New ARM MicroOS snapshot 20220731 released! - openSUSE Kubic

2 Aug 2022


      Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&...
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&...
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
  ImageMagick (7.1.0.37 -> 7.1.0.44)
  avahi
  cockpit
  codec2 (1.0.3 -> 1.0.5)
  cups
  curl (7.83.1 -> 7.84.0)
  gpg2 (2.3.6 -> 2.3.7)
  kdump (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742)
  kernel-firmware (20220622 -> 20220714)
  libcap (2.64 -> 2.65)
  libdmtx (0.7.5 -> 0.7.7)
  libnettle (3.8 -> 3.8.1)
  libstorage-ng (4.5.31 -> 4.5.33)
  libuv (1.44.1 -> 1.44.2)
  perl
  polkit
  poppler (22.06.0 -> 22.07.0)
  poppler-qt5 (22.06.0 -> 22.07.0)
  redis (7.0.3 -> 7.0.4)
  shim
  yast2-bootloader (4.5.1 -> 4.5.2)
=== Details ===
==== ImageMagick ====
Version update (7.1.0.37 -> 7.1.0.44)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.0.44
  upstream changelog:
  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
  % ImageMagick-library-installable-in-parallel.patch (refreshed)
- update to 7.1.0.42:
  * incorrect pointer update when computing median @ ImageMagick/ImageMagick#5298
  * Added extra check because the flag was removed in 0.21-Beta1.
  * the -transparent-color option accepts colornames @ ImageMagick/ImageMagick#5297
  * fix MVG stroke-opacity issues
  * map channel parameter to pixel channel offset @ ImageMagick/ImageMagick#5308
  * beta release
  * preserve input depth @ ImageMagick/ImageMagick6#188
  * update to latest automake/autoconf release
  * recognize SVG file if it starts with whitespace @ ImageMagick/ImageMagick#5294
  * Removed unused stealth flag.
  * Removed used path field.
  * Removed unused target field.
  * Removed unused exempt field.
  * Added extra option to the skip spaces to the MagicInfo.
  * Always start at the start of the string when comparing the magic value.
  * cosmetic
  * avoid OMP deadlock @ ImageMagick/ImageMagick#5301
  * prevent undefined shift
  * prevent possible buffer overflow
  * correct copy/paste error
  * We need to free the stream ourselves when the call to FT_Open_Face fails.
  * Added missing call to DestroyString.
  * MVG requires seekable stream
  * Added extra malloc method to avoid early calls to the policy checks on Windows.
  * Removed defines.
  * Only check for dll's in non static build.
  * Set the client name and path earlier.
  * fix background opacity rounding @ ImageMagick/ImageMagick#5264
  * empty result on conversion from tiff to pdf @ ImageMagick/ImageMagick#5256
  * Corrected patch that was made for #5256.
  * Pass negative interline_spacing to pango
  * Also check extension to fix possible stack overflow.
  * eliminate possible buffer overflow
  * set group 4 photometric to min-is-white
  * dasharray requires non-zero values
  * eliminate compiler warning
  * only permit one rows/columns keyword
  * Moved allocation back to the correct spot to avoid bypassing SetImageExtent.
  * Also restore setting quantum_info to null.
  * eliminate uninitialized value warning
  * Make sure all text strings are freed when realloc fails.
  * Reset primitive_info inside RenderMVGContent because this address could point to another address.
  * Always check if .text is set instead.
  * eliminate uninitialized alpha pixel
  * recognize read-mask & write-mask for -channel option
  * eliminate compiler warning
  * fix scrambled image @ ImageMagick/ImageMagick#5291
  * yikes, misspelled 'level'
  * Fixed possible memory leak.
  * support floating point formats
  * initialize date:precision in private TimerComponentGenesis() method
  * check for -1 is not required
  * refactor date:precision flow
  * eliminate compiler warning
  * correct formulation of the phash normalization
  * phash normalization is conventional RMS calculation
  * only check shread count once
  * add private ShredMagickMemory() method to hide contents of memory buffers
    before they are relinquished
  * system:shred value has precedence over MAGICK_SHRED_PASSES
  * support shredding memory pools
  * update memory pointer
  * Silenced warning.
  * Corrected documentation.
  * first pass is fast for performance, second is crytographically strong
  * recommend shred value of 1 for performance reasons
  * only set the # of shred passes one time
  * if enabled, shred streams
  * unmap mapped pixels
  * default mapped member to false
  * don't shred streaming pixels
  * rework shred passes
  * optimize performance
  * change per lint advisement
  * typecast per lint advisement
  * eliminate compiler warning
  * eliminate lint warnings
  * eliminate lint warnings
  * support date:timestamp property
  * eliminate lint warnings
  * set timestamp from image->timestamp member
  * eliminate lint warnings
  * support MAGICK_DATE_PRECISION and registrydateprecision defines
  * support registry:precision define
  * need at least one policy defined
  * eliminate lint warnings
  * note, system:precision is deprecated
  * eliminate icc compiler warnings
  * eliminate icc compiler warnings
  * eliminate compiler warning
  * Reverted incorrect patch when doing auto-orient of an image that is
    right-top or left-bottom.#
  * Corrected conversion from flip to Orientation.
    ... changelog too long, skipping 22 lines ...
  * Also remove date:timestamp when stripping the image.
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7
- Move the dbus-1 system.d file to /usr (bsc#1201345)
==== cockpit ====
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- Update suse-microos-branding.patch for new /etc/os-release ID.
- Add storage-btrfs.patch to enable BTRFS use in cockpit-storage.
==== codec2 ====
Version update (1.0.3 -> 1.0.5)
- Update to version 1.0.5
  * Bump version to 1.0.5 to clearly delineate from various 1.0.4
    tags, otherwise the same as 1.0.4_rc2
- Update to version 1.0.4
  * 2020B,
  * build system and tools maintenance.
  * This RC fixes FreeDV API backwards compatibility issue in v1.0.4
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Move the dbus-1 system.d file to /usr (bsc#1201346)
==== curl ====
Version update (7.83.1 -> 7.84.0)
Subpackages: libcurl4
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
  * Security fixes:
  - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
  - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
  - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
  - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
  * Changes:
  - curl: add --rate to set max request rate per time unit
  - curl: deprecate --random-file and --egd-file
  - curl_version_info: add CURL_VERSION_THREADSAFE
  - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
  - lib: make curl_global_init() threadsafe when possible
  - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
  - opts: deprecate RANDOM_FILE and EGDSOCKET
  - socks: support unix sockets for socks proxy
  * Bugfixes:
  - aws-sigv4: fix potentional NULL pointer arithmetic
  - bindlocal: don't use a random port if port number would wrap
  - c-hyper: mark status line as status for Curl_client_write()
  - ci: avoid `cmake -Hpath`
  - CI: bump FreeBSD 13.0 to 13.1
  - ci: update github actions
  - cmake: add libpsl support
  - cmake: do not add libcurl.rc to the static libcurl library
  - cmake: enable curl.rc for all Windows targets
  - cmake: fix detecting libidn2
  - cmake: support adding a suffix to the OS value
  - configure: skip libidn2 detection when winidn is used
  - configure: use the SED value to invoke sed
  - configure: warn about rustls being experimental
  - content_encoding: return error on too many compression steps
  - cookie: address secure domain overlay
  - cookie: apply limits
  - copyright.pl: parse and use .reuse/dep5 for skips
  - copyright: make repository REUSE compliant
  - curl.1: add a few see also --tls-max
  - curl.1: mention exit code zero too
  - curl: re-enable --no-remote-name
  - curl_easy_pause.3: remove explanation of progress function
  - curl_getdate.3: document that some illegal dates pass through
  - Curl_parsenetrc: don't access local pwbuf outside of scope
  - curl_url_set.3: clarify by default using known schemes only
  - CURLOPT_ALTSVC.3: document the file format
  - CURLOPT_FILETIME.3: fix the protocols this works with
  - CURLOPT_HTTPHEADER.3: improve comment in example
  - CURLOPT_NETRC.3: document the .netrc file format
  - CURLOPT_PORT.3: We discourage using this option
  - CURLOPT_RANGE.3: remove ranged upload advice
  - digest: added detection of more syntax error in server headers
  - digest: tolerate missing "realm"
  - digest: unquote realm and nonce before processing
  - DISABLED: disable 1021 for hyper again
  - docs/cmdline-opts: add copyright and license identifier to each file
  - docs/CONTRIBUTE.md: document the 'needs-votes' concept
  - docs: clarify data replacement policy for MIME API
  - doh: remove UNITTEST macro definition
  - examples/crawler.c: use the curl license
  - examples: remove fopen.c and rtsp.c
  - FAQ: Clarify Windows double quote usage
  - fopen: add Curl_fopen() for better overwriting of files
  - ftp: restore protocol state after http proxy CONNECT
  - ftp: when failing to do a secure GSSAPI login, fail hard
  - GHA/hyper: enable debug in the build
  - gssapi: improve handling of errors from gss_display_status
  - gssapi: initialize gss_buffer_desc strings
  - headers api: remove EXPERIMENTAL tag
  - http2: always debug print stream id in decimal with %u
  - http2: reject overly many push-promise headers
  - http: restore header folding behavior
  - hyper: use 'alt-used'
  - krb5: return error properly on decode errors
  - lib: make more protocol specific struct fields #ifdefed
  - libcurl-security.3: add "Secrets in memory"
  - libcurl-security.3: document CRLF header injection
  - libssh: skip the fake-close when libssh does the right thing
  - links: update dead links to the curl-wiki
  - log2changes: do not indent empty lines [ci skip]
  - macos9: remove partial support
  - Makefile.am: fix portability issues
  - Makefile.m32: delete obsolete options, improve -On [ci skip]
  - Makefile.m32: delete two obsolete OpenSSL options [ci skip]
  - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
  - max-time.d: clarify max-time sets max transfer time
  - mprintf: ignore clang non-literal format string
  - netrc: check %USERPROFILE% as well on Windows
  - netrc: support quoted strings
  - ngtcp2: allow curl to send larger UDP datagrams
  - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
  - ngtcp2: enable Linux GSO
  - ngtcp2: extend QUIC transport parameters buffer
  - ngtcp2: fix alert_read_func return value
  - ngtcp2: fix typo in preprocessor condition
  - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
  - ngtcp2: send appropriate connection close error code
  - ngtcp2: support boringssl crypto backend
  - ngtcp2: use helper funcs to simplify TLS handshake integration
  - ntlm: provide a fixed fake host name
  - projects: fix third-party SSL library build paths for Visual Studio
    ... changelog too long, skipping 40 lines ...
  - x509asn1: mark msnprintf return as unchecked
==== gpg2 ====
Version update (2.3.6 -> 2.3.7)
Subpackages: dirmngr
- GnuPG 2.3.7:
  * CVE-2022-34903: garbled status messages could trick gpgme and
    other parsers to accept faked status lines [boo#1201225]
  * A number of bug fixes to the gpg command line interface
  * gpgsm gained a number of new options and got some rework on
    the PKCS#12 parser to support DFN issues keys
  * The gpg agent got some added options and UI tweaks
  * smart card support got a number of bug fixes, and improved
    support for Technology Nexus cards and Yubikey
  * The Telesec ESIGN application is now supported
==== kdump ====
Version update (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742)
- fix network-related dracut options handling for fadump case
- drop the elevator=deadline kernel option (bsc#1193211)
- fix broken URL in manpage (bsc#1187312)
==== kernel-firmware ====
Version update (20220622 -> 20220714)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20220714 (git commit 84661a3ba62f):
  * amdgpu: update DMCUB firmware for DCN 3.1.6
  * WHENCE: Correct dangling symlinks
  * Correct WHENCE entry for wfx firmware
  * bnx2: Drop unsupported Broadcom NetXtremeII firmware
  * bnx2: drop unsupported firmwares
  * bnx2: sort firmware names in filesystem order
  * Remove old Broadcom Everest (bnx2x) v4/5 firmware
  * drop Token Ring network firmwares
  * Drop TDA7706 radio firmware
  * Drop Intel WiMax firmware
  * Drop Computone IntelliPort Plus serial firmware
  * Drop ATM Ambassador devices firmware
  * brocade: drop old unsupported firmware revs
  * amdgpu: update yellow carp DMCUB firmware
  * linux-firmware: update firmware for MT7622 WiFi device
  * linux-firmware: update firmware for MT7922 WiFi device
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
  * linux-firmware: Update firmware file for Intel Bluetooth 9462
  * linux-firmware: Update firmware file for Intel Bluetooth 9462
  * linux-firmware: Update firmware file for Intel Bluetooth 9560
  * linux-firmware: Update firmware file for Intel Bluetooth 9560
  * linux-firmware: Update firmware file for Intel Bluetooth AX201
  * linux-firmware: Update firmware file for Intel Bluetooth AX201
  * linux-firmware: Update firmware file for Intel Bluetooth AX211
  * linux-firmware: Update firmware file for Intel Bluetooth AX211
  * linux-firmware: Update firmware file for Intel Bluetooth AX210
  * linux-firmware: Update firmware file for Intel Bluetooth AX200
  * linux-firmware: Update firmware file for Intel Bluetooth AX201
  * mediatek: Add SCP firmware for MT8186
  * rtw88: 8822c: Update normal firmware to v9.9.13
  * rtw88: 8822c: Update normal firmware to v9.9.12
- Drop obsoleted temporary patches:
  wfx-WHENCE-fix.diff
  brcm-symlink-fixes.diff
- Minor update of README.build
- Fix missing aliases for qlogic (bsc#1200889)
==== libcap ====
Version update (2.64 -> 2.65)
- update to 2.65:
  * Fix syntax error in DEBUG build of protected code in setcap.c.
  * Prevent bash from reading the wrong startup files when the capsh --user=xxx
    argument is used to invoke a shell as the user xxx. This is done by capsh now
    changing the USER and HOME environment variables when --user is specified.
    The argument --noenv can be used to suppress this behavior to what used to be
    the problematic default. (Bug: 215926)
  * Improved documentation
==== libdmtx ====
Version update (0.7.5 -> 0.7.7)
- update to 0.7.7:
  * bug 9: Prevent edifact barcode encoding '31' from user input
  * fix compiler warnings and build errors
  * properly handle error when decoding Base256 scheme
  * remove dead and irrelevant links in the README
  * Add validity checks in DecodeSchemeAscii()
  * Declare variables in DecodeSchemeAscii() locally.
  * Implement RsFindErrorLocatorPoly fix from shm0nya
-  drop libdmtx-DmtxPropRowPadBytes.patch (upstream)#
==== libnettle ====
Version update (3.8 -> 3.8.1)
Subpackages: libhogweed6 libnettle8
- update to 3.8.1:
  * Avoid non-posix m4 argument references in the chacha
    implementation for arm64, powerpc64 and s390x. Reported by
    Christian Weisgerber, fix contributed by Mamone Tarsha.
  * Use explicit .machine pseudo-ops where needed in s390x
    assembly files. Bug report by Andreas K. Huettel, fix
    contributed by Mamone Tarsha.
==== libstorage-ng ====
Version update (4.5.31 -> 4.5.33)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#892
- continue flushing pending holders if a device cannot be found
  (see bsc#1201880)
- coding style
- removed unneeded mockups
- 4.5.33
- Translated using Weblate (Czech) (bsc#1149754)
- 4.5.32
==== libuv ====
Version update (1.44.1 -> 1.44.2)
- update to 1.44.2:
  * Add SHA to ChangeLog
  * aix, ibmi: handle server hang when remote sends TCP RST
  * process: reset the signal mask if the fork fails
  * zos: implement cmpxchgi() using assembly
  * ibmi: Implement UDP disconnect
  * unix: simplify getpwuid call
  * process,iOS: fix build breakage in process.c
  * test: remove unused declarations in tcp_rst test
  * core: add thread-safe strtok implementation
  * test: fix flaky file watcher test
  * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang
  * win: fix unexpected ECONNRESET error on TCP socket
  * doc: make sample cross-platform build
  * test: separate some static variables by test cases
  * sunos: fs-event callback can be called after uv_close()
  * uv: re-register interest in a file after change
  * uv: register UV_RENAME event for _RFIM_UNLINK
  * uv: register __rfim_event 156 as UV_RENAME
  * release: check versions of autogen scripts are newer
  * test: rewrite embed test
  * unix: use MSG_CMSG_CLOEXEC where supported
  * test: remove disabled callback_order test
  * kqueue: skip EVFILT_PROC when invalidating fds
  * zos: don't err when killing a zombie process
  * zos: avoid fs event callbacks after uv_close()
  * zos: correctly format interface addresses names
  * zos: add uv_interface_addresses() netmask support
  * zos: improve memory management of ip addresses
  * tcp,pipe: fail `bind` or `listen` after `close`
  * zos: implement uv_available_parallelism()
  * udp,win: fix UDP compiler warning
  * zos: fix early exit of epoll_wait()
  * unix,tcp: fix errno handling in uv__tcp_bind()
  * shutdown,unix: reduce code duplication
  * unix: fix c99 comments
  * unix: retry tcgetattr/tcsetattr() on EINTR
  * unix,stream: optimize uv_shutdown() codepath
  * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset()
  * win,shutdown: improve how shutdown is dispatched
==== perl ====
Subpackages: perl-base
- fix build on ppc
  * updated patch: perl_skip_flaky_tests_powerpc.patch
==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0
- split out pkexec into seperate package to make system hardening
  easier (to avoid installing it jsc#PED-132 jsc#PED-148).
==== poppler ====
Version update (22.06.0 -> 22.07.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler122 poppler-tools
- update to 22.07.0:
  * Fix crash when filling in forms in some files. Issue #1258
  * Fix first lines of Annotations sometimes being cut off. Issue #1246
  * Signatures: Don't crash if the signature doesn't have a common name
  * CairoFontEngine: increment font_face reference when retrieving from the cache
  * Add ToUnicode support for lessorequalslant and greaterorequalslant
  glib:
  * Add support for stamp annotation
- add gpg keyring validation for the release tarball
- drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream)
- Add da226d346e691f7545d995d6761d43e08855a3b7.patch --
  CairoFontEnginer: increment font_face reference when retrieving
  from the cache; this fixes crashes with certain pdfs
  [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212].
==== poppler-qt5 ====
Version update (22.06.0 -> 22.07.0)
- update to 22.07.0:
  * Fix crash when filling in forms in some files. Issue #1258
  * Fix first lines of Annotations sometimes being cut off. Issue #1246
  * Signatures: Don't crash if the signature doesn't have a common name
  * CairoFontEngine: increment font_face reference when retrieving from the cache
  * Add ToUnicode support for lessorequalslant and greaterorequalslant
  glib:
  * Add support for stamp annotation
- add gpg keyring validation for the release tarball
- drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream)
- Add da226d346e691f7545d995d6761d43e08855a3b7.patch --
  CairoFontEnginer: increment font_face reference when retrieving
  from the cache; this fixes crashes with certain pdfs
  [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212].
==== redis ====
Version update (7.0.3 -> 7.0.4)
- Security update to version 7.0.4
  (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
  key in a specific state may result with heap overflow, and potentially
  remote code execution. The problem affects Redis versions 7.0.0 or newer.
==== shim ====
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
    is unstable for building out a stable shim binary for signing. (bsc#1198458)
  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
    not for openSUSE. (bsc#1198458)
==== yast2-bootloader ====
Version update (4.5.1 -> 4.5.2)
- Execute the command grub2-mkpasswd-pbkdf2 in the target system
  so the module can run in a minimal container (bsc#1199840).
- 4.5.2