January 2022 - openSUSE Kubic - openSUSE Mailing Lists

New Kubic snapshot 20220120 released!
by Richard Brown 21 Jan '22

21 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cryptsetup (2.4.1 -> 2.4.3) dhcp kernel-source (5.16.0 -> 5.16.1) libfido2 openSUSE-build-key sqlite3 (3.37.1 -> 3.37.2) toolbox (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) === Details === ==== cryptsetup ==== Version update (2.4.1 -> 2.4.3) Subpackages: libcryptsetup12 - cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc. * Do not attempt to unload LUKS2 tokens if external tokens are disabled. This allows building a static binary with - -disable-external-tokens. * LUKS convert: also check sysfs for device activity. If udev symlink is missing, code fallbacks to sysfs scan to prevent data corruption for the active device. ==== dhcp ==== Subpackages: dhcp-client - Drop PrivateDevices and ProtectClock hardenings. They clash with the chroot logic (bsc#1194722) - Add now working CONFIG parameter to sysusers generator ==== kernel-source ==== Version update (5.16.0 -> 5.16.1) - Linux 5.16.1 (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_sleeping() race (bsc#1012628). - staging: r8188eu: switch the led off during deinit (bsc#1012628). - bpf: Fix out of bounds access from invalid *_or_null type verification (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (bsc#1012628). - Bluetooth: btusb: Fix application of sizeof to pointer (bsc#1012628). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (bsc#1012628). - Bluetooth: btusb: enable Mediatek to support AOSP extension (bsc#1012628). - Bluetooth: btusb: Add the new support IDs for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn MT7922A (bsc#1012628). - Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 (bsc#1012628). - Bluetooth: bfusb: fix division by zero in send path (bsc#1012628). - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 (bsc#1012628). - USB: core: Fix bug in resuming hub's handling of wakeup requests (bsc#1012628). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (bsc#1012628). - ath11k: Fix buffer overflow when scanning with extraie (bsc#1012628). - mmc: sdhci-pci: Add PCI ID for Intel ADL (bsc#1012628). - Bluetooth: add quirk disabling LE Read Transmit Power (bsc#1012628). - Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip (bsc#1012628). - Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 (bsc#1012628). - veth: Do not record rx queue hint in veth_xmit (bsc#1012628). - mfd: intel-lpss: Fix too early PM enablement in the ACPI - >probe() (bsc#1012628). - mfd: intel-lpss-pci: Fix clock speed for 38a8 UART (bsc#1012628). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (bsc#1012628). - can: isotp: convert struct tpcon::{idx,len} to unsigned int (bsc#1012628). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (bsc#1012628). - random: fix data race on crng_node_pool (bsc#1012628). - random: fix data race on crng init time (bsc#1012628). - platform/x86/intel: hid: add quirk to support Surface Go 3 (bsc#1012628). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (bsc#1012628). - staging: greybus: fix stack size warning with UBSAN (bsc#1012628). - parisc: Fix pdc_toc_pim_11 and pdc_toc_pim_20 definitions (bsc#1012628). Disabled: patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch as it conflicts with 95655456e7ce. Asked in bsc#1193124. - commit 13f032a - Update patches.suse/vfs-add-super_operations-get_inode_dev Copy an updated version from SLE15-SP4 with one minor refresh. - commit c02e2ab - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 8950040 - update patches metadata - update upstream references - patches.suse/media-Revert-media-uvcvideo-Set-unique-vdev-name-bas.patch - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch - commit 949bbaa ==== libfido2 ==== - Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x is now supported. ==== openSUSE-build-key ==== - refresh the openSUSE Backports key (bsc#1193092) - gpg-pubkey-65176565-59787af5.asc + gpg-pubkey-65176565-61a0ee8f.asc - removed old security key - updated security key to 2020 version ==== sqlite3 ==== Version update (3.37.1 -> 3.37.2) - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change ==== toolbox ==== Version update (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) - Update to version 2.3+git20220117.bd53c7c: - Fixes error where if custom image is used toolbox will download the default image before entering an existing container. (#40)

1 0

New ARM MicroOS snapshot 20220118 released!
by Guillaume Gardet 20 Jan '22

20 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: python-FontTools (4.28.3 -> 4.28.5) python-certifi (2021.5.30 -> 2021.10.8) python-fs (2.4.13 -> 2.4.14) === Details === ==== python-FontTools ==== Version update (4.28.3 -> 4.28.5) - update to 4.28.5: * make sure all occurrences of str() are now replaced with user-defined ntos * refactored code into submodules, plus several bugfixes and improvements * Merge GDEF marksets in Lookups properly * Have fontTools feaLib script exit with error code when build fails * Added ntos option to customize number formatting * Speed up subsetting of large CFF fonts * Speculatively promote lookups to extension to speed up compilation ==== python-certifi ==== Version update (2021.5.30 -> 2021.10.8) - update to 2021.10.8: added certs: * CN=TunTrust Root CA O=Agence Nationale de Certification Electronique * CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA ==== python-fs ==== Version update (2.4.13 -> 2.4.14) - update to 2.4.14: * Added `fs.copy.copy_file_if`, `fs.copy.copy_dir_if`, and `fs.copy.copy_fs_if`. * Added `fs.base.FS.getmodified`. * FTP servers that do not support the MLST command now try to use the MDTM command to retrieve the last modification timestamp of a resource. * Fixed performance bugs in `fs.copy.copy_dir_if_newer`. Test cases were adapted to catch those bugs in the future. * Fixed precision bug for timestamps in `fs.OSFS.setinfo`.

1 0

New ARM Kubic snapshot 20220118 released!
by Guillaume Gardet 20 Jan '22

20 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: python-FontTools (4.28.3 -> 4.28.5) python-certifi (2021.5.30 -> 2021.10.8) python-fs (2.4.13 -> 2.4.14) === Details === ==== python-FontTools ==== Version update (4.28.3 -> 4.28.5) - update to 4.28.5: * make sure all occurrences of str() are now replaced with user-defined ntos * refactored code into submodules, plus several bugfixes and improvements * Merge GDEF marksets in Lookups properly * Have fontTools feaLib script exit with error code when build fails * Added ntos option to customize number formatting * Speed up subsetting of large CFF fonts * Speculatively promote lookups to extension to speed up compilation ==== python-certifi ==== Version update (2021.5.30 -> 2021.10.8) - update to 2021.10.8: added certs: * CN=TunTrust Root CA O=Agence Nationale de Certification Electronique * CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA ==== python-fs ==== Version update (2.4.13 -> 2.4.14) - update to 2.4.14: * Added `fs.copy.copy_file_if`, `fs.copy.copy_dir_if`, and `fs.copy.copy_fs_if`. * Added `fs.base.FS.getmodified`. * FTP servers that do not support the MLST command now try to use the MDTM command to retrieve the last modification timestamp of a resource. * Fixed performance bugs in `fs.copy.copy_dir_if_newer`. Test cases were adapted to catch those bugs in the future. * Fixed precision bug for timestamps in `fs.OSFS.setinfo`.

1 0

New MicroOS snapshot 20220117 released!
by Richard Brown 19 Jan '22

19 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: python-FontTools (4.28.3 -> 4.28.5) python-certifi (2021.5.30 -> 2021.10.8) python-fs (2.4.13 -> 2.4.14) === Details === ==== python-FontTools ==== Version update (4.28.3 -> 4.28.5) - update to 4.28.5: * make sure all occurrences of str() are now replaced with user-defined ntos * refactored code into submodules, plus several bugfixes and improvements * Merge GDEF marksets in Lookups properly * Have fontTools feaLib script exit with error code when build fails * Added ntos option to customize number formatting * Speed up subsetting of large CFF fonts * Speculatively promote lookups to extension to speed up compilation ==== python-certifi ==== Version update (2021.5.30 -> 2021.10.8) - update to 2021.10.8: added certs: * CN=TunTrust Root CA O=Agence Nationale de Certification Electronique * CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA ==== python-fs ==== Version update (2.4.13 -> 2.4.14) - update to 2.4.14: * Added `fs.copy.copy_file_if`, `fs.copy.copy_dir_if`, and `fs.copy.copy_fs_if`. * Added `fs.base.FS.getmodified`. * FTP servers that do not support the MLST command now try to use the MDTM command to retrieve the last modification timestamp of a resource. * Fixed performance bugs in `fs.copy.copy_dir_if_newer`. Test cases were adapted to catch those bugs in the future. * Fixed precision bug for timestamps in `fs.OSFS.setinfo`.

1 0

New Kubic snapshot 20220117 released!
by Richard Brown 19 Jan '22

19 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: python-FontTools (4.28.3 -> 4.28.5) python-certifi (2021.5.30 -> 2021.10.8) python-fs (2.4.13 -> 2.4.14) === Details === ==== python-FontTools ==== Version update (4.28.3 -> 4.28.5) - update to 4.28.5: * make sure all occurrences of str() are now replaced with user-defined ntos * refactored code into submodules, plus several bugfixes and improvements * Merge GDEF marksets in Lookups properly * Have fontTools feaLib script exit with error code when build fails * Added ntos option to customize number formatting * Speed up subsetting of large CFF fonts * Speculatively promote lookups to extension to speed up compilation ==== python-certifi ==== Version update (2021.5.30 -> 2021.10.8) - update to 2021.10.8: added certs: * CN=TunTrust Root CA O=Agence Nationale de Certification Electronique * CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA ==== python-fs ==== Version update (2.4.13 -> 2.4.14) - update to 2.4.14: * Added `fs.copy.copy_file_if`, `fs.copy.copy_dir_if`, and `fs.copy.copy_fs_if`. * Added `fs.base.FS.getmodified`. * FTP servers that do not support the MLST command now try to use the MDTM command to retrieve the last modification timestamp of a resource. * Fixed performance bugs in `fs.copy.copy_dir_if_newer`. Test cases were adapted to catch those bugs in the future. * Fixed precision bug for timestamps in `fs.OSFS.setinfo`.

1 0

New ARM Kubic snapshot 20220116 released!
by Guillaume Gardet 18 Jan '22

18 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: avahi btrfsprogs (5.15 -> 5.16) busybox (1.34.1 -> 1.35.0) cyrus-sasl grub2 haproxy (2.5.0+git0.f2e0833f1 -> 2.5.1+git0.86b093a51) iproute2 (5.15 -> 5.16) keylime kubernetes1.23 ncurses (6.3.20211127 -> 6.3.20220101) patterns-base perl-Bootloader (0.936 -> 0.937) podman qemu rdma-core (38.0 -> 38.1) shadow (4.9 -> 4.11.1) sqlite3 (3.36.0 -> 3.37.1) sssd vim (8.2.3995 -> 8.2.4063) wayland (1.19.0 -> 1.20.0) yast2 (4.4.34 -> 4.4.36) === Details === ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). ==== btrfsprogs ==== Version update (5.15 -> 5.16) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.16 * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid subvolume keys, caught by tree-checker * fi du: skip inaccessible files * prop: properly resolve to symlink targets * send, receive: fix crash after parent subvolume lookup errors * build: * fix build on 5.12+ kernels due to changes in linux/kernel.h * fix build on musl with old kernel headers * other: * error handling fixes, cleanups, refactoring * extent tree v2 preparatory work * lots of RST documentation updates (last release with asciidoc sources), https://btrfs.readthedocs.io - Update to 5.15.1 * fi usage: fix wrongly reported space of used or unallocated space * fix detection of block device discard capability * check: add more sanity checks for checksum items * build: make sphinx optional backend for documentation ==== busybox ==== Version update (1.34.1 -> 1.35.0) - Update to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() - CVE-2011-5325 (bsc#951562): tar directory traversal - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin ==== haproxy ==== Version update (2.5.0+git0.f2e0833f1 -> 2.5.1+git0.86b093a51) - Update to version 2.5.1+git0.86b093a51: * [RELEASE] Released version 2.5.1 * CI: github actions: clean default step conditions * BUILD: cpuset: fix build issue on macos introduced by previous change * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * CI: github actions: update OpenSSL to 3.0.1 * BUILD/MINOR: cpuset FreeBSD 14 build fix. * REGTESTS: ssl: update of a crt with server deletion * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * CI: Github Actions: do not show VTest failures if build failed * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. * MINOR: proxy: add option idle-close-on-response * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time * DEBUG: ssl: make sure we never change a servername on established connections * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUG/MEDIUM: peers: properly skip conn_cur from incoming messages * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * MINOR: pools: work around possibly slow malloc_trim() during gc * MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: fix error-log-format example * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * MINOR: http-rules: Add capture action to http-after-response ruleset * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MINOR: mworker: deinit of thread poller was called when not initialized * BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode * BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MINOR: vars: Fix the set-var and unset-var converters * BUILD: evports: remove a leftover from the dead_fd cleanup * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUG/MINOR: lua: remove loop initial declarations * BUG/MINOR: lua: don't expose internal proxies * BUG/MINOR: httpclient: allow to replace the host header * BUG/MINOR: cache: Fix loop on cache entries in "show cache" ==== iproute2 ==== Version update (5.15 -> 5.16) - remove routef from links; it doesn't exist anymore - update to 5.16: * devlink: Fix cmd_dev_param_set() to check configuration mode * ip: add AMT support * iplink_can: fix configuration ranges in print_usage() and add unit * tc: flower: Fix buffer overflow on large labels * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res() * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH * iplink_can: add new CAN FD bittiming parameters: Transmitter Delay Compensation (TDC) ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Add 0001-Drop-dataclasses-module-usage.patch, to support Python 3.6 - Fix cfssl bcond logic in Tumbleweed / SLE ==== kubernetes1.23 ==== Subpackages: kubernetes1.23-client kubernetes1.23-client-common kubernetes1.23-kubeadm kubernetes1.23-kubelet kubernetes1.23-kubelet-common - Increase _constraints to 13GB ==== ncurses ==== Version update (6.3.20211127 -> 6.3.20220101) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20220101 + add section on releasing memory to curs_termcap.3x and curs_terminfo.3x manpages. - Add ncurses patch 20211225 + improve markup, e.g., for external manpage links in the manpages (prompted by report by Helge Kreutzmann). - Add ncurses patch 20211219 + install ncurses-examples programs in libexecdir, adding a wrapper script to invoke those. + add help-screen and screen-dump to test/combine.c - Rename package ncurses-tests to ncurses-examples as upstream does - Add ncurses patch 20211211 + add test/combine.c, to demo/test combining characters. - Add ncurses patch 20211204 + improve configure check for getttynam (report by Werner Fink). - Correct offsets of patch ncurses-6.3.dif ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Install PAM manual pages instead of the PDFs - specfile cleanup - Don't recommend ntfs-3g by default on TW, the kernel module got improved ==== perl-Bootloader ==== Version update (0.936 -> 0.937) - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ==== podman ==== Subpackages: podman-cni-config - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 ==== qemu ==== - It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch ==== rdma-core ==== Version update (38.0 -> 38.1) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to v38.1 - Major fixes for hns provider ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge(a)hallyn.com (B175CFA98F192AF2) * Christian Brauner christian(a)brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624) ==== sqlite3 ==== Version update (3.36.0 -> 3.37.1) - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient) ==== vim ==== Version update (8.2.3995 -> 8.2.4063) Subpackages: vim-data-common vim-small - disable-unreliable-tests-arch.patch: refresh - Updated to version 8.2.4063, fixes the following problems - fixes boo#1194559 CVE-2022-0156 * Not all sshconfig files are detected as such. * Vim9: type checking for list and dict lacks information about declared type. * Vim9: not enough testing for extend() and map(). * Asan error for adding zero to NULL. * Redundant check for NUL byte. * Coverity warns for checking for NULL pointer after using it. * Insert complete code uses global variables. * First char typed in Select mode can be wrong. * Error messages are spread out. * Old compiler complains about struct init with variable. * Error messages are spread out. * Vim9: crash when declaring variable on the command line. * Session does not restore help buffer properly when "options' is missing from 'sessionoptions'. * Error messages are spread out. * Reading one byte beyond the end of the line. * Error messages are spread out. * Test fails because of changed error number. * Error messages are spread out. * Build failure without the spell feature. * Git and gitcommit file types not properly recognized. * Build failure with tiny features. (Tony Mechelynck) * Vim9: incorrect error for argument that is shadowing var. * Gcc warns for misleading indent in Athena menu code. * ml_get error when win_execute redraws with Visual selection. * Vim9: import mechanism is too complicated. * Debugger test fails. * Missing part of the :import changes. * Two error messages in the wrong file. * Using uninitialized variable. * Confusing error message if imported name is used directly. * Error for import not ending in .vim does not work for .vimrc. * ml_get error with specific win_execute() command. (Sean Dewar) * ml_get error with :doautoall and Visual area. (Sean Dewar) * Debugging NFA regexp my crash, cached indent may be wrong. * A script local funcref is not found from a mapping. * Crash in xterm with only two lines. (Dominique Pellé) * ATTRIBUTE_NORETURN is not needed. * Running filetype tests leaves directory behind. * Coverity warns for possibly using a NULL pointer. * Timer triggered at the debug prompt may cause trouble. * Vim9: script test file is getting too long. * Insert mode completion is insufficiently tested. * Various code not used when features are disabled. * The xdiff library is linked in even when not used. * Keeping track of allocated lines in user functions is too complicated. * Using unitialized pointer. * Vim9: build error. * Using int for second argument of ga_init2(). * Vim9: no error when importing the same script twice. * Some global functions are only used in one file. * Some error messages not in the right place. * Depending on the build features error messages are unused. * gcc complains about use of "%p" in printf. * Vim9: reading before the start of the line with "$" by itself. * Vim9: need to prefix every item in an autoload script. * Compiler complains about possibly uninitialized variable. * Not easy to resize a window from a plugin. * Vim9: autoload mechanism doesn't fully work yet. * Vim9 script test fails. * Vim9: line break in expression causes v:errmsg to be filled. (Yegappan Lakshmanan) * Vim9: memory leak when exporting function in autoload script. * Vim9: not fully implementing the autoload mechanism. * Vim9: import test failure in wrong line. * Vim9: an expression of a map cannot access script-local items. (Maxim Kim) * win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick Howe) * Codecov bash script is deprecated. * Match highlighting of tab too short. * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) ==== wayland ==== Version update (1.19.0 -> 1.20.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 - Add wayland-shm-Close-file-descriptors-not-needed.patch: For platforms that support mremap(), we don't need to hold file descriptors all the time, because programs like Xwayland will hold a lot of file descriptors and may crash, this patch close file descriptors earlier for those platforms (bsc#1194190). - obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4 - Update to release 1.20 * A few protocol additions: wl_surface.offset allows clients to update a surface's buffer offset independently from the buffer, wl_output.name and description allow clients to identify outputs without depending on xdg-output-unstable-v1. * In protocol definitions, events have a new "type" attribute and can now be marked as destructors. * A number of bug fixes, including a race condition when destroying proxies in multi-threaded clients. ==== yast2 ==== Version update (4.4.34 -> 4.4.36) - Adapted Report.yesno_popup to Ruby 3 (bsc#1193192) - 4.4.36 - Simplify slide show to support future parallel installations (jsc#SLE-20437) - 4.4.35

1 0

New ARM MicroOS snapshot 20220116 released!
by Guillaume Gardet 18 Jan '22

18 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (21.3.3 -> 21.3.4) Mesa-drivers (21.3.3 -> 21.3.4) avahi btrfsprogs (5.15 -> 5.16) busybox (1.34.1 -> 1.35.0) cyrus-sasl flatpak (1.12.2 -> 1.12.3) frameworkintegration gdm (41.0 -> 41.3) ghostscript gnome-desktop (41.2 -> 41.3) gnome-session (40.1.1 -> 41.3) gnome-shell (41.2 -> 41.3) grub2 gupnp (1.4.2 -> 1.4.3) iproute2 (5.15 -> 5.16) keylime libqt5-qtwebengine (5.15.7 -> 5.15.8) mutter (41.2 -> 41.3) nautilus (41.1 -> 41.2) ncurses (6.3.20211127 -> 6.3.20220101) patterns-base perl-Bootloader (0.936 -> 0.937) perl-HTTP-Message (6.35 -> 6.36) podman poppler (21.12.0 -> 22.01.0) poppler-qt5 (21.12.0 -> 22.01.0) pulseaudio qemu qpdf (10.4.0 -> 10.5.0) shadow (4.9 -> 4.11.1) sqlite3 (3.36.0 -> 3.37.1) sssd vim (8.2.3995 -> 8.2.4063) wayland (1.19.0 -> 1.20.0) yast2 (4.4.34 -> 4.4.36) === Details === ==== Mesa ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.3.4 * bugfix release ==== Mesa-drivers ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-dri Mesa-gallium - update to 21.3.4 * bugfix release ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). ==== btrfsprogs ==== Version update (5.15 -> 5.16) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.16 * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid subvolume keys, caught by tree-checker * fi du: skip inaccessible files * prop: properly resolve to symlink targets * send, receive: fix crash after parent subvolume lookup errors * build: * fix build on 5.12+ kernels due to changes in linux/kernel.h * fix build on musl with old kernel headers * other: * error handling fixes, cleanups, refactoring * extent tree v2 preparatory work * lots of RST documentation updates (last release with asciidoc sources), https://btrfs.readthedocs.io - Update to 5.15.1 * fi usage: fix wrongly reported space of used or unallocated space * fix detection of block device discard capability * check: add more sanity checks for checksum items * build: make sphinx optional backend for documentation ==== busybox ==== Version update (1.34.1 -> 1.35.0) - Update to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() - CVE-2011-5325 (bsc#951562): tar directory traversal - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ==== flatpak ==== Version update (1.12.2 -> 1.12.3) Subpackages: libflatpak0 system-user-flatpak - Update to 1.12.3: + CVE-2021-43860: a malicious repository could have sent invalid application metadata in a way that hides some of the app permissions displayed during installation (boo#1194610) + flatpak-builder could allow --mirror-screenshots-url commands to create directories outside of the build directory (boo#1194611) + Extra-data downloading now properly handles compressed content-encodings which fixes checksum verification + Note: In some corner case server setups this may require the extra-data checksum to be changed + Avoid unnecessary policy-kit dialog due to auto-pinning when installing runtimes + Better handling of updates of extensions that exist in multiple repositories + Fixed (initial) installation apps with renamed ids + Fixed regression in updates from no-enumerate remotes + We now verify checksums of summary caches, to better handle local file corruption + Improved cli output for non-terminal targets + Flatpak run --session-bus now works + Fix build with PyParsing >= 3.0.4 + Fixed "Since" annotations on FlatpakTransaction signals + bash auto completion now doesn't complete on command name aliases + Minor improvements to the search command + Minor improvements to the list command + Minor improvements to the repair command + Add more tests + Updated translations. - Drop support-new-pyparsing.patch: Fixed upstream. ==== frameworkintegration ==== Subpackages: frameworkintegration-plugin libKF5Style5 - Add upstream change to fix a regression in 5.90.0 (kde#448237) * 0001-Fix-wrong-porting-of-KNSCore-Engine-configSearchLoca.patch ==== gdm ==== Version update (41.0 -> 41.3) Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update to version 41.3: + Juggle Xorg's -listen/-nolisten command line change better. + Fix session type selection. + Fix crash. + Drop vestigial gdm-pin service. + XDMCP fixes. + Wayland nvidia udev updates. + Updated translations. - Rebase gdm-disable-wayland-on-mgag200-chipsets.patch. - Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and gdm-restart-greeter-session-after-crash.patch: fixed upstream. ==== ghostscript ==== - CVE-2021-45949.patch fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-20… (bsc#1194304) - CVE-2021-45944 use-after-free in sampled_data_sample is already fixed in the Ghostscript 9.54.0 upstream sources (bsc#1194303) ==== gnome-desktop ==== Version update (41.2 -> 41.3) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 41.3: + No changes, version bump only. ==== gnome-session ==== Version update (40.1.1 -> 41.3) Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland - Update to version 41.3: + No changes, just version synching. - Changes from version 40.8: + data: Install GNOME on Wayland session for X11 preferred setups + Don't spew as much into log when falling back to non-systemd sessions + Work better with certain versions of meson + Correct screwed up check for gnome-shell + Various cleanups and leak fixes + Updated translations. - Rebase gnome-session-better-handle-empty-xdg_session_type.patch. - Drop gnome-session-exit-when-lost-name-on-bus.patch: no longer applicable. ==== gnome-shell ==== Version update (41.2 -> 41.3) Subpackages: gnome-shell-calendar - Update to version 41.3: + Improve window tracking + Simplify scroll fade shader to work with old hardware + Tweak (un)minimize animations + Don't wake up screen in DND mode + Fix immediately withdrawn notifications getting stuck + Honor XDG SingleMainWindow key in .desktop files + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. - Modernize our Supplements in gnome-shell-calendar sub-package. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin ==== gupnp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3: + ServiceProxy: - Properly propagate cancelled actions in deprecated calls. - Fix deprecated async calls, again. ==== iproute2 ==== Version update (5.15 -> 5.16) - remove routef from links; it doesn't exist anymore - update to 5.16: * devlink: Fix cmd_dev_param_set() to check configuration mode * ip: add AMT support * iplink_can: fix configuration ranges in print_usage() and add unit * tc: flower: Fix buffer overflow on large labels * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res() * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH * iplink_can: add new CAN FD bittiming parameters: Transmitter Delay Compensation (TDC) ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Add 0001-Drop-dataclasses-module-usage.patch, to support Python 3.6 - Fix cfssl bcond logic in Tumbleweed / SLE ==== libqt5-qtwebengine ==== Version update (5.15.7 -> 5.15.8) - Update to version 5.15.8: * Update Chromium: [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c [Backport] CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium [Backport] CVE-2021-37987 : Use after free in Network APIs [Backport] CVE-2021-37989 : Inappropriate implementation in Blink [Backport] CVE-2021-37992 : Out of bounds read in WebAudio [Backport] CVE-2021-37993 : Use after free in PDF Accessibility [Backport] CVE-2021-37996 : Insufficient validation of untrusted input in Downloads [Backport] CVE-2021-38001 : Type Confusion in V8 [Backport] CVE-2021-38003 : Inappropriate implementation in V8 [Backport] CVE-2021-38005: Use after free in loader (1/3) [Backport] CVE-2021-38005: Use after free in loader (2/3) [Backport] CVE-2021-38005: Use after free in loader (3/3) [Backport] CVE-2021-38007: Type Confusion in V8 [Backport] CVE-2021-38009: Inappropriate implementation in cache [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers [Backport] CVE-2021-38012: Type Confusion in V8 [Backport] CVE-2021-38015: Inappropriate implementation in input [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe sandbox [Backport] CVE-2021-38018: Inappropriate implementation in navigation [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS [Backport] CVE-2021-38021: Inappropriate implementation in referrer [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication [Backport] CVE-2021-4057: Use after free in file API [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2) [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2) [Backport] CVE-2021-4059: Insufficient data validation in loader [Backport] CVE-2021-4062: Heap buffer overflow in BFCache [Backport] CVE-2021-4078: Type confusion in V8 [Backport] CVE-2021-4079: Out of bounds write in WebRTC [Backport] CVE-2021-4098: Insufficient data validation in Mojo [Backport] CVE-2021-4099: Use after free in Swiftshader [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader. [Backport] CVE-2021-4102: Use after free in V8 [Backport] Dependency for CVE-2021-37989 [Backport] Dependency for CVE-2021-38009 [Backport] Security bug 1245870 [Backport] Security bug 1252858 [Backport] Security bug 1259899 Bump V8_PATCH_LEVEL Compile with GCC 11 -std=c++20 Fix stack overflow on gpu channel recreate with an error Use wglSetPixelFormat directly only if in software mode [Backport] Handle long SIGSTKSZ in glibc > 2.33 [Backport] abseil-cpp: Fixes build with latest glibc * Handle qtpdf compilation with static runtime * Add bitcode support for qtpdf on ios * Do not access accessibility from qt post routines * Blacklist javascriptClipboard test on ubuntu 20.04 * Re-enable network-service-in-process * Bump version from 5.15.7 to 5.15.8 * Update patch level * Fix pinch gesture * Fix leak of properties after XkbRF_GetNamesProp * Fix leak on getDefaultScreeenId - Drop patch: * 0001-Fix-build-with-glibc-2.34.patch ==== mutter ==== Version update (41.2 -> 41.3) - Update to version 41.3: + Check keyboard serials for activation + Fix mixed up refresh rates in multi-monitor setups + Allow disabling HW cursors + Improve damage handling + Consider xrandr flags for advertised modes + Ensure constraints after client resize + window-group: Disable culling when rendinging clone to offscreen buffer + Fix workspace switch animation in default plugin + Fix unfullscreening of window that were mapped fullscreen + Fix DMA-BUF screencasts with unredirected fullscreen windows + Fix orientation changes on devices with 90° + Fixed crashes + Plugged leaks + Misc. bug fixes and cleanups. - Drop patches fixed upstream: + mutter-allow-disable-hardware-cursors.patch + mutter-initialize-saved_rect_fullscreen.patch - Renumber patches yet again. ==== nautilus ==== Version update (41.1 -> 41.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1 - Update to version 41.2: + Avoid cropping format popover in Compress dialog. + Fix "Move to"/"Copy to" from Starred. + Fix memory leak on tab switch. + Updated translations. ==== ncurses ==== Version update (6.3.20211127 -> 6.3.20220101) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20220101 + add section on releasing memory to curs_termcap.3x and curs_terminfo.3x manpages. - Add ncurses patch 20211225 + improve markup, e.g., for external manpage links in the manpages (prompted by report by Helge Kreutzmann). - Add ncurses patch 20211219 + install ncurses-examples programs in libexecdir, adding a wrapper script to invoke those. + add help-screen and screen-dump to test/combine.c - Rename package ncurses-tests to ncurses-examples as upstream does - Add ncurses patch 20211211 + add test/combine.c, to demo/test combining characters. - Add ncurses patch 20211204 + improve configure check for getttynam (report by Werner Fink). - Correct offsets of patch ncurses-6.3.dif ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Install PAM manual pages instead of the PDFs - specfile cleanup - Don't recommend ntfs-3g by default on TW, the kernel module got improved ==== perl-Bootloader ==== Version update (0.936 -> 0.937) - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ==== perl-HTTP-Message ==== Version update (6.35 -> 6.36) - updated to 6.36 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.36 2022-01-05 14:39:42Z - Fix examples in HTTP::Request::Common synopsis: HTTP::Request::Common does not put headers in an arrayref, unlike HTTP::Request (GH#170) (Karen Etheridge) - Update to contributing information (GH#171) (Håkon Hægland) ==== podman ==== Subpackages: podman-cni-config - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 ==== poppler ==== Version update (21.12.0 -> 22.01.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 - Update to 22.01.0: core: * Allow local (relative to dll) fonts dir on Windows * TextOutputDev: require more spacing between columns. Issue #1093 * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183 * Fix crash when calling Form::reset() * GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184 * Minor code improvements glib: * Include glib.h before using defines from it * Close file descriptors on error * Plug some memory leaks * Replace use of deprecated g_memdup/g_time_zone_new * Remove FD-taking functions on windows utils: * pdfsig: Add support for documents with passwords * pdfsig: Fix signing with -sign if nss password is needed ==== poppler-qt5 ==== Version update (21.12.0 -> 22.01.0) - Update to 22.01.0: core: * Allow local (relative to dll) fonts dir on Windows * TextOutputDev: require more spacing between columns. Issue #1093 * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183 * Fix crash when calling Form::reset() * GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184 * Minor code improvements glib: * Include glib.h before using defines from it * Close file descriptors on error * Plug some memory leaks * Replace use of deprecated g_memdup/g_time_zone_new * Remove FD-taking functions on windows utils: * pdfsig: Add support for documents with passwords * pdfsig: Fix signing with -sign if nss password is needed ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup - Workaround for spurious errors in dump-modules command (bsc#1194379): pulseaudio-dump-module-Ignore-invalid-module-init-tools.patch ==== qemu ==== - It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch ==== qpdf ==== Version update (10.4.0 -> 10.5.0) - add fix-signedness-warning.patch (build for aarch64) - update to 10.5.0: * Since qpdf version 8, using object accessor methods on an instance of ``QPDFObjectHandle`` may create warnings if the object is not of the expected type. These warnings now have an error code of ``qpdf_e_object`` instead of ``qpdf_e_damaged_pdf``. Also, comments have been added to :file:`QPDFObjectHandle.hh` to explain in more detail what the behavior is. See :ref:`object-accessors` for a more in-depth discussion. * Add ``Pl_Buffer::getMallocBuffer()`` to initialize a buffer allocated with ``malloc()`` for better cross-language interoperability. * Overhaul error handling for the object handle functions C API. Some rare error conditions that would previously have caused a crash are now trapped and reported, and the functions that generate them return fallback values. See comments in the ``ERROR HANDLING`` section of :file:`include/qpdf/qpdf-c.h` for details. In particular, exceptions thrown by the underlying C++ code when calling object accessors are caught and converted into errors. The errors can be checked by calling ``qpdf_has_error``. Use ``qpdf_silence_errors`` to prevent the error from being written to stderr. * Add ``qpdf_get_last_string_length`` to the C API to get the length of the last string that was returned. This is needed to handle strings that contain embedded null characters. * Add ``qpdf_oh_is_initialized`` and ``qpdf_oh_new_uninitialized`` to the C API to make it possible to work with uninitialized objects. * Add ``qpdf_oh_new_object`` to the C API. This allows you to clone an object handle. * Add ``qpdf_get_object_by_id``, ``qpdf_make_indirect_object``, and ``qpdf_replace_object``, exposing the corresponding methods in ``QPDF`` and ``QPDFObjectHandle``. - add build-without-pdf.patch to fix documentation installation - enable documentation build, enable tests, enable werror ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge(a)hallyn.com (B175CFA98F192AF2) * Christian Brauner christian(a)brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624) ==== sqlite3 ==== Version update (3.36.0 -> 3.37.1) - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient) ==== vim ==== Version update (8.2.3995 -> 8.2.4063) Subpackages: vim-data-common vim-small - disable-unreliable-tests-arch.patch: refresh - Updated to version 8.2.4063, fixes the following problems - fixes boo#1194559 CVE-2022-0156 * Not all sshconfig files are detected as such. * Vim9: type checking for list and dict lacks information about declared type. * Vim9: not enough testing for extend() and map(). * Asan error for adding zero to NULL. * Redundant check for NUL byte. * Coverity warns for checking for NULL pointer after using it. * Insert complete code uses global variables. * First char typed in Select mode can be wrong. * Error messages are spread out. * Old compiler complains about struct init with variable. * Error messages are spread out. * Vim9: crash when declaring variable on the command line. * Session does not restore help buffer properly when "options' is missing from 'sessionoptions'. * Error messages are spread out. * Reading one byte beyond the end of the line. * Error messages are spread out. * Test fails because of changed error number. * Error messages are spread out. * Build failure without the spell feature. * Git and gitcommit file types not properly recognized. * Build failure with tiny features. (Tony Mechelynck) * Vim9: incorrect error for argument that is shadowing var. * Gcc warns for misleading indent in Athena menu code. * ml_get error when win_execute redraws with Visual selection. * Vim9: import mechanism is too complicated. * Debugger test fails. * Missing part of the :import changes. * Two error messages in the wrong file. * Using uninitialized variable. * Confusing error message if imported name is used directly. * Error for import not ending in .vim does not work for .vimrc. * ml_get error with specific win_execute() command. (Sean Dewar) * ml_get error with :doautoall and Visual area. (Sean Dewar) * Debugging NFA regexp my crash, cached indent may be wrong. * A script local funcref is not found from a mapping. * Crash in xterm with only two lines. (Dominique Pellé) * ATTRIBUTE_NORETURN is not needed. * Running filetype tests leaves directory behind. * Coverity warns for possibly using a NULL pointer. * Timer triggered at the debug prompt may cause trouble. * Vim9: script test file is getting too long. * Insert mode completion is insufficiently tested. * Various code not used when features are disabled. * The xdiff library is linked in even when not used. * Keeping track of allocated lines in user functions is too complicated. * Using unitialized pointer. * Vim9: build error. * Using int for second argument of ga_init2(). * Vim9: no error when importing the same script twice. * Some global functions are only used in one file. * Some error messages not in the right place. * Depending on the build features error messages are unused. * gcc complains about use of "%p" in printf. * Vim9: reading before the start of the line with "$" by itself. * Vim9: need to prefix every item in an autoload script. * Compiler complains about possibly uninitialized variable. * Not easy to resize a window from a plugin. * Vim9: autoload mechanism doesn't fully work yet. * Vim9 script test fails. * Vim9: line break in expression causes v:errmsg to be filled. (Yegappan Lakshmanan) * Vim9: memory leak when exporting function in autoload script. * Vim9: not fully implementing the autoload mechanism. * Vim9: import test failure in wrong line. * Vim9: an expression of a map cannot access script-local items. (Maxim Kim) * win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick Howe) * Codecov bash script is deprecated. * Match highlighting of tab too short. * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) ==== wayland ==== Version update (1.19.0 -> 1.20.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Add wayland-shm-Close-file-descriptors-not-needed.patch: For platforms that support mremap(), we don't need to hold file descriptors all the time, because programs like Xwayland will hold a lot of file descriptors and may crash, this patch close file descriptors earlier for those platforms (bsc#1194190). - obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4 - Update to release 1.20 * A few protocol additions: wl_surface.offset allows clients to update a surface's buffer offset independently from the buffer, wl_output.name and description allow clients to identify outputs without depending on xdg-output-unstable-v1. * In protocol definitions, events have a new "type" attribute and can now be marked as destructors. * A number of bug fixes, including a race condition when destroying proxies in multi-threaded clients. ==== yast2 ==== Version update (4.4.34 -> 4.4.36) - Adapted Report.yesno_popup to Ruby 3 (bsc#1193192) - 4.4.36 - Simplify slide show to support future parallel installations (jsc#SLE-20437) - 4.4.35

1 0

New MicroOS snapshot 20220116 released!
by Richard Brown 18 Jan '22

18 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: gupnp (1.4.2 -> 1.4.3) shadow (4.9 -> 4.11.1) === Details === ==== gupnp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3: + ServiceProxy: - Properly propagate cancelled actions in deprecated calls. - Fix deprecated async calls, again. ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge(a)hallyn.com (B175CFA98F192AF2) * Christian Brauner christian(a)brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)

1 0

New Kubic snapshot 20220116 released!
by Richard Brown 18 Jan '22

18 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: shadow (4.9 -> 4.11.1) === Details === ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge(a)hallyn.com (B175CFA98F192AF2) * Christian Brauner christian(a)brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)

1 0

New MicroOS snapshot 20220115 released!
by Richard Brown 17 Jan '22

17 Jan '22

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (21.3.3 -> 21.3.4) Mesa-drivers (21.3.3 -> 21.3.4) cyrus-sasl ncurses (6.3.20211127 -> 6.3.20220101) perl-Bootloader (0.936 -> 0.937) pulseaudio vim === Details === ==== Mesa ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.3.4 * bugfix release ==== Mesa-drivers ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-dri Mesa-gallium - update to 21.3.4 * bugfix release ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ==== ncurses ==== Version update (6.3.20211127 -> 6.3.20220101) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20220101 + add section on releasing memory to curs_termcap.3x and curs_terminfo.3x manpages. - Add ncurses patch 20211225 + improve markup, e.g., for external manpage links in the manpages (prompted by report by Helge Kreutzmann). - Add ncurses patch 20211219 + install ncurses-examples programs in libexecdir, adding a wrapper script to invoke those. + add help-screen and screen-dump to test/combine.c - Rename package ncurses-tests to ncurses-examples as upstream does - Add ncurses patch 20211211 + add test/combine.c, to demo/test combining characters. - Add ncurses patch 20211204 + improve configure check for getttynam (report by Werner Fink). - Correct offsets of patch ncurses-6.3.dif ==== perl-Bootloader ==== Version update (0.936 -> 0.937) - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup - Workaround for spurious errors in dump-modules command (bsc#1194379): pulseaudio-dump-module-Ignore-invalid-module-init-tools.patch ==== vim ==== Subpackages: vim-data-common vim-small - disable-unreliable-tests-arch.patch: refresh

1 0