September 2021 - openSUSE Kubic - openSUSE Mailing Lists

New Kubic snapshot 20210916 released!
by Richard Brown 18 Sep '21

18 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: harfbuzz (2.8.2 -> 2.9.1) libxkbcommon (1.3.0 -> 1.3.1) multipath-tools (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa) pango (1.48.9 -> 1.48.10) python-Pillow (8.3.1 -> 8.3.2) transactional-update (3.5.3 -> 3.5.4) xen (4.15.0_01 -> 4.15.1_01) === Details === ==== harfbuzz ==== Version update (2.8.2 -> 2.9.1) - harfbuzz 2.9.1: + Subsetter API close to stable + Various fuzzer-found bug fixes + hb_buffer_append() now handles the pre- and post-context which previously were left unchanged in the destination buffer + hb-view / hb-shape now accept following new arguments: - -unicodes: takes a list of hex numbers that represent Unicode codepoints. + Undeprecated API: hb_set_invert() - includes changes from 2.9.0: + Support multiple variation axes with same tag, aka HOI + The coretext testing shaper now passes font variations to CoreText + hb-shape/hb-view does not break line at new lines unless text is read from file + hb-view and hb-subset has a --batch now, similar to hb-shape + The --batch mode now uses ; as argument separator instead of : used previously + The --batch in hb-shape does not expect 0th argument anymore. That is, the lines read are interpreted as argv[1:], instead of argv[0:]. + The --batch option has been undocumented. We are ready to document it; send feedback if you find it useful + hb-subset got arguments revamps. Added much-requested - -gids-file, --glyphs, --glyphs-file, --unicodes-file, supporting ranges in --unicodes. + Various bug fixes ==== libxkbcommon ==== Version update (1.3.0 -> 1.3.1) - Update to release 1.3.1 * In `xkbcli interactive-x11`, use the Esc keysym instead of the Esc keycode for quitting. * In `xkbcli how-to-type`, add `--keysym` argugment for how to type a keysym instead of a Unicode codepoint. * Fix a crash in `xkb_x11_keymap_new_from_device` error handling given some invalid keymaps. Had regressed in 1.2.0. ==== multipath-tools ==== Version update (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa) Subpackages: kpartx libmpath0 - Update to version 0.8.7+14+suse.5a09bfa1: * Fix possible string overflows (bsc#1188148) - Upstream fixes / changes * better string handling * multipath: print warning if multipathd isn't running * mpathpersist: better error msg when no usable paths exist * fixes from 0.8.6+32+suse.f11c192 merged upstream ==== pango ==== Version update (1.48.9 -> 1.48.10) - Update to version 1.48.10: + Fix a crash in strikethrough drawing. + pango-view: - Support antialiasing freetype. - Use GraphicsMagick. ==== python-Pillow ==== Version update (8.3.1 -> 8.3.2) - update to version 8.3.2: * CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere] * Fix 6-byte OOB read in FliDecode [wiredfool] * Add support for Python 3.10 #5569, #5570 [hugovk, radarhere] * Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression [#5588] [kmilos, radarhere] * Updates for ImagePalette channel order #5599 [radarhere] * Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano] ==== transactional-update ==== Version update (3.5.3 -> 3.5.4) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.4 - tukit: Fix resolved support [boo#1190383] ==== xen ==== Version update (4.15.0_01 -> 4.15.1_01) - Update to Xen 4.15.1 bug fix release xen-4.15.1-testing-src.tar.bz2 - Drop patches contained in new tarball 60631c38-VT-d-QI-restore-flush-hooks.patch 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch 60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 608676f2-VT-d-register-based-invalidation-optional.patch 60a27288-x86emul-gas-2-36-test-harness-build.patch 60af933d-x86-gcc11-hypervisor-build.patch 60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch 60afe617-x86-TSX-minor-cleanup-and-improvements.patch 60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch 60be0e24-credit2-pick-runnable-unit.patch 60be0e42-credit2-per-entity-load-tracking-when-continuing.patch 60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch 60bf9e19-Arm-create-dom0less-domUs-earlier.patch 60bf9e1a-Arm-boot-modules-scrubbing.patch 60bf9e1b-VT-d-size-qinval-queue-dynamically.patch 60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch 60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch 60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch 60bfa904-AMD-IOMMU-wait-for-command-slot.patch 60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch 60c0bf86-x86-TSX-cope-with-deprecation.patch 60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch 60c8de6e-osdep_xenforeignmemory_map-prototype.patch 60d49689-VT-d-undo-device-mappings-upon-error.patch 60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch 60d496d6-VT-d-clear_fault_bits-should-clear-all.patch 60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch 60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch libxl-85760c03d664400368a3f76ae0225307c25049a7.patch libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch libxl-qemu6-vnc-password.patch libxl-qemu6-scsi.patch - bsc#1189882 - refresh libxc-sr-restore-hvm-legacy-superpage.patch prevent superpage allocation in the LAPIC and ACPI_INFO range - Drop aarch64-maybe-uninitialized.patch as the fix is in tarball. - Simplify %autosetup - refresh the migration patches to state v20210713 removed libxc-sr-add-xc_is_known_page_type.patch removed libxc-sr-arrays.patch removed libxc-sr-batch_pfns.patch removed libxc-sr-page_type_has_stream_data.patch removed libxc-sr-use-xc_is_known_page_type.patch removed libxc.migrate_tracking.patch removed libxc.sr.superpage.patch removed libxl.set-migration-constraints-from-cmdline.patch added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch added libxc-sr-abort_if_busy.patch added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch added libxc-sr-max_iters.patch added libxc-sr-min_remaining.patch added libxc-sr-number-of-iterations.patch added libxc-sr-precopy_policy.patch added libxc-sr-restore-hvm-legacy-superpage.patch added libxc-sr-track-migration-time.patch added libxc-sr-xg_sr_bitmap-populated_pfns.patch added libxc-sr-xg_sr_bitmap.patch added libxc-sr-xl-migration-debug.patch

1 0

New MicroOS snapshot 20210914 released!
by Richard Brown 16 Sep '21

16 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.14.1 -> 5.14.2) === Details === ==== kernel-source ==== Version update (5.14.1 -> 5.14.2) - Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch (bsc#1189978) Compat patch no longer required since userspace is upgraded to v3.x - commit c28bbe5 - Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957). - commit 762368d - Bluetooth: schedule SCO timeouts with delayed_work (CVE-2021-3640 bsc#1188172). - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - commit 2605fb9 - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - Linux 5.14.2 (bsc#1012628). - ext4: fix race writing to an inline_data file while its xattrs are changing (bsc#1012628). - ext4: fix e2fsprogs checksum failure for mounted filesystem (bsc#1012628). - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG (bsc#1012628). - USB: serial: pl2303: fix GL type detection (bsc#1012628). - USB: serial: cp210x: fix control-characters error handling (bsc#1012628). - USB: serial: cp210x: fix flow-control error handling (bsc#1012628). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (bsc#1012628). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (bsc#1012628). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (bsc#1012628). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628). - ALSA: usb-audio: Work around for XRUN with low latency playback (bsc#1012628). - media: stkwebcam: fix memory leak in stk_camera_probe (bsc#1012628). - commit b155faa - series.conf: cleanup - update upstream reference and move to appropriate section: - patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch - commit 1eedbb8 - crypto: ecc - handle unaligned input buffer in ecc_swap_digits (bsc#1188327). - commit f7925a4 - Refresh patches.suse/scsi-retry-alua-transition-in-progress. - Delete patches.suse/megaraid-mbox-fix-SG_IO. - commit d1e442c - memcg: enable accounting of ipc resources (bsc#1190115 CVE-2021-3759). - commit 9193235

1 0

New Kubic snapshot 20210914 released!
by Richard Brown 16 Sep '21

16 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.14.1 -> 5.14.2) === Details === ==== kernel-source ==== Version update (5.14.1 -> 5.14.2) - Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch (bsc#1189978) Compat patch no longer required since userspace is upgraded to v3.x - commit c28bbe5 - Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957). - commit 762368d - Bluetooth: schedule SCO timeouts with delayed_work (CVE-2021-3640 bsc#1188172). - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - commit 2605fb9 - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - Linux 5.14.2 (bsc#1012628). - ext4: fix race writing to an inline_data file while its xattrs are changing (bsc#1012628). - ext4: fix e2fsprogs checksum failure for mounted filesystem (bsc#1012628). - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG (bsc#1012628). - USB: serial: pl2303: fix GL type detection (bsc#1012628). - USB: serial: cp210x: fix control-characters error handling (bsc#1012628). - USB: serial: cp210x: fix flow-control error handling (bsc#1012628). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (bsc#1012628). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (bsc#1012628). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (bsc#1012628). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628). - ALSA: usb-audio: Work around for XRUN with low latency playback (bsc#1012628). - media: stkwebcam: fix memory leak in stk_camera_probe (bsc#1012628). - commit b155faa - series.conf: cleanup - update upstream reference and move to appropriate section: - patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch - commit 1eedbb8 - crypto: ecc - handle unaligned input buffer in ecc_swap_digits (bsc#1188327). - commit f7925a4 - Refresh patches.suse/scsi-retry-alua-transition-in-progress. - Delete patches.suse/megaraid-mbox-fix-SG_IO. - commit d1e442c - memcg: enable accounting of ipc resources (bsc#1190115 CVE-2021-3759). - commit 9193235

1 0

New MicroOS snapshot 20210913 released!
by Richard Brown 15 Sep '21

15 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: argyllcms (2.1.2 -> 2.2.0) c-ares ghostscript irqbalance libqt5-qtwebengine (5.15.5 -> 5.15.6) libsrtp2 (2.4.0 -> 2.4.1) patterns-base util-linux util-linux-systemd === Details === ==== argyllcms ==== Version update (2.1.2 -> 2.2.0) - Update to version 2.2.0: * Added native i1Pro3 and i1Pro3 Plus driver. * Fix bug in applycal.c where it gets an "Error - Write file: 1, icmTextDescription_write: ascii string is shorter" error on replacing one calibration with another. * Improved i1pro & Munki patch recognition to work much more reliably with a slow swipe speed. * Fixed oeminst to work with spyder V5.5. setup.exe * Fixed bug in oemdld that prevented HTML encoded characters in download file decoding properly, which prevented certain filenames from working. * Fixed bug in ccxxmake -S -f where save error wasn't being fully reported, and display technology presence check was faulty. * Fixed typo in display technology, VPA -> PVA. * Made Klein K10A "Lights Off" command timeout a soft error. For some reason this command doesn't seem to be implemented on some K10A's. * Added CIE dE2000 to spotread output. * Fixed accidental global "wrl" in gamut/gamut.h that cases compile warnings. * For more see http://www.argyllcms.com/doc/ChangesSummary.html - Drop argyllcms--gcc--fno-common.patch (upstreamed with exception of static declaration of struct huft, which is not required). ==== c-ares ==== - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ==== ghostscript ==== - CVE-2021-3781.patch fixes CVE-2021-3781 Trivial -dSAFER bypass cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 (bsc#1190381) ==== irqbalance ==== - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ==== libqt5-qtwebengine ==== Version update (5.15.5 -> 5.15.6) - Update to version 5.15.6: * Update Chromium: + [Backport] CVE-2021-30560: Use after free in Blink XSLT + [Backport] CVE-2021-30566: Stack buffer overflow in Printing + [Backport] CVE-2021-30585: Use after free in sensor handling + Bump V8_PATCH_LEVEL + [Backport] Security bug 1228036 + [Backport] CVE-2021-30604: Use after free in ANGLE + [Backport] CVE-2021-30603: Race in WebAudio + [Backport] CVE-2021-30602: Use after free in WebRTC + [Backport] CVE-2021-30599: Type Confusion in V8 + [Backport] CVE-2021-30598: Type Confusion in V8 + [Backport] Security bug 1227933 + [Backport] Security bug 1205059 + [Backport] Security bug 1184294 + [Backport] Security bug 1198385 + [Backport] CVE-2021-30588: Type Confusion in V8 + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows + [Backport] CVE-2021-30573: Use after free in GPU + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL + [Backport] CVE-2021-30541: Use after free in V8 + [Backport] Security bugs 1197786 and 1194330 + [Backport] Security bug 1194689 + [Backport] CVE-2021-30563: Type Confusion in V8 + [Backport] Security bug 1211215 + [Backport] Security bug 1209558 + [Backport] CVE-2021-30553: Use after free in Network service + [Backport] CVE-2021-30548: Use after free in Loader + [Backport] CVE-2021-30547: Out of bounds write in ANGLE + [Backport] CVE-2021-30556: Use after free in WebAudio + [Backport] CVE-2021-30559: Out of bounds write in ANGLE + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker + [Backport] Security bug 1202534 + [Backport] CVE-2021-30536: Out of bounds read in V8 + [Backport] CVE-2021-30522: Use after free in WebAudio + [Backport] CVE-2021-30554 Use after free in WebGL + [Backport] CVE-2021-30551: Type Confusion in V8 + [Backport] CVE-2021-30544: Use after free in BFCache + [Backport] CVE-2021-30535: Double free in ICU + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio + [Backport] CVE-2021-30523: Use after free in WebRTC + Generate mojo bindings before compiling extension API registration * Bump version from 5.15.5 to 5.15.6 * Always send phased wheel events beginning with Began - Import patch from the chromium package: * 0001-return-ENOSYS-for-clone3.patch - Add changes from the chromium package to 0001-Fix-build-with-glibc-2.34.patch ==== libsrtp2 ==== Version update (2.4.0 -> 2.4.1) - Update to release 2.4.1 * Use a full-length key even with null ciphers ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Fix typo in the icon name for the fips pattern (bsc#1189550) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. ==== util-linux-systemd ==== - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. - login.pamd: use pam_motd to unify motd handling [bsc#1185897]. Else motd snippets of e.g. cockpit will not be shown.

1 0

New Kubic snapshot 20210913 released!
by Richard Brown 15 Sep '21

15 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: c-ares conntrack-tools haproxy (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) irqbalance nfs-utils patterns-base util-linux util-linux-systemd === Details === ==== c-ares ==== - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ==== conntrack-tools ==== - Added hardening to systemd service(s). Modified: * conntrackd.service ==== haproxy ==== Version update (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path ==== irqbalance ==== - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Add 0001-gssd-fix-crash-in-debug-message.patch Fix crash when rpc-gssd run with -v. (boo#1190144) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Fix typo in the icon name for the fips pattern (bsc#1189550) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. ==== util-linux-systemd ==== - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. - login.pamd: use pam_motd to unify motd handling [bsc#1185897]. Else motd snippets of e.g. cockpit will not be shown.

1 0

New MicroOS snapshot 20210912 released!
by Richard Brown 14 Sep '21

14 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: compat-usrmerge gcc glib2 krb5 libseccomp (2.5.1 -> 2.5.2) microos-tools (2.11 -> 2.12) open-iscsi openexr pipewire (0.3.34 -> 0.3.35) python-Jinja2 python38 (3.8.11 -> 3.8.12) python38-core (3.8.11 -> 3.8.12) qemu systemd === Details === ==== compat-usrmerge ==== - statically link xmv to avoid glibc 2.34 dependency (__libc_start_main(a)GLIBC_2.34) - turn on filetriggers in main package. Needed for single transaction upgrades (boo#1189788) ==== gcc ==== - Add libgccjit%{libgccjit_sover}-devel package ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - desktop-file-utils: add Pantheon desktop environment ==== krb5 ==== - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ==== libseccomp ==== Version update (2.5.1 -> 2.5.2) - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ==== microos-tools ==== Version update (2.11 -> 2.12) - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - Add patch to fix OpenEXRCore.testHUF on armv7: * openexr-fix-armv7.patch * openexr-fix-armv7-2.patch ==== pipewire ==== Version update (0.3.34 -> 0.3.35) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.35: * Highlights: - S/PDIF passthrough over optical or HDMI is now implemented. - Some critical fixes to MIDI, draining of streams and various modules. - skypeforlinux should work better now after adding it to the quirks database. - Bluetooth codecs are now in separate plugins to make it easier to ship them. * PipeWire: - Drain was fixed in pw-stream. In some cases it would not clear the drain state correctly. Fixes the issue where speaker-test would only play one channel. - Loopback connections to a driver will now activate the driver. This fixes an issue where MIDI connections between devices or some applications (puredata) would not get any MIDI messages. (#1559)x. - The audiomixer can now mix more formats. Together with the passthrough improvements this can be used to avoid conversions to/from the DSP format in some cases. - Make sure we idle drivers when removing a node from it in all cases. JACK clients could keep a driver node busy. - Add new methods to accumulate object info. The old one was difficult to use when applications need to accumulate multiple changes. - A new interface to load modules has been added. Plugins can use this to ask the host (PipeWire) to load spa plugins. - Increase param buffer size to handle larger params. Nodes with a large number of channels would sometimes not have properties. (#1574) - Concurrent link negotiation that caused some links to not work, is now avoided. This fixes monitor ports in Ardour6. - Small tweaks to how the quantum and rate are handled when nodes move between drivers. Make node.lock-quantum work with node.latency * PipeWire modules: - The convolver plugin in filter-chain has been optimized some more. - The echo-cancel stream properties were improved so that it actually can remember the streams it links to. (#1557) - module-pulse-tunnel had the buffer attributes wrong and would cause high latency with older pulseaudio servers. (#1434) - module-roc had the properties configured wrongly, which would cause it to not work at all in most cases. (#1538) - There is now an example of a 7.1 virtual surround sink using the hesuvi impulse responses. - The convolver now supports dirac pulses as the IR. * ALSA: - UCM config is now cached per device, using up less memory. It also temporarily works around a problem in alsa-lib that is now being patched and rolled out. Should stop devices from disappearing when logging out and back in. (#1553) - Fix the MIDI clock rate matching. It was too sensitive to small changes and would spiral out of control and break MIDI rather quickly. * pipewire-media-session: - The media session can now save and restore IEC958 (S/PDIF) codecs for the sinks. - Passthrough of IEC958 (S/PDIF) content is now possible. If the client and the sink contain a compatible set of codecs, an exclusive connection can be made between client and sink to pass the encoded S/PDIF content directly to the device. - Use new introspection info update methods to suspend nodes in all cases. Sometimes, nodes would fail to suspend because the state info was not evaluated. - The media session can now work in non-DSP mode, which will try to avoid any audio conversions between client and device when possible. But, this will also disable compatibility with JACK applications. * Bluetooth - Bluetooth codecs are now compiled into separate plugins which are dynamically loaded. This makes it possible to change the plugin implementation or ship plugins separately without having to recompile the bluetooth module. * PulseAudio server - Delay stream create reply until the stream is linked to a sink/source. - The device-restore extension is now implemented. This makes it possible to configure the IEC958 (S/PDIF) codecs supported by the sink with pavucontrol. - skypeforlinux now uses the same quirks as teams to make the sinks show up in all cases. This fixes the issue of not being able to hear the remote end in skypeforlinux. * JACK - Improve catia and carla compatibility by caching objects a little longer after being removed. (#1531) - JACK ports now notify the negotiated format correctly. - A potential deadlock was fixed when multiple threads would perform a call that would require a roundtrip. - Improve bufsize callback, it should not be called right after doing activate() but only when the buffersize changes later. - Add tweak to disable the process lock. Some older apps might not expect it. (#1576) * Docs - man pages are now generated with rst2man. - DMA-BUF docs were updated. - Documentation updates. - Replace BuildRequires xmltoman with docutils (rst2man) - Update libcamera Buildrequires. ==== python-Jinja2 ==== - Add no-warnings-as-errors.patch: * Do not treat warnings as errors until upstream fix using async loops. ==== python38 ==== Version update (3.8.11 -> 3.8.12) - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== python38-core ==== Version update (3.8.11 -> 3.8.12) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== qemu ==== - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Drop dependency on m4 (replaced by Jinja2)

1 0

New Kubic snapshot 20210912 released!
by Richard Brown 14 Sep '21

14 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: compat-usrmerge glib2 krb5 libseccomp (2.5.1 -> 2.5.2) microos-tools (2.11 -> 2.12) open-iscsi python-Jinja2 python38 (3.8.11 -> 3.8.12) python38-core (3.8.11 -> 3.8.12) qemu systemd === Details === ==== compat-usrmerge ==== - statically link xmv to avoid glibc 2.34 dependency (__libc_start_main(a)GLIBC_2.34) - turn on filetriggers in main package. Needed for single transaction upgrades (boo#1189788) ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - desktop-file-utils: add Pantheon desktop environment ==== krb5 ==== - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ==== libseccomp ==== Version update (2.5.1 -> 2.5.2) - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ==== microos-tools ==== Version update (2.11 -> 2.12) - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ==== python-Jinja2 ==== - Add no-warnings-as-errors.patch: * Do not treat warnings as errors until upstream fix using async loops. ==== python38 ==== Version update (3.8.11 -> 3.8.12) - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== python38-core ==== Version update (3.8.11 -> 3.8.12) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== qemu ==== - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Drop dependency on m4 (replaced by Jinja2)

1 0

New MicroOS snapshot 20210910 released!
by Richard Brown 12 Sep '21

12 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ell (0.42 -> 0.43) ibus (1.5.24 -> 1.5.25) kernel-source (5.14.0 -> 5.14.1) pam-config (1.3 -> 1.4) python-ordered-set (3.1.1 -> 4.0.2) python-simplejson (3.17.3 -> 3.17.5) system-users sysuser-tools === Details === ==== ell ==== Version update (0.42 -> 0.43) - Update to release 0.43 * Add support for DHCP Rapid Commit feature. * Add support for DHCP authorative mode feature. ==== ibus ==== Version update (1.5.24 -> 1.5.25) Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Refresh ibus-socket-name-compatibility.patch - Add ibus-missing-include.patch to fix build on Leap - Add ibus-fix-wrong-cursor-location.patch (based on https://github.com/ibus/ibus/commit/936a0e76df79d92a8bdc03e9205330fb84a2083…) (gh#ibus/ibus#2337) - Drop ibus-python-install-dir.patch Two reasons: it's for, disabled in .spec, python2, and patch forces the re-generation of configure, which requires aclocal-1.16, unavailable on Leap-15.3, and that breaks the build. - Update version to 1.5.25 * src/tests: Run gnome-session with no-overview mode * client/gtk2: Implement ibus_im_context_set_surrounding_with_selection * src/ibuscomposetable: Do not include the same compose file * src/ibusenginesimple: Multi_key to 0xB7 * src/ibusenginesimple: Make Compose preedit less intrusive * Change default Emoji shortcut key * setup: Enhance engine search function * client/gtk2/ibusimcontext: Enable sync process in GTK4 * engine: Update simple.xml with xkeyboard-config 2.33 * src/ibuscomposetable: Add support for the include directive (lf-) * src/ibuscomposetable: Fix a buffer overflow in compose handling (lf-) * client/x11: Add support for XFixes ClientDisconnectMode (Olivier Fourdan) * setup: Start ibus-daemon with the --daemonize option (Gunnar Hjalmarsson) * src: Fix a typo in ibusenginesimple.h (user202729) * Update translations ==== kernel-source ==== Version update (5.14.0 -> 5.14.1) - watchdog: Fix NULL pointer dereference when releasing cdev (bsc#1190093). - Update config files. We can enable the option after this fix again. - commit 65109d0 - Linux 5.14.1 (bsc#1012628). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (bsc#1012628). - net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628). - btrfs: fix NULL pointer dereference when deleting device by invalid id (bsc#1012628). - Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1012628). - ext4: report correct st_size for encrypted symlinks (bsc#1012628). - f2fs: report correct st_size for encrypted symlinks (bsc#1012628). - ubifs: report correct st_size for encrypted symlinks (bsc#1012628). - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls (bsc#1012628). - audit: move put_tree() to avoid trim_trees refcount underflow and UAF (bsc#1012628). - commit 1059c60 - update patches metadata - update upstream references: - patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch - patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch - patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch - patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch - commit c2e3f15 - HID: usbhid: Simplify code in hid_submit_ctrl() (<cover.1630658591.git.mkubecek(a)suse.cz>). - HID: usbhid: Fix warning caused by 0-length input reports (<cover.1630658591.git.mkubecek(a)suse.cz>). - HID: usbhid: Fix flood of "control queue full" messages (<cover.1630658591.git.mkubecek(a)suse.cz>). - commit 4552165 - Delete patches.suse/hid-fix-length-inconsistency.patch. To be replaced by a cherry pick of corresponding upstream commits. - commit ba7e2a2 - Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964) The regression addressed by this revert was fixed properly by mainline commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") in 5.7. - commit 775ed38 - series.conf: cleanup Move queued patches to "almost mainline" section. No effect on expanded tree. - commit e91bb9d - vt_kdsetmode: extend console locking (bsc#1190025 CVE-2021-3753). - commit 18d6ea3 - Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT (bsc#1190093) - commit 55bd270 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640 bsc#1188172). - commit b9d15a3 - Delete patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959). No longer needed, since it's upstream now. - commit b1aeba4 - arm64: Update config files. (bsc#1189922) Enable ISP1760_DUAL_ROLE - commit c265161 - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a ==== pam-config ==== Version update (1.3 -> 1.4) - Update to version 1.4 - Fix support for mulitple locations for configuration files - Drop pam-config-fix-pam_keyinit-options.patch - Drop pam-config-remove-bad-access-call.patch ==== python-ordered-set ==== Version update (3.1.1 -> 4.0.2) - Update to version 4.0.2 * Restore compatibility with Python 3.5 * fix packaging, remove vestiges of type stubs * Remove unused type * Add a mailmap * remove old .pyi type stub * Implement code review suggestions for types * Code formatting (isort and black) * Move type annotations inline * Directly distribute type stub file via PEP 561 * Handle another indexing case from NumPy ==== python-simplejson ==== Version update (3.17.3 -> 3.17.5) - update to 3.17.5: * Fix the C extension module to harden is_namedtuple against looks-a-likes such as Mocks. Also prevent dict encoding from causing an unraised SystemError when encountering a non-Dict. Noticed by running user tests against a CPython interpreter with C asserts enabled (COPTS += -UNDEBUG). ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody system-user-tss - Set shell for nobody in sysusers.d config ==== sysuser-tools ==== - Add support for new shell field [bsc#1189518]

1 0

New Kubic snapshot 20210910 released!
by Richard Brown 12 Sep '21

12 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.14.0 -> 5.14.1) pam-config (1.3 -> 1.4) python-ordered-set (3.1.1 -> 4.0.2) python-simplejson (3.17.3 -> 3.17.5) system-users sysuser-tools === Details === ==== kernel-source ==== Version update (5.14.0 -> 5.14.1) - watchdog: Fix NULL pointer dereference when releasing cdev (bsc#1190093). - Update config files. We can enable the option after this fix again. - commit 65109d0 - Linux 5.14.1 (bsc#1012628). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (bsc#1012628). - net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628). - btrfs: fix NULL pointer dereference when deleting device by invalid id (bsc#1012628). - Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1012628). - ext4: report correct st_size for encrypted symlinks (bsc#1012628). - f2fs: report correct st_size for encrypted symlinks (bsc#1012628). - ubifs: report correct st_size for encrypted symlinks (bsc#1012628). - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls (bsc#1012628). - audit: move put_tree() to avoid trim_trees refcount underflow and UAF (bsc#1012628). - commit 1059c60 - update patches metadata - update upstream references: - patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch - patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch - patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch - patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch - commit c2e3f15 - HID: usbhid: Simplify code in hid_submit_ctrl() (<cover.1630658591.git.mkubecek(a)suse.cz>). - HID: usbhid: Fix warning caused by 0-length input reports (<cover.1630658591.git.mkubecek(a)suse.cz>). - HID: usbhid: Fix flood of "control queue full" messages (<cover.1630658591.git.mkubecek(a)suse.cz>). - commit 4552165 - Delete patches.suse/hid-fix-length-inconsistency.patch. To be replaced by a cherry pick of corresponding upstream commits. - commit ba7e2a2 - Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964) The regression addressed by this revert was fixed properly by mainline commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") in 5.7. - commit 775ed38 - series.conf: cleanup Move queued patches to "almost mainline" section. No effect on expanded tree. - commit e91bb9d - vt_kdsetmode: extend console locking (bsc#1190025 CVE-2021-3753). - commit 18d6ea3 - Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT (bsc#1190093) - commit 55bd270 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640 bsc#1188172). - commit b9d15a3 - Delete patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959). No longer needed, since it's upstream now. - commit b1aeba4 - arm64: Update config files. (bsc#1189922) Enable ISP1760_DUAL_ROLE - commit c265161 - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a ==== pam-config ==== Version update (1.3 -> 1.4) - Update to version 1.4 - Fix support for mulitple locations for configuration files - Drop pam-config-fix-pam_keyinit-options.patch - Drop pam-config-remove-bad-access-call.patch ==== python-ordered-set ==== Version update (3.1.1 -> 4.0.2) - Update to version 4.0.2 * Restore compatibility with Python 3.5 * fix packaging, remove vestiges of type stubs * Remove unused type * Add a mailmap * remove old .pyi type stub * Implement code review suggestions for types * Code formatting (isort and black) * Move type annotations inline * Directly distribute type stub file via PEP 561 * Handle another indexing case from NumPy ==== python-simplejson ==== Version update (3.17.3 -> 3.17.5) - update to 3.17.5: * Fix the C extension module to harden is_namedtuple against looks-a-likes such as Mocks. Also prevent dict encoding from causing an unraised SystemError when encountering a non-Dict. Noticed by running user tests against a CPython interpreter with C asserts enabled (COPTS += -UNDEBUG). ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody system-user-tss - Set shell for nobody in sysusers.d config ==== sysuser-tools ==== - Add support for new shell field [bsc#1189518]

1 0

New MicroOS snapshot 20210908 released!
by Richard Brown 10 Sep '21

10 Sep '21

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: chrony fuse3 (3.10.4 -> 3.10.5) gnome-shell-extensions grub2 json-glib (1.6.4 -> 1.6.6) mdadm mpg123 (1.28.2 -> 1.29.0) patterns-microos pinentry (1.1.1 -> 1.2.0) transactional-update (3.5.2 -> 3.5.3) vulkan-loader (1.2.182.0 -> 1.2.189.0) xdg-utils (1.1.3+20200220 -> 1.1.3+20201113) yast2 (4.4.16 -> 4.4.17) === Details === ==== chrony ==== Subpackages: chrony-pool-openSUSE - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch ==== fuse3 ==== Version update (3.10.4 -> 3.10.5) - Update to release 3.10.5 * Various improvements to make unit tests more robust. ==== gnome-shell-extensions ==== - Add dependency on gnome-shell-extensions-common for gnome-shell-classic to fix the translations in SLE Classic and GNOME Classic(bsc#1190016 jsc#SLE-20311). ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061) * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch - Add btrfs zstd compression on i386-pc and also make sure it won't break existing grub installations (bsc#1161823) * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch - Delete the author list from %description (the %description section is literally for package descriptions (only) these days, encoding was also problematic). - Add %doc AUTHORS to get packaged that info ==== json-glib ==== Version update (1.6.4 -> 1.6.6) Subpackages: libjson-glib-1_0-0 typelib-1_0-Json-1_0 - Update to version 1.6.6: + New release with the documentation and gi-docgen included in the archive. - Drop gtk-doc BuildRequires, no longer needed, nor used. - Add docbook-xsl-stylesheets and libxslt-tools BuildRequires, needed for building of manpages. ==== mdadm ==== - Remove Spare drives line from details for external metadata (bsc#1180661, bsc#1182642) 0118-Remove-Spare-drives-line-from-details-for-external-m.patch - Don't associate spares with other arrays during RAID Examine (bsc#1180661, bsc#1182642) 0119-Don-t-associate-spares-with-other-arrays-during-RAID.patch ==== mpg123 ==== Version update (1.28.2 -> 1.29.0) - Update to version 1.29.0 build: * added --enable-runtime-tables libmpg123: * Float deocder runtime table computation is back as option, based on suggestion and initial patch by Ethan Halsall for a smaller download size of the wasm decoder built from libmpg23. This only trims the size of the binary on disk (network), for runtime overhead and a bit of uneasyness about concurrency during table computation, which happens implicitly on handle initialization, only guarded by an integer flag. This does _not_ revive mpg123_init(). * The ID3v2 UTF-16 BOM check is now a straight-on loop and not a recursive function. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add ethtool to hardware pattern [jsc#PM-2983] - Remove haveged (obsolete with recent kernels) [bsc#1190024] ==== pinentry ==== Version update (1.1.1 -> 1.2.0) Subpackages: pinentry-qt5 - pinentry 1.2.0: * qt: Show a warning if Caps Lock is on * qt: Support password formatting. This makes generated passwords easier to transcribe * qt: Fix showing of pinentry window on Wayland * qt: Check passphrase constraints before accepting passphrase if passphrase constraints are requested to be enforced * qt: Improve detection of running in a GUI session * qt: Improve accessibility when entering new password ==== transactional-update ==== Version update (3.5.2 -> 3.5.3) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.3 - t-u: Purge kernels as part of package operations Required for live patching support [bsc#1189728] ==== vulkan-loader ==== Version update (1.2.182.0 -> 1.2.189.0) - Update to release SDK-1.2.189.0 * loader: Dont return OOM on function load failure * Deallocate the extension lists when deleting an item from layer list * Add layer and implementation-specific logging * Allow "icd" as well as "implem" for VK_LOADER_DEBUG * Fix Vulkan CTS testcase bug: "create_instance_device_intentional_alloc_fail" * loader: Fix accidental error propagation ==== xdg-utils ==== Version update (1.1.3+20200220 -> 1.1.3+20201113) - Update to version 1.1.3+20201113: * Fix xdg-settings support for default-web-browser for Plasma 5.19+ ==== yast2 ==== Version update (4.4.16 -> 4.4.17) - Mark systemd unit/service state "maintenance" as active (bsc#1190163) - 4.4.17

1 0