February 2021 - openSUSE Kubic - openSUSE Mailing Lists

COW/noCOW on MicroOS Desktop /home subvolume
by Dario Faggioli 23 Mar '21

23 Mar '21

Hello, I've finally had the chance to put in a VM an instance of MicroOS Desktop with the new partition layout and. IMO, the fact that it has /var in a (nocow) subvolume is really a big improvement, so thanks Richard for that! We have /home in a subvolume too, which is also great, and it as well has the nocow flag set. I know this mostly come from a conversation we had on #microos-desktop on IRC but thinking more about that, and discussing this with some users, I wonder whether it is really the best choice. I mean, it sure is ok for /var, but for /home, using nocow means that we give up on some of the nicer BTRFS features, especially for home folders, wouldn't it? That might be especially true for MicroOS Desktop. E.g., think at being able to compress (if not the entire home directories or the entire subvolume) the user installed flatpaks (and using that as an argument "against" those that are still complaining that <Ah, but flatpaks takes a lot of space on disk!>> :-D). So, are there reasons why it's really preferable to keep the /home subvolume as nocow and I'm missing them? Or shall we switch it to cow? Also, while there, shall we evaluate adding other flags by default (i.e., things like autodefrag, or even compression itself)? E.g., AFAIUI, on Fedora, while not doing that right now, they're considering doing something like that, e.g.: https://pagure.io/fedora-btrfs/project/issue/5 Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

3 4

[opensuse-kubic] MicroOS error when setting container memory limit
by Sébastien 'sogal' Poher 11 Mar '21

11 Mar '21

Hi, On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error: Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ? If so, what is the proper way to update Grub config on a RO filesystem ? podman version 2.0.4 podman info (ociRuntime part): ociRuntime: name: runc package: runc-1.0.0~rc91-1.2.x86_64 path: /usr/bin/runc version: |- runc version 1.0.0-rc91 spec: 1.0.2-dev Regards, -- Sébastien 'sogal' Poher > When there's no more room at school, the dumb will walk the Earth!

5 10

Error during "kubeadm init": failed to pull image registry.opensuse.org/kubic/xxx: output: Error response from daemon: manifest unknown
by Johannes Kastl 04 Mar '21

04 Mar '21

Hi all, sorry for asking here, but I guess there are more kubeadm experts than on other lists. I was just preparing a test setup of Kubernetes on openSUSE Leap 15.2 and noticed some errors: 1. Install patterns-containers-kubeadm 2. reboot 3. enable kubelet.service 4. run "kubeadm init ..." and get an error as no runtime is found 5. enable and start either docker.service or crio.service 6. re-reun "kubeadm init..." 7. Failure (see below) According to this issue at docker/hub it is a problem with tags missing on the images/registry. Any idea where to start? How to modify which containers are used? I started grepping through the system but even if I found the lines to what versions should I change them? Kind Regards, Johannes **docker**: ``` > # kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-cert-extra-sans=81.163.192.187 > I0227 19:03:51.388635 1950 version.go:252] remote version is much newer: 1.20.2; falling back to: stable-1.18 > W0227 19:03:56.443331 1950 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] > [init] Using Kubernetes version: v1.18.14 > [preflight] Running pre-flight checks > [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ > [preflight] Pulling images required for setting up a Kubernetes cluster > [preflight] This might take a minute or two, depending on the speed of your internet connection > [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' > > > error execution phase preflight: [preflight] Some fatal errors occurred: > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-apiserver:v1.18.14: output: Error response from daemon: manifest unknown > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-controller-manager:v1.18.14: output: Error response from daemon: manifest unknown > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-scheduler:v1.18.14: output: Error response from daemon: manifest unknown > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-proxy:v1.18.14: output: Error response from daemon: manifest unknown > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/etcd:3.4.3-0: output: Error response from daemon: manifest unknown > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/coredns:1.6.7: output: Error response from daemon: manifest unknown > , error: exit status 1 > [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` > To see the stack trace of this error execute with --v=5 or higher ``` **crio**: ``` > # kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-cert-extra-sans=81.163.192.187 > I0227 19:24:42.148453 2041 version.go:252] remote version is much newer: 1.20.2; falling back to: stable-1.18 > W0227 19:24:42.202269 2041 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] > [init] Using Kubernetes version: v1.18.14 > [preflight] Running pre-flight checks > [preflight] Pulling images required for setting up a Kubernetes cluster > [preflight] This might take a minute or two, depending on the speed of your internet connection > [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' > error execution phase preflight: [preflight] Some fatal errors occurred: > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-apiserver:v1.18.14: output: time="2021-02-27T19:24:44Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest v1.18.14 in registry.opensuse.org/kubic/kube-apiserver: manifest unknown" > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-controller-manager:v1.18.14: output: time="2021-02-27T19:24:45Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest v1.18.14 in registry.opensuse.org/kubic/kube-controller-manager: manifest unknown" > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-scheduler:v1.18.14: output: time="2021-02-27T19:24:46Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest v1.18.14 in registry.opensuse.org/kubic/kube-scheduler: manifest unknown" > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/kube-proxy:v1.18.14: output: time="2021-02-27T19:24:47Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest v1.18.14 in registry.opensuse.org/kubic/kube-proxy: manifest unknown" > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/etcd:3.4.3-0: output: time="2021-02-27T19:24:50Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest 3.4.3-0 in registry.opensuse.org/kubic/etcd: manifest unknown" > , error: exit status 1 > [ERROR ImagePull]: failed to pull image registry.opensuse.org/kubic/coredns:1.6.7: output: time="2021-02-27T19:24:51Z" level=fatal msg="pulling image failed: rpc error: code = Unknown desc = Error reading manifest 1.6.7 in registry.opensuse.org/kubic/coredns: manifest unknown" > , error: exit status 1 > [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` > To see the stack trace of this error execute with --v=5 or higher ``` -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl(a)b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

2 6

kube-proxy ImagePullBackOff: kube-proxy:v1.19.4 image not present
by Robert Munteanu 03 Mar '21

03 Mar '21

Hi, I noticed that one of the nodes in my kubic cluster is limping, with the root cause being a failing kube-proxy pod. kube-system kube-proxy-p4ljp 0/1 ImagePullBackOff 0 97d 10.25.0.43 kubic- worker-1 <none> <none> The root cause seems to be Normal BackOff 19m (x11214 over 42h) kubelet Back-off pulling image "registry.opensuse.org/kubic/kube-proxy:v1.19.4" The other nodes seem to work fine, and I assume they have the images in the kubelet cache. All nodes are at version 1.19.7 $ kubectl get node NAME STATUS ROLES AGE VERSION kubic-master-1 Ready master 97d v1.19.7 kubic-worker-1 Ready <none> 97d v1.19.7 kubic-worker-2 Ready <none> 97d v1.19.7 I could edit the DaemonSet manually, but I like the kubic unattended updates too much and would like to understand the contract related to minor version updates. Should I file a bug or is this expected behaviour? Thanks, Robert

4 9

New packages libkrun, libkrunfw and krunvm for super-lightweigth virtualization and virtualization hardened containers
by Dario Faggioli 27 Feb '21

27 Feb '21

Hello, I'm about to submit two factory 3 packages, from the Virtualization Devel project: - libkrunfw https://build.opensuse.org/package/show/Virtualization/libkrunfw - libkrun https://build.opensuse.org/package/show/Virtualization/libkrun - krunvm https://build.opensuse.org/package/show/Virtualization/krunvm Libkrun is the key and the heart of everything. It's a library that enable a (OCI) runtime to start the environments that such runtimes usually handles (read: containers) inside a super-lightweight virtual machine (using KVM underneath, of course). If you're familiar with KataContainers, well, it's similar... but all done in a library, which makes things smaller and faster (at least potentially, as the project is still in early stage of development and performance is not a goal yet). This is already possible, with krunvm, which is basically a CLI for libkrun, that allows you to create lightweight VMs out of OCI images. Watch this: $ cat /etc/os-release NAME="openSUSE Tumbleweed" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20210223" [...] $ uname -a Linux Solace 5.10.16-1-default #1 SMP Sat Feb 13 16:20:19 UTC 2021 (11381f3) x86_64 x86_64 x86_64 GNU/Linux Now, if I do: $ sudo krunvm create opensuse/leap --name leap Resolving "opensuse/leap" using unqualified-search registries (/etc/containers/registries.conf) Getting image source signatures Copying blob 99b65196a7ec done [...] Lightweight VM created with name: leap $ sudo krunvm list leap CPUs: 2 RAM (MiB): 1024 DNS server: 1.1.1.1 Buildah container: leap-working-container Workdir: /root Mapped volumes: {} Mapped ports: {} $ sudo krunvm start leap sh-4.4# cat /etc/os-release NAME="openSUSE Leap" VERSION="15.2" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.2" sh-4.4# uname -a Linux leap 5.10.10 #1 SMP Fri Feb 26 08:27:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux And you can tell that it's a VM from --among other things-- the fact that the kernels (see the two `uname -a`) are different! In this example, I used `sudo`, but it does work rootless as well, like this (for now): $ buildah unshare Solace:~ # krunvm create ubuntu --name ubu Solace:~ # krunvm start ubu # apt-get update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Get:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB] Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB] [...] Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [934 kB] Fetched 1257 kB in 3s (423 kB/s) Reading package lists... Done # ^D Solace:~ # exit $ And yes, as you see from the above example where I used apt, networking works (limited to IPv4-TCP, for now... because as I said it's early!) with zero configuration. And of course it supports bind mounting pieces of the host filesystem as well (and also with zero config needed). Note also that the crun OCI runtime already has support for libkrun, and that podman can work on top of crun. Therefore, we could one day have podman containers running as lightweight VMs! We could one day have toolbox containers (which is why I'm cross- posting to Kubic) running as lightweight VMs!! Sure, we need to have crun for that, which I don't think we do right now. But, baby steps. :-) The third package, libkrunfw, is basically where the kernel of the lightweight VM lives. Now, ideally, we would pick-up our kernel-source package, apply patches and configuration, ad build libkrunfw from it. However, this is currently not possible, due to the dependency of some of the needed patches on a specific kernel-version. We do intend, however, to fix this as soon as possible. Libkrun and krunvm are available already in Fedora, via Copr and on MacOS-aarch64 (the so-called M1). You can find more about the project at the following links: https://github.com/containers/libkrun https://github.com/containers/krunvm https://news.ycombinator.com/item?id=25939995 https://static.sched.com/hosted_files/devconfcz2021/b9/libkrun%20Virtuailza… Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

1 2

New MicroOS snapshot 20210223 released!
by Richard Brown 26 Feb '21

26 Feb '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream (0.13.1 -> 0.14.1) e2fsprogs (1.45.6 -> 1.46.1) glibc gnome-control-center (3.38.3 -> 3.38.4) grub2 kernel-firmware libgcrypt (1.9.1 -> 1.9.2) libsolv (0.7.16 -> 0.7.17) libzypp (17.25.6 -> 17.25.7) milou5 plasma5-openSUSE plasma5-workspace ucode-intel (20201118 -> 20210216) zbar (0.23.1 -> 0.23.90) === Details === ==== AppStream ==== Version update (0.13.1 -> 0.14.1) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.14.1: + Features: - Switch back from Soup to cURL for HTTP(S). - validator: Check a few more things on requires/recommends items. - Only download the first bytes of a file when checking URLs for validity. + Specification: spec: Officially mark <mimetypes/> tag as deprecated. + Bugfixes: - qt: Return better errors in AppStream::Metadata. - Do not automatically clean up errors that will be propagated. - Remove overall extern "C" to make very new (2.67+) GLib versions happy. - ascli: Don?t use GNU C extension type names. - build: Use c11 rather than gnu11 and define vendor extensions separately. - Changes from version 0.14.0: + Features: - news-to-metainfo: Interpret placeholder release dates as denoting a dev version. - Make as_utils_build_data_id public API. - Add AsReview for attaching user reviews to software components. - Add a branch element to component data-IDs. - utils: Add data-ID hashing and matching functions. - utils: Make as_gstring_replace public API. - Add branch info to on-disk cached components. - content-rating: Add as_content_rating_add_attribute API. - Rename INPUTMETHOD component kind enum to INPUT_METHOD. - Add "cabinet" bundle type for firmware deployments. - Make AsTokenMatch public API. - Add function to AsScreenshot to get image closest to preferred size. - Allow AsComponent to directly ingest desktop-entry data. - Make as_pool_build_search_tokens API public. - Add "origin" token match. - Make as_component_add_provided_item API public. - Add some useful image dimension constants. - compose: Add blur function from asglib. - Add more efficient load_from_bytes method to AsComponent. + Updated translations. - Drop fix-build-gcc7.patch: no longer applicable. - Replace pkgconfig(libsoup-2.4) with pkgconfig(libcurl) BuildRequires: follow upstreams switch back to cURL. ==== e2fsprogs ==== Version update (1.45.6 -> 1.46.1) Subpackages: libcom_err2 libext2fs2 - Remove autoreconf (and resulting dependencies) from the spec file. The upstream configure script should be fine. - Update to 1.46.1: * Fix setting extended attributes in libext2fs and debugfs * Fix e2fsck to accept large_dir directories greater than 4G * Fix fast commit support on big endian architectures * Fix mke2fs -d to correctly import a small file stored using inline_data feature and which has ACL or extended attribute * Various compilation fixes * Speedup bitmap loading for large filesystems using multiple threads * Speedup mke2fs for bigalloc filesystems * E2fsck fixes when rehashing directories * Fix e2fsck crashes on maliciously corrupted filesystems * Fix e2fsck handling of duplicated case-folded file names * Implement hashed directory support in libext2fs * Support for fast commit feature * Support for combination of casefolding and encryption * Support for stable inodes feature * Add support for per-inode DAX flag * Fix tune2fs to unlock MMP on failure * Fix e2fsck buffer overflow when scanning directory blocks * Fix resize2fs overflowing block group descriptors with 1k block size - delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream - Add autoconf-archive to build requirements - Fix installation of info files for older distros ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Prepare for usrmerge (bsc#1029961) - Add --enable-memory-tagging for aarch64 ==== gnome-control-center ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-control-center-goa - Update to version 3.38.4: + User Accounts: - Properly handle claiming errors if we're already claiming. - Always call EnrollStop on enrollment complete. + Updated translations. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Correct the RPi4 brcm config to recover the WiFi breakage (bsc#1182320): Revert-brcm-rpi4-boardflags3-bit.patch ==== libgcrypt ==== Version update (1.9.1 -> 1.9.2) - libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros ==== libsolv ==== Version update (0.7.16 -> 0.7.17) - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath - bump version to 0.7.17 ==== libzypp ==== Version update (17.25.6 -> 17.25.7) - Patch: Identify well-known category names (bsc#117984) This allows to use the RH and SUSE patch categrory names synonymously: (recommendedi = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - version 17.25.7 (22) ==== milou5 ==== - Add patch to avoid empty queries, which causes runners to misbehave: * 0001-Fix-launching-empty-query.patch ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE sddm-theme-openSUSE - Drop update_diffs.sh, broken and unused ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add patch to fix krunner crash caused by mismatched quotes: * 0001-locations-runner-Fix-empty-list-on-invalid-shell-quo.patch - Add patch to fix starting applications with arguments from krunner (kde#433053): * 0001-locations-runner-Fix-absolute-filepath-arguments.patch - Add patch to fix race on logout (kde#432460): * 0001-libkworkspace-Interim-fix-for-the-logout-issue.patch ==== ucode-intel ==== Version update (20201118 -> 20210216) - Updated Intel CPU Microcode to 20210216 official release. (bsc#1182347 bsc#1179224) | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2 ==== zbar ==== Version update (0.23.1 -> 0.23.90) - Update to version 0.23.90 * Fixed several issues with configure.ac, making it auto-detect most things, when possible * Fixed some build issues * Make it compatible with Python 3.9 * Fixed some Python 3.9 and Qt5 warnings * Typo fixes * Several fixes at zbarcam * zbarimg: fix stderr output when symbols are found - Drop 0001-Create-correct-pkconfig-file-for-zbar-qt5.patch and 0002-get-rid-of-gettext_h.patch (merged upstream) - Enable python3 module

1 0

New Kubic snapshot 20210223 released!
by Richard Brown 26 Feb '21

26 Feb '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: e2fsprogs (1.45.6 -> 1.46.1) glibc grub2 kernel-firmware libgcrypt (1.9.1 -> 1.9.2) libsolv (0.7.16 -> 0.7.17) libzypp (17.25.6 -> 17.25.7) python-M2Crypto rdma-core (31.0 -> 31.3) ucode-intel (20201118 -> 20210216) === Details === ==== e2fsprogs ==== Version update (1.45.6 -> 1.46.1) Subpackages: libcom_err2 libext2fs2 - Remove autoreconf (and resulting dependencies) from the spec file. The upstream configure script should be fine. - Update to 1.46.1: * Fix setting extended attributes in libext2fs and debugfs * Fix e2fsck to accept large_dir directories greater than 4G * Fix fast commit support on big endian architectures * Fix mke2fs -d to correctly import a small file stored using inline_data feature and which has ACL or extended attribute * Various compilation fixes * Speedup bitmap loading for large filesystems using multiple threads * Speedup mke2fs for bigalloc filesystems * E2fsck fixes when rehashing directories * Fix e2fsck crashes on maliciously corrupted filesystems * Fix e2fsck handling of duplicated case-folded file names * Implement hashed directory support in libext2fs * Support for fast commit feature * Support for combination of casefolding and encryption * Support for stable inodes feature * Add support for per-inode DAX flag * Fix tune2fs to unlock MMP on failure * Fix e2fsck buffer overflow when scanning directory blocks * Fix resize2fs overflowing block group descriptors with 1k block size - delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream - Add autoconf-archive to build requirements - Fix installation of info files for older distros ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Prepare for usrmerge (bsc#1029961) - Add --enable-memory-tagging for aarch64 ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Correct the RPi4 brcm config to recover the WiFi breakage (bsc#1182320): Revert-brcm-rpi4-boardflags3-bit.patch ==== libgcrypt ==== Version update (1.9.1 -> 1.9.2) - libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros ==== libsolv ==== Version update (0.7.16 -> 0.7.17) - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath - bump version to 0.7.17 ==== libzypp ==== Version update (17.25.6 -> 17.25.7) - Patch: Identify well-known category names (bsc#117984) This allows to use the RH and SUSE patch categrory names synonymously: (recommendedi = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - version 17.25.7 (22) ==== python-M2Crypto ==== - Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216). - OpenSSL allows the verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE * This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. - Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch (Thanks for Debian, https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8) - Add source signature file ==== rdma-core ==== Version update (31.0 -> 31.3) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to rdma-core v31.3 - No release notes available - Fix patch to systemd-modules-load script (bsc#1178539) - Drop srp_daemon-Fix-systemd-dependency.patch as it was merged upstream ==== ucode-intel ==== Version update (20201118 -> 20210216) - Updated Intel CPU Microcode to 20210216 official release. (bsc#1182347 bsc#1179224) | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2

1 0

New ARM MicroOS snapshot 20210223 released!
by Guillaume Gardet 25 Feb '21

25 Feb '21

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream (0.13.1 -> 0.14.1) avahi ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) drpm e2fsprogs (1.45.6 -> 1.46.1) ell (0.36 -> 0.38) filesystem glibc gnome-control-center (3.38.3 -> 3.38.4) gnome-desktop (3.38.3 -> 3.38.4) grub2 gtk3 (3.24.24 -> 3.24.25) ipset (7.10 -> 7.11) kernel-firmware kmod ldacBT libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libgcrypt (1.9.1 -> 1.9.2) libnettle (3.7 -> 3.7.1) libpcap (1.9.1 -> 1.10.0) libqt5-qtwebengine libsolv (0.7.16 -> 0.7.17) libzypp (17.25.6 -> 17.25.7) llvm11 milou5 mpg123 pam patterns-base pcre pipewire plasma5-openSUSE plasma5-workspace python-py (1.9.0 -> 1.10.0) supportutils systemd tar (1.33 -> 1.34) u-boot-rpiarm64 (2020.10 -> 2021.01) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim webkit2gtk3 xkeyboard-config (2.31 -> 2.32) zbar (0.23.1 -> 0.23.90) === Details === ==== AppStream ==== Version update (0.13.1 -> 0.14.1) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.14.1: + Features: - Switch back from Soup to cURL for HTTP(S). - validator: Check a few more things on requires/recommends items. - Only download the first bytes of a file when checking URLs for validity. + Specification: spec: Officially mark <mimetypes/> tag as deprecated. + Bugfixes: - qt: Return better errors in AppStream::Metadata. - Do not automatically clean up errors that will be propagated. - Remove overall extern "C" to make very new (2.67+) GLib versions happy. - ascli: Don?t use GNU C extension type names. - build: Use c11 rather than gnu11 and define vendor extensions separately. - Changes from version 0.14.0: + Features: - news-to-metainfo: Interpret placeholder release dates as denoting a dev version. - Make as_utils_build_data_id public API. - Add AsReview for attaching user reviews to software components. - Add a branch element to component data-IDs. - utils: Add data-ID hashing and matching functions. - utils: Make as_gstring_replace public API. - Add branch info to on-disk cached components. - content-rating: Add as_content_rating_add_attribute API. - Rename INPUTMETHOD component kind enum to INPUT_METHOD. - Add "cabinet" bundle type for firmware deployments. - Make AsTokenMatch public API. - Add function to AsScreenshot to get image closest to preferred size. - Allow AsComponent to directly ingest desktop-entry data. - Make as_pool_build_search_tokens API public. - Add "origin" token match. - Make as_component_add_provided_item API public. - Add some useful image dimension constants. - compose: Add blur function from asglib. - Add more efficient load_from_bytes method to AsComponent. + Updated translations. - Drop fix-build-gcc7.patch: no longer applicable. - Replace pkgconfig(libsoup-2.4) with pkgconfig(libcurl) BuildRequires: follow upstreams switch back to cURL. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) Subpackages: dracut-ima - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== drpm ==== - skip valgrind checking on aarch64 (bsc#1182493) ==== e2fsprogs ==== Version update (1.45.6 -> 1.46.1) Subpackages: libcom_err2 libext2fs2 - Remove autoreconf (and resulting dependencies) from the spec file. The upstream configure script should be fine. - Update to 1.46.1: * Fix setting extended attributes in libext2fs and debugfs * Fix e2fsck to accept large_dir directories greater than 4G * Fix fast commit support on big endian architectures * Fix mke2fs -d to correctly import a small file stored using inline_data feature and which has ACL or extended attribute * Various compilation fixes * Speedup bitmap loading for large filesystems using multiple threads * Speedup mke2fs for bigalloc filesystems * E2fsck fixes when rehashing directories * Fix e2fsck crashes on maliciously corrupted filesystems * Fix e2fsck handling of duplicated case-folded file names * Implement hashed directory support in libext2fs * Support for fast commit feature * Support for combination of casefolding and encryption * Support for stable inodes feature * Add support for per-inode DAX flag * Fix tune2fs to unlock MMP on failure * Fix e2fsck buffer overflow when scanning directory blocks * Fix resize2fs overflowing block group descriptors with 1k block size - delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream - Add autoconf-archive to build requirements - Fix installation of info files for older distros ==== ell ==== Version update (0.36 -> 0.38) - Update to release 0.38 : * Fix issue with DHCP v6 Rapid Commit option check. * Fix issue with handling RFC8018/RFC1423 padding. * Fix issue with D-Bus filter messages with no interfaces set. * Add support for PKCS#12 certification loading. ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Prepare for usrmerge (bsc#1029961) - Add --enable-memory-tagging for aarch64 ==== gnome-control-center ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-control-center-goa - Update to version 3.38.4: + User Accounts: - Properly handle claiming errors if we're already claiming. - Always call EnrollStop on enrollment complete. + Updated translations. ==== gnome-desktop ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.4: + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc ==== gtk3 ==== Version update (3.24.24 -> 3.24.25) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.25: + Settings: Make cursor aspect ratio setting work. + Broadway: - Fix touchscreen event handling. - Support Android / Chrome on-screen keyboard. + Wayland: - Avoid crashes with tablet input. - Add api to support clients with subsurfaces better. + Inspector: Make the inspector available in non-debug builds. + Theme: - Make scrollbars larger. - Disable shadows on maximized, fullscreen and tiled windows. + Printing: Support Avahi-discovered printers better. + Input: - Show preedit for compose sequences. - Support long compose sequences. - Support compose sequences producing multiple characters. + Updated translations. ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Correct the RPi4 brcm config to recover the WiFi breakage (bsc#1182320): Revert-brcm-rpi4-boardflags3-bit.patch ==== kmod ==== Subpackages: libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== ldacBT ==== - Exclude building in big-endian architectures (s390 s390x ppc64) since ldacBT requires a little-endian cpu to build. ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libgcrypt ==== Version update (1.9.1 -> 1.9.2) - libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== libpcap ==== Version update (1.9.1 -> 1.10.0) - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) * Linux: with a timeout of zero, wait indefinitely * Linux: clean up support for some non-GNU libc C libraries * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP * Fix handling of some ioctls that fail with "permission denied" even when the ioctl isn't supported at all * Added support for ICMPv6 types 1-4 as tokens in filters * Report the DLT description in error messages * Linux: Add support for DSA data link types * Linux USB: use the snapshot length to set the buffer size, and set the len field to reflect the length in the URB * rpcapd: allow rpcapd to rebind more rapidly * Add Haiku pcap implementation * rpcap: redo protocol version negotiation to avoid problems with old servers (it still works with servers using the old negotiation, as well as servers not supporting negotiation) * Remove (unused) SITA support here. * Correctly handle pcapng captures with more than one IDB with a snspshot length greater than the supported maximum - Remove libpcap-no-old-socket.patch - Rebase libpcap-1.0.0-s390.patch ==== libqt5-qtwebengine ==== - Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch - Relax constraints for armv6 and armv7 ==== libsolv ==== Version update (0.7.16 -> 0.7.17) - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath - bump version to 0.7.17 ==== libzypp ==== Version update (17.25.6 -> 17.25.7) - Patch: Identify well-known category names (bsc#117984) This allows to use the RH and SUSE patch categrory names synonymously: (recommendedi = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - version 17.25.7 (22) ==== llvm11 ==== - Don't use gold and ThinLTO on ppc64le because of boo#1181621. - Fix-missing-include.patch: fix build with GCC 11. (boo#1181875) - CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch: Fix target component lookup. (boo#1180748) ==== milou5 ==== - Add patch to avoid empty queries, which causes runners to misbehave: * 0001-Fix-launching-empty-query.patch ==== mpg123 ==== - Avoid unconditional Supplements ==== pam ==== - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== - package testsuite in a separate RPM (boo#1182235) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - ldacBT only builds on little endian architectures, so we can't buildrequire it on big endian systems like s390, s390x or ppc64. ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE sddm-theme-openSUSE - Drop update_diffs.sh, broken and unused ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add patch to fix krunner crash caused by mismatched quotes: * 0001-locations-runner-Fix-empty-list-on-invalid-shell-quo.patch - Add patch to fix starting applications with arguments from krunner (kde#433053): * 0001-locations-runner-Fix-absolute-filepath-arguments.patch - Add patch to fix race on logout (kde#432460): * 0001-libkworkspace-Interim-fix-for-the-logout-issue.patch ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== supportutils ==== - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 #90 + supportconfig: use readlink /proc/<pid>/cwd to get cwd list instead of lsof #91 + supportconfig: sssd_info consistency #93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 - Additions to version 3.1.12 + Capture IBM Power bootlist (SLE-15557) + Fix spelling typos in man pages #78 + Collect multipath wwids file #77 + Removed unnecessary appname parameter from HTTP upload URL + added aa-status #74 - Additions to version 3.1.12 + [powerpc] Collect logs for power specific components #72 (bscn#1176895) + supportconfig: fs-btrfs: Add "btrfs device stats" output #73 - Additions to version 3.1.11 + Changes affecting supportconfig - disk_info: Show discard information in lsblk #70 - memory_info: Show VMware memory balloon infomation #71 - Addition to version 3.1.10 + Changes affecting analyzevmcore - Fixed typo in error message #67 + Changes affecting supportconfig - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Check btrfs balance status #69 - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j <PID> to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) - Updated to version 3.1.1 + Fixed X missing /prob/fb error (bsc#1127069) + Fixed dasdview -f (bsc#1109664) + Clarified -t help description (bsc#1121043) + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) + Collects systemd journal with minimum install (bsc#1094225) + Supportconfig fails on bzip archives (bsc#1120049) + Get few drbd output & configuration #42 - Corrected missed SUSE separation lines - Fixed invalid exit code commands (bsc#1125666) - CVE-2018-19640: supportutils: Users can kill arbitrary processes (CVE-2018-19640 bsc#1118463) - User can overwrite arbitrary log files in support tar (CVE-2018-19638 bsc#1118460) - Code execution if run with -v (CVE-2018-19639 bsc#1118462) - Static temporary filename allows overwriting of files (CVE-2018-19637 bsc#1117776) - Included additional SUSE separation (bsc#1125609) - Merged added listing of locked packes by zypper #41 - Corrected spec file errors - Added firewall-cmd info - btrfs filesystem usage - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors - Added corosync status to ha_info - Clarified -x functionality in supportconfig(8) (bsc#1115245) - Dump find errors in ib_info - Exclude pam.txt per GDPR by default (bsc#1112461) - udev service and journal content (bsc#1051797) - supportconfig collects tuned profile settings (bsc#1071545) - sfdisk -d no disk device specified (bsc#1043311) - Added vulnerabilites check in basic-health.txt (bsc#1105849) - Added backup rpm database directory - Updated URLs in documentation - Added only sched_domain from cpu0 - Blacklist sched_domain from proc.txt (bsc#1046681) - Use %license instead of %doc [bsc#1082318] - Accounts for firewalld now (bsc#1079137) - Added dmesg taint seach - Removed mii-tool from networking - Updated HA to use chrony - Added kdumptool calibrate to crash.txt - Removed SLES_VER case for sles8,9 and 10 - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service - Fixed no disk device with sfdisk (bsc#1078638) - Removed OPTION_SAM from man pages and resource file - Validated missing commands - Updated apparmor with systemctl service - Replaced deprecated networking commands (bsc#1078318) - Removed sam_info since suse_sam is no longer available - Assigned SLE15 to SLES_VER selections (bsc#1078168) - Includes X without display issue (bsc#1077813) - Fixes for Infiniband (bsc#1071294) - Using chrony for NTP (bsc#1077818) - Added os-release processing (bsc#1077758) - Removed invalid string tty string (bsc#1077681) - Added SLE15 taint values (bsc#1077683) - Added transactional update with OPTION_TRANSACTIONAL=1 - Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL - Fixed docker package detection (bsc#1069457) - Replaced route with ip route (bsc#1070379) - Added systemd-delta to systemd.txt (bsc#1071924) - Changed repos -u to repos -d (bsc#1071926) - Added rdma-core for infiniband (bsc#1071294) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== u-boot-rpiarm64 ==== Version update (2020.10 -> 2021.01) Subpackages: u-boot-rpiarm64-doc Fix boot for BananaPi R2 (bsc#1180732). Speed up boot time for RPi2. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch 0033-configs-RPi2-Disable-EFI-Grub-worka.patch - Add qemu-riscv64spl Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0031-efi_loader-Avoid-emitting-efi_var_b.patch - Drop pcm051rev3 for Phytec Wega board - Fix binary extension for sunxi based boards - Add Pinephone - Fix documentation location Update to v2021.01. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches dropped: 0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch 0029-Revert-Fix-data-abort-caused-by-mis.patch 0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0031-pci-brcmstb-Cleanup-controller-stat.patch * Patches added: 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0029-pci-brcmstb-Cleanup-controller-stat.patch 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: vim-data-common vim-small - source correct suse.vimrc file (boo#1182324) ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update _constraints for armv6/armv7 ==== xkeyboard-config ==== Version update (2.31 -> 2.32) - Update to version 2.32 * latest bugfix release ==== zbar ==== Version update (0.23.1 -> 0.23.90) - Update to version 0.23.90 * Fixed several issues with configure.ac, making it auto-detect most things, when possible * Fixed some build issues * Make it compatible with Python 3.9 * Fixed some Python 3.9 and Qt5 warnings * Typo fixes * Several fixes at zbarcam * zbarimg: fix stderr output when symbols are found - Drop 0001-Create-correct-pkconfig-file-for-zbar-qt5.patch and 0002-get-rid-of-gettext_h.patch (merged upstream) - Enable python3 module

1 0

New ARM Kubic snapshot 20210223 released!
by Guillaume Gardet 25 Feb '21

25 Feb '21

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) e2fsprogs (1.45.6 -> 1.46.1) filesystem glibc grub2 ipset (7.10 -> 7.11) kernel-firmware kmod libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libgcrypt (1.9.1 -> 1.9.2) libnettle (3.7 -> 3.7.1) libsolv (0.7.16 -> 0.7.17) libzypp (17.25.6 -> 17.25.7) pam patterns-base pcre python-M2Crypto python-py (1.9.0 -> 1.10.0) rdma-core (31.0 -> 31.3) supportutils systemd tar (1.33 -> 1.34) u-boot-rpiarm64 (2020.10 -> 2021.01) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim === Details === ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) Subpackages: dracut-ima - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== e2fsprogs ==== Version update (1.45.6 -> 1.46.1) Subpackages: libcom_err2 libext2fs2 - Remove autoreconf (and resulting dependencies) from the spec file. The upstream configure script should be fine. - Update to 1.46.1: * Fix setting extended attributes in libext2fs and debugfs * Fix e2fsck to accept large_dir directories greater than 4G * Fix fast commit support on big endian architectures * Fix mke2fs -d to correctly import a small file stored using inline_data feature and which has ACL or extended attribute * Various compilation fixes * Speedup bitmap loading for large filesystems using multiple threads * Speedup mke2fs for bigalloc filesystems * E2fsck fixes when rehashing directories * Fix e2fsck crashes on maliciously corrupted filesystems * Fix e2fsck handling of duplicated case-folded file names * Implement hashed directory support in libext2fs * Support for fast commit feature * Support for combination of casefolding and encryption * Support for stable inodes feature * Add support for per-inode DAX flag * Fix tune2fs to unlock MMP on failure * Fix e2fsck buffer overflow when scanning directory blocks * Fix resize2fs overflowing block group descriptors with 1k block size - delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream - Add autoconf-archive to build requirements - Fix installation of info files for older distros ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Prepare for usrmerge (bsc#1029961) - Add --enable-memory-tagging for aarch64 ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix build error in binutils 2.36 (bsc#1181741) * 0001-Fix-build-error-in-binutils-2.36.patch - Fix executable stack in grub-emu (bsc#1181696) * 0001-emu-fix-executable-stack-marking.patch - Restore compatibilty sym-links * grub2.spec - Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044) * grub2.rpmlintrc ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Correct the RPi4 brcm config to recover the WiFi breakage (bsc#1182320): Revert-brcm-rpi4-boardflags3-bit.patch ==== kmod ==== Subpackages: libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libgcrypt ==== Version update (1.9.1 -> 1.9.2) - libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== libsolv ==== Version update (0.7.16 -> 0.7.17) - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath - bump version to 0.7.17 ==== libzypp ==== Version update (17.25.6 -> 17.25.7) - Patch: Identify well-known category names (bsc#117984) This allows to use the RH and SUSE patch categrory names synonymously: (recommendedi = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - version 17.25.7 (22) ==== pam ==== - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== - package testsuite in a separate RPM (boo#1182235) ==== python-M2Crypto ==== - Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216). - OpenSSL allows the verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE * This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. - Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch (Thanks for Debian, https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8) - Add source signature file ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== rdma-core ==== Version update (31.0 -> 31.3) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to rdma-core v31.3 - No release notes available - Fix patch to systemd-modules-load script (bsc#1178539) - Drop srp_daemon-Fix-systemd-dependency.patch as it was merged upstream ==== supportutils ==== - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 #90 + supportconfig: use readlink /proc/<pid>/cwd to get cwd list instead of lsof #91 + supportconfig: sssd_info consistency #93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 - Additions to version 3.1.12 + Capture IBM Power bootlist (SLE-15557) + Fix spelling typos in man pages #78 + Collect multipath wwids file #77 + Removed unnecessary appname parameter from HTTP upload URL + added aa-status #74 - Additions to version 3.1.12 + [powerpc] Collect logs for power specific components #72 (bscn#1176895) + supportconfig: fs-btrfs: Add "btrfs device stats" output #73 - Additions to version 3.1.11 + Changes affecting supportconfig - disk_info: Show discard information in lsblk #70 - memory_info: Show VMware memory balloon infomation #71 - Addition to version 3.1.10 + Changes affecting analyzevmcore - Fixed typo in error message #67 + Changes affecting supportconfig - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Check btrfs balance status #69 - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j <PID> to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) - Updated to version 3.1.1 + Fixed X missing /prob/fb error (bsc#1127069) + Fixed dasdview -f (bsc#1109664) + Clarified -t help description (bsc#1121043) + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) + Collects systemd journal with minimum install (bsc#1094225) + Supportconfig fails on bzip archives (bsc#1120049) + Get few drbd output & configuration #42 - Corrected missed SUSE separation lines - Fixed invalid exit code commands (bsc#1125666) - CVE-2018-19640: supportutils: Users can kill arbitrary processes (CVE-2018-19640 bsc#1118463) - User can overwrite arbitrary log files in support tar (CVE-2018-19638 bsc#1118460) - Code execution if run with -v (CVE-2018-19639 bsc#1118462) - Static temporary filename allows overwriting of files (CVE-2018-19637 bsc#1117776) - Included additional SUSE separation (bsc#1125609) - Merged added listing of locked packes by zypper #41 - Corrected spec file errors - Added firewall-cmd info - btrfs filesystem usage - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors - Added corosync status to ha_info - Clarified -x functionality in supportconfig(8) (bsc#1115245) - Dump find errors in ib_info - Exclude pam.txt per GDPR by default (bsc#1112461) - udev service and journal content (bsc#1051797) - supportconfig collects tuned profile settings (bsc#1071545) - sfdisk -d no disk device specified (bsc#1043311) - Added vulnerabilites check in basic-health.txt (bsc#1105849) - Added backup rpm database directory - Updated URLs in documentation - Added only sched_domain from cpu0 - Blacklist sched_domain from proc.txt (bsc#1046681) - Use %license instead of %doc [bsc#1082318] - Accounts for firewalld now (bsc#1079137) - Added dmesg taint seach - Removed mii-tool from networking - Updated HA to use chrony - Added kdumptool calibrate to crash.txt - Removed SLES_VER case for sles8,9 and 10 - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service - Fixed no disk device with sfdisk (bsc#1078638) - Removed OPTION_SAM from man pages and resource file - Validated missing commands - Updated apparmor with systemctl service - Replaced deprecated networking commands (bsc#1078318) - Removed sam_info since suse_sam is no longer available - Assigned SLE15 to SLES_VER selections (bsc#1078168) - Includes X without display issue (bsc#1077813) - Fixes for Infiniband (bsc#1071294) - Using chrony for NTP (bsc#1077818) - Added os-release processing (bsc#1077758) - Removed invalid string tty string (bsc#1077681) - Added SLE15 taint values (bsc#1077683) - Added transactional update with OPTION_TRANSACTIONAL=1 - Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL - Fixed docker package detection (bsc#1069457) - Replaced route with ip route (bsc#1070379) - Added systemd-delta to systemd.txt (bsc#1071924) - Changed repos -u to repos -d (bsc#1071926) - Added rdma-core for infiniband (bsc#1071294) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== u-boot-rpiarm64 ==== Version update (2020.10 -> 2021.01) Subpackages: u-boot-rpiarm64-doc Fix boot for BananaPi R2 (bsc#1180732). Speed up boot time for RPi2. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch 0033-configs-RPi2-Disable-EFI-Grub-worka.patch - Add qemu-riscv64spl Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches added: 0031-efi_loader-Avoid-emitting-efi_var_b.patch - Drop pcm051rev3 for Phytec Wega board - Fix binary extension for sunxi based boards - Add Pinephone - Fix documentation location Update to v2021.01. Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01 * Patches dropped: 0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch 0029-Revert-Fix-data-abort-caused-by-mis.patch 0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0031-pci-brcmstb-Cleanup-controller-stat.patch * Patches added: 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0029-pci-brcmstb-Cleanup-controller-stat.patch 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: vim-data-common vim-small - source correct suse.vimrc file (boo#1182324)

1 0

New MicroOS snapshot 20210222 released!
by Richard Brown 23 Feb '21

23 Feb '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: avahi ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) drpm ell (0.36 -> 0.38) filesystem fwupd (1.5.3 -> 1.5.6) gnome-desktop (3.38.3 -> 3.38.4) gtk3 (3.24.24 -> 3.24.25) ipset (7.10 -> 7.11) kmod ldacBT libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libnettle (3.7 -> 3.7.1) libpcap (1.9.1 -> 1.10.0) libqt5-qtwebengine llvm11 mpg123 pam patterns-base pcre pipewire python-py (1.9.0 -> 1.10.0) supportutils systemd tar (1.33 -> 1.34) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim webkit2gtk3 xkeyboard-config (2.31 -> 2.32) xmlsec1 === Details === ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) Subpackages: dracut-ima - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== drpm ==== - skip valgrind checking on aarch64 (bsc#1182493) ==== ell ==== Version update (0.36 -> 0.38) - Update to release 0.38 : * Fix issue with DHCP v6 Rapid Commit option check. * Fix issue with handling RFC8018/RFC1423 padding. * Fix issue with D-Bus filter messages with no interfaces set. * Add support for PKCS#12 certification loading. ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== fwupd ==== Version update (1.5.3 -> 1.5.6) Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Update to 1.5.6: New features: * Add SBAT metadata to the fwupd EFI binary * Add support for GD32VF103 as found in the Longan Nano * Add support for RMI PS2 devices * Add support for the System76 Keyboard * Allow downloading firmware from IPFS * Install the UX data into a single .tar.xz file * Add a plugin to update PixArt RF devices * Add new hardware to use the elantp and rts54hid plugins * Allow specifying more than one VendorID for a device * Detect the AMD TSME encryption state for HSI-4 * Detect the AMI PK test key is not installed for HSI-1 * Add Maple Ridge Thunderbolt firmware parsing support * Add --no-remote-check to ignore checking for download remotes * Allow creating FMAP and Synaptics firmware using builder.xml Fixes: * Add support for the Starlabs LabTop L4 * Allow using an external ESP again * Ask the user to reboot when required if downgrading * Be more paranoid when parsing ASCII buffers and devices * Check if the fwupd BootXXXX entry exists on failure * Clear the pending flag if restarting the system * Do not allow flashing using flashrom if BLE is enabled * Do not allow Lenovo hardware to install multiple capsules * Do not parse the OptionROM image * Do not show Unknown [***] for every client connection * Fix dnload wBlockNum wraparound for ST devices * Fix OOM when using large ArchiveSizeMax values * Fix several crashes spotted by AddressSanitizer * Fix several places where the Goodix MOC plugin could crash * Include the PCR0 to the report metadata * Report the lockdown status from UEFI and SuperIO plugins * Show a console warning if the system clock is not set * Fix flashing a fingerprint reader that is in use * Fix several critical warnings when parsing invalid firmware * Fix updating DFU devices that use DNLOAD_BUSY * Ignore the legacy UEFI OVMF dummy GUID * Make libfwupd more thread safe to fix a crash in gnome-software * Never show unprintable chars from invalid firmware in the logs * Allow using fwupdtool as non-root for firmware commands * Do not trust the Block.HintSystem boolean for ESP filtering * Fix a memory leak when parsing Synaptics firmware * Fix a possible crash when reading the Goodix MOC USB request * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images - Deprecate fwupd-bsc1179790-disable-hintsystem.patch ==== gnome-desktop ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.4: + Updated translations. ==== gtk3 ==== Version update (3.24.24 -> 3.24.25) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.25: + Settings: Make cursor aspect ratio setting work. + Broadway: - Fix touchscreen event handling. - Support Android / Chrome on-screen keyboard. + Wayland: - Avoid crashes with tablet input. - Add api to support clients with subsurfaces better. + Inspector: Make the inspector available in non-debug builds. + Theme: - Make scrollbars larger. - Disable shadows on maximized, fullscreen and tiled windows. + Printing: Support Avahi-discovered printers better. + Input: - Show preedit for compose sequences. - Support long compose sequences. - Support compose sequences producing multiple characters. + Updated translations. ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kmod ==== Subpackages: libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== ldacBT ==== - Exclude building in big-endian architectures (s390 s390x ppc64) since ldacBT requires a little-endian cpu to build. ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== libpcap ==== Version update (1.9.1 -> 1.10.0) - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) * Linux: with a timeout of zero, wait indefinitely * Linux: clean up support for some non-GNU libc C libraries * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP * Fix handling of some ioctls that fail with "permission denied" even when the ioctl isn't supported at all * Added support for ICMPv6 types 1-4 as tokens in filters * Report the DLT description in error messages * Linux: Add support for DSA data link types * Linux USB: use the snapshot length to set the buffer size, and set the len field to reflect the length in the URB * rpcapd: allow rpcapd to rebind more rapidly * Add Haiku pcap implementation * rpcap: redo protocol version negotiation to avoid problems with old servers (it still works with servers using the old negotiation, as well as servers not supporting negotiation) * Remove (unused) SITA support here. * Correctly handle pcapng captures with more than one IDB with a snspshot length greater than the supported maximum - Remove libpcap-no-old-socket.patch - Rebase libpcap-1.0.0-s390.patch ==== libqt5-qtwebengine ==== - Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch - Relax constraints for armv6 and armv7 ==== llvm11 ==== - Don't use gold and ThinLTO on ppc64le because of boo#1181621. - Fix-missing-include.patch: fix build with GCC 11. (boo#1181875) - CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch: Fix target component lookup. (boo#1180748) ==== mpg123 ==== - Avoid unconditional Supplements ==== pam ==== - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== - package testsuite in a separate RPM (boo#1182235) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - ldacBT only builds on little endian architectures, so we can't buildrequire it on big endian systems like s390, s390x or ppc64. ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== supportutils ==== - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 #90 + supportconfig: use readlink /proc/<pid>/cwd to get cwd list instead of lsof #91 + supportconfig: sssd_info consistency #93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 - Additions to version 3.1.12 + Capture IBM Power bootlist (SLE-15557) + Fix spelling typos in man pages #78 + Collect multipath wwids file #77 + Removed unnecessary appname parameter from HTTP upload URL + added aa-status #74 - Additions to version 3.1.12 + [powerpc] Collect logs for power specific components #72 (bscn#1176895) + supportconfig: fs-btrfs: Add "btrfs device stats" output #73 - Additions to version 3.1.11 + Changes affecting supportconfig - disk_info: Show discard information in lsblk #70 - memory_info: Show VMware memory balloon infomation #71 - Addition to version 3.1.10 + Changes affecting analyzevmcore - Fixed typo in error message #67 + Changes affecting supportconfig - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Check btrfs balance status #69 - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j <PID> to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) - Updated to version 3.1.1 + Fixed X missing /prob/fb error (bsc#1127069) + Fixed dasdview -f (bsc#1109664) + Clarified -t help description (bsc#1121043) + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) + Collects systemd journal with minimum install (bsc#1094225) + Supportconfig fails on bzip archives (bsc#1120049) + Get few drbd output & configuration #42 - Corrected missed SUSE separation lines - Fixed invalid exit code commands (bsc#1125666) - CVE-2018-19640: supportutils: Users can kill arbitrary processes (CVE-2018-19640 bsc#1118463) - User can overwrite arbitrary log files in support tar (CVE-2018-19638 bsc#1118460) - Code execution if run with -v (CVE-2018-19639 bsc#1118462) - Static temporary filename allows overwriting of files (CVE-2018-19637 bsc#1117776) - Included additional SUSE separation (bsc#1125609) - Merged added listing of locked packes by zypper #41 - Corrected spec file errors - Added firewall-cmd info - btrfs filesystem usage - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors - Added corosync status to ha_info - Clarified -x functionality in supportconfig(8) (bsc#1115245) - Dump find errors in ib_info - Exclude pam.txt per GDPR by default (bsc#1112461) - udev service and journal content (bsc#1051797) - supportconfig collects tuned profile settings (bsc#1071545) - sfdisk -d no disk device specified (bsc#1043311) - Added vulnerabilites check in basic-health.txt (bsc#1105849) - Added backup rpm database directory - Updated URLs in documentation - Added only sched_domain from cpu0 - Blacklist sched_domain from proc.txt (bsc#1046681) - Use %license instead of %doc [bsc#1082318] - Accounts for firewalld now (bsc#1079137) - Added dmesg taint seach - Removed mii-tool from networking - Updated HA to use chrony - Added kdumptool calibrate to crash.txt - Removed SLES_VER case for sles8,9 and 10 - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service - Fixed no disk device with sfdisk (bsc#1078638) - Removed OPTION_SAM from man pages and resource file - Validated missing commands - Updated apparmor with systemctl service - Replaced deprecated networking commands (bsc#1078318) - Removed sam_info since suse_sam is no longer available - Assigned SLE15 to SLES_VER selections (bsc#1078168) - Includes X without display issue (bsc#1077813) - Fixes for Infiniband (bsc#1071294) - Using chrony for NTP (bsc#1077818) - Added os-release processing (bsc#1077758) - Removed invalid string tty string (bsc#1077681) - Added SLE15 taint values (bsc#1077683) - Added transactional update with OPTION_TRANSACTIONAL=1 - Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL - Fixed docker package detection (bsc#1069457) - Replaced route with ip route (bsc#1070379) - Added systemd-delta to systemd.txt (bsc#1071924) - Changed repos -u to repos -d (bsc#1071926) - Added rdma-core for infiniband (bsc#1071294) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: vim-data-common vim-small - source correct suse.vimrc file (boo#1182324) ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update _constraints for armv6/armv7 ==== xkeyboard-config ==== Version update (2.31 -> 2.32) - Update to version 2.32 * latest bugfix release ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Relax the crypto policies for the test-suite. This allows the tests using certificates with small key lengths to pass.

1 0