynamic.so * bind-modules-sqlite3: dlz_sqlite3_dynamic.so * bind-modules-generic: dlz_filesystem_dynamic.so, dlz_wildcard_dynamic.so For a complete list of changes, see * Bind Release Notes https://downloads.isc.org/isc/bind9/9.18.0/doc/arm/html/notes.html * The CHANGES file in the source RPM [bind.spec, bind-9.18.0.tar.xz, bind-9.18.0.tar.xz.sha512.asc, bind-avoid-fallthrough-warning-error.patch, bind-contrib-pthread.patch, named-bootconf.diff, bind-define-missing-threads.patch] - Old-style DLZ drivers have been deprecated in favor of DLZ modules. The DLZ drivers configuration option will be removed from the next major BIND 9 release. The option to use the DLZ modules is already available in BIND 9; please see the ARM section on DLZ modules. The dynamically lodable driver modules are stored in /usr/lib64/bind-plugins Example configurations for ldap and mysql are provided in named.conf. [bind.spec, vendor-files/config/named.conf] ==== gnome-shell-extensions ==== Version update (42.0 -> 42.1) Subpackages: gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang - Update to version 42.1: + Misc. bug fixes and cleanups. + Updated translations. ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - disable kcapi usage for now, as kernel-obs-build not adjusted to contain the algorithms. bsc#1189283 ==== gtk4 ==== Version update (4.6.2 -> 4.6.4) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.6.4: + GtkFileChooser: - Fix select button sensitivity in select_folder mode. - Fix some fallout from list model porting. + GtkListView, GtkColumnView: Optimize scrolling. + print-to-file: Handle nonexisting files better in the dialog. + Avoid infinite loops in size allocation. + CSS: Optimize a case of reparenting that is important in GtkListView. + GSK: Check for half-float support before using it. + Wayland: - Ignore empty preedit updates This fixes a problem with textview scrolling. - Freeze popups when hidden. This addresses a frame rate drop- + Updated translations. - Update to version 4.6.3: + GtkOverlay: Bring back positional style classes. + GtkFileChooser: - Prevent unwanted completion popups. - Fix small problems in save mode. - Fix buildable suport of GtkFileFilter. + GtkPopover: Fix button positions in right-to-left locales. + GtkLabel: Fix small issues with link handling. + Tooltips: Don't restrict the minimum tooltip length. + Theme: - Don't use opacity for overlay scrollbars. - Fix selection text color in vertical spin buttons. + GSK: - Accept textures that are generated by webkit. - Align offscreen rendering to the pixel grid. + Accessibility: Fix a crash in startup when orca is running. + Input: - Fix display changes in GtkIMMultiContext. - Fix activating on-screen keyboards. - Always propagate hold events in GtkEventControllerScroll. + Windows: - Fix a critical warning in clipboard handling. - Report serial numbers for events. + MacOS: Prevent fullscreen transition reentrancy. + Updated translations. - Drop gtkimmulticontext-Handle-switches-between-displays.patch: fixed upstream. ==== hplip ==== Version update (3.21.10 -> 3.22.4) Subpackages: hplip-hpijs hplip-sane - Update to 3.22.4 Added support for following new Distro's: * Manjaro 21.2 Added support for the following new Printers: * HP LaserJet Pro 4001ne * HP LaserJet Pro 4001n * HP LaserJet Pro 4001dne * HP LaserJet Pro 4001dn * HP LaserJet Pro 4001dwe * HP LaserJet Pro 4001dw * HP LaserJet Pro 4001d * HP LaserJet Pro 4001de * HP LaserJet Pro 4002ne * HP LaserJet Pro 4002n * HP LaserJet Pro 4002dne * HP LaserJet Pro 4002dn * HP LaserJet Pro 4002dwe * HP LaserJet Pro 4002dw * HP LaserJet Pro 4002d * HP LaserJet Pro 4002de * HP LaserJet Pro 4003dn * HP LaserJet Pro 4003dw * HP LaserJet Pro 4003n * HP LaserJet Pro 4003d * HP LaserJet Pro 4004d * HP LaserJet Pro 4004dn * HP LaserJet Pro 4004dw * HP LaserJet Pro MFP 4101dwe * HP LaserJet Pro MFP 4101dw * HP LaserJet Pro MFP 4101fdn * HP LaserJet Pro MFP 4101fdne * HP LaserJet Pro MFP 4101fdw * HP LaserJet Pro MFP 4101fdwe * HP LaserJet Pro MFP 4102dwe * HP LaserJet Pro MFP 4102dw * HP LaserJet Pro MFP 4102fdn * HP LaserJet Pro MFP 4102fdw * HP LaserJet Pro MFP 4102fdwe * HP LaserJet Pro MFP 4102fdne * HP LaserJet Pro MFP 4102fnw * HP LaserJet Pro MFP 4102fnwe * HP LaserJet Pro MFP 4103dw * HP LaserJet Pro MFP 4103dn * HP LaserJet Pro MFP 4103fdn * HP LaserJet Pro MFP 4103fdw * HP LaserJet Pro MFP 4104dw * HP LaserJet Pro MFP 4104fdw * HP LaserJet Pro MFP 4104fdn * HP ScanJet Pro 3600 f1 * HP ScanJet Pro N4600 fnw1 * HP ScanJet Pro 2600 f1 * HP ScanJet Enterprise Flow N6600 fnw1 - Changes from 3.22.2 Added support for following new Distro's: * Elementary OS 6.1 * RHEL 8.5 * Linux Mint 20.3 Added support for the following new Printers: * HP LaserJet Tank MFP 1602a * HP LaserJet Tank MFP 1602w * HP LaserJet Tank MFP 1604w * HP LaserJet Tank MFP 2602dn * HP LaserJet Tank MFP 2602sdn * HP LaserJet Tank MFP 2602sdw * HP LaserJet Tank MFP 2602dw * HP LaserJet Tank MFP 2604dw * HP LaserJet Tank MFP 2604sdw * HP LaserJet Tank MFP 2603dw * HP LaserJet Tank MFP 2603sdw * HP LaserJet Tank MFP 2605sdw * HP LaserJet Tank MFP 2606dn * HP LaserJet Tank MFP 2606sdn * HP LaserJet Tank MFP 2606sdw * HP LaserJet Tank MFP 2606dw * HP LaserJet Tank MFP 2606dc * HP LaserJet Tank MFP 1005 * HP LaserJet Tank MFP 1005w * HP LaserJet Tank MFP 1005nw * HP LaserJet Tank 1502a * HP LaserJet Tank 1502w * HP LaserJet Tank 1504w * HP LaserJet Tank 2502dw * HP LaserJet Tank 2502dn * HP LaserJet Tank 2504dw * HP LaserJet Tank 2503dw * HP LaserJet Tank 2506dw * HP LaserJet Tank 2506d * HP LaserJet Tank 2506dn * HP LaserJet Tank 1020 * HP LaserJet Tank 1020w * HP LaserJet Tank 1020nw - Changes from 3.21.12 Added support for following new Distro's: * MX Linux 21 * Elementary OS 6 * Fedora 35 - Drop photocard-fix-import-error-for-pcardext.patch, because now in upstream. - Rebase Use-lsb_release-fallback-code-if-import-distro-fails.patch, bacause some is in upstream now. - Reabse hplip-missing-drivers.patch ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ==== libproxy ==== - Add libproxy-python-310.patch: Detect python 3.10. ==== libproxy-plugins ==== Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-webkit - Add libproxy-python-310.patch: Detect python 3.10. ==== lirc ==== - Add lirc-autoconf-py310.patch: Output of autoreconf in order to find the correct python version when Tumbleweed switches to Python 3.10. ==== memcached ==== Version update (1.6.14 -> 1.6.15) - update to 1.6.15: * proxy: Fix buffer overflow and prevent recv() of 0 byte * proxy: allow await() to be called recursively * proxy: mcp.request(cmd, [val | resp]) * proxy: hacky method of supporting noreply/quiet * proxy: add ring_hash builtin * proxy: fix logger entry memory corruption * storage: parameterize the compaction thread sleep * proxy: pull chunks into individual c files * proxy: documentation updates * proxy: "stats settings" for proxy * proxy: await improvements * proxy: trivial support for SO_KEEPALIVE on backend * mcmc: upstream update for SO_KEEPALIVE * proxy: fix crash on stats proxy sans user stats * proxy: enable backend_total stat * proxy: track in-flight requests * proxy: add some basic logging for backend errors * proxy: logging improvements + lua mcp.log() * proxy: add stats for commands seen ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Add code to plymouth-watermark-config.patch in order to install the Watermark image file to initrd - Refresh patches to apply cleanly - Remove plymouth-keep-KillMode-none.patch: With the iteration of tumbleweed, system could boot with the systemd recommanding option KillMode=mixed, So it's the time to remove this patch (bsc#1177082 bsc#1184087 boo#1182145). ==== python-Pygments ==== Version update (2.11.2 -> 2.12.0) - update to 2.12.0: - Added lexers: * Cplint (#2045) * Macaulay2 (#1791) * Minecraft (#2107) * Qlik (#1925) * ``UnixConfigLexer`` for "colon-separated" config files, like ``/etc/passwd`` (#2112) - Updated lexers: * Agda: Update keyword list (#2017) * C family: Fix identifiers after ``case`` statements (#2084) * Clojure: Highlight ratios (#2042) * Csound: Update to 6.17 (#2064) * CSS: Update the list of properties (#2113) * Elpi: - Fix catastrophic backtracking (#2053, #2061) - Fix handling of ``->`` (#2028) * Futhark: Add missing tokens (#2118) * Gherkin: Add ``But`` (#2046) * Inform6: Update to 6.36 (#2050) * LilyPond: - Fix incorrect lexing of names containing a built-in (#2071) - Fix properties containing dashes (#2099) * PHP: Update builtin function and keyword list (#2054, #2056) * Scheme: Various improvements (#2060) * Spice: Update the keyword list, add new types (#2063, #2067) * Terraform: - Support non-idiomatic comments (#2065, #2066) - Fix class name lexing (#2097) - Add ``plugins`` argument to ``get_all_lexers()``. - Bump minimal Python version to 3.6 (#2059) - Fix multiple lexers marking whitespace as ``Text`` (#2025) - Remove various redundant uses of ``re.UNICODE`` (#2058) - Associate ``.resource`` with the Robot framework (#2047) - Associate ``.cljc`` with Clojure (#2043) - Associate ``.tpp`` with C++ (#2031) - Remove traces of Python 2 from the documentation (#2039) - The ``native`` style was updated to meet the WCAG AAA contrast guidelines (#2038) - Fix various typos (#2030) - Fix ``Groff`` formatter not inheriting token styles correctly (#2024) - Various improvements to the CI (#2036) - The Ada lexer has been moved to a separate file (#2117) - drop elpi_fix_catastrophic_backtracking.patch: upstream ==== python-kiwi ==== Version update (9.24.31 -> 9.24.35) - Bump version: 9.24.34 ? 9.24.35 - Allow more repo params to be set on the cmdline The repository parameters for signing keys, the component list the main distribution name for debian repositories and also the repository_gpgcheck could not be set via the commandline options --add-repo and/or --set-repo. This commit adds support for them and also updates the manual page accordingly - Update ubuntu integration tests Build them against latest release (jammy). This Fixes #2128 - Bump version: 9.24.33 ? 9.24.34 - Follow up fix for isolinux-config isolinux-config is called to update the search path inside of the isolinux binary. isolinux/syslinux is exclusive to the ix86 architecture and to BIOS firmware. Therefore the condition to actually call it should reflect this. - Bump version: 9.24.32 ? 9.24.33 - Fixed runtime check Fixed check_dracut_module_for_disk_overlay_in_package_list. The check complains if the dracut-kiwi-overlay module is not installed but overlay support was requested. This is correct but should only be done if the selected initrd system is dracut. - Add option to set LUKS type to luks1 (#2126) Add option to set LUKS type to luks1 So far the LUKS type could be set to luks and luks2. However, what luks version the value 'luks' evaluates to depends on how the distributor has packaged luks. Thus it's possible that 'luks' is either luks1 or luks2. To also have the opportunity to explicitly specify luks1 this commit adds the opportunity in the schema. - Update devel packages helper Added trang as needed when working on the schema - Add support for dm integrity with secret key Allow to protect the opening of the integrity data map and journal through a keyfile. For setting the key file two new optional type attributes were added: * integrity_keyfile * integrity_metadata_key_description The key file format must be correct according to the selected integrity algorithm. As of now the kiwi default hmac-sha256 algorithm is used with the selected keyfile The optional integrity_metadata_key_description attribute allows to specify a custom description of an integrity key as it is expected to be present in the kernel keyring. The information is placed in the integrity metadata block. If not specified kiwi creates a key argument string instead which is based on the given integrity_keyfile filename. The format of this key argument is: :BASENAME_OF_integrity_keyfile_WITHOUT_FILE_EXTENSION - Update get_disksize_mbytes to support clones When using partition clones the pre-calculation of the disk size needs to take this into account. - Fixed UUID setup for XFS Make sure the log got replayed prior generating a new UUID - Fixed scope of setup_isolinux_boot_path There is a method called setup_isolinux_boot_path which is encoded in the Iso class. The method allows to change the boot path in the isolinux binary and makes sense when the bootloader is selected to be isolinux. However, the method was called in the scope of the FileSystemIsoFs class which responsibility is to create an ISO filesystem. The creation of an ISO filesystem has no direct connection to a bootloader. Thus calling this method in the scope of the FileSystemIsoFs implementation is wrong and can lead to unexpected side effects. This commit moves the call of the method to the places where isolinux as a bootloader can still be used. This Fixes #2117 - Correct the URL to the dracut home page This fixes https://github.com/OSInside/kiwi/issues/2097 - Change the custom vagrant config file to 00-vagrant.conf If it is called 99-vagrant.conf, then anything "before" that, like 50-redhat.conf takes precedence and overrides our custom settings. - Add Leap 15.4, SLE 15 SP4 & CentOS Stream 9 to the scripts tests - Bump version: 9.24.31 ? 9.24.32 - Add support for standalone dm integrity There is support in kiwi to use dm_integrity in combination with the LUKS header and dm_crypt. However there is also the use case to setup dm_integrity in standalone mode. This commit allows to create the dm_integrity layer outside of LUKS using /etc/integritytab to activate the map through a systemd generator if systemd is used. Regarding systemd it's required to use a version of system which provides: system-generators/systemd-integritysetup-generator. If this generator does not exist in the distribution it will also be missing in the dracut generated initrd and the boot will not be able to succeed. It's mentioned here because even newer distributions might be missing the generator Along with the implementation there are two new optional attributes in the <type> section: standalone_integrity="true|false" embed_integrity_metadata="true|false" standalone_integrity activates/deactivates the dm_integrity map on top of the root filesystem. Similar to the veritysetup support there is the opportunity to create an embedded magic metadata block at the end of the device containing the root filesystem via embed_integrity_metadata - Update per codacy smell - Add support for part clones to the Disk interface The Disk class provides methods to create partition(s) and map names according to its scope and independent of the actual partition tools. For example: create_root_partition(). This commit adds an additional optional clone parameter to all methods for which we want to allow partition clones - Be less strict in boot link to itself As part of the grub setup a link named 'boot' inside of /boot is created pointing to itself 'boot -> .'. The reason is to allow the bootloader config to find its files referenced as /boot/something independently if /boot is placed into an extra partition. However if an extra boot partition is used and a filesystem which does not support symlinks, e.g fat, that symlink creation should not lead to an error in the image build process as it is considered an optional safe link and not a mandatory pre-requisite - Fixed TW arm rpi integration test Explicitly add ruby to the package list ==== python-stack-data ==== Version update (0.1.3 -> 0.2.0) - Update to 0.2.0: - Fallback to basic Source.pieces when there is no Source.tree. - Handle nodes inside f-strings missing location info from asttokens - Add 29-Pygments-2-12.patch (gh#alexmojaki/stack_data#29) making the package compabile with Pygments 2.12. ==== rubygem-concurrent-ruby ==== Version update (1.1.9 -> 1.1.10) - updated to version 1.1.10 * (#951) Set the Ruby compatibility version at 2.2 * (#939, #933) The `caller_runs` fallback policy no longer blocks reads from the job queue by worker threads * (#938, #761, #652) You can now explicitly `prune_pool` a thread pool (Sylvain Joyeux) * (#937, #757, #670) We switched the Yahoo stock API for demos to Alpha Vantage (Gustavo Caso) * (#932, #931) We changed how `SafeTaskExecutor` handles local jump errors (Aaron Jensen) * (#927) You can use keyword arguments in your initialize when using `Async` (Matt Larraz) * (#926, #639) We removed timeout from `TimerTask` because it wasn't sound, and now it's a no-op with a warning (Jacob Atzen) * (#919) If you double-lock a re-entrant read-write lock, we promote to locked for writing (zp yuan) * (#915) `monotonic_time` now accepts an optional unit parameter, as Ruby's `clock_gettime` (Jean Boussier) ==== rubygem-nokogiri ==== Version update (1.13.4 -> 1.13.6) - updated to version 1.13.6 [#]# 1.13.6 / 2022-05-08 [#]## Security * [CRuby] Address [CVE-2022-29181](https://nvd.nist.gov/vuln/detail/CVE-2022-29181), improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See [GHSA-xh29-r2w5-wx8m](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5...) for more information. [#]## Improvements * `{HTML4,XML}::SAX::{Parser,ParserContext}` constructor methods now raise `TypeError` instead of segfaulting when an incorrect type is passed. [#]# 1.13.5 / 2022-05-04 [#]## Security * [CRuby] Vendored libxml2 is updated to address [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824). See [GHSA-cgx6-hpwq-fhv5](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq...) for more information. [#]## Dependencies * [CRuby] Vendored libxml2 is updated from v2.9.13 to [v2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14). [#]## Improvements * [CRuby] The libxml2 HTML parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare `<` characters. [#]## Changed * [CRuby] The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence `<![CDATA[` and incorrectly-opened comments will result in HTML text nodes starting with `<!` instead of skipping the invalid tag. This behavior is a direct result of the [quadratic-behavior fix](https://gitlab.gnome.org/GNOME/libxml2/-/commit/798bdf1) noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in [`test/html4/test_comments.rb`](https://github.com/sparklemotion/nokogiri/blob/3ed5bf2b5a367cb9dc6e329c5a1c5...). ==== squashfs ==== - set LZMA_XZ_SUPPORT=1 so you can (un)squash -comp lzma images ==== yast2-iscsi-client ==== Version update (4.5.1 -> 4.5.3) - Fix a crash when opening the main dialog (bsc#1199552). - 4.5.3 - Internal cleanup in several parts to turn the auto-converted YCP code into something closer to common Ruby. - Enable iscsiuio during installation only if there is any card in the system using the bnx2i or qedi modules (bsc#1194432). - 4.5.2 ==== yast2-trans ==== Version update (84.87.20220507.8ff263ce4d -> 84.87.20220513.26f6bfaa16) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20220513.26f6bfaa16: * New POT for text domain 'nfs'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'kdump'.