New Tumbleweed snapshot 20210913 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210913
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (91.0.2 -> 92.0)
amarok (2.9.75git.20210626T134054~59b22189f6 -> 2.9.75git.20210830T182443~10309f00af)
argyllcms (2.1.2 -> 2.2.0)
c-ares
emacs
ghostscript
irqbalance
libetonyek (0.1.9 -> 0.1.10)
libqt5-qtwebengine (5.15.5 -> 5.15.6)
libsrtp2 (2.4.0 -> 2.4.1)
libtpms
libxfce4ui (4.16.0 -> 4.16.1)
linux-glibc-devel (5.13 -> 5.14)
nfs-utils
patterns-base
postgresql13 (13.3 -> 13.4)
python-kiwi (9.23.49 -> 9.23.54)
python-mysqlclient
tuned (2.15.0+git.1625694366.bc3f737 -> 2.16.0)
util-linux
util-linux-systemd
virtualbox
virtualbox-kmp
=== Details ===
==== MozillaFirefox ====
Version update (91.0.2 -> 92.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
HTTPS using HTTPS RR as Alt-Svc headers
* Full-range color levels are now supported for video playback on
many systems
MFSA 2021-38 (bsc#1190269)
* CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
bmo#1712242, bmo#1729259)
Handling custom intents could lead to crashes and UI spoofs
* CVE-2021-38491 (bmo#1551886)
Mixed-Content-Blocking was unable to check opaque origins
* CVE-2021-38492 (bmo#1721107)
Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
Firefox ESR 91.1
* CVE-2021-38494 (bmo#1723920, bmo#1725638)
Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
(does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
run post-build-checks everywhere again
- requires NSS 3.69.1
- Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
repositioned due to rounding errors when font scaling != 1
(bmo#1708709); patch taken from upstream bug report and rebased
to apply cleanly against current version.
- Bump using with GCC (tested locally).
==== amarok ====
Version update (2.9.75git.20210626T134054~59b22189f6 -> 2.9.75git.20210830T182443~10309f00af)
- Update to version 2.9.75git.20210830T182443~10309f00af:
* Set Attributes before constructing the Application
* Port away from KRandom, bump Qt req. ver. to 5.10
- Rebase amarok-2.9.75git.20210830T182443~10309f00af.tar.xz
- Update translations
==== argyllcms ====
Version update (2.1.2 -> 2.2.0)
- Update to version 2.2.0:
* Added native i1Pro3 and i1Pro3 Plus driver.
* Fix bug in applycal.c where it gets an "Error - Write file: 1,
icmTextDescription_write: ascii string is shorter" error on
replacing one calibration with another.
* Improved i1pro & Munki patch recognition to work much more
reliably with a slow swipe speed.
* Fixed oeminst to work with spyder V5.5. setup.exe
* Fixed bug in oemdld that prevented HTML encoded characters in
download file decoding properly, which prevented certain
filenames from working.
* Fixed bug in ccxxmake -S -f where save error wasn't being fully
reported, and display technology presence check was faulty.
* Fixed typo in display technology, VPA -> PVA.
* Made Klein K10A "Lights Off" command timeout a soft error. For
some reason this command doesn't seem to be implemented on some
K10A's.
* Added CIE dE2000 to spotread output.
* Fixed accidental global "wrl" in gamut/gamut.h that cases
compile warnings.
* For more see http://www.argyllcms.com/doc/ChangesSummary.html
- Drop argyllcms--gcc--fno-common.patch (upstreamed with exception
of static declaration of struct huft, which is not required).
==== c-ares ====
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
==== emacs ====
Subpackages: emacs-info emacs-nox emacs-x11 etags
- Work for boo#1183497: make sure that if ibus is the input method
that there exists a working gtk immodule for ibus as well as the
ibus daemon is up and running
==== ghostscript ====
Subpackages: ghostscript-x11
- CVE-2021-3781.patch fixes CVE-2021-3781
Trivial -dSAFER bypass
cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
(bsc#1190381)
==== irqbalance ====
Subpackages: irqbalance-ui
- Update to version 1.8.0.18.git+2435e8d:
* fix unsigned integer subtraction sign overflow
* fix opendir fails in check_platform_device
* irqbalance: Check validity of numa_node
* configure.ac: use pkg-config to find numa
* Disable the communication socket when UI is disabled
* Fix comma typo in ui.c
* drop NoNewPrivs from irqbalance service
* remove no existing irq in banned_irqs
* Fix compile issue with none AARCH64 builds
- Fixes integrated mainline:
* bsc#1119461
* bsc#1138190
* bsc#1154905
* bsc#1178477 bsc#1183405 (removed patches due to mainline integration):
procinterrupts-check-xen-dyn-event-more-flexible.patch
* bsc#1182254 bsc#1156315 (removed patches due to mainline integration):
fix-ambiguous-parsing-of-node-entries-in-sys.patch
* bsc#1183157
also-fetch-node-info-for-non-PCI-devices.patch
==== libetonyek ====
Version update (0.1.9 -> 0.1.10)
- Added patch:
* resolve-ambiguities.patch
+ fix some ambiguities in type resolutions on older compilers
+ enables building on sle12-sp5
- Update to 0.1.10:
* Parse shadow.
* Improve detection of the "new" formats.
* Fix handling of text baseline shift.
* Improve various formats.
- Remove upstreamed patch 0001-add-missing-include-for-std-for_each.patch
==== libqt5-qtwebengine ====
Version update (5.15.5 -> 5.15.6)
- Update to version 5.15.6:
* Update Chromium:
+ [Backport] CVE-2021-30560: Use after free in Blink XSLT
+ [Backport] CVE-2021-30566: Stack buffer overflow in Printing
+ [Backport] CVE-2021-30585: Use after free in sensor handling
+ Bump V8_PATCH_LEVEL
+ [Backport] Security bug 1228036
+ [Backport] CVE-2021-30604: Use after free in ANGLE
+ [Backport] CVE-2021-30603: Race in WebAudio
+ [Backport] CVE-2021-30602: Use after free in WebRTC
+ [Backport] CVE-2021-30599: Type Confusion in V8
+ [Backport] CVE-2021-30598: Type Confusion in V8
+ [Backport] Security bug 1227933
+ [Backport] Security bug 1205059
+ [Backport] Security bug 1184294
+ [Backport] Security bug 1198385
+ [Backport] CVE-2021-30588: Type Confusion in V8
+ [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
+ [Backport] CVE-2021-30573: Use after free in GPU
+ [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
+ [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
+ [Backport] CVE-2021-30541: Use after free in V8
+ [Backport] Security bugs 1197786 and 1194330
+ [Backport] Security bug 1194689
+ [Backport] CVE-2021-30563: Type Confusion in V8
+ [Backport] Security bug 1211215
+ [Backport] Security bug 1209558
+ [Backport] CVE-2021-30553: Use after free in Network service
+ [Backport] CVE-2021-30548: Use after free in Loader
+ [Backport] CVE-2021-30547: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30556: Use after free in WebAudio
+ [Backport] CVE-2021-30559: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
+ [Backport] Security bug 1202534
+ [Backport] CVE-2021-30536: Out of bounds read in V8
+ [Backport] CVE-2021-30522: Use after free in WebAudio
+ [Backport] CVE-2021-30554 Use after free in WebGL
+ [Backport] CVE-2021-30551: Type Confusion in V8
+ [Backport] CVE-2021-30544: Use after free in BFCache
+ [Backport] CVE-2021-30535: Double free in ICU
+ [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
+ [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
+ [Backport] CVE-2021-30523: Use after free in WebRTC
+ Generate mojo bindings before compiling extension API registration
* Bump version from 5.15.5 to 5.15.6
* Always send phased wheel events beginning with Began
- Import patch from the chromium package:
* 0001-return-ENOSYS-for-clone3.patch
- Add changes from the chromium package to
0001-Fix-build-with-glibc-2.34.patch
==== libsrtp2 ====
Version update (2.4.0 -> 2.4.1)
- Update to release 2.4.1
* Use a full-length key even with null ciphers
==== libtpms ====
- security update
- added patches
fix CVE-2021-3746 [bsc#1189935], out-of-bounds access via specially crafted TPM 2 command packets
+ libtpms-CVE-2021-3746.patch
==== libxfce4ui ====
Version update (4.16.0 -> 4.16.1)
Subpackages: libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0
- Update to version 4.16.1
* Add 4.16 section to docs
* about: Replace stock with regular button
* about: Make Close button translatable (bxo#xfce/libxfce4ui#41)
* Fix cast alignment warning
* Remove Gtk2 leftovers
* Don't reserve vertical space for subtitles in headerbars
* Translation Updates
- Remove headerbar_subtitle.patch - fixed upstream
==== linux-glibc-devel ====
Version update (5.13 -> 5.14)
- Update to kernel headers 5.14
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client nfs-kernel-server
- Add 0001-gssd-fix-crash-in-debug-message.patch
Fix crash when rpc-gssd run with -v.
(boo#1190144)
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced
- Fix typo in the icon name for the fips pattern (bsc#1189550)
==== postgresql13 ====
Version update (13.3 -> 13.4)
Subpackages: libpq5 postgresql13-contrib postgresql13-docs postgresql13-llvmjit postgresql13-server
- bsc#1185952: fix build with llvm12 on s390x.
0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
- bsc#1179945: Re-enable icu for PostgreSQL 10.
- Upgrade to version 13.4:
https://www.postgresql.org/docs/13/release-13-4.html
* CVE-2021-3677 (boo#1189748)
The planner could create an incorrect plan in cases where two
ProjectionPaths were stacked on top of each other. The only
known way to trigger that situation involves parallel sort
operations, but there may be other instances. The result would
be crashes or incorrect query results. Disclosure of server
memory contents is also possible.
- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
llvm and clang optional (postgresql-llvm-optional.patch).
==== python-kiwi ====
Version update (9.23.49 -> 9.23.54)
- Bump version: 9.23.53 ? 9.23.54
- Fixed condition for GRUB_DISABLE_LINUX_UUID="true"
The grub config parameter GRUB_DISABLE_LINUX_UUID must only
be set if the device persistence setting is not UUID. However,
in kiwi UUID device names are the default and doesn't have to
be expressed explicitly. Therefore the condition to check
for different than 'by-uuid' is wrong for the default case were
no device persistence setting exists. This results in a wrong
grub option to be set. This commit fixes it in a way to disable
UUID device names in grub if the only other device persistency
setting in kiwi named: 'by-label' is explicitly configured.
This Fixes #1842
- Added force_trailing_slash argument to sync_data
A speciality of the rsync tool is that it behaves differently
if the given source_dir ends with a '/' or not. If it ends
with a slash the data structure below will be synced to the
target_dir. If it does not end with a slash the source_dir
and its contents are synced to the target_dir. For example:
source
??? some_data
1. $ rsync -a source target
target
??? source
??? some_data
2. $ rsync -a source/ target
target
??? some_data
The parameter force_trailing_slash in the DataSync::sync_data
method can be used to make sure rsync behaves like shown in
the second case. This Fixes #1786
- Added type hints for DataSync class
- Bump version: 9.23.52 ? 9.23.53
- Add missing bootloader tests
Merging #1850 exposed the missing bootloader tests.
This reminds me to move the gitlab driven unit tests
to github actions because for forked repos the gitlab
tests does not run but github actions tests would run
- Fix logging of ISO publisher
- Improving text formatting
- Added documentation for grub2 loopback ISO images
- Bump version: 9.23.51 ? 9.23.52
- Fixed pep E711 code smell
comparison to None should be 'if cond is not None:'
- Bump version: 9.23.50 ? 9.23.51
- No compression with encryption
When an image is setup to use encryption the resulting image appears
as a random stream of bytes and cannot be compressed. Simply skip
the compression in this case.
- Fix typo in schema documentation
ciper -> cipher. Fix originally done by Robert Schweikert
and moved to the right place, see Issue #1906 for details
- Allow target dir for archive
- Add the option to specify a target directory
to unpack the archive
- Update doc for target dir attribute
This Fixes #1794
- Log deprecation errors to stderr
Make sure information about deprecated shell methods
logs their information to stderr. This will cause the
error message to be exposed to the user and not only
in the log file
- Fixed TW build test
Explicitly added packages that causes conflicts due
to the busybox alternatives
- Bump version: 9.23.49 ? 9.23.50
- Added support for repo customization script
repo files allows for several customization options
which could not be set by kiwi through the current
repository schema. As the options used do not follow
any standard and are not compatible between package
managers and distributions the only generic way to
handle this is through a script which is invoked
with the repo file as parameter for each file created
to describe a repo for the selected package manager.
This allows users to update/change the repo file content
on their individual needs. In the kiwi description the
path to the custom script can be specified as follows
participants (1)
-
Dominique Leuenberger