January 2021 - openSUSE Kubic - openSUSE Mailing Lists

COW/noCOW on MicroOS Desktop /home subvolume
by Dario Faggioli 23 Mar '21

23 Mar '21

Hello, I've finally had the chance to put in a VM an instance of MicroOS Desktop with the new partition layout and. IMO, the fact that it has /var in a (nocow) subvolume is really a big improvement, so thanks Richard for that! We have /home in a subvolume too, which is also great, and it as well has the nocow flag set. I know this mostly come from a conversation we had on #microos-desktop on IRC but thinking more about that, and discussing this with some users, I wonder whether it is really the best choice. I mean, it sure is ok for /var, but for /home, using nocow means that we give up on some of the nicer BTRFS features, especially for home folders, wouldn't it? That might be especially true for MicroOS Desktop. E.g., think at being able to compress (if not the entire home directories or the entire subvolume) the user installed flatpaks (and using that as an argument "against" those that are still complaining that <Ah, but flatpaks takes a lot of space on disk!>> :-D). So, are there reasons why it's really preferable to keep the /home subvolume as nocow and I'm missing them? Or shall we switch it to cow? Also, while there, shall we evaluate adding other flags by default (i.e., things like autodefrag, or even compression itself)? E.g., AFAIUI, on Fedora, while not doing that right now, they're considering doing something like that, e.g.: https://pagure.io/fedora-btrfs/project/issue/5 Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

3 4

[opensuse-kubic] MicroOS error when setting container memory limit
by Sébastien 'sogal' Poher 11 Mar '21

11 Mar '21

Hi, On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error: Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ? If so, what is the proper way to update Grub config on a RO filesystem ? podman version 2.0.4 podman info (ociRuntime part): ociRuntime: name: runc package: runc-1.0.0~rc91-1.2.x86_64 path: /usr/bin/runc version: |- runc version 1.0.0-rc91 spec: 1.0.2-dev Regards, -- Sébastien 'sogal' Poher > When there's no more room at school, the dumb will walk the Earth!

5 10

ionotify-tools
by Anthony J Rabbito 10 Feb '21

10 Feb '21

Hello, In order to use --drop-if-no-change on transactional-update we need the inotify-tools for inotifywait. Should this be packaged by default with Micro-OS, and Kubic? Thank you, Anthony Rabbito

2 1

New ARM Kubic snapshot 20210128 released!
by Guillaume Gardet 31 Jan '21

31 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cockpit-podman (25 -> 26) dmidecode gettext-runtime libfido2 (1.5.0 -> 1.6.0) ncurses (6.2.20210109 -> 6.2.20210116) oath-toolkit (2.6.5 -> 2.6.6) openssh python-pyserial (3.4 -> 3.5) python-setuptools raspberrypi-firmware (2021.01.15 -> 2021.01.21) raspberrypi-firmware-config (2021.01.15 -> 2021.01.21) raspberrypi-firmware-dt rdma-core sudo (1.9.5p1 -> 1.9.5p2) system-users sysuser-tools xfsprogs (5.9.0 -> 5.10.0) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ==== cockpit-podman ==== Version update (25 -> 26) - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ==== dmidecode ==== 2 recommended fixes from upstream: - dmidecode-fix-the-condition-error-in-ascii_filter.patch: dmidecode: Fix the condition error in ascii_filter. - dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash with -u option. ==== gettext-runtime ==== Subpackages: libtextstyle0 - fixup libtextstyle autofoo with adding use-acinit-for-libtextstyle.patch ==== libfido2 ==== Version update (1.5.0 -> 1.6.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.6.0: * Fix OpenSSL 1.0 and Cygwin builds. * hid_linux: fix build on 32-bit systems. * hid_osx: allow reads from spawned threads. * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch - Do not build examples as their build fails ==== ncurses ==== Version update (6.2.20210109 -> 6.2.20210116) Subpackages: libncurses6 ncurses-utils terminfo-base - Don't skip test for qemu builds - Add ncurses patch 20210116 + add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS (report by Patrick McDermott) -TD + make opts extension for getcchar work as documented for ncurses 6.1, adding "-g" flag to test/demo_new_pair to illustrate. ==== oath-toolkit ==== Version update (2.6.5 -> 2.6.6) Subpackages: liboath0 oath-toolkit-xml - Update to version 2.6.6 * oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as '-' to mean stdin, or @FILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak. * pam_oath: Fix unlikely logic fail on out of memory conditions. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add openssh-fix-ssh-copy-id.patch, which fixes breakage introduced in 8.4p1 (bsc#1181311). - Improve robustness of sshd init detection when upgrading from a pre-systemd distribution. - Add openssh-reenable-dh-group14-sha1-default.patch, which adds diffie-hellman-group14-sha1 key exchange back to the default list (bsc#1180958). This is needed for backwards compatibility with older platforms. - Make sure sshd is enabled correctly when upgrading from a pre-systemd distribution (bsc#1180083). ==== python-pyserial ==== Version update (3.4 -> 3.5) - update to version 3.5: New Features: [#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module) Improvements: [#315] Use absolute import everywhere [#354] Make ListPortInfo hashable [#372] threaded: "write" returns byte count [#400] Add bytesize and stopbits argument parser to tcp_serial_redirect [#408] loop: add out_waiting [#495] list_ports_linux: Correct "interface" property on Linux hosts [#500] Remove Python 3.2 and 3.3 from test [#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates miniterm: add CTRL+T Q as alternative to exit miniterm: suspend function key changed to CTRL-T Z add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports). python -m serial opens miniterm (use w/o args and it will print port list too) [experimental] Bugfixes: [#371] Don't open port if self.port is not set while entering context manager [#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException [#261, #263] list_ports: set default name attribute [#286] fix: compare only of the same type in list_ports_common.ListPortInfo rfc2217/close(): fix race-condition [#305] return b'' when connection closes on rfc2217 connection [#386] rfc2217/close(): fix race condition Fixed flush_input_buffer() for situations where the remote end has closed the socket. [#441] reset_input_buffer() can hang on sockets examples: port_publisher python 3 fixes [#324] miniterm: Fix miniterm constructor exit_character and menu_character [#326] miniterm: use exclusive access for native serial ports by default [#497] miniterm: fix double use of CTRL-T + s use z for suspend instead [#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr [#265] posix: fix PosixPollSerial with timeout=None and add cancel support [#290] option for low latency mode on linux [#335] Add support to xr-usb-serial ports [#494] posix: Don't catch the SerialException we just raised [#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux [#509 #518] list_ports: use hardcoded path to library on osx [#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur [#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon ==== python-setuptools ==== - We cannot remove vendored packages when generating setuptools wheel (bsc#1177127). ==== raspberrypi-firmware ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-config ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-dt ==== - Introduce upstream-blconfig-rmem.patch for firmware to be able to define firmware's configuration reserved memory (jsc#SLE-16616) ==== rdma-core ==== Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon is loaded at boot if enabled (bsc#1180196) ==== sudo ==== Version update (1.9.5p1 -> 1.9.5p2) - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-nobody - Add system-user-vscan subpackage with vscan user and group and /var/spool/amavis as home directory - Remove kvm group from hardware subpackage, since kvm is in its own subpackage (jsc#SLE-11629). - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf - Don't add group nogroup to user nobody, as many daemons misuse 'nogroup' as own group - Use test -x instead of -f - Call usermod only if installed - Align /var/lib/tss permissions with trousers (boo#1162360). - Add tss user for TPM tools (boo#1162360). - Remove s390 groups again. The s390-tools maintainer wants to add groups in s390-tools manually. - Add system-user-tftp subpackage with tftp user and group and /srv/tftpboot as home directory [bsc#1143454]. - Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730) - Add "render" group in system-group-hardware (bsc#1085847) "uaccess" tag has been dropped from /dev/dri/renderD* and these devices now have 0666 permsions by default is owned by the render group. - Change home directory of user man to /var/lib/empty. Home directories below /var/cache are by definition insecure and a bad idea. - uuidd does not need group daemon, Copy&Paste error. - udev needs groups kvm and lp: [bsc#1058703] - Add group kvm to system-group-hardware - Move group lp from system-user-lp to system-group-hardware - Add system-user-uuidd.conf (boo#1057937#c3). - user nobody: move usermod to %post, else it will be executed before the user is created. - Drop pkgconfig(systemd) BuildRequires: we no longer depend on systemd-sysusers, but converted to shadow toolset. - Move group trusted into system-user-root package [bsc#1044014] - Move system-user-root into own package - Fix syntax of groups in system-user-root.conf - Add utmp to system-group-hardware.conf like systemd has - Create new system-user-root sub-package creating passwd, group and shadow files with root user. - BuildRequire pkgconfig(systemd) instead of systemd: this allows OBS to pick systemd-mini, which is still good enough. And ultimately it helps us break a build cycle (system-users - libssh2_org - curl - systemd - system-users). - BuildIgnore group(lock) and group(daemon) for ourselves, needed for bootstrap. - /bin/bash is needed as shell for user nobody - Add upsd for UPS daemon packages. - Prerequire group lock for uucp - Allow user uucp to do locking - Fix group ownership of /var/lib/wwwrun - Add group sys to system-group-obsolete - Add systemusers lp and nobody - Add systemusers wwwrun, mail and ftp - Add hardware access groups: kmem, lock, tty, audio, cdrom, dialout, disk, input, tape, video - Add group wheel - Remove /var/spool/uucp directories... - Change license to MIT - Add subpackages for obsolete groups and trusted group - Add subpackages for bin, daemon, news and man - Adjust to new sysuser-tools - Use automatic provides and generate %pre with a script - fix uids and add also groups - Create users in %pre install section - Add /etc/uucp to filelist of system-user-uucp - Add system account games - Initial version with system account uucp ==== sysuser-tools ==== - useradd_or_adduser_dep must be PreReq so ordering makes sure it gets installed before. - suggest shadow where useradd_or_adduser_dep is actually required - Avoid useless use of cat - Simplify %sysusers_requires - Drop shebang, rpm passes it to /bin/sh itself - Packages providing users need /usr/bin/cat installed to create them. Add that to the PreRequires. - Create system groups for system users - Fix bug introduced by simplification of check for useradd -g - Refactor use of sed away - Use eval set -- $LINE instead of read for parsing - Clean up sysusers2shadow and make it use only /bin/sh - Don't let busybox adduser create the home directory, it breaks permissions of e.g. /sbin (home of daemon) - Use only /bin/sh in sysusers-generate-pre and the generated code - Drop use of tail from the generated %pre scriptlets - Look for /bin/busybox, too - Add special handling for busybox and groups - Use suggests shadow to prefer that over busybox in normal systems - Add support for busybox adduser/addgroup - Change requirements from shadow to useradd_or_adduser_dep - Fix default home directory [bsc#1105934] - Use _rpmmacrodir for macro file - Further enhance sysusers-generate-pre: inside the build environment, it can be acceptable to be failing to create the users (e.g when building sysuser-tools or system-user-root, since those two packages have to be speificallty excluded). Always return with error code 0 if /.buildenv exists. - sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod call fails: the resulting system is quite undefined if this should happen. - sysusers-generate-pre: exit the pre script with the exit code of sysusers2shadow.sh. - sysuser-tools needs to require sysuser-shadow - Add requires for shadow to sysuser-shadow - Put helper script into own subpackage - Convert sysusers config file to shadow arguments and use shadow suite to create user and groups. Fixes [bsc#1041497] and serveral dependency loops. - Don't ignore errors of systemd-sysusers [bsc#1039708] - Don't remove 'm' and 'r' entries from sysusers configuration - Add macros.sysusers - initial package ==== xfsprogs ==== Version update (5.9.0 -> 5.10.0) - update to 5.10.0: - xfs_repair: remove old code for mountpoint inodes - xfsprogs: Add inode btree counter feature - xfsprogs: Add bigtime feature for Y2038 - xfsprogs: Polish translation update - mkfs.xfs: Add config file feature - mkfs.xfs: allow users to specify rtinherit=0 - xfs_repair: simplify bmap_next_offset - man: various manpage updates - libxfs: remove some old dead code - libxfs: add realtime extent tracking - libxfs changes merged from kernel 5.10 - refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch against libxfs changes

1 0

New ARM MicroOS snapshot 20210128 released!
by Guillaume Gardet 31 Jan '21

31 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: alsa apparmor bluedevil5 cockpit-podman (25 -> 26) dmidecode gettext-runtime gnome-packagekit gnome-tweaks kinfocenter5 kscreen5 kwin5 libfido2 (1.5.0 -> 1.6.0) libqt5-qtmultimedia libqt5-qtquickcontrols libqt5-qtquickcontrols2 libqt5-qtsensors libqt5-qtwayland milou5 ncurses (6.2.20210109 -> 6.2.20210116) openssh pango (1.48.0 -> 1.48.1) plasma5-desktop python-pyserial (3.4 -> 3.5) python-setuptools raspberrypi-firmware (2021.01.15 -> 2021.01.21) raspberrypi-firmware-config (2021.01.15 -> 2021.01.21) raspberrypi-firmware-dt sudo (1.9.5p1 -> 1.9.5p2) system-users systemsettings5 sysuser-tools webkit2gtk3 xdg-desktop-portal-kde xfsprogs (5.9.0 -> 5.10.0) zbar === Details === ==== alsa ==== - Yet more fixes for the crash with dmix plugin (bsc#1181194): 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch - Backport upstream fixes: yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in UCM (bsc#1181194): 0004-topology-use-inclusive-language-for-bclk.patch 0005-topology-use-inclusive-language-for-fsync.patch 0006-topology-use-inclusive-language-in-documentation.patch 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch 0038-topology-parse_tuple_set-remove-dead-condition-code.patch 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ==== bluedevil5 ==== - Add compatibility with qml-autoreqprov ==== cockpit-podman ==== Version update (25 -> 26) - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ==== dmidecode ==== 2 recommended fixes from upstream: - dmidecode-fix-the-condition-error-in-ascii_filter.patch: dmidecode: Fix the condition error in ascii_filter. - dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash with -u option. ==== gettext-runtime ==== Subpackages: libtextstyle0 - fixup libtextstyle autofoo with adding use-acinit-for-libtextstyle.patch ==== gnome-packagekit ==== - Add gnome-packagekit-define-HAVE_SYSTEMD.patch: define HAVE_SYSTEMD macro if systemd if found (glgo#GNOME/gnome-packagekit!3, bsc#1134544). ==== gnome-tweaks ==== - Add 77dde7477922f645946bfc64b1b25aeed2b01919.patch -- Update Norwegian bokmål translation. ==== kinfocenter5 ==== - Add support for qml-autoreqprov ==== kscreen5 ==== - Compatibility with qml-autoreqprov ==== kwin5 ==== - Add compatibility with qml-autoreqprov ==== libfido2 ==== Version update (1.5.0 -> 1.6.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.6.0: * Fix OpenSSL 1.0 and Cygwin builds. * hid_linux: fix build on 32-bit systems. * hid_osx: allow reads from spawned threads. * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch - Do not build examples as their build fails ==== libqt5-qtmultimedia ==== - Add compatibility with qml-autoreqprov ==== libqt5-qtquickcontrols ==== - Add compatibility with qml-autoreqprov - Add patch to fix unfullfillable import: * fix-handle-deps.patch ==== libqt5-qtquickcontrols2 ==== Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Add compatibility with qml-autoreqprov ==== libqt5-qtsensors ==== - Add compatibility with qml-autoreqprov ==== libqt5-qtwayland ==== Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Add compatibility with qml-autoreqprov ==== milou5 ==== - Backport upstream MR to avoid unfullfillable qmlimport requires ==== ncurses ==== Version update (6.2.20210109 -> 6.2.20210116) Subpackages: libncurses6 ncurses-utils terminfo-base - Don't skip test for qemu builds - Add ncurses patch 20210116 + add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS (report by Patrick McDermott) -TD + make opts extension for getcchar work as documented for ncurses 6.1, adding "-g" flag to test/demo_new_pair to illustrate. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add openssh-fix-ssh-copy-id.patch, which fixes breakage introduced in 8.4p1 (bsc#1181311). - Improve robustness of sshd init detection when upgrading from a pre-systemd distribution. - Add openssh-reenable-dh-group14-sha1-default.patch, which adds diffie-hellman-group14-sha1 key exchange back to the default list (bsc#1180958). This is needed for backwards compatibility with older platforms. - Make sure sshd is enabled correctly when upgrading from a pre-systemd distribution (bsc#1180083). ==== pango ==== Version update (1.48.0 -> 1.48.1) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Update to version 1.48.1: + Fix itemization of multi-paragraph layouts. + Fix a few memory leaks. + Fix glyph origins in vertical layout. ==== plasma5-desktop ==== - Add support for qml-autoreqprov ==== python-pyserial ==== Version update (3.4 -> 3.5) - update to version 3.5: New Features: [#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module) Improvements: [#315] Use absolute import everywhere [#354] Make ListPortInfo hashable [#372] threaded: "write" returns byte count [#400] Add bytesize and stopbits argument parser to tcp_serial_redirect [#408] loop: add out_waiting [#495] list_ports_linux: Correct "interface" property on Linux hosts [#500] Remove Python 3.2 and 3.3 from test [#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates miniterm: add CTRL+T Q as alternative to exit miniterm: suspend function key changed to CTRL-T Z add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports). python -m serial opens miniterm (use w/o args and it will print port list too) [experimental] Bugfixes: [#371] Don't open port if self.port is not set while entering context manager [#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException [#261, #263] list_ports: set default name attribute [#286] fix: compare only of the same type in list_ports_common.ListPortInfo rfc2217/close(): fix race-condition [#305] return b'' when connection closes on rfc2217 connection [#386] rfc2217/close(): fix race condition Fixed flush_input_buffer() for situations where the remote end has closed the socket. [#441] reset_input_buffer() can hang on sockets examples: port_publisher python 3 fixes [#324] miniterm: Fix miniterm constructor exit_character and menu_character [#326] miniterm: use exclusive access for native serial ports by default [#497] miniterm: fix double use of CTRL-T + s use z for suspend instead [#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr [#265] posix: fix PosixPollSerial with timeout=None and add cancel support [#290] option for low latency mode on linux [#335] Add support to xr-usb-serial ports [#494] posix: Don't catch the SerialException we just raised [#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux [#509 #518] list_ports: use hardcoded path to library on osx [#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur [#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon ==== python-setuptools ==== - We cannot remove vendored packages when generating setuptools wheel (bsc#1177127). ==== raspberrypi-firmware ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-config ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-dt ==== - Introduce upstream-blconfig-rmem.patch for firmware to be able to define firmware's configuration reserved memory (jsc#SLE-16616) ==== sudo ==== Version update (1.9.5p1 -> 1.9.5p2) - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody - Add system-user-vscan subpackage with vscan user and group and /var/spool/amavis as home directory - Remove kvm group from hardware subpackage, since kvm is in its own subpackage (jsc#SLE-11629). - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf - Don't add group nogroup to user nobody, as many daemons misuse 'nogroup' as own group - Use test -x instead of -f - Call usermod only if installed - Align /var/lib/tss permissions with trousers (boo#1162360). - Add tss user for TPM tools (boo#1162360). - Remove s390 groups again. The s390-tools maintainer wants to add groups in s390-tools manually. - Add system-user-tftp subpackage with tftp user and group and /srv/tftpboot as home directory [bsc#1143454]. - Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730) - Add "render" group in system-group-hardware (bsc#1085847) "uaccess" tag has been dropped from /dev/dri/renderD* and these devices now have 0666 permsions by default is owned by the render group. - Change home directory of user man to /var/lib/empty. Home directories below /var/cache are by definition insecure and a bad idea. - uuidd does not need group daemon, Copy&Paste error. - udev needs groups kvm and lp: [bsc#1058703] - Add group kvm to system-group-hardware - Move group lp from system-user-lp to system-group-hardware - Add system-user-uuidd.conf (boo#1057937#c3). - user nobody: move usermod to %post, else it will be executed before the user is created. - Drop pkgconfig(systemd) BuildRequires: we no longer depend on systemd-sysusers, but converted to shadow toolset. - Move group trusted into system-user-root package [bsc#1044014] - Move system-user-root into own package - Fix syntax of groups in system-user-root.conf - Add utmp to system-group-hardware.conf like systemd has - Create new system-user-root sub-package creating passwd, group and shadow files with root user. - BuildRequire pkgconfig(systemd) instead of systemd: this allows OBS to pick systemd-mini, which is still good enough. And ultimately it helps us break a build cycle (system-users - libssh2_org - curl - systemd - system-users). - BuildIgnore group(lock) and group(daemon) for ourselves, needed for bootstrap. - /bin/bash is needed as shell for user nobody - Add upsd for UPS daemon packages. - Prerequire group lock for uucp - Allow user uucp to do locking - Fix group ownership of /var/lib/wwwrun - Add group sys to system-group-obsolete - Add systemusers lp and nobody - Add systemusers wwwrun, mail and ftp - Add hardware access groups: kmem, lock, tty, audio, cdrom, dialout, disk, input, tape, video - Add group wheel - Remove /var/spool/uucp directories... - Change license to MIT - Add subpackages for obsolete groups and trusted group - Add subpackages for bin, daemon, news and man - Adjust to new sysuser-tools - Use automatic provides and generate %pre with a script - fix uids and add also groups - Create users in %pre install section - Add /etc/uucp to filelist of system-user-uucp - Add system account games - Initial version with system account uucp ==== systemsettings5 ==== - Add QML provides ==== sysuser-tools ==== - useradd_or_adduser_dep must be PreReq so ordering makes sure it gets installed before. - suggest shadow where useradd_or_adduser_dep is actually required - Avoid useless use of cat - Simplify %sysusers_requires - Drop shebang, rpm passes it to /bin/sh itself - Packages providing users need /usr/bin/cat installed to create them. Add that to the PreRequires. - Create system groups for system users - Fix bug introduced by simplification of check for useradd -g - Refactor use of sed away - Use eval set -- $LINE instead of read for parsing - Clean up sysusers2shadow and make it use only /bin/sh - Don't let busybox adduser create the home directory, it breaks permissions of e.g. /sbin (home of daemon) - Use only /bin/sh in sysusers-generate-pre and the generated code - Drop use of tail from the generated %pre scriptlets - Look for /bin/busybox, too - Add special handling for busybox and groups - Use suggests shadow to prefer that over busybox in normal systems - Add support for busybox adduser/addgroup - Change requirements from shadow to useradd_or_adduser_dep - Fix default home directory [bsc#1105934] - Use _rpmmacrodir for macro file - Further enhance sysusers-generate-pre: inside the build environment, it can be acceptable to be failing to create the users (e.g when building sysuser-tools or system-user-root, since those two packages have to be speificallty excluded). Always return with error code 0 if /.buildenv exists. - sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod call fails: the resulting system is quite undefined if this should happen. - sysusers-generate-pre: exit the pre script with the exit code of sysusers2shadow.sh. - sysuser-tools needs to require sysuser-shadow - Add requires for shadow to sysuser-shadow - Put helper script into own subpackage - Convert sysusers config file to shadow arguments and use shadow suite to create user and groups. Fixes [bsc#1041497] and serveral dependency loops. - Don't ignore errors of systemd-sysusers [bsc#1039708] - Don't remove 'm' and 'r' entries from sysusers configuration - Add macros.sysusers - initial package ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add webkit-font-scaling.patch: Fix system font scaling not applied to 'font-size: XXXpt'; patch taken from upstream and rebased to apply cleanly (https://bugs.webkit.org/show_bug.cgi?id=218450). - Pass `-q` to setup to disable printing long list of files extracted from source tarball. ==== xdg-desktop-portal-kde ==== - Add compatibility with qml-autoreqprov ==== xfsprogs ==== Version update (5.9.0 -> 5.10.0) - update to 5.10.0: - xfs_repair: remove old code for mountpoint inodes - xfsprogs: Add inode btree counter feature - xfsprogs: Add bigtime feature for Y2038 - xfsprogs: Polish translation update - mkfs.xfs: Add config file feature - mkfs.xfs: allow users to specify rtinherit=0 - xfs_repair: simplify bmap_next_offset - man: various manpage updates - libxfs: remove some old dead code - libxfs: add realtime extent tracking - libxfs changes merged from kernel 5.10 - refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch against libxfs changes ==== zbar ==== - Apply patch0 unconditionally and fix build on Leap

1 0

New MicroOS snapshot 20210130 released!
by Richard Brown 31 Jan '21

31 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: PackageKit bluez cloud-init dolphin fftw3 (3.3.8 -> 3.3.9) flatpak (1.10.0 -> 1.10.1) hwinfo (21.71 -> 21.72) installation-images-MicroOS (16.29 -> 16.35) isl kcompletion kernel-firmware (20201218 -> 20210119) libgpg-error (1.39 -> 1.41) llvm11 mozilla-nss (3.59.1 -> 3.60.1) mozjs78 (78.6.1 -> 78.7.0) open-iscsi p11-kit (0.23.20 -> 0.23.22) patterns-base patterns-microos soundtouch (2.1.2 -> 2.2) sqlite3 (3.34.0 -> 3.34.1) upower webkit2gtk3 === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18 - Do not build cnf: scout-c-n-f is still pending, having PK-cnf obsolete cnf is unacceptable. - Add PackageKit-zypp-reset-update-mode-after-get-updates.patch: zypp: Reset update mode after getting updates (gh#hughsie/PackageKit/commit#b208f551, bsc#1180150). - Build command-not-found by default ==== bluez ==== Subpackages: libbluetooth3 - add bluez-test-2to3.diff to get rid of python2 dependency ==== cloud-init ==== - Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283) - Do not including sudoers.d directory twice ==== dolphin ==== Subpackages: dolphin-part libdolphinvcs5 - Add upstream patch to properly show the network button in the URL navigator (kde#431626): - 0001-Show-button-to-open-knetattach-inline-with-URL-nav-o.patch - Refreshed patches: - 0001-Update-cached-viewContainer-geometry-every-time-they.patch ==== fftw3 ==== Version update (3.3.8 -> 3.3.9) - update to 3.3.9: * New API fftw_planner_nthreads() returns the number of threads currently being used by the planner. * Fix incorrect math in 128-bit generic SIMD * Fix wisdom for avx512. The avx512 alignment requirement was set to 64 bytes, but this is wrong. Alignment requirements are a property of the platform (e.g., x86) and not of the instruction set (e.g., AVX). Among other things, this broke wisdom with avx512. Note that avx512 support is still experimental because the FFTW authors have no avx512 hardware available for testing. * fftw_threads_set_callback function to change the threading backend at runtime. ==== flatpak ==== Version update (1.10.0 -> 1.10.1) Subpackages: libflatpak0 system-user-flatpak - Flatpak only requires glib 2.44, not 2.60 - Update ostree version required to 2020.8 - Update to version 1.10.1: + Fix flatpak build on systems with setuid bwrap + Fix some compiler warnings + Fix crash on updating apps with no deploy data + Updated translations. - Remove deprecated texinfo packaging macros. - Switch to upstream release tarball. ==== hwinfo ==== Version update (21.71 -> 21.72) - merge gh#openSUSE/hwinfo#92 - improve getting video mode info (bsc#1181101) - try harder to break out of infinite I/O loops - 21.72 ==== installation-images-MicroOS ==== Version update (16.29 -> 16.35) - merge gh#openSUSE/installation-images#439 - Don't replace directory symlinks (boo#1029961) - 16.35 - merge gh#openSUSE/installation-images#447 - aarch64: add tegra20-apb-dma module (bsc#1181463) - 16.34 - merge gh#openSUSE/installation-images#446 - work around broken plymouth (bsc#1149070) - 16.33 - merge gh#openSUSE/installation-images#445 - do not run prein script for openssh-server in root image - 16.32 - merge gh#openSUSE/installation-images#443 - revert plymouth branding for SLE to tribar - support both plymouth-theme-tribar and plymouth-theme-bgrt - 16.31 - merge gh#openSUSE/installation-images#442 - Replace tribar plymouth theme for installation with bgrt (boo#1149070) - 16.30 ==== isl ==== - Compile with %optflags ==== kcompletion ==== - Add upstream patch to fix Okular search bar no longer closed when pressing ESC (kde#431493): * 0001-Fix-regression-caused-due-to-porting-from-operator-t.patch ==== kernel-firmware ==== Version update (20201218 -> 20210119) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20210119 (git commit 05789708b79b): * brcm: Link RPi4's WiFi firmware with DMI machine name. * brcm: Add NVRAM for Vamrs 96boards Rock960 * brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes * cypress: Fix link direction * cypress: Link the new cypress firmware to the old brcm files * brcm: remove old brcm firmwares that have newer cypress variants * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 * rtl_bt: Add firmware and config files for RTL8852A BT USB chip * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 - Fix install-split.sh to deal with the quoted spaces - Update aliases ==== libgpg-error ==== Version update (1.39 -> 1.41) - update to 1.41: * Fixes another glitch in the "ignore" meta command. * Fixes two typos in the German translation. * New function gpgrt_access. * Make "ignore" meta command work correctly in the option parser. * Interface changes relative to the 1.39 release: gpgrt_access NEW. ==== llvm11 ==== - Revert changes that broke the ABI (boo#1181326). * Sema-Introduce-BuiltinAttr-per-declaration-builtin-n.patch * Sema-Handle-objc_super-special-lookup-when-checking-.patch * Recognize-setjmp-and-friends-as-builtins-even-if-jmp.patch * Don-t-reject-calls-to-MinGW-s-unusual-_setjmp-declar.patch ==== mozilla-nss ==== Version update (3.59.1 -> 3.60.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.60.1 Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. - removed obsolete ppc-old-abi-v3.patch ==== mozjs78 ==== Version update (78.6.1 -> 78.7.0) - Update to version 78.7.0esr. ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Update to latest upstream (no new tag yet). To fix bsc#1181313. Changes since last update added to open-iscsi-SUSE-latest.diff.bz2: * Fix iscsiadm segfault when exiting * iscsid: Add NO_SYSTEMD to CFLAGS * Change mkdir permissions to 0770, adjust usmask * Fix typo in util.py * iscsid: Do not allow conflicting pid-file options * iscsiadm: Fix memory leak in iscsiadm * libopeniscsiusr: Fix memory leak in iscsi_sessions_get() * libopeniscsiusr: Fix memory leak in iscsi_nodes_get() * idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param() * Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable ==== p11-kit ==== Version update (0.23.20 -> 0.23.22) Subpackages: libp11-kit0 p11-kit-tools - update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066): * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * proxy: Do not assign duplicate slot IDs [PR#282] * common: Get program name based on executable path if possible [PR#307] * anchor: Exit with non-zero code, if any error occurs [PR#304] * Build and test fixes ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - bootloader pattern should not require a base pattern ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Use user(nobody) and group(nobody) - Drop autofs and nfs-client requirements, not commonly needed - Sync with openSUSE Tumleweed base pattern - Add busybox - Cleanup comments from last submission - Moved unzip and wget from gnome desktop pattern to common desktop pattern - add bash-completion, nfs-client and autofs to common desktop pattern for beginner users - remove kdeconnect-kde from kde desktop pattern as not necessary for every install ==== soundtouch ==== Version update (2.1.2 -> 2.2) - update to 2.2.0: * Improvements to help compiler autovectorization * Bugfix in integer version of calcCrossCorrAccumulate() * Compensate initial buffering of anti-alias filter and intepolator. * Tuning for ARM NEON * BPMDetect: Make conversion from size_t to int explicit * BPM PeakFinder: Fix possible reading past end of array. * Change correlation loop 'sum' variable type from double to float ==== sqlite3 ==== Version update (3.34.0 -> 3.34.1) - SQLite 3.34.1: * Fix a potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate (boo#1181261) * Fix documentation typos * Fix minor problems in extensions ==== upower ==== Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 - Use libplist-2.0 on Tumblewewd. + upower-build-Use-a-newer-libplist-if-available.patch ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add gir-multilib.patch: Fix multilib conflict in gir files. - Disable gold linker for ppc64le

1 0

New Kubic snapshot 20210130 released!
by Richard Brown 31 Jan '21

31 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cloud-init hwinfo (21.71 -> 21.72) installation-images-MicroOS (16.29 -> 16.35) kernel-firmware (20201218 -> 20210119) libgpg-error (1.39 -> 1.41) mozilla-nss (3.59.1 -> 3.60.1) mozjs78 (78.6.1 -> 78.7.0) open-iscsi p11-kit (0.23.20 -> 0.23.22) patterns-base patterns-microos sqlite3 (3.34.0 -> 3.34.1) === Details === ==== cloud-init ==== - Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283) - Do not including sudoers.d directory twice ==== hwinfo ==== Version update (21.71 -> 21.72) - merge gh#openSUSE/hwinfo#92 - improve getting video mode info (bsc#1181101) - try harder to break out of infinite I/O loops - 21.72 ==== installation-images-MicroOS ==== Version update (16.29 -> 16.35) - merge gh#openSUSE/installation-images#439 - Don't replace directory symlinks (boo#1029961) - 16.35 - merge gh#openSUSE/installation-images#447 - aarch64: add tegra20-apb-dma module (bsc#1181463) - 16.34 - merge gh#openSUSE/installation-images#446 - work around broken plymouth (bsc#1149070) - 16.33 - merge gh#openSUSE/installation-images#445 - do not run prein script for openssh-server in root image - 16.32 - merge gh#openSUSE/installation-images#443 - revert plymouth branding for SLE to tribar - support both plymouth-theme-tribar and plymouth-theme-bgrt - 16.31 - merge gh#openSUSE/installation-images#442 - Replace tribar plymouth theme for installation with bgrt (boo#1149070) - 16.30 ==== kernel-firmware ==== Version update (20201218 -> 20210119) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20210119 (git commit 05789708b79b): * brcm: Link RPi4's WiFi firmware with DMI machine name. * brcm: Add NVRAM for Vamrs 96boards Rock960 * brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes * cypress: Fix link direction * cypress: Link the new cypress firmware to the old brcm files * brcm: remove old brcm firmwares that have newer cypress variants * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 * rtl_bt: Add firmware and config files for RTL8852A BT USB chip * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 - Fix install-split.sh to deal with the quoted spaces - Update aliases ==== libgpg-error ==== Version update (1.39 -> 1.41) - update to 1.41: * Fixes another glitch in the "ignore" meta command. * Fixes two typos in the German translation. * New function gpgrt_access. * Make "ignore" meta command work correctly in the option parser. * Interface changes relative to the 1.39 release: gpgrt_access NEW. ==== mozilla-nss ==== Version update (3.59.1 -> 3.60.1) - update to NSS 3.60.1 Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. - removed obsolete ppc-old-abi-v3.patch ==== mozjs78 ==== Version update (78.6.1 -> 78.7.0) - Update to version 78.7.0esr. ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Update to latest upstream (no new tag yet). To fix bsc#1181313. Changes since last update added to open-iscsi-SUSE-latest.diff.bz2: * Fix iscsiadm segfault when exiting * iscsid: Add NO_SYSTEMD to CFLAGS * Change mkdir permissions to 0770, adjust usmask * Fix typo in util.py * iscsid: Do not allow conflicting pid-file options * iscsiadm: Fix memory leak in iscsiadm * libopeniscsiusr: Fix memory leak in iscsi_sessions_get() * libopeniscsiusr: Fix memory leak in iscsi_nodes_get() * idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param() * Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable ==== p11-kit ==== Version update (0.23.20 -> 0.23.22) Subpackages: libp11-kit0 p11-kit-tools - update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066): * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * proxy: Do not assign duplicate slot IDs [PR#282] * common: Get program name based on executable path if possible [PR#307] * anchor: Exit with non-zero code, if any error occurs [PR#304] * Build and test fixes ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - bootloader pattern should not require a base pattern ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Use user(nobody) and group(nobody) - Drop autofs and nfs-client requirements, not commonly needed - Sync with openSUSE Tumleweed base pattern - Add busybox - Cleanup comments from last submission - Moved unzip and wget from gnome desktop pattern to common desktop pattern - add bash-completion, nfs-client and autofs to common desktop pattern for beginner users - remove kdeconnect-kde from kde desktop pattern as not necessary for every install ==== sqlite3 ==== Version update (3.34.0 -> 3.34.1) - SQLite 3.34.1: * Fix a potential use-after-free bug when processing a a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate (boo#1181261) * Fix documentation typos * Fix minor problems in extensions

1 0

Alternative to install Gnome Extensions
by Syds Bearda 28 Jan '21

28 Jan '21

Hi All, I recently heard about a new possibility to install Gnome Extensions, without the need of a RPM installed browser. It's currently under development at [Github](https://github.com/ekistece/GetExtensions) You can even install it via a toolbox; the commands are as follows: $ toolbox -u $ sudo zypper in git python38-pip $ cd /tmp $ git clone https://github.com/ekistece/GetExtensions.git $ pip3 install ./GetExtensions --user $ exit You can then open the application Get Extensions that is available in your launchpad. To uninstall: pip3 uninstall getextensions Is there someone that is able to package this application in OBS so we can include it in the MicroOS installation? /Syds

4 6

New MicroOS snapshot 20210127 released!
by Richard Brown 28 Jan '21

28 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cockpit-podman (25 -> 26) sudo (1.9.5p1 -> 1.9.5p2) zbar === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ==== cockpit-podman ==== Version update (25 -> 26) - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ==== sudo ==== Version update (1.9.5p1 -> 1.9.5p2) - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. ==== zbar ==== - Apply patch0 unconditionally and fix build on Leap

1 0

New Kubic snapshot 20210127 released!
by Richard Brown 28 Jan '21

28 Jan '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cockpit-podman (25 -> 26) rdma-core sudo (1.9.5p1 -> 1.9.5p2) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ==== cockpit-podman ==== Version update (25 -> 26) - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ==== rdma-core ==== Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon is loaded at boot if enabled (bsc#1180196) ==== sudo ==== Version update (1.9.5p1 -> 1.9.5p2) - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.

1 0