Hello,
I've finally had the chance to put in a VM an instance of MicroOS
Desktop with the new partition layout and. IMO, the fact that it has
/var in a (nocow) subvolume is really a big improvement, so thanks
Richard for that!
We have /home in a subvolume too, which is also great, and it as well
has the nocow flag set. I know this mostly come from a conversation we
had on #microos-desktop on IRC but thinking more about that, and
discussing this with some users, I wonder whether it is really the best
choice.
I mean, it sure is ok for /var, but for /home, using nocow means that
we give up on some of the nicer BTRFS features, especially for home
folders, wouldn't it?
That might be especially true for MicroOS Desktop. E.g., think at being
able to compress (if not the entire home directories or the entire
subvolume) the user installed flatpaks (and using that as an argument
"against" those that are still complaining that <Ah, but flatpaks takes
a lot of space on disk!>> :-D).
So, are there reasons why it's really preferable to keep the /home
subvolume as nocow and I'm missing them? Or shall we switch it to cow?
Also, while there, shall we evaluate adding other flags by default
(i.e., things like autodefrag, or even compression itself)?
E.g., AFAIUI, on Fedora, while not doing that right now, they're
considering doing something like that, e.g.:
https://pagure.io/fedora-btrfs/project/issue/5
Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<<This happens because _I_ choose it to happen!>> (Raistlin Majere)
Hi,
On a fresh MicroOS install with podman, when I want to set memory limit
for a container (using the -m flag) I get the following error:
Error: container_linux.go:367: starting container process caused:
process_linux.go:459: container init caused: process_linux.go:422:
setting cgroup config for procHooks process caused: cannot set memory
limit: container could not join or create cgroup: OCI runtime error
I am not able to understand the nature of the error. Searching around,
I found similar issue where adding cgroup_enable=memory parameter to
boot settings in Grub might solve the issue.
Is that correct ? If so, what is the proper way to update Grub config
on a RO filesystem ?
podman version 2.0.4
podman info (ociRuntime part):
ociRuntime:
name: runc
package: runc-1.0.0~rc91-1.2.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc91
spec: 1.0.2-dev
Regards,
--
Sébastien 'sogal' Poher
> When there's no more room at school, the dumb will walk the Earth!
Hello,
In order to use --drop-if-no-change on transactional-update we need
the inotify-tools for inotifywait. Should this be packaged by default with
Micro-OS, and Kubic?
Thank you,
Anthony Rabbito
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
cockpit-podman (25 -> 26)
dmidecode
gettext-runtime
libfido2 (1.5.0 -> 1.6.0)
ncurses (6.2.20210109 -> 6.2.20210116)
oath-toolkit (2.6.5 -> 2.6.6)
openssh
python-pyserial (3.4 -> 3.5)
python-setuptools
raspberrypi-firmware (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-config (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-dt
rdma-core
sudo (1.9.5p1 -> 1.9.5p2)
system-users
sysuser-tools
xfsprogs (5.9.0 -> 5.10.0)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
==== cockpit-podman ====
Version update (25 -> 26)
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
==== dmidecode ====
2 recommended fixes from upstream:
- dmidecode-fix-the-condition-error-in-ascii_filter.patch:
dmidecode: Fix the condition error in ascii_filter.
- dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash
with -u option.
==== gettext-runtime ====
Subpackages: libtextstyle0
- fixup libtextstyle autofoo with adding
use-acinit-for-libtextstyle.patch
==== libfido2 ====
Version update (1.5.0 -> 1.6.0)
Subpackages: libfido2-1 libfido2-udev
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
==== ncurses ====
Version update (6.2.20210109 -> 6.2.20210116)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Don't skip test for qemu builds
- Add ncurses patch 20210116
+ add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS
(report by Patrick McDermott) -TD
+ make opts extension for getcchar work as documented for ncurses 6.1,
adding "-g" flag to test/demo_new_pair to illustrate.
==== oath-toolkit ====
Version update (2.6.5 -> 2.6.6)
Subpackages: liboath0 oath-toolkit-xml
- Update to version 2.6.6
* oathtool: Support for reading KEY and OTP from standard input
or filename. KEY and OTP may now be given as '-' to mean
stdin, or @FILE to read from a particular file. This is
recommended on multi-user systems, since secrets as command
line parameters leak.
* pam_oath: Fix unlikely logic fail on out of memory conditions.
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Add openssh-fix-ssh-copy-id.patch, which fixes breakage
introduced in 8.4p1 (bsc#1181311).
- Improve robustness of sshd init detection when upgrading from
a pre-systemd distribution.
- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
diffie-hellman-group14-sha1 key exchange back to the default
list (bsc#1180958). This is needed for backwards compatibility
with older platforms.
- Make sure sshd is enabled correctly when upgrading from a
pre-systemd distribution (bsc#1180083).
==== python-pyserial ====
Version update (3.4 -> 3.5)
- update to version 3.5:
New Features:
[#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module)
Improvements:
[#315] Use absolute import everywhere
[#354] Make ListPortInfo hashable
[#372] threaded: "write" returns byte count
[#400] Add bytesize and stopbits argument parser to tcp_serial_redirect
[#408] loop: add out_waiting
[#495] list_ports_linux: Correct "interface" property on Linux hosts
[#500] Remove Python 3.2 and 3.3 from test
[#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates
miniterm: add CTRL+T Q as alternative to exit
miniterm: suspend function key changed to CTRL-T Z
add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports).
python -m serial opens miniterm (use w/o args and it will print port list too) [experimental]
Bugfixes:
[#371] Don't open port if self.port is not set while entering context manager
[#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException
[#261, #263] list_ports: set default name attribute
[#286] fix: compare only of the same type in list_ports_common.ListPortInfo
rfc2217/close(): fix race-condition
[#305] return b'' when connection closes on rfc2217 connection
[#386] rfc2217/close(): fix race condition
Fixed flush_input_buffer() for situations where the remote end has closed the socket.
[#441] reset_input_buffer() can hang on sockets
examples: port_publisher python 3 fixes
[#324] miniterm: Fix miniterm constructor exit_character and menu_character
[#326] miniterm: use exclusive access for native serial ports by default
[#497] miniterm: fix double use of CTRL-T + s use z for suspend instead
[#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr
[#265] posix: fix PosixPollSerial with timeout=None and add cancel support
[#290] option for low latency mode on linux
[#335] Add support to xr-usb-serial ports
[#494] posix: Don't catch the SerialException we just raised
[#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux
[#509 #518] list_ports: use hardcoded path to library on osx
[#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur
[#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon
==== python-setuptools ====
- We cannot remove vendored packages when generating setuptools
wheel (bsc#1177127).
==== raspberrypi-firmware ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-config ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-dt ====
- Introduce upstream-blconfig-rmem.patch for firmware to be able to define
firmware's configuration reserved memory (jsc#SLE-16616)
==== rdma-core ====
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1
- Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon
is loaded at boot if enabled (bsc#1180196)
==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-nobody
- Add system-user-vscan subpackage with vscan user and group and
/var/spool/amavis as home directory
- Remove kvm group from hardware subpackage, since kvm is in its
own subpackage (jsc#SLE-11629).
- Add qemu user to kvm group
- Add system account and groups for kvm, qemu, and libvirt
(jsc#SLE-11629)
New files: system-group-kvm.conf, system-group-libvirt.conf,
system-user-qemu.conf
- Don't add group nogroup to user nobody, as many daemons misuse
'nogroup' as own group
- Use test -x instead of -f
- Call usermod only if installed
- Align /var/lib/tss permissions with trousers (boo#1162360).
- Add tss user for TPM tools (boo#1162360).
- Remove s390 groups again. The s390-tools maintainer wants to add groups in
s390-tools manually.
- Add system-user-tftp subpackage with tftp user and group and
/srv/tftpboot as home directory [bsc#1143454].
- Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730)
- Add "render" group in system-group-hardware (bsc#1085847)
"uaccess" tag has been dropped from /dev/dri/renderD* and these devices
now have 0666 permsions by default is owned by the render group.
- Change home directory of user man to /var/lib/empty. Home
directories below /var/cache are by definition insecure and a
bad idea.
- uuidd does not need group daemon, Copy&Paste error.
- udev needs groups kvm and lp: [bsc#1058703]
- Add group kvm to system-group-hardware
- Move group lp from system-user-lp to system-group-hardware
- Add system-user-uuidd.conf (boo#1057937#c3).
- user nobody: move usermod to %post, else it will be executed
before the user is created.
- Drop pkgconfig(systemd) BuildRequires: we no longer depend on
systemd-sysusers, but converted to shadow toolset.
- Move group trusted into system-user-root package [bsc#1044014]
- Move system-user-root into own package
- Fix syntax of groups in system-user-root.conf
- Add utmp to system-group-hardware.conf like systemd has
- Create new system-user-root sub-package creating passwd, group
and shadow files with root user.
- BuildRequire pkgconfig(systemd) instead of systemd: this allows
OBS to pick systemd-mini, which is still good enough. And
ultimately it helps us break a build cycle
(system-users - libssh2_org - curl - systemd - system-users).
- BuildIgnore group(lock) and group(daemon) for ourselves, needed
for bootstrap.
- /bin/bash is needed as shell for user nobody
- Add upsd for UPS daemon packages.
- Prerequire group lock for uucp
- Allow user uucp to do locking
- Fix group ownership of /var/lib/wwwrun
- Add group sys to system-group-obsolete
- Add systemusers lp and nobody
- Add systemusers wwwrun, mail and ftp
- Add hardware access groups: kmem, lock, tty, audio, cdrom,
dialout, disk, input, tape, video
- Add group wheel
- Remove /var/spool/uucp directories...
- Change license to MIT
- Add subpackages for obsolete groups and trusted group
- Add subpackages for bin, daemon, news and man
- Adjust to new sysuser-tools
- Use automatic provides and generate %pre with a script
- fix uids and add also groups
- Create users in %pre install section
- Add /etc/uucp to filelist of system-user-uucp
- Add system account games
- Initial version with system account uucp
==== sysuser-tools ====
- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets
installed before.
- suggest shadow where useradd_or_adduser_dep is actually required
- Avoid useless use of cat
- Simplify %sysusers_requires
- Drop shebang, rpm passes it to /bin/sh itself
- Packages providing users need /usr/bin/cat installed to create
them. Add that to the PreRequires.
- Create system groups for system users
- Fix bug introduced by simplification of check for useradd -g
- Refactor use of sed away
- Use eval set -- $LINE instead of read for parsing
- Clean up sysusers2shadow and make it use only /bin/sh
- Don't let busybox adduser create the home directory, it breaks
permissions of e.g. /sbin (home of daemon)
- Use only /bin/sh in sysusers-generate-pre and the generated code
- Drop use of tail from the generated %pre scriptlets
- Look for /bin/busybox, too
- Add special handling for busybox and groups
- Use suggests shadow to prefer that over busybox in normal systems
- Add support for busybox adduser/addgroup
- Change requirements from shadow to useradd_or_adduser_dep
- Fix default home directory [bsc#1105934]
- Use _rpmmacrodir for macro file
- Further enhance sysusers-generate-pre: inside the build
environment, it can be acceptable to be failing to create the
users (e.g when building sysuser-tools or system-user-root, since
those two packages have to be speificallty excluded). Always
return with error code 0 if /.buildenv exists.
- sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod
call fails: the resulting system is quite undefined if this
should happen.
- sysusers-generate-pre: exit the pre script with the exit code
of sysusers2shadow.sh.
- sysuser-tools needs to require sysuser-shadow
- Add requires for shadow to sysuser-shadow
- Put helper script into own subpackage
- Convert sysusers config file to shadow arguments and use
shadow suite to create user and groups. Fixes [bsc#1041497] and
serveral dependency loops.
- Don't ignore errors of systemd-sysusers [bsc#1039708]
- Don't remove 'm' and 'r' entries from sysusers configuration
- Add macros.sysusers
- initial package
==== xfsprogs ====
Version update (5.9.0 -> 5.10.0)
- update to 5.10.0:
- xfs_repair: remove old code for mountpoint inodes
- xfsprogs: Add inode btree counter feature
- xfsprogs: Add bigtime feature for Y2038
- xfsprogs: Polish translation update
- mkfs.xfs: Add config file feature
- mkfs.xfs: allow users to specify rtinherit=0
- xfs_repair: simplify bmap_next_offset
- man: various manpage updates
- libxfs: remove some old dead code
- libxfs: add realtime extent tracking
- libxfs changes merged from kernel 5.10
- refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch
against libxfs changes
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
alsa
apparmor
bluedevil5
cockpit-podman (25 -> 26)
dmidecode
gettext-runtime
gnome-packagekit
gnome-tweaks
kinfocenter5
kscreen5
kwin5
libfido2 (1.5.0 -> 1.6.0)
libqt5-qtmultimedia
libqt5-qtquickcontrols
libqt5-qtquickcontrols2
libqt5-qtsensors
libqt5-qtwayland
milou5
ncurses (6.2.20210109 -> 6.2.20210116)
openssh
pango (1.48.0 -> 1.48.1)
plasma5-desktop
python-pyserial (3.4 -> 3.5)
python-setuptools
raspberrypi-firmware (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-config (2021.01.15 -> 2021.01.21)
raspberrypi-firmware-dt
sudo (1.9.5p1 -> 1.9.5p2)
system-users
systemsettings5
sysuser-tools
webkit2gtk3
xdg-desktop-portal-kde
xfsprogs (5.9.0 -> 5.10.0)
zbar
=== Details ===
==== alsa ====
- Yet more fixes for the crash with dmix plugin (bsc#1181194):
0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
- Backport upstream fixes:
yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in
UCM (bsc#1181194):
0004-topology-use-inclusive-language-for-bclk.patch
0005-topology-use-inclusive-language-for-fsync.patch
0006-topology-use-inclusive-language-in-documentation.patch
0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
0038-topology-parse_tuple_set-remove-dead-condition-code.patch
0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
==== bluedevil5 ====
- Add compatibility with qml-autoreqprov
==== cockpit-podman ====
Version update (25 -> 26)
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
==== dmidecode ====
2 recommended fixes from upstream:
- dmidecode-fix-the-condition-error-in-ascii_filter.patch:
dmidecode: Fix the condition error in ascii_filter.
- dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash
with -u option.
==== gettext-runtime ====
Subpackages: libtextstyle0
- fixup libtextstyle autofoo with adding
use-acinit-for-libtextstyle.patch
==== gnome-packagekit ====
- Add gnome-packagekit-define-HAVE_SYSTEMD.patch: define
HAVE_SYSTEMD macro if systemd if found
(glgo#GNOME/gnome-packagekit!3, bsc#1134544).
==== gnome-tweaks ====
- Add 77dde7477922f645946bfc64b1b25aeed2b01919.patch -- Update
Norwegian bokmål translation.
==== kinfocenter5 ====
- Add support for qml-autoreqprov
==== kscreen5 ====
- Compatibility with qml-autoreqprov
==== kwin5 ====
- Add compatibility with qml-autoreqprov
==== libfido2 ====
Version update (1.5.0 -> 1.6.0)
Subpackages: libfido2-1 libfido2-udev
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
==== libqt5-qtmultimedia ====
- Add compatibility with qml-autoreqprov
==== libqt5-qtquickcontrols ====
- Add compatibility with qml-autoreqprov
- Add patch to fix unfullfillable import:
* fix-handle-deps.patch
==== libqt5-qtquickcontrols2 ====
Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5
- Add compatibility with qml-autoreqprov
==== libqt5-qtsensors ====
- Add compatibility with qml-autoreqprov
==== libqt5-qtwayland ====
Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5
- Add compatibility with qml-autoreqprov
==== milou5 ====
- Backport upstream MR to avoid unfullfillable qmlimport requires
==== ncurses ====
Version update (6.2.20210109 -> 6.2.20210116)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Don't skip test for qemu builds
- Add ncurses patch 20210116
+ add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS
(report by Patrick McDermott) -TD
+ make opts extension for getcchar work as documented for ncurses 6.1,
adding "-g" flag to test/demo_new_pair to illustrate.
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Add openssh-fix-ssh-copy-id.patch, which fixes breakage
introduced in 8.4p1 (bsc#1181311).
- Improve robustness of sshd init detection when upgrading from
a pre-systemd distribution.
- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
diffie-hellman-group14-sha1 key exchange back to the default
list (bsc#1180958). This is needed for backwards compatibility
with older platforms.
- Make sure sshd is enabled correctly when upgrading from a
pre-systemd distribution (bsc#1180083).
==== pango ====
Version update (1.48.0 -> 1.48.1)
Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0
- Update to version 1.48.1:
+ Fix itemization of multi-paragraph layouts.
+ Fix a few memory leaks.
+ Fix glyph origins in vertical layout.
==== plasma5-desktop ====
- Add support for qml-autoreqprov
==== python-pyserial ====
Version update (3.4 -> 3.5)
- update to version 3.5:
New Features:
[#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module)
Improvements:
[#315] Use absolute import everywhere
[#354] Make ListPortInfo hashable
[#372] threaded: "write" returns byte count
[#400] Add bytesize and stopbits argument parser to tcp_serial_redirect
[#408] loop: add out_waiting
[#495] list_ports_linux: Correct "interface" property on Linux hosts
[#500] Remove Python 3.2 and 3.3 from test
[#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates
miniterm: add CTRL+T Q as alternative to exit
miniterm: suspend function key changed to CTRL-T Z
add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports).
python -m serial opens miniterm (use w/o args and it will print port list too) [experimental]
Bugfixes:
[#371] Don't open port if self.port is not set while entering context manager
[#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException
[#261, #263] list_ports: set default name attribute
[#286] fix: compare only of the same type in list_ports_common.ListPortInfo
rfc2217/close(): fix race-condition
[#305] return b'' when connection closes on rfc2217 connection
[#386] rfc2217/close(): fix race condition
Fixed flush_input_buffer() for situations where the remote end has closed the socket.
[#441] reset_input_buffer() can hang on sockets
examples: port_publisher python 3 fixes
[#324] miniterm: Fix miniterm constructor exit_character and menu_character
[#326] miniterm: use exclusive access for native serial ports by default
[#497] miniterm: fix double use of CTRL-T + s use z for suspend instead
[#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr
[#265] posix: fix PosixPollSerial with timeout=None and add cancel support
[#290] option for low latency mode on linux
[#335] Add support to xr-usb-serial ports
[#494] posix: Don't catch the SerialException we just raised
[#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux
[#509 #518] list_ports: use hardcoded path to library on osx
[#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur
[#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon
==== python-setuptools ====
- We cannot remove vendored packages when generating setuptools
wheel (bsc#1177127).
==== raspberrypi-firmware ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-config ====
Version update (2021.01.15 -> 2021.01.21)
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
==== raspberrypi-firmware-dt ====
- Introduce upstream-blconfig-rmem.patch for firmware to be able to define
firmware's configuration reserved memory (jsc#SLE-16616)
==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody
- Add system-user-vscan subpackage with vscan user and group and
/var/spool/amavis as home directory
- Remove kvm group from hardware subpackage, since kvm is in its
own subpackage (jsc#SLE-11629).
- Add qemu user to kvm group
- Add system account and groups for kvm, qemu, and libvirt
(jsc#SLE-11629)
New files: system-group-kvm.conf, system-group-libvirt.conf,
system-user-qemu.conf
- Don't add group nogroup to user nobody, as many daemons misuse
'nogroup' as own group
- Use test -x instead of -f
- Call usermod only if installed
- Align /var/lib/tss permissions with trousers (boo#1162360).
- Add tss user for TPM tools (boo#1162360).
- Remove s390 groups again. The s390-tools maintainer wants to add groups in
s390-tools manually.
- Add system-user-tftp subpackage with tftp user and group and
/srv/tftpboot as home directory [bsc#1143454].
- Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730)
- Add "render" group in system-group-hardware (bsc#1085847)
"uaccess" tag has been dropped from /dev/dri/renderD* and these devices
now have 0666 permsions by default is owned by the render group.
- Change home directory of user man to /var/lib/empty. Home
directories below /var/cache are by definition insecure and a
bad idea.
- uuidd does not need group daemon, Copy&Paste error.
- udev needs groups kvm and lp: [bsc#1058703]
- Add group kvm to system-group-hardware
- Move group lp from system-user-lp to system-group-hardware
- Add system-user-uuidd.conf (boo#1057937#c3).
- user nobody: move usermod to %post, else it will be executed
before the user is created.
- Drop pkgconfig(systemd) BuildRequires: we no longer depend on
systemd-sysusers, but converted to shadow toolset.
- Move group trusted into system-user-root package [bsc#1044014]
- Move system-user-root into own package
- Fix syntax of groups in system-user-root.conf
- Add utmp to system-group-hardware.conf like systemd has
- Create new system-user-root sub-package creating passwd, group
and shadow files with root user.
- BuildRequire pkgconfig(systemd) instead of systemd: this allows
OBS to pick systemd-mini, which is still good enough. And
ultimately it helps us break a build cycle
(system-users - libssh2_org - curl - systemd - system-users).
- BuildIgnore group(lock) and group(daemon) for ourselves, needed
for bootstrap.
- /bin/bash is needed as shell for user nobody
- Add upsd for UPS daemon packages.
- Prerequire group lock for uucp
- Allow user uucp to do locking
- Fix group ownership of /var/lib/wwwrun
- Add group sys to system-group-obsolete
- Add systemusers lp and nobody
- Add systemusers wwwrun, mail and ftp
- Add hardware access groups: kmem, lock, tty, audio, cdrom,
dialout, disk, input, tape, video
- Add group wheel
- Remove /var/spool/uucp directories...
- Change license to MIT
- Add subpackages for obsolete groups and trusted group
- Add subpackages for bin, daemon, news and man
- Adjust to new sysuser-tools
- Use automatic provides and generate %pre with a script
- fix uids and add also groups
- Create users in %pre install section
- Add /etc/uucp to filelist of system-user-uucp
- Add system account games
- Initial version with system account uucp
==== systemsettings5 ====
- Add QML provides
==== sysuser-tools ====
- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets
installed before.
- suggest shadow where useradd_or_adduser_dep is actually required
- Avoid useless use of cat
- Simplify %sysusers_requires
- Drop shebang, rpm passes it to /bin/sh itself
- Packages providing users need /usr/bin/cat installed to create
them. Add that to the PreRequires.
- Create system groups for system users
- Fix bug introduced by simplification of check for useradd -g
- Refactor use of sed away
- Use eval set -- $LINE instead of read for parsing
- Clean up sysusers2shadow and make it use only /bin/sh
- Don't let busybox adduser create the home directory, it breaks
permissions of e.g. /sbin (home of daemon)
- Use only /bin/sh in sysusers-generate-pre and the generated code
- Drop use of tail from the generated %pre scriptlets
- Look for /bin/busybox, too
- Add special handling for busybox and groups
- Use suggests shadow to prefer that over busybox in normal systems
- Add support for busybox adduser/addgroup
- Change requirements from shadow to useradd_or_adduser_dep
- Fix default home directory [bsc#1105934]
- Use _rpmmacrodir for macro file
- Further enhance sysusers-generate-pre: inside the build
environment, it can be acceptable to be failing to create the
users (e.g when building sysuser-tools or system-user-root, since
those two packages have to be speificallty excluded). Always
return with error code 0 if /.buildenv exists.
- sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod
call fails: the resulting system is quite undefined if this
should happen.
- sysusers-generate-pre: exit the pre script with the exit code
of sysusers2shadow.sh.
- sysuser-tools needs to require sysuser-shadow
- Add requires for shadow to sysuser-shadow
- Put helper script into own subpackage
- Convert sysusers config file to shadow arguments and use
shadow suite to create user and groups. Fixes [bsc#1041497] and
serveral dependency loops.
- Don't ignore errors of systemd-sysusers [bsc#1039708]
- Don't remove 'm' and 'r' entries from sysusers configuration
- Add macros.sysusers
- initial package
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles
- Add webkit-font-scaling.patch: Fix system font scaling not
applied to 'font-size: XXXpt'; patch taken from upstream and
rebased to apply cleanly
(https://bugs.webkit.org/show_bug.cgi?id=218450).
- Pass `-q` to setup to disable printing long list of files
extracted from source tarball.
==== xdg-desktop-portal-kde ====
- Add compatibility with qml-autoreqprov
==== xfsprogs ====
Version update (5.9.0 -> 5.10.0)
- update to 5.10.0:
- xfs_repair: remove old code for mountpoint inodes
- xfsprogs: Add inode btree counter feature
- xfsprogs: Add bigtime feature for Y2038
- xfsprogs: Polish translation update
- mkfs.xfs: Add config file feature
- mkfs.xfs: allow users to specify rtinherit=0
- xfs_repair: simplify bmap_next_offset
- man: various manpage updates
- libxfs: remove some old dead code
- libxfs: add realtime extent tracking
- libxfs changes merged from kernel 5.10
- refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch
against libxfs changes
==== zbar ====
- Apply patch0 unconditionally and fix build on Leap
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
PackageKit
bluez
cloud-init
dolphin
fftw3 (3.3.8 -> 3.3.9)
flatpak (1.10.0 -> 1.10.1)
hwinfo (21.71 -> 21.72)
installation-images-MicroOS (16.29 -> 16.35)
isl
kcompletion
kernel-firmware (20201218 -> 20210119)
libgpg-error (1.39 -> 1.41)
llvm11
mozilla-nss (3.59.1 -> 3.60.1)
mozjs78 (78.6.1 -> 78.7.0)
open-iscsi
p11-kit (0.23.20 -> 0.23.22)
patterns-base
patterns-microos
soundtouch (2.1.2 -> 2.2)
sqlite3 (3.34.0 -> 3.34.1)
upower
webkit2gtk3
=== Details ===
==== PackageKit ====
Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18
- Do not build cnf: scout-c-n-f is still pending, having PK-cnf
obsolete cnf is unacceptable.
- Add PackageKit-zypp-reset-update-mode-after-get-updates.patch:
zypp: Reset update mode after getting updates
(gh#hughsie/PackageKit/commit#b208f551, bsc#1180150).
- Build command-not-found by default
==== bluez ====
Subpackages: libbluetooth3
- add bluez-test-2to3.diff to get rid of python2 dependency
==== cloud-init ====
- Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Do not including sudoers.d directory twice
==== dolphin ====
Subpackages: dolphin-part libdolphinvcs5
- Add upstream patch to properly show the network button in the
URL navigator (kde#431626):
- 0001-Show-button-to-open-knetattach-inline-with-URL-nav-o.patch
- Refreshed patches:
- 0001-Update-cached-viewContainer-geometry-every-time-they.patch
==== fftw3 ====
Version update (3.3.8 -> 3.3.9)
- update to 3.3.9:
* New API fftw_planner_nthreads() returns the number of threads
currently being used by the planner.
* Fix incorrect math in 128-bit generic SIMD
* Fix wisdom for avx512.
The avx512 alignment requirement was set to 64 bytes, but this is
wrong. Alignment requirements are a property of the platform (e.g.,
x86) and not of the instruction set (e.g., AVX). Among other
things, this broke wisdom with avx512.
Note that avx512 support is still experimental because the FFTW
authors have no avx512 hardware available for testing.
* fftw_threads_set_callback function to change the threading backend at runtime.
==== flatpak ====
Version update (1.10.0 -> 1.10.1)
Subpackages: libflatpak0 system-user-flatpak
- Flatpak only requires glib 2.44, not 2.60
- Update ostree version required to 2020.8
- Update to version 1.10.1:
+ Fix flatpak build on systems with setuid bwrap
+ Fix some compiler warnings
+ Fix crash on updating apps with no deploy data
+ Updated translations.
- Remove deprecated texinfo packaging macros.
- Switch to upstream release tarball.
==== hwinfo ====
Version update (21.71 -> 21.72)
- merge gh#openSUSE/hwinfo#92
- improve getting video mode info (bsc#1181101)
- try harder to break out of infinite I/O loops
- 21.72
==== installation-images-MicroOS ====
Version update (16.29 -> 16.35)
- merge gh#openSUSE/installation-images#439
- Don't replace directory symlinks (boo#1029961)
- 16.35
- merge gh#openSUSE/installation-images#447
- aarch64: add tegra20-apb-dma module (bsc#1181463)
- 16.34
- merge gh#openSUSE/installation-images#446
- work around broken plymouth (bsc#1149070)
- 16.33
- merge gh#openSUSE/installation-images#445
- do not run prein script for openssh-server in root image
- 16.32
- merge gh#openSUSE/installation-images#443
- revert plymouth branding for SLE to tribar
- support both plymouth-theme-tribar and plymouth-theme-bgrt
- 16.31
- merge gh#openSUSE/installation-images#442
- Replace tribar plymouth theme for installation with bgrt
(boo#1149070)
- 16.30
==== isl ====
- Compile with %optflags
==== kcompletion ====
- Add upstream patch to fix Okular search bar no longer closed
when pressing ESC (kde#431493):
* 0001-Fix-regression-caused-due-to-porting-from-operator-t.patch
==== kernel-firmware ====
Version update (20201218 -> 20210119)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20210119 (git commit 05789708b79b):
* brcm: Link RPi4's WiFi firmware with DMI machine name.
* brcm: Add NVRAM for Vamrs 96boards Rock960
* brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
* cypress: Fix link direction
* cypress: Link the new cypress firmware to the old brcm files
* brcm: remove old brcm firmwares that have newer cypress variants
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB
* rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253
* rtl_bt: Add firmware and config files for RTL8852A BT USB chip
* rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644
- Fix install-split.sh to deal with the quoted spaces
- Update aliases
==== libgpg-error ====
Version update (1.39 -> 1.41)
- update to 1.41:
* Fixes another glitch in the "ignore" meta command.
* Fixes two typos in the German translation.
* New function gpgrt_access.
* Make "ignore" meta command work correctly in the option parser.
* Interface changes relative to the 1.39 release:
gpgrt_access NEW.
==== llvm11 ====
- Revert changes that broke the ABI (boo#1181326).
* Sema-Introduce-BuiltinAttr-per-declaration-builtin-n.patch
* Sema-Handle-objc_super-special-lookup-when-checking-.patch
* Recognize-setjmp-and-friends-as-builtins-even-if-jmp.patch
* Don-t-reject-calls-to-MinGW-s-unusual-_setjmp-declar.patch
==== mozilla-nss ====
Version update (3.59.1 -> 3.60.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.60.1
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
- removed obsolete ppc-old-abi-v3.patch
==== mozjs78 ====
Version update (78.6.1 -> 78.7.0)
- Update to version 78.7.0esr.
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Update to latest upstream (no new tag yet). To fix
bsc#1181313. Changes since last update added to
open-iscsi-SUSE-latest.diff.bz2:
* Fix iscsiadm segfault when exiting
* iscsid: Add NO_SYSTEMD to CFLAGS
* Change mkdir permissions to 0770, adjust usmask
* Fix typo in util.py
* iscsid: Do not allow conflicting pid-file options
* iscsiadm: Fix memory leak in iscsiadm
* libopeniscsiusr: Fix memory leak in iscsi_sessions_get()
* libopeniscsiusr: Fix memory leak in iscsi_nodes_get()
* idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param()
* Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable
==== p11-kit ====
Version update (0.23.20 -> 0.23.22)
Subpackages: libp11-kit0 p11-kit-tools
- update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066):
* Fix memory-safety issues that affect the RPC protocol
(CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* proxy: Do not assign duplicate slot IDs [PR#282]
* common: Get program name based on executable path if possible [PR#307]
* anchor: Exit with non-zero code, if any error occurs [PR#304]
* Build and test fixes
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- bootloader pattern should not require a base pattern
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap
- Use user(nobody) and group(nobody)
- Drop autofs and nfs-client requirements, not commonly needed
- Sync with openSUSE Tumleweed base pattern
- Add busybox
- Cleanup comments from last submission
- Moved unzip and wget from gnome desktop pattern to common desktop pattern
- add bash-completion, nfs-client and autofs to common desktop pattern for beginner users
- remove kdeconnect-kde from kde desktop pattern as not necessary for every install
==== soundtouch ====
Version update (2.1.2 -> 2.2)
- update to 2.2.0:
* Improvements to help compiler autovectorization
* Bugfix in integer version of calcCrossCorrAccumulate()
* Compensate initial buffering of anti-alias filter and intepolator.
* Tuning for ARM NEON
* BPMDetect: Make conversion from size_t to int explicit
* BPM PeakFinder: Fix possible reading past end of array.
* Change correlation loop 'sum' variable type from double to float
==== sqlite3 ====
Version update (3.34.0 -> 3.34.1)
- SQLite 3.34.1:
* Fix a potential use-after-free bug when processing a a subquery
with both a correlated WHERE clause and a "HAVING 0" clause and
where the parent query is an aggregate (boo#1181261)
* Fix documentation typos
* Fix minor problems in extensions
==== upower ====
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0
- Use libplist-2.0 on Tumblewewd.
+ upower-build-Use-a-newer-libplist-if-available.patch
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles
- Add gir-multilib.patch: Fix multilib conflict in gir files.
- Disable gold linker for ppc64le
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init
hwinfo (21.71 -> 21.72)
installation-images-MicroOS (16.29 -> 16.35)
kernel-firmware (20201218 -> 20210119)
libgpg-error (1.39 -> 1.41)
mozilla-nss (3.59.1 -> 3.60.1)
mozjs78 (78.6.1 -> 78.7.0)
open-iscsi
p11-kit (0.23.20 -> 0.23.22)
patterns-base
patterns-microos
sqlite3 (3.34.0 -> 3.34.1)
=== Details ===
==== cloud-init ====
- Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Do not including sudoers.d directory twice
==== hwinfo ====
Version update (21.71 -> 21.72)
- merge gh#openSUSE/hwinfo#92
- improve getting video mode info (bsc#1181101)
- try harder to break out of infinite I/O loops
- 21.72
==== installation-images-MicroOS ====
Version update (16.29 -> 16.35)
- merge gh#openSUSE/installation-images#439
- Don't replace directory symlinks (boo#1029961)
- 16.35
- merge gh#openSUSE/installation-images#447
- aarch64: add tegra20-apb-dma module (bsc#1181463)
- 16.34
- merge gh#openSUSE/installation-images#446
- work around broken plymouth (bsc#1149070)
- 16.33
- merge gh#openSUSE/installation-images#445
- do not run prein script for openssh-server in root image
- 16.32
- merge gh#openSUSE/installation-images#443
- revert plymouth branding for SLE to tribar
- support both plymouth-theme-tribar and plymouth-theme-bgrt
- 16.31
- merge gh#openSUSE/installation-images#442
- Replace tribar plymouth theme for installation with bgrt
(boo#1149070)
- 16.30
==== kernel-firmware ====
Version update (20201218 -> 20210119)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20210119 (git commit 05789708b79b):
* brcm: Link RPi4's WiFi firmware with DMI machine name.
* brcm: Add NVRAM for Vamrs 96boards Rock960
* brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
* cypress: Fix link direction
* cypress: Link the new cypress firmware to the old brcm files
* brcm: remove old brcm firmwares that have newer cypress variants
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB
* rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253
* rtl_bt: Add firmware and config files for RTL8852A BT USB chip
* rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644
- Fix install-split.sh to deal with the quoted spaces
- Update aliases
==== libgpg-error ====
Version update (1.39 -> 1.41)
- update to 1.41:
* Fixes another glitch in the "ignore" meta command.
* Fixes two typos in the German translation.
* New function gpgrt_access.
* Make "ignore" meta command work correctly in the option parser.
* Interface changes relative to the 1.39 release:
gpgrt_access NEW.
==== mozilla-nss ====
Version update (3.59.1 -> 3.60.1)
- update to NSS 3.60.1
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
- removed obsolete ppc-old-abi-v3.patch
==== mozjs78 ====
Version update (78.6.1 -> 78.7.0)
- Update to version 78.7.0esr.
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Update to latest upstream (no new tag yet). To fix
bsc#1181313. Changes since last update added to
open-iscsi-SUSE-latest.diff.bz2:
* Fix iscsiadm segfault when exiting
* iscsid: Add NO_SYSTEMD to CFLAGS
* Change mkdir permissions to 0770, adjust usmask
* Fix typo in util.py
* iscsid: Do not allow conflicting pid-file options
* iscsiadm: Fix memory leak in iscsiadm
* libopeniscsiusr: Fix memory leak in iscsi_sessions_get()
* libopeniscsiusr: Fix memory leak in iscsi_nodes_get()
* idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param()
* Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable
==== p11-kit ====
Version update (0.23.20 -> 0.23.22)
Subpackages: libp11-kit0 p11-kit-tools
- update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066):
* Fix memory-safety issues that affect the RPC protocol
(CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* proxy: Do not assign duplicate slot IDs [PR#282]
* common: Get program name based on executable path if possible [PR#307]
* anchor: Exit with non-zero code, if any error occurs [PR#304]
* Build and test fixes
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base
- bootloader pattern should not require a base pattern
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap
- Use user(nobody) and group(nobody)
- Drop autofs and nfs-client requirements, not commonly needed
- Sync with openSUSE Tumleweed base pattern
- Add busybox
- Cleanup comments from last submission
- Moved unzip and wget from gnome desktop pattern to common desktop pattern
- add bash-completion, nfs-client and autofs to common desktop pattern for beginner users
- remove kdeconnect-kde from kde desktop pattern as not necessary for every install
==== sqlite3 ====
Version update (3.34.0 -> 3.34.1)
- SQLite 3.34.1:
* Fix a potential use-after-free bug when processing a a subquery
with both a correlated WHERE clause and a "HAVING 0" clause and
where the parent query is an aggregate (boo#1181261)
* Fix documentation typos
* Fix minor problems in extensions
Hi All,
I recently heard about a new possibility to install Gnome Extensions, without the need of a RPM installed browser.
It's currently under development at [Github](https://github.com/ekistece/GetExtensions)
You can even install it via a toolbox; the commands are as follows:
$ toolbox -u
$ sudo zypper in git python38-pip
$ cd /tmp
$ git clone https://github.com/ekistece/GetExtensions.git
$ pip3 install ./GetExtensions --user
$ exit
You can then open the application Get Extensions that is available in your launchpad.
To uninstall:
pip3 uninstall getextensions
Is there someone that is able to package this application in OBS so we can include it in the MicroOS installation?
/Syds
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
cockpit-podman (25 -> 26)
sudo (1.9.5p1 -> 1.9.5p2)
zbar
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
==== cockpit-podman ====
Version update (25 -> 26)
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
==== zbar ====
- Apply patch0 unconditionally and fix build on Leap
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
cockpit-podman (25 -> 26)
rdma-core
sudo (1.9.5p1 -> 1.9.5p2)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
==== cockpit-podman ====
Version update (25 -> 26)
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
==== rdma-core ====
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1
- Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon
is loaded at boot if enabled (bsc#1180196)
==== sudo ====
Version update (1.9.5p1 -> 1.9.5p2)
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.