Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20201127 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (82.0.3 -> 83.0) c-ares coreutils cpio dosfstools e2fsprogs ed filesystem fillup findutils git grep (3.5 -> 3.6) gzip javapackages-tools jhbuild (3.36.0+1 -> 3.38.0+3) kernel-firmware (20201023 -> 20201120) keyutils libX11 (1.6.12 -> 1.7.0) libqt5-qttranslations (5.15.1 -> 5.15.2) libqt5-qtvirtualkeyboard (5.15.1 -> 5.15.2) libselinux libsepol libtirpc llvm11 openssh python-kiwi (9.21.23 -> 9.21.26) python-pycups qpdf (10.0.3 -> 10.0.4) schily tar tcl wxWidgets-3_2-nostl zlib === Details === ==== MozillaFirefox ==== Version update (82.0.3 -> 83.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 83.0 * major update for SpiderMonkey improving performance significantly * optional HTTPS-Only mode * more improvements https://www.mozilla.org/en-US/firefox/83.0/releasenotes/ MFSA 2020-50 (bsc#1178824)) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-26952 (bmo#1667685) Out of memory handling of JITed, inlined functions could lead to a memory corruption * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26954 (bmo#1657026) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2020-26955 (bmo#1663261) Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26957 (bmo#1667179) OneCRL was not working in Firefox for Android * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26962 (bmo#610997) Cross-origin iframes supported login autofill * CVE-2020-26963 (bmo#1314912) History and Location interfaces could have been used to hang the browser * CVE-2020-26964 (bmo#1658865) Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26967 (bmo#1665820) Mutation Observers could break or confuse Firefox Screenshots feature * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872, bmo#1668876) Memory safety bugs fixed in Firefox 83 - requires NSS >= 3.58 nodejs >= 10.22.1 - removed obsolete mozilla-ppc-altivec_static_inline.patch - disable LTO on TW because of ICEs in gcc ==== c-ares ==== - add BR for pkg-config to get the provides in the devel package ==== coreutils ==== Subpackages: coreutils-doc coreutils-lang - prepare usrmerge (boo#1029961) ==== cpio ==== Subpackages: cpio-lang cpio-mt - prepare usrmerge (boo#1029961) ==== dosfstools ==== - prepare usrmerge (boo#1029961) ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2 - prepare usrmerge (boo#1029961) ==== ed ==== - prepare usrmerge (boo#1029961) ==== filesystem ==== - /proc and /sys should be %ghost to allow filesystem package updates in rootless container environments (rh#1548403) ==== fillup ==== - prepare usrmerge (boo#1029961) ==== findutils ==== Subpackages: findutils-lang - prepare usrmerge (boo#1029961) ==== git ==== Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - only pull asciidoctor for the default ruby version ==== grep ==== Version update (3.5 -> 3.6) Subpackages: grep-lang - Update to grep 3.6 * The GREP_OPTIONS environment variable no longer affects grep's behavior. * grep's DFA matcher performed an invalid regex transformation that would convert an ERE like a+a+a+ to a+a+, which would make grep a+a+a+ mistakenly match "aa". * grep -P now reports the troublesome input filename upon PCRE execution failure. - werror-return-type.patch: work around gcc bug - prepare usrmerge (boo#1029961) ==== gzip ==== - prepare usrmerge (boo#1029961) ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Fix the python subpackage generation gh#openSUSE/python-rpm-macros#79 - Support python subpackages for each flavor gh#openSUSE/python-rpm-macros#66 - Replace old nose with pytest gh#fedora-java/javapackages#86 ==== jhbuild ==== Version update (3.36.0+1 -> 3.38.0+3) Subpackages: jhbuild-lang - create_deps.sh: Filter out pkgconfig(libpodofo) Requires for now: in all released versions of podofo, the .pc file is called libpodofo-0, but in git, since April 2019, the .pc file is being installed as libpodofo.pc. There is no information if and when podofo will ever get a release with this change. - Update to version 3.38.0+3: * defaults: Fix multiarch system_libdirs. * Get default branch name from repository. * Compare bytes/str correctly in both python 2 & 3. * defaults.jhbuildrc: fix detection of /usr/lib64 on Fedora. * base: also try for meson on autogenerated modules. * doc: Document shallow_clone option. * Moduleset updates. ==== kernel-firmware ==== Version update (20201023 -> 20201120) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Fix build with older distros due to missing _firmwaredir - Update to version 20201120 (bc9cd0b7b0e9): including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274) * linux-firmware: Update AMD SEV firmware * amdgpu: add sienna cichlid firmware for 20.45 * amdgpu: update vega20 firmware for 20.45 * amdgpu: update vega12 firmware for 20.45 * amdgpu: update vega10 firmware for 20.45 * amdgpu: update renoir firmware for 20.45 * amdgpu: update navi14 firmware for 20.45 * amdgpu: update navi12 firmware for 20.45 * amdgpu: update navi10 firmware for 20.45 * amdgpu: update raven2 firmware for 20.45 * amdgpu: update raven firmware for 20.45 * rtlwifi: v88.2 firmware files for RTL8192CU * rtw88: RTL8822C: Update firmware to v9.9.4 * Revert "rtw88: RTL8822C: Update firmware to v9.9.4" * vpdma: Move firmware to ti directory * amdgpu: update picasso VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * rtw88: RTL8822C: Update firmware to v9.9.4 * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A * QCA: Update Bluetooth firmware for QCA6390 * qcom : updated venus firmware files for v5.4 * QCA : Fixed BT SSR due to command timeout / IO fatal error * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 * ath11k: QCA6390 hw2.0: add board-2.bin * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ8074 hw2.0: add board-2.bin * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ6018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1 - ath11k is split into its own subpackage due to its size - Update topics list and aliases accordingly ==== keyutils ==== Subpackages: libkeyutils1 libkeyutils1-32bit - prepare usrmerge (boo#1029961) ==== libX11 ==== Version update (1.6.12 -> 1.7.0) Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 - Update to version 1.7.0 * libX11 version 1.7.0 includes a new API, hence the change from the 1.6 series to 1.7: XSetIOErrorExitHandler which provides a mechanism for applications to recover from I/O error conditions instead of being forced to exit. Thanks to Carlos Garnacho for this. * This release includes a bunch of bug fixes, some which have been pending for over three years: + A bunch of nls cleanups to remove obsolete entries and clean up formatting of the ist. Thanks to Benno Schulenberg for these. + Warning fixes and other cleanups across a huge swath of the library. Thanks to Alan Coopersmith for these. + Memory allocation bugs, including leaks and use after free in the locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio Zecca for these. + Thread safety fixes in the locale code. Thanks to Jacek Caban for these. + poll_for_response race condition fix. Thanks to Frediano Ziglio for the bulk of this effort, and to Peter Hutterer for careful review and improvements. * Version 1.7.0 includes a couple of new locales: ia and ie locales. Thanks to Carmina16 for these. * There are also numerous compose entries added, including: + |^ or ^| for ?, |v or v| for ?, ~~ for ?. Thanks to Antti Savolainen for this. + Allowing use of 'v' for caron, in addition to 'c', so things like vC for ?, vc for ?. Thanks to Benno Schulenberg for this. + Compose sequences LT, lt for '<', and GT, gt for '>' for keyboards where those are difficult to access. Thanks to Jonathan Belsewir for this. - refreshed patches en-locales.diff, p_khmer-compose.diff and p_xlib_skip_ext_env.diff ==== libqt5-qttranslations ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qttranslations.git/plain/dist/changes-5.15.2/?h=5.... ==== libqt5-qtvirtualkeyboard ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5HunspellInputMethod5 libQt5VirtualKeyboard5 libqt5-qtvirtualkeyboard-hunspell - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtvirtualkeyboard.git/plain/dist/changes-5.15.2/?h... ==== libselinux ==== Subpackages: libselinux1 libselinux1-32bit selinux-tools - install to /usr (boo#1029961) ==== libsepol ==== - install to /usr (boo#1029961) ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 libtirpc3-32bit - install libraries to %{_libdir} (boo#1029961) ==== llvm11 ==== Subpackages: clang-tools clang11 clang11-doc libLLVM11 libLTO11 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang11 - Add compiler-rt-dont-compile-assembly-files-as-c.patch to fix build failure with newer CMake versions. - Let CMake files in {llvm,clang}X-devel refer to the versioned binaries that come with the package instead of the symlink managed by update-alternatives. (boo#1178513) ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix build breakage caused by missing security key objects: + Modify openssh-7.7p1-cavstest-ctr.patch. + Modify openssh-7.7p1-cavstest-kdf.patch. + Add openssh-link-with-sk.patch. - Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). This ensures only approved DH parameters are used in FIPS mode. - Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. ==== python-kiwi ==== Version update (9.21.23 -> 9.21.26) - Bump version: 9.21.25 ? 9.21.26 - Fixed dnf plugin config setup Only create a dnf plugin config if the plugin config directory to store that file exists in the system - Set --releasever=0 for microdnf To allow microdnf to work from an empty root directory we need to set the release version to zero - Use custom varsdir for dnf builds - Partially revert dcounter.c flaw report I could not find a problem with this read call it does check on the buffer boundaries and it only writes the bytes that read returns until read returns <= 0 - Fixed dcounter.c flaw report Check buffer boundaries if used in a loop - Fixed dcounter.c flaw report Variable scope can be reduced and useless value assignment. - Fixed microdnf support The installroot argument must be used together with --config and additionally with --noplugins, as well as --setopt for cachedir, reposdir and varsdir. Related to #1625 - Move tools README to ReST - Fixed Incorrect list-item indent - Fixed Incorrect list-item indent Use two spaces between bullet and content - Update codacy configuration file Exclude .github helper scripts from the analysis - Update codacy configuration file Exclude doc sources and helper scripts from the analysis - Fix setopt argument for install_weak_deps for microdnf Micro DNF does not support "True"/"False", only "1"/"0"... - Better error reporting if jing is missing On validation error we use jing to report detailed error messages. However if jing is not present no validation errors are displayed. There is a error_log variable as part of the relaxNG object which holds the library error log. This information is not as good as the jing report but better than nothing - Added microdnf support in XML schema The XML schema did not allow to specify microdnf as supported package manager - Added microdnf integration test - Bump version: 9.21.24 ? 9.21.25 - Use --config instead of -c for DNF and Micro DNF The -c option is not supported in Micro DNF, but --config is, and it is supported with DNF as well. - Drop 'microdnf makecache' call for microdnf package manager This subcommand does not exist and is not needed. Instead, we need to use '--refresh' where this is needed. - Bump version: 9.21.23 ? 9.21.24 - No bootpartition for XFS by default Selecting the xfs filesystem made kiwi to create an extra boot partition. This is from times when grub was not able to read from XFS. As grub doesn't have this limitation since quite some time the bootpartition default in kiwi for XFS should be changed. This is realted to #1611 - Create relative boot link for extra boot partition If an extra boot partition is used the grub toolchain still references files from that partition as /boot/... which fails because they are now at the toplevel. To avoid this and keep any /boot/some-file reference still valid we create a symlink 'boot -> .' This Fixes #1611 - Fix documentation to be consistent with the XML KIWI scheme This commit fixes the user section documentation to properly reflect XML KIWI scheme constraints. 'home' attribute is optional and 'password' attribute is mandatory. Fixes #1599 - Add support for the Micro DNF package manager Micro DNF is a minimal C implementation of DNF that is usable for minimal appliances and containers. While it is not at parity with DNF, it implements enough functionality that it is mostly usable for building appliance images. - Added remote overlay boot documentation Added a new chapter below: working with images, which describes the options to remote boot via kiwi-overlay from an NBD or AOE exported root filesystem image. - use BuildRequires for distros which use fdupes - Added support for nbd and aoe root overlay The kiwi-overlay dracut module can also be used as standalone module that is not connected to a disk image. In this case it's needed to specify the location for the root filesystem and optionally the device to write data (default is ram space). This commit adds the opportunity to specify a nbd/aoe location for the root filesystem on the kernel cmdline like in the following examples: root=overlay:nbd=nbd0:192.168.100.42:exportname root=overlay:aoe=e0.1 An optional write space, if it should not be ram space, can be provided through the rd.root.overlay.write option on the kernel cmdline. This Fixes: OSInside/kiwi-descriptions#78 - Increase allowed complexity level Increase overall allowed flake8 complexity level and delete the extra exceptions from code as much as possible - Add editbootinstall script for Arch Linux tests This commit adds the editbootinstall script to Arch Linux OEM integration tests. The provided script removes the use of linuxefi and initrdefi commands on grub configuration since Arch does not support linuxefi module. Fixes #1559 - Update tox and travis setup for python 3_8 Move latest python test target to 3.8 and also change the deploy travis target to use python 3.8 - Allow console login for the integration tests The integration tests for the cloud targets had the console login for root disabled. This is correct if the image would be really used in the cloud. The integration test however will be functional tested within openQA and that requires serial console and root console login to be allowed. - Added universal box to build status helper ==== python-pycups ==== - Let the python-rpm-macros take care of the correct python3 provides for all python3 flavors gh#openSUSE/python-rpm-macros#66 ==== qpdf ==== Version update (10.0.3 -> 10.0.4) - Update to version 10.0.4 * Fix a handful of integer overflows. ==== schily ==== Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind4_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star - Update to release 2020.11.25 * libhfs_iso: changed malloc() to calloc() to avoid uninitialized data. * ved: A new colon command (ESC : vhelp) has been added. - Remove fix_junk_in_partition.patch (upstreamed) - fix_junk_in_partition.patch: Initialize memory that created the partition table instead of writing random bytes to it (bsc#1178692) ==== tar ==== Subpackages: tar-lang tar-rmt - prepare usrmerge (boo#1029961) ==== tcl ==== - Add a manpage symlink for tclsh8.6. ==== wxWidgets-3_2-nostl ==== Subpackages: libwx_baseu-suse-nostl4_0_0 libwx_baseu_net-suse-nostl4_0_0 libwx_baseu_xml-suse-nostl4_0_0 libwx_gtk3u_core-suse-nostl4_0_0 libwx_gtk3u_html-suse-nostl4_0_0 libwx_gtk3u_qa-suse-nostl4_0_0 - Fix an rpmlint warning by moving libwx_base symlinks to their own -devel subpackage which is then required by (wxWidgets-devel, wxGTK3-devel). ==== zlib ==== Subpackages: libminizip1 libz1 libz1-32bit zlib-devel - Fix hw compression on z15 bsc#1176201 - Add zlib-s390x-z15-fix-hw-compression.patch