Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20220122
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
expat (2.4.2 -> 2.4.3)
gstreamer-plugins-bad
installation-images-MicroOS (17.33 -> 17.36)
ldb
libapparmor
nvme-cli (1.16 -> 2.0~0)
patterns-microos
psmisc (23.3 -> 23.4)
rpm-config-SUSE (0.g89 -> 0.g93)
sssd
systemd-rpm-macros (14 -> 15)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
==== expat ====
Version update (2.4.2 -> 2.4.3)
Subpackages: libexpat1
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0
- Drop conditionals for fdk_aac, explicitly add fdk-aac-free-devel
BuildRequires, and build it for the main package.
==== installation-images-MicroOS ====
Version update (17.33 -> 17.36)
- merge gh#openSUSE/installation-images#564
- do not reset standard file descriptors in inst_setup, linuxrc
takes care (bsc#1193910, jsc#SLE-18632)
- 17.36
- merge gh#openSUSE/installation-images#567
- Add RPi4 arm-trusted-firmware package (bsc#1173489)
- 17.35
- merge gh#openSUSE/installation-images#562
- adjust to recent samba re-packaging
- 17.34
==== ldb ====
- Modify packaging to allow parallel installation with libldb1
(bsc#1192684):
+ Private libraries are installed in %{_libdir}/ldb2/
+ Modules are installed in %{_libdir}/ldb2/modules
==== libapparmor ====
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
==== nvme-cli ====
Version update (1.16 -> 2.0~0)
- Fix zsh completion package depenedencies.
- Use osc_scm to manage upstream input source.
- Fix version string.
- Update Source URL and introduce a variable for the release canditate
version string.
- Update to v2.0-rc0
* Depends on libnvme
* rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch
* drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- added kde-gtk-config5-gtk3 to the KDE pattern, so that System Settings can also change GTK theming, which is generally used for flatpaks.
==== psmisc ====
Version update (23.3 -> 23.4)
- Update to 23.4:
* killall: Dynamically link to selinux and use security attributes
* pstree: Do not crash on missing processes !21
* pstree: fix layout when using -C !24
* pstree: add time namespace !25
* pstree: Dynamically link to selinux and use attr
* fuser: Get less confused about duplicate dev_id !10
* fuser: Only check pathname on non-block devices !31
- Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
- Port psmisc-22.21-pstree.patch
- Delete psmisc-v23.3-selinux.patch as not needed anymore
- Rename psmisc-v23.3.dif which is now psmisc-v23.4.dif with correct offsets
==== rpm-config-SUSE ====
Version update (0.g89 -> 0.g93)
- Update to version 0.g93:
* locale.attr: Match all files inside LC_MESSAGES (boo#1194865)
* remove leap_version as it's obsolete
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Upgrade LDB_DIR shell variable to %ldbdir macro.
==== systemd-rpm-macros ====
Version update (14 -> 15)
- Bump to version 15
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too