Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
harfbuzz (2.8.2 -> 2.9.1)
libxkbcommon (1.3.0 -> 1.3.1)
multipath-tools (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa)
pango (1.48.9 -> 1.48.10)
python-Pillow (8.3.1 -> 8.3.2)
transactional-update (3.5.3 -> 3.5.4)
xen (4.15.0_01 -> 4.15.1_01)
=== Details ===
==== harfbuzz ====
Version update (2.8.2 -> 2.9.1)
- harfbuzz 2.9.1:
+ Subsetter API close to stable
+ Various fuzzer-found bug fixes
+ hb_buffer_append() now handles the pre- and post-context which
previously were left unchanged in the destination buffer
+ hb-view / hb-shape now accept following new arguments:
- -unicodes: takes a list of hex numbers that represent Unicode
codepoints.
+ Undeprecated API: hb_set_invert()
- includes changes from 2.9.0:
+ Support multiple variation axes with same tag, aka HOI
+ The coretext testing shaper now passes font variations to
CoreText
+ hb-shape/hb-view does not break line at new lines unless text
is read from file
+ hb-view and hb-subset has a --batch now, similar to hb-shape
+ The --batch mode now uses ; as argument separator instead of :
used previously
+ The --batch in hb-shape does not expect 0th argument anymore.
That is, the lines read are interpreted as argv[1:], instead
of argv[0:].
+ The --batch option has been undocumented. We are ready to
document it; send feedback if you find it useful
+ hb-subset got arguments revamps. Added much-requested
- -gids-file, --glyphs, --glyphs-file, --unicodes-file,
supporting ranges in --unicodes.
+ Various bug fixes
==== libxkbcommon ====
Version update (1.3.0 -> 1.3.1)
- Update to release 1.3.1
* In `xkbcli interactive-x11`, use the Esc keysym instead of
the Esc keycode for quitting.
* In `xkbcli how-to-type`, add `--keysym` argugment for how to
type a keysym instead of a Unicode codepoint.
* Fix a crash in `xkb_x11_keymap_new_from_device` error
handling given some invalid keymaps. Had regressed in 1.2.0.
==== multipath-tools ====
Version update (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa)
Subpackages: kpartx libmpath0
- Update to version 0.8.7+14+suse.5a09bfa1:
* Fix possible string overflows (bsc#1188148)
- Upstream fixes / changes
* better string handling
* multipath: print warning if multipathd isn't running
* mpathpersist: better error msg when no usable paths exist
* fixes from 0.8.6+32+suse.f11c192 merged upstream
==== pango ====
Version update (1.48.9 -> 1.48.10)
- Update to version 1.48.10:
+ Fix a crash in strikethrough drawing.
+ pango-view:
- Support antialiasing freetype.
- Use GraphicsMagick.
==== python-Pillow ====
Version update (8.3.1 -> 8.3.2)
- update to version 8.3.2:
* CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]
* Fix 6-byte OOB read in FliDecode [wiredfool]
* Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]
* Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression
[#5588] [kmilos, radarhere]
* Updates for ImagePalette channel order #5599 [radarhere]
* Hide FriBiDi shim symbols to avoid conflict with real FriBiDi
library #5651 [nulano]
==== transactional-update ====
Version update (3.5.3 -> 3.5.4)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.4
- tukit: Fix resolved support [boo#1190383]
==== xen ====
Version update (4.15.0_01 -> 4.15.1_01)
- Update to Xen 4.15.1 bug fix release
xen-4.15.1-testing-src.tar.bz2
- Drop patches contained in new tarball
60631c38-VT-d-QI-restore-flush-hooks.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-revert-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl-qemu6-vnc-password.patch
libxl-qemu6-scsi.patch
- bsc#1189882 - refresh libxc-sr-restore-hvm-legacy-superpage.patch
prevent superpage allocation in the LAPIC and ACPI_INFO range
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
- Simplify %autosetup
- refresh the migration patches to state v20210713
removed libxc-sr-add-xc_is_known_page_type.patch
removed libxc-sr-arrays.patch
removed libxc-sr-batch_pfns.patch
removed libxc-sr-page_type_has_stream_data.patch
removed libxc-sr-use-xc_is_known_page_type.patch
removed libxc.migrate_tracking.patch
removed libxc.sr.superpage.patch
removed libxl.set-migration-constraints-from-cmdline.patch
added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch
added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch
added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch
added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch
added libxc-sr-abort_if_busy.patch
added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch
added libxc-sr-max_iters.patch
added libxc-sr-min_remaining.patch
added libxc-sr-number-of-iterations.patch
added libxc-sr-precopy_policy.patch
added libxc-sr-restore-hvm-legacy-superpage.patch
added libxc-sr-track-migration-time.patch
added libxc-sr-xg_sr_bitmap-populated_pfns.patch
added libxc-sr-xg_sr_bitmap.patch
added libxc-sr-xl-migration-debug.patch
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
kernel-source (5.14.1 -> 5.14.2)
=== Details ===
==== kernel-source ====
Version update (5.14.1 -> 5.14.2)
- Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch
(bsc#1189978)
Compat patch no longer required since userspace is upgraded to v3.x
- commit c28bbe5
- Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957).
- commit 762368d
- Bluetooth: schedule SCO timeouts with delayed_work
(CVE-2021-3640 bsc#1188172).
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 2605fb9
- rpm/kernel-source.spec.in: do some more for vanilla_only
Make sure:
* sources are NOT executable
* env is not used as interpreter
* timestamps are correct
We do all this for normal kernel builds, but not for vanilla_only
kernels (linux-next and vanilla).
- commit b41e4fd
- Linux 5.14.2 (bsc#1012628).
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1012628).
- ext4: fix e2fsprogs checksum failure for mounted filesystem
(bsc#1012628).
- xtensa: fix kconfig unmet dependency warning for
HAVE_FUTEX_CMPXCHG (bsc#1012628).
- USB: serial: pl2303: fix GL type detection (bsc#1012628).
- USB: serial: cp210x: fix control-characters error handling
(bsc#1012628).
- USB: serial: cp210x: fix flow-control error handling
(bsc#1012628).
- ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
(bsc#1012628).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
(bsc#1012628).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
ROG Strix G17 (bsc#1012628).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628).
- ALSA: usb-audio: Work around for XRUN with low latency playback
(bsc#1012628).
- media: stkwebcam: fix memory leak in stk_camera_probe
(bsc#1012628).
- commit b155faa
- series.conf: cleanup
- update upstream reference and move to appropriate section:
- patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch
- commit 1eedbb8
- crypto: ecc - handle unaligned input buffer in ecc_swap_digits
(bsc#1188327).
- commit f7925a4
- Refresh patches.suse/scsi-retry-alua-transition-in-progress.
- Delete patches.suse/megaraid-mbox-fix-SG_IO.
- commit d1e442c
- memcg: enable accounting of ipc resources (bsc#1190115
CVE-2021-3759).
- commit 9193235
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
kernel-source (5.14.1 -> 5.14.2)
=== Details ===
==== kernel-source ====
Version update (5.14.1 -> 5.14.2)
- Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch
(bsc#1189978)
Compat patch no longer required since userspace is upgraded to v3.x
- commit c28bbe5
- Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957).
- commit 762368d
- Bluetooth: schedule SCO timeouts with delayed_work
(CVE-2021-3640 bsc#1188172).
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 2605fb9
- rpm/kernel-source.spec.in: do some more for vanilla_only
Make sure:
* sources are NOT executable
* env is not used as interpreter
* timestamps are correct
We do all this for normal kernel builds, but not for vanilla_only
kernels (linux-next and vanilla).
- commit b41e4fd
- Linux 5.14.2 (bsc#1012628).
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1012628).
- ext4: fix e2fsprogs checksum failure for mounted filesystem
(bsc#1012628).
- xtensa: fix kconfig unmet dependency warning for
HAVE_FUTEX_CMPXCHG (bsc#1012628).
- USB: serial: pl2303: fix GL type detection (bsc#1012628).
- USB: serial: cp210x: fix control-characters error handling
(bsc#1012628).
- USB: serial: cp210x: fix flow-control error handling
(bsc#1012628).
- ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
(bsc#1012628).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
(bsc#1012628).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
ROG Strix G17 (bsc#1012628).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628).
- ALSA: usb-audio: Work around for XRUN with low latency playback
(bsc#1012628).
- media: stkwebcam: fix memory leak in stk_camera_probe
(bsc#1012628).
- commit b155faa
- series.conf: cleanup
- update upstream reference and move to appropriate section:
- patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch
- commit 1eedbb8
- crypto: ecc - handle unaligned input buffer in ecc_swap_digits
(bsc#1188327).
- commit f7925a4
- Refresh patches.suse/scsi-retry-alua-transition-in-progress.
- Delete patches.suse/megaraid-mbox-fix-SG_IO.
- commit d1e442c
- memcg: enable accounting of ipc resources (bsc#1190115
CVE-2021-3759).
- commit 9193235
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
argyllcms (2.1.2 -> 2.2.0)
c-ares
ghostscript
irqbalance
libqt5-qtwebengine (5.15.5 -> 5.15.6)
libsrtp2 (2.4.0 -> 2.4.1)
patterns-base
util-linux
util-linux-systemd
=== Details ===
==== argyllcms ====
Version update (2.1.2 -> 2.2.0)
- Update to version 2.2.0:
* Added native i1Pro3 and i1Pro3 Plus driver.
* Fix bug in applycal.c where it gets an "Error - Write file: 1,
icmTextDescription_write: ascii string is shorter" error on
replacing one calibration with another.
* Improved i1pro & Munki patch recognition to work much more
reliably with a slow swipe speed.
* Fixed oeminst to work with spyder V5.5. setup.exe
* Fixed bug in oemdld that prevented HTML encoded characters in
download file decoding properly, which prevented certain
filenames from working.
* Fixed bug in ccxxmake -S -f where save error wasn't being fully
reported, and display technology presence check was faulty.
* Fixed typo in display technology, VPA -> PVA.
* Made Klein K10A "Lights Off" command timeout a soft error. For
some reason this command doesn't seem to be implemented on some
K10A's.
* Added CIE dE2000 to spotread output.
* Fixed accidental global "wrl" in gamut/gamut.h that cases
compile warnings.
* For more see http://www.argyllcms.com/doc/ChangesSummary.html
- Drop argyllcms--gcc--fno-common.patch (upstreamed with exception
of static declaration of struct huft, which is not required).
==== c-ares ====
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
==== ghostscript ====
- CVE-2021-3781.patch fixes CVE-2021-3781
Trivial -dSAFER bypass
cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
(bsc#1190381)
==== irqbalance ====
- Update to version 1.8.0.18.git+2435e8d:
* fix unsigned integer subtraction sign overflow
* fix opendir fails in check_platform_device
* irqbalance: Check validity of numa_node
* configure.ac: use pkg-config to find numa
* Disable the communication socket when UI is disabled
* Fix comma typo in ui.c
* drop NoNewPrivs from irqbalance service
* remove no existing irq in banned_irqs
* Fix compile issue with none AARCH64 builds
- Fixes integrated mainline:
* bsc#1119461
* bsc#1138190
* bsc#1154905
* bsc#1178477 bsc#1183405 (removed patches due to mainline integration):
procinterrupts-check-xen-dyn-event-more-flexible.patch
* bsc#1182254 bsc#1156315 (removed patches due to mainline integration):
fix-ambiguous-parsing-of-node-entries-in-sys.patch
* bsc#1183157
also-fetch-node-info-for-non-PCI-devices.patch
==== libqt5-qtwebengine ====
Version update (5.15.5 -> 5.15.6)
- Update to version 5.15.6:
* Update Chromium:
+ [Backport] CVE-2021-30560: Use after free in Blink XSLT
+ [Backport] CVE-2021-30566: Stack buffer overflow in Printing
+ [Backport] CVE-2021-30585: Use after free in sensor handling
+ Bump V8_PATCH_LEVEL
+ [Backport] Security bug 1228036
+ [Backport] CVE-2021-30604: Use after free in ANGLE
+ [Backport] CVE-2021-30603: Race in WebAudio
+ [Backport] CVE-2021-30602: Use after free in WebRTC
+ [Backport] CVE-2021-30599: Type Confusion in V8
+ [Backport] CVE-2021-30598: Type Confusion in V8
+ [Backport] Security bug 1227933
+ [Backport] Security bug 1205059
+ [Backport] Security bug 1184294
+ [Backport] Security bug 1198385
+ [Backport] CVE-2021-30588: Type Confusion in V8
+ [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
+ [Backport] CVE-2021-30573: Use after free in GPU
+ [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
+ [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
+ [Backport] CVE-2021-30541: Use after free in V8
+ [Backport] Security bugs 1197786 and 1194330
+ [Backport] Security bug 1194689
+ [Backport] CVE-2021-30563: Type Confusion in V8
+ [Backport] Security bug 1211215
+ [Backport] Security bug 1209558
+ [Backport] CVE-2021-30553: Use after free in Network service
+ [Backport] CVE-2021-30548: Use after free in Loader
+ [Backport] CVE-2021-30547: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30556: Use after free in WebAudio
+ [Backport] CVE-2021-30559: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
+ [Backport] Security bug 1202534
+ [Backport] CVE-2021-30536: Out of bounds read in V8
+ [Backport] CVE-2021-30522: Use after free in WebAudio
+ [Backport] CVE-2021-30554 Use after free in WebGL
+ [Backport] CVE-2021-30551: Type Confusion in V8
+ [Backport] CVE-2021-30544: Use after free in BFCache
+ [Backport] CVE-2021-30535: Double free in ICU
+ [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
+ [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
+ [Backport] CVE-2021-30523: Use after free in WebRTC
+ Generate mojo bindings before compiling extension API registration
* Bump version from 5.15.5 to 5.15.6
* Always send phased wheel events beginning with Began
- Import patch from the chromium package:
* 0001-return-ENOSYS-for-clone3.patch
- Add changes from the chromium package to
0001-Fix-build-with-glibc-2.34.patch
==== libsrtp2 ====
Version update (2.4.0 -> 2.4.1)
- Update to release 2.4.1
* Use a full-length key even with null ciphers
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- Fix typo in the icon name for the fips pattern (bsc#1189550)
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
==== util-linux-systemd ====
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
- login.pamd: use pam_motd to unify motd handling [bsc#1185897].
Else motd snippets of e.g. cockpit will not be shown.
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
c-ares
conntrack-tools
haproxy (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea)
irqbalance
nfs-utils
patterns-base
util-linux
util-linux-systemd
=== Details ===
==== c-ares ====
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
==== conntrack-tools ====
- Added hardening to systemd service(s). Modified:
* conntrackd.service
==== haproxy ====
Version update (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea)
- Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877)
* [RELEASE] Released version 2.4.4
* Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"
* BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
* CLEANUP: htx: remove comments about "must be < 256 MB"
* BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
* DOC: configuration: remove wrong tcp-request examples in tcp-response
* BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
* CLEANUP: Add missing include guard to signal.h
* BUG/MINOR: tools: Fix loop condition in dump_text()
* BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
* BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
* MINOR: time: add report_idle() to report process-wide idle time
* BUG/MINOR: time: fix idle time computation for long sleeps
* BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
* MINOR: compiler: implement an ONLY_ONCE() macro
* BUG/MINOR: base64: base64urldec() ignores padding in output size check
* BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
* BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
* MINOR: hlua: take the global Lua lock inside a global function
* REGTESTS: abortonclose: after retries, 503 is expected, not close
* REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
* BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
==== irqbalance ====
- Update to version 1.8.0.18.git+2435e8d:
* fix unsigned integer subtraction sign overflow
* fix opendir fails in check_platform_device
* irqbalance: Check validity of numa_node
* configure.ac: use pkg-config to find numa
* Disable the communication socket when UI is disabled
* Fix comma typo in ui.c
* drop NoNewPrivs from irqbalance service
* remove no existing irq in banned_irqs
* Fix compile issue with none AARCH64 builds
- Fixes integrated mainline:
* bsc#1119461
* bsc#1138190
* bsc#1154905
* bsc#1178477 bsc#1183405 (removed patches due to mainline integration):
procinterrupts-check-xen-dyn-event-more-flexible.patch
* bsc#1182254 bsc#1156315 (removed patches due to mainline integration):
fix-ambiguous-parsing-of-node-entries-in-sys.patch
* bsc#1183157
also-fetch-node-info-for-non-PCI-devices.patch
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client
- Add 0001-gssd-fix-crash-in-debug-message.patch
Fix crash when rpc-gssd run with -v.
(boo#1190144)
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base
- Fix typo in the icon name for the fips pattern (bsc#1189550)
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
==== util-linux-systemd ====
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
- login.pamd: use pam_motd to unify motd handling [bsc#1185897].
Else motd snippets of e.g. cockpit will not be shown.
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
compat-usrmerge
gcc
glib2
krb5
libseccomp (2.5.1 -> 2.5.2)
microos-tools (2.11 -> 2.12)
open-iscsi
openexr
pipewire (0.3.34 -> 0.3.35)
python-Jinja2
python38 (3.8.11 -> 3.8.12)
python38-core (3.8.11 -> 3.8.12)
qemu
systemd
=== Details ===
==== compat-usrmerge ====
- statically link xmv to avoid glibc 2.34 dependency
(__libc_start_main(a)GLIBC_2.34)
- turn on filetriggers in main package. Needed for single transaction upgrades
(boo#1189788)
==== gcc ====
- Add libgccjit%{libgccjit_sover}-devel package
==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- desktop-file-utils: add Pantheon desktop environment
==== krb5 ====
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
==== libseccomp ====
Version update (2.5.1 -> 2.5.2)
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
==== microos-tools ====
Version update (2.11 -> 2.12)
- Update to version 2.12
- Remove special MicroOS firstboot script
- Remove locale-check, replaced by another aaa_base implementation
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
these changes not already present:
* Handle IPv6 interfaces correctly. (bsc#1187958)
* Handle qedi correctly in NPAR mode (bsc#1187958)
* Update iscsiadm man page (bsc#1187958)
* Update iface.example for ipv6
* Change iscsi IP type from defines to enum.
* Handle recv() returning 0 in iscsid_response()
==== openexr ====
Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30
- Add patch to fix OpenEXRCore.testHUF on armv7:
* openexr-fix-armv7.patch
* openexr-fix-armv7-2.patch
==== pipewire ====
Version update (0.3.34 -> 0.3.35)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.35:
* Highlights:
- S/PDIF passthrough over optical or HDMI is now implemented.
- Some critical fixes to MIDI, draining of streams and various
modules.
- skypeforlinux should work better now after adding it to the
quirks database.
- Bluetooth codecs are now in separate plugins to make it
easier to ship them.
* PipeWire:
- Drain was fixed in pw-stream. In some cases it would not
clear the drain state correctly. Fixes the issue where
speaker-test would only play one channel.
- Loopback connections to a driver will now activate the
driver. This fixes an issue where MIDI connections between
devices or some applications (puredata) would not get any
MIDI messages. (#1559)x.
- The audiomixer can now mix more formats. Together with the
passthrough improvements this can be used to avoid
conversions to/from the DSP format in some cases.
- Make sure we idle drivers when removing a node from it in all
cases. JACK clients could keep a driver node busy.
- Add new methods to accumulate object info. The old one was
difficult to use when applications need to accumulate
multiple changes.
- A new interface to load modules has been added. Plugins can
use this to ask the host (PipeWire) to load spa plugins.
- Increase param buffer size to handle larger params. Nodes
with a large number of channels would sometimes not have
properties. (#1574)
- Concurrent link negotiation that caused some links to not
work, is now avoided. This fixes monitor ports in Ardour6.
- Small tweaks to how the quantum and rate are handled when
nodes move between drivers. Make node.lock-quantum work with
node.latency
* PipeWire modules:
- The convolver plugin in filter-chain has been optimized some
more.
- The echo-cancel stream properties were improved so that it
actually can remember the streams it links to. (#1557)
- module-pulse-tunnel had the buffer attributes wrong and would
cause high latency with older pulseaudio servers. (#1434)
- module-roc had the properties configured wrongly, which would
cause it to not work at all in most cases. (#1538)
- There is now an example of a 7.1 virtual surround sink using
the hesuvi impulse responses.
- The convolver now supports dirac pulses as the IR.
* ALSA:
- UCM config is now cached per device, using up less memory. It
also temporarily works around a problem in alsa-lib that is
now being patched and rolled out. Should stop devices from
disappearing when logging out and back in. (#1553)
- Fix the MIDI clock rate matching. It was too sensitive to
small changes and would spiral out of control and break MIDI
rather quickly.
* pipewire-media-session:
- The media session can now save and restore IEC958 (S/PDIF)
codecs for the sinks.
- Passthrough of IEC958 (S/PDIF) content is now possible. If
the client and the sink contain a compatible set of codecs,
an exclusive connection can be made between client and sink to pass
the encoded S/PDIF content directly to the device.
- Use new introspection info update methods to suspend nodes in
all cases. Sometimes, nodes would fail to suspend because the
state info was not evaluated.
- The media session can now work in non-DSP mode, which will
try to avoid any audio conversions between client and device
when possible. But, this will also disable compatibility with
JACK applications.
* Bluetooth
- Bluetooth codecs are now compiled into separate plugins which
are dynamically loaded. This makes it possible to change the
plugin implementation or ship plugins separately without
having to recompile the bluetooth module.
* PulseAudio server
- Delay stream create reply until the stream is linked to a
sink/source.
- The device-restore extension is now implemented. This makes
it possible to configure the IEC958 (S/PDIF) codecs supported
by the sink with pavucontrol.
- skypeforlinux now uses the same quirks as teams to make the
sinks show up in all cases. This fixes the issue of not being
able to hear the remote end in skypeforlinux.
* JACK
- Improve catia and carla compatibility by caching objects a
little longer after being removed. (#1531)
- JACK ports now notify the negotiated format correctly.
- A potential deadlock was fixed when multiple threads would
perform a call that would require a roundtrip.
- Improve bufsize callback, it should not be called right after
doing activate() but only when the buffersize changes later.
- Add tweak to disable the process lock. Some older apps might
not expect it. (#1576)
* Docs
- man pages are now generated with rst2man.
- DMA-BUF docs were updated.
- Documentation updates.
- Replace BuildRequires xmltoman with docutils (rst2man)
- Update libcamera Buildrequires.
==== python-Jinja2 ====
- Add no-warnings-as-errors.patch:
* Do not treat warnings as errors until upstream fix using async loops.
==== python38 ====
Version update (3.8.11 -> 3.8.12)
- Update to 3.8.12
* Complete list of changes is available at
https://docs.python.org/release/3.8.12/whatsnew/changelog.html
* Security
- bpo-42278: Replaced usage of tempfile.mktemp() with
TemporaryDirectory to avoid a potential race condition.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1
(from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
Laughs? vulnerability. This copy is most used on Windows and
macOS.
- bpo-43124: Made the internal putcmd function in smtplib
sanitize input for presence of \r and \n characters to avoid
(unlikely) command injection.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats leading
zeros as octal notation. glibc implementation of modern
inet_pton() does not accept any leading zeros. For a while
the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
* decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
==== python38-core ====
Version update (3.8.11 -> 3.8.12)
Subpackages: libpython3_8-1_0 python38-base
- Update to 3.8.12
* Complete list of changes is available at
https://docs.python.org/release/3.8.12/whatsnew/changelog.html
* Security
- bpo-42278: Replaced usage of tempfile.mktemp() with
TemporaryDirectory to avoid a potential race condition.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1
(from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
Laughs? vulnerability. This copy is most used on Windows and
macOS.
- bpo-43124: Made the internal putcmd function in smtplib
sanitize input for presence of \r and \n characters to avoid
(unlikely) command injection.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats leading
zeros as octal notation. glibc implementation of modern
inet_pton() does not accept any leading zeros. For a while
the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
* decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
==== qemu ====
- Fix qemu build on ARMv7 (bsc#1190211)
* Patches added:
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
- Update supported file for ARM machines.
- Keep qemu-img without backing format still deprecated
(bsc#1190135)
* Patches added:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.
- Update build dependencies versions: libgcrypt >= 1.8.0,
gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7
- Fix hardcoded binfmt handler doesn't play well with containers
(bsc#1186256)
* Patches added:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev
- Don't reexecute user manager instances on package update yet
This can't be done until users have their user instance updated to
the new version that supports reexecuting with SIGRTMIN+25 because
this signal terminates the user managers for the previous versions.
- Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11
3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only
fd46c81922 test: make sure to include all haveged unit files
- systemd.spec: reexec user manager instances on package updates
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Drop dependency on m4 (replaced by Jinja2)
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
compat-usrmerge
glib2
krb5
libseccomp (2.5.1 -> 2.5.2)
microos-tools (2.11 -> 2.12)
open-iscsi
python-Jinja2
python38 (3.8.11 -> 3.8.12)
python38-core (3.8.11 -> 3.8.12)
qemu
systemd
=== Details ===
==== compat-usrmerge ====
- statically link xmv to avoid glibc 2.34 dependency
(__libc_start_main(a)GLIBC_2.34)
- turn on filetriggers in main package. Needed for single transaction upgrades
(boo#1189788)
==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- desktop-file-utils: add Pantheon desktop environment
==== krb5 ====
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
==== libseccomp ====
Version update (2.5.1 -> 2.5.2)
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
==== microos-tools ====
Version update (2.11 -> 2.12)
- Update to version 2.12
- Remove special MicroOS firstboot script
- Remove locale-check, replaced by another aaa_base implementation
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
these changes not already present:
* Handle IPv6 interfaces correctly. (bsc#1187958)
* Handle qedi correctly in NPAR mode (bsc#1187958)
* Update iscsiadm man page (bsc#1187958)
* Update iface.example for ipv6
* Change iscsi IP type from defines to enum.
* Handle recv() returning 0 in iscsid_response()
==== python-Jinja2 ====
- Add no-warnings-as-errors.patch:
* Do not treat warnings as errors until upstream fix using async loops.
==== python38 ====
Version update (3.8.11 -> 3.8.12)
- Update to 3.8.12
* Complete list of changes is available at
https://docs.python.org/release/3.8.12/whatsnew/changelog.html
* Security
- bpo-42278: Replaced usage of tempfile.mktemp() with
TemporaryDirectory to avoid a potential race condition.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1
(from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
Laughs? vulnerability. This copy is most used on Windows and
macOS.
- bpo-43124: Made the internal putcmd function in smtplib
sanitize input for presence of \r and \n characters to avoid
(unlikely) command injection.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats leading
zeros as octal notation. glibc implementation of modern
inet_pton() does not accept any leading zeros. For a while
the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
* decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
==== python38-core ====
Version update (3.8.11 -> 3.8.12)
Subpackages: libpython3_8-1_0 python38-base
- Update to 3.8.12
* Complete list of changes is available at
https://docs.python.org/release/3.8.12/whatsnew/changelog.html
* Security
- bpo-42278: Replaced usage of tempfile.mktemp() with
TemporaryDirectory to avoid a potential race condition.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1
(from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion
Laughs? vulnerability. This copy is most used on Windows and
macOS.
- bpo-43124: Made the internal putcmd function in smtplib
sanitize input for presence of \r and \n characters to avoid
(unlikely) command injection.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats leading
zeros as octal notation. glibc implementation of modern
inet_pton() does not accept any leading zeros. For a while
the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
* decimal-3.8.patch
- Add decimal-3.8.patch to add building with --with-system-libmpdec
option (bsc#1189356).
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
==== qemu ====
- Fix qemu build on ARMv7 (bsc#1190211)
* Patches added:
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
- Update supported file for ARM machines.
- Keep qemu-img without backing format still deprecated
(bsc#1190135)
* Patches added:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.
- Update build dependencies versions: libgcrypt >= 1.8.0,
gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7
- Fix hardcoded binfmt handler doesn't play well with containers
(bsc#1186256)
* Patches added:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev
- Don't reexecute user manager instances on package update yet
This can't be done until users have their user instance updated to
the new version that supports reexecuting with SIGRTMIN+25 because
this signal terminates the user managers for the previous versions.
- Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11
3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only
fd46c81922 test: make sure to include all haveged unit files
- systemd.spec: reexec user manager instances on package updates
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Drop dependency on m4 (replaced by Jinja2)
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ell (0.42 -> 0.43)
ibus (1.5.24 -> 1.5.25)
kernel-source (5.14.0 -> 5.14.1)
pam-config (1.3 -> 1.4)
python-ordered-set (3.1.1 -> 4.0.2)
python-simplejson (3.17.3 -> 3.17.5)
system-users
sysuser-tools
=== Details ===
==== ell ====
Version update (0.42 -> 0.43)
- Update to release 0.43
* Add support for DHCP Rapid Commit feature.
* Add support for DHCP authorative mode feature.
==== ibus ====
Version update (1.5.24 -> 1.5.25)
Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0
- Refresh ibus-socket-name-compatibility.patch
- Add ibus-missing-include.patch to fix build on Leap
- Add ibus-fix-wrong-cursor-location.patch
(based on https://github.com/ibus/ibus/commit/936a0e76df79d92a8bdc03e9205330fb84a2083…)
(gh#ibus/ibus#2337)
- Drop ibus-python-install-dir.patch
Two reasons: it's for, disabled in .spec, python2, and patch forces
the re-generation of configure, which requires aclocal-1.16,
unavailable on Leap-15.3, and that breaks the build.
- Update version to 1.5.25
* src/tests: Run gnome-session with no-overview mode
* client/gtk2: Implement ibus_im_context_set_surrounding_with_selection
* src/ibuscomposetable: Do not include the same compose file
* src/ibusenginesimple: Multi_key to 0xB7
* src/ibusenginesimple: Make Compose preedit less intrusive
* Change default Emoji shortcut key
* setup: Enhance engine search function
* client/gtk2/ibusimcontext: Enable sync process in GTK4
* engine: Update simple.xml with xkeyboard-config 2.33
* src/ibuscomposetable: Add support for the include directive (lf-)
* src/ibuscomposetable: Fix a buffer overflow in compose handling (lf-)
* client/x11: Add support for XFixes ClientDisconnectMode (Olivier Fourdan)
* setup: Start ibus-daemon with the --daemonize option (Gunnar Hjalmarsson)
* src: Fix a typo in ibusenginesimple.h (user202729)
* Update translations
==== kernel-source ====
Version update (5.14.0 -> 5.14.1)
- watchdog: Fix NULL pointer dereference when releasing cdev
(bsc#1190093).
- Update config files.
We can enable the option after this fix again.
- commit 65109d0
- Linux 5.14.1 (bsc#1012628).
- Bluetooth: btusb: check conditions before enabling USB ALT 3
for WBS (bsc#1012628).
- net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628).
- btrfs: fix NULL pointer dereference when deleting device by
invalid id (bsc#1012628).
- Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1012628).
- ext4: report correct st_size for encrypted symlinks
(bsc#1012628).
- f2fs: report correct st_size for encrypted symlinks
(bsc#1012628).
- ubifs: report correct st_size for encrypted symlinks
(bsc#1012628).
- net: don't unconditionally copy_from_user a struct ifreq for
socket ioctls (bsc#1012628).
- audit: move put_tree() to avoid trim_trees refcount underflow
and UAF (bsc#1012628).
- commit 1059c60
- update patches metadata
- update upstream references:
- patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch
- patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch
- patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch
- patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch
- commit c2e3f15
- HID: usbhid: Simplify code in hid_submit_ctrl()
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- HID: usbhid: Fix warning caused by 0-length input reports
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- HID: usbhid: Fix flood of "control queue full" messages
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- commit 4552165
- Delete patches.suse/hid-fix-length-inconsistency.patch.
To be replaced by a cherry pick of corresponding upstream commits.
- commit ba7e2a2
- Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964)
The regression addressed by this revert was fixed properly by mainline
commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace
helpers work again") in 5.7.
- commit 775ed38
- series.conf: cleanup
Move queued patches to "almost mainline" section.
No effect on expanded tree.
- commit e91bb9d
- vt_kdsetmode: extend console locking (bsc#1190025
CVE-2021-3753).
- commit 18d6ea3
- Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT
(bsc#1190093)
- commit 55bd270
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640 bsc#1188172).
- commit b9d15a3
- Delete
patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959).
No longer needed, since it's upstream now.
- commit b1aeba4
- arm64: Update config files. (bsc#1189922)
Enable ISP1760_DUAL_ROLE
- commit c265161
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
==== pam-config ====
Version update (1.3 -> 1.4)
- Update to version 1.4
- Fix support for mulitple locations for configuration files
- Drop pam-config-fix-pam_keyinit-options.patch
- Drop pam-config-remove-bad-access-call.patch
==== python-ordered-set ====
Version update (3.1.1 -> 4.0.2)
- Update to version 4.0.2
* Restore compatibility with Python 3.5
* fix packaging, remove vestiges of type stubs
* Remove unused type
* Add a mailmap
* remove old .pyi type stub
* Implement code review suggestions for types
* Code formatting (isort and black)
* Move type annotations inline
* Directly distribute type stub file via PEP 561
* Handle another indexing case from NumPy
==== python-simplejson ====
Version update (3.17.3 -> 3.17.5)
- update to 3.17.5:
* Fix the C extension module to harden is_namedtuple against looks-a-likes such
as Mocks. Also prevent dict encoding from causing an unraised SystemError when
encountering a non-Dict. Noticed by running user tests against a CPython
interpreter with C asserts enabled (COPTS += -UNDEBUG).
==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody system-user-tss
- Set shell for nobody in sysusers.d config
==== sysuser-tools ====
- Add support for new shell field [bsc#1189518]
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
kernel-source (5.14.0 -> 5.14.1)
pam-config (1.3 -> 1.4)
python-ordered-set (3.1.1 -> 4.0.2)
python-simplejson (3.17.3 -> 3.17.5)
system-users
sysuser-tools
=== Details ===
==== kernel-source ====
Version update (5.14.0 -> 5.14.1)
- watchdog: Fix NULL pointer dereference when releasing cdev
(bsc#1190093).
- Update config files.
We can enable the option after this fix again.
- commit 65109d0
- Linux 5.14.1 (bsc#1012628).
- Bluetooth: btusb: check conditions before enabling USB ALT 3
for WBS (bsc#1012628).
- net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628).
- btrfs: fix NULL pointer dereference when deleting device by
invalid id (bsc#1012628).
- Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1012628).
- ext4: report correct st_size for encrypted symlinks
(bsc#1012628).
- f2fs: report correct st_size for encrypted symlinks
(bsc#1012628).
- ubifs: report correct st_size for encrypted symlinks
(bsc#1012628).
- net: don't unconditionally copy_from_user a struct ifreq for
socket ioctls (bsc#1012628).
- audit: move put_tree() to avoid trim_trees refcount underflow
and UAF (bsc#1012628).
- commit 1059c60
- update patches metadata
- update upstream references:
- patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch
- patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch
- patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch
- patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch
- commit c2e3f15
- HID: usbhid: Simplify code in hid_submit_ctrl()
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- HID: usbhid: Fix warning caused by 0-length input reports
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- HID: usbhid: Fix flood of "control queue full" messages
(<cover.1630658591.git.mkubecek(a)suse.cz>).
- commit 4552165
- Delete patches.suse/hid-fix-length-inconsistency.patch.
To be replaced by a cherry pick of corresponding upstream commits.
- commit ba7e2a2
- Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964)
The regression addressed by this revert was fixed properly by mainline
commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace
helpers work again") in 5.7.
- commit 775ed38
- series.conf: cleanup
Move queued patches to "almost mainline" section.
No effect on expanded tree.
- commit e91bb9d
- vt_kdsetmode: extend console locking (bsc#1190025
CVE-2021-3753).
- commit 18d6ea3
- Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT
(bsc#1190093)
- commit 55bd270
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640 bsc#1188172).
- commit b9d15a3
- Delete
patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959).
No longer needed, since it's upstream now.
- commit b1aeba4
- arm64: Update config files. (bsc#1189922)
Enable ISP1760_DUAL_ROLE
- commit c265161
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
==== pam-config ====
Version update (1.3 -> 1.4)
- Update to version 1.4
- Fix support for mulitple locations for configuration files
- Drop pam-config-fix-pam_keyinit-options.patch
- Drop pam-config-remove-bad-access-call.patch
==== python-ordered-set ====
Version update (3.1.1 -> 4.0.2)
- Update to version 4.0.2
* Restore compatibility with Python 3.5
* fix packaging, remove vestiges of type stubs
* Remove unused type
* Add a mailmap
* remove old .pyi type stub
* Implement code review suggestions for types
* Code formatting (isort and black)
* Move type annotations inline
* Directly distribute type stub file via PEP 561
* Handle another indexing case from NumPy
==== python-simplejson ====
Version update (3.17.3 -> 3.17.5)
- update to 3.17.5:
* Fix the C extension module to harden is_namedtuple against looks-a-likes such
as Mocks. Also prevent dict encoding from causing an unraised SystemError when
encountering a non-Dict. Noticed by running user tests against a CPython
interpreter with C asserts enabled (COPTS += -UNDEBUG).
==== system-users ====
Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody system-user-tss
- Set shell for nobody in sysusers.d config
==== sysuser-tools ====
- Add support for new shell field [bsc#1189518]
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
chrony
fuse3 (3.10.4 -> 3.10.5)
gnome-shell-extensions
grub2
json-glib (1.6.4 -> 1.6.6)
mdadm
mpg123 (1.28.2 -> 1.29.0)
patterns-microos
pinentry (1.1.1 -> 1.2.0)
transactional-update (3.5.2 -> 3.5.3)
vulkan-loader (1.2.182.0 -> 1.2.189.0)
xdg-utils (1.1.3+20200220 -> 1.1.3+20201113)
yast2 (4.4.16 -> 4.4.17)
=== Details ===
==== chrony ====
Subpackages: chrony-pool-openSUSE
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
==== fuse3 ====
Version update (3.10.4 -> 3.10.5)
- Update to release 3.10.5
* Various improvements to make unit tests more robust.
==== gnome-shell-extensions ====
- Add dependency on gnome-shell-extensions-common for
gnome-shell-classic to fix the translations in SLE Classic and
GNOME Classic(bsc#1190016 jsc#SLE-20311).
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi
- Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061)
* 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
- Add btrfs zstd compression on i386-pc and also make sure it won't break
existing grub installations (bsc#1161823)
* deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch
* added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
- Delete the author list from %description (the %description section is
literally for package descriptions (only) these days, encoding was also
problematic).
- Add %doc AUTHORS to get packaged that info
==== json-glib ====
Version update (1.6.4 -> 1.6.6)
Subpackages: libjson-glib-1_0-0 typelib-1_0-Json-1_0
- Update to version 1.6.6:
+ New release with the documentation and gi-docgen included in
the archive.
- Drop gtk-doc BuildRequires, no longer needed, nor used.
- Add docbook-xsl-stylesheets and libxslt-tools BuildRequires,
needed for building of manpages.
==== mdadm ====
- Remove Spare drives line from details for external metadata
(bsc#1180661, bsc#1182642)
0118-Remove-Spare-drives-line-from-details-for-external-m.patch
- Don't associate spares with other arrays during RAID Examine
(bsc#1180661, bsc#1182642)
0119-Don-t-associate-spares-with-other-arrays-during-RAID.patch
==== mpg123 ====
Version update (1.28.2 -> 1.29.0)
- Update to version 1.29.0
build:
* added --enable-runtime-tables
libmpg123:
* Float deocder runtime table computation is back as option,
based on suggestion and initial patch by Ethan Halsall for a
smaller download size of the wasm decoder built from
libmpg23. This only trims the size of the binary on disk
(network), for runtime overhead and a bit of uneasyness about
concurrency during table computation, which happens
implicitly on handle initialization, only guarded by an
integer flag. This does _not_ revive mpg123_init().
* The ID3v2 UTF-16 BOM check is now a straight-on loop and not
a recursive function.
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Add ethtool to hardware pattern [jsc#PM-2983]
- Remove haveged (obsolete with recent kernels) [bsc#1190024]
==== pinentry ====
Version update (1.1.1 -> 1.2.0)
Subpackages: pinentry-qt5
- pinentry 1.2.0:
* qt: Show a warning if Caps Lock is on
* qt: Support password formatting. This makes generated
passwords easier to transcribe
* qt: Fix showing of pinentry window on Wayland
* qt: Check passphrase constraints before accepting passphrase
if passphrase constraints are requested to be enforced
* qt: Improve detection of running in a GUI session
* qt: Improve accessibility when entering new password
==== transactional-update ====
Version update (3.5.2 -> 3.5.3)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.3
- t-u: Purge kernels as part of package operations
Required for live patching support [bsc#1189728]
==== vulkan-loader ====
Version update (1.2.182.0 -> 1.2.189.0)
- Update to release SDK-1.2.189.0
* loader: Dont return OOM on function load failure
* Deallocate the extension lists when deleting an item from
layer list
* Add layer and implementation-specific logging
* Allow "icd" as well as "implem" for VK_LOADER_DEBUG
* Fix Vulkan CTS testcase bug:
"create_instance_device_intentional_alloc_fail"
* loader: Fix accidental error propagation
==== xdg-utils ====
Version update (1.1.3+20200220 -> 1.1.3+20201113)
- Update to version 1.1.3+20201113:
* Fix xdg-settings support for default-web-browser for Plasma 5.19+
==== yast2 ====
Version update (4.4.16 -> 4.4.17)
- Mark systemd unit/service state "maintenance" as active
(bsc#1190163)
- 4.4.17
