Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20210128 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cockpit-podman (25 -> 26) dmidecode gettext-runtime libfido2 (1.5.0 -> 1.6.0) ncurses (6.2.20210109 -> 6.2.20210116) oath-toolkit (2.6.5 -> 2.6.6) openssh python-pyserial (3.4 -> 3.5) python-setuptools raspberrypi-firmware (2021.01.15 -> 2021.01.21) raspberrypi-firmware-config (2021.01.15 -> 2021.01.21) raspberrypi-firmware-dt rdma-core sudo (1.9.5p1 -> 1.9.5p2) system-users sysuser-tools xfsprogs (5.9.0 -> 5.10.0) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) ==== cockpit-podman ==== Version update (25 -> 26) - new version 26 https://github.com/cockpit-project/cockpit-podman/releases/tag/26 ==== dmidecode ==== 2 recommended fixes from upstream: - dmidecode-fix-the-condition-error-in-ascii_filter.patch: dmidecode: Fix the condition error in ascii_filter. - dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash with -u option. ==== gettext-runtime ==== Subpackages: libtextstyle0 - fixup libtextstyle autofoo with adding use-acinit-for-libtextstyle.patch ==== libfido2 ==== Version update (1.5.0 -> 1.6.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.6.0: * Fix OpenSSL 1.0 and Cygwin builds. * hid_linux: fix build on 32-bit systems. * hid_osx: allow reads from spawned threads. * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch - Do not build examples as their build fails ==== ncurses ==== Version update (6.2.20210109 -> 6.2.20210116) Subpackages: libncurses6 ncurses-utils terminfo-base - Don't skip test for qemu builds - Add ncurses patch 20210116 + add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS (report by Patrick McDermott) -TD + make opts extension for getcchar work as documented for ncurses 6.1, adding "-g" flag to test/demo_new_pair to illustrate. ==== oath-toolkit ==== Version update (2.6.5 -> 2.6.6) Subpackages: liboath0 oath-toolkit-xml - Update to version 2.6.6 * oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as '-' to mean stdin, or @FILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak. * pam_oath: Fix unlikely logic fail on out of memory conditions. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add openssh-fix-ssh-copy-id.patch, which fixes breakage introduced in 8.4p1 (bsc#1181311). - Improve robustness of sshd init detection when upgrading from a pre-systemd distribution. - Add openssh-reenable-dh-group14-sha1-default.patch, which adds diffie-hellman-group14-sha1 key exchange back to the default list (bsc#1180958). This is needed for backwards compatibility with older platforms. - Make sure sshd is enabled correctly when upgrading from a pre-systemd distribution (bsc#1180083). ==== python-pyserial ==== Version update (3.4 -> 3.5) - update to version 3.5: New Features: [#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module) Improvements: [#315] Use absolute import everywhere [#354] Make ListPortInfo hashable [#372] threaded: "write" returns byte count [#400] Add bytesize and stopbits argument parser to tcp_serial_redirect [#408] loop: add out_waiting [#495] list_ports_linux: Correct "interface" property on Linux hosts [#500] Remove Python 3.2 and 3.3 from test [#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates miniterm: add CTRL+T Q as alternative to exit miniterm: suspend function key changed to CTRL-T Z add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports). python -m serial opens miniterm (use w/o args and it will print port list too) [experimental] Bugfixes: [#371] Don't open port if self.port is not set while entering context manager [#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException [#261, #263] list_ports: set default name attribute [#286] fix: compare only of the same type in list_ports_common.ListPortInfo rfc2217/close(): fix race-condition [#305] return b'' when connection closes on rfc2217 connection [#386] rfc2217/close(): fix race condition Fixed flush_input_buffer() for situations where the remote end has closed the socket. [#441] reset_input_buffer() can hang on sockets examples: port_publisher python 3 fixes [#324] miniterm: Fix miniterm constructor exit_character and menu_character [#326] miniterm: use exclusive access for native serial ports by default [#497] miniterm: fix double use of CTRL-T + s use z for suspend instead [#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr [#265] posix: fix PosixPollSerial with timeout=None and add cancel support [#290] option for low latency mode on linux [#335] Add support to xr-usb-serial ports [#494] posix: Don't catch the SerialException we just raised [#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux [#509 #518] list_ports: use hardcoded path to library on osx [#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur [#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon ==== python-setuptools ==== - We cannot remove vendored packages when generating setuptools wheel (bsc#1177127). ==== raspberrypi-firmware ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-config ==== Version update (2021.01.15 -> 2021.01.21) - Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616): * firmware: Export bootloader config via device-tree * firmware: ISP: Colour denoise * firmware: platform: Define DVFS modes and change default to be fixed AVS voltage * firmware: arm_loader: Auto-select 64-bit for kernel8.img * firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun ==== raspberrypi-firmware-dt ==== - Introduce upstream-blconfig-rmem.patch for firmware to be able to define firmware's configuration reserved memory (jsc#SLE-16616) ==== rdma-core ==== Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon is loaded at boot if enabled (bsc#1180196) ==== sudo ==== Version update (1.9.5p1 -> 1.9.5p2) - Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-nobody - Add system-user-vscan subpackage with vscan user and group and /var/spool/amavis as home directory - Remove kvm group from hardware subpackage, since kvm is in its own subpackage (jsc#SLE-11629). - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf - Don't add group nogroup to user nobody, as many daemons misuse 'nogroup' as own group - Use test -x instead of -f - Call usermod only if installed - Align /var/lib/tss permissions with trousers (boo#1162360). - Add tss user for TPM tools (boo#1162360). - Remove s390 groups again. The s390-tools maintainer wants to add groups in s390-tools manually. - Add system-user-tftp subpackage with tftp user and group and /srv/tftpboot as home directory [bsc#1143454]. - Add cpacfstats, ts-shell, and zkeyadm groups for s390-tools (bsc#1123730) - Add "render" group in system-group-hardware (bsc#1085847) "uaccess" tag has been dropped from /dev/dri/renderD* and these devices now have 0666 permsions by default is owned by the render group. - Change home directory of user man to /var/lib/empty. Home directories below /var/cache are by definition insecure and a bad idea. - uuidd does not need group daemon, Copy&Paste error. - udev needs groups kvm and lp: [bsc#1058703] - Add group kvm to system-group-hardware - Move group lp from system-user-lp to system-group-hardware - Add system-user-uuidd.conf (boo#1057937#c3). - user nobody: move usermod to %post, else it will be executed before the user is created. - Drop pkgconfig(systemd) BuildRequires: we no longer depend on systemd-sysusers, but converted to shadow toolset. - Move group trusted into system-user-root package [bsc#1044014] - Move system-user-root into own package - Fix syntax of groups in system-user-root.conf - Add utmp to system-group-hardware.conf like systemd has - Create new system-user-root sub-package creating passwd, group and shadow files with root user. - BuildRequire pkgconfig(systemd) instead of systemd: this allows OBS to pick systemd-mini, which is still good enough. And ultimately it helps us break a build cycle (system-users - libssh2_org - curl - systemd - system-users). - BuildIgnore group(lock) and group(daemon) for ourselves, needed for bootstrap. - /bin/bash is needed as shell for user nobody - Add upsd for UPS daemon packages. - Prerequire group lock for uucp - Allow user uucp to do locking - Fix group ownership of /var/lib/wwwrun - Add group sys to system-group-obsolete - Add systemusers lp and nobody - Add systemusers wwwrun, mail and ftp - Add hardware access groups: kmem, lock, tty, audio, cdrom, dialout, disk, input, tape, video - Add group wheel - Remove /var/spool/uucp directories... - Change license to MIT - Add subpackages for obsolete groups and trusted group - Add subpackages for bin, daemon, news and man - Adjust to new sysuser-tools - Use automatic provides and generate %pre with a script - fix uids and add also groups - Create users in %pre install section - Add /etc/uucp to filelist of system-user-uucp - Add system account games - Initial version with system account uucp ==== sysuser-tools ==== - useradd_or_adduser_dep must be PreReq so ordering makes sure it gets installed before. - suggest shadow where useradd_or_adduser_dep is actually required - Avoid useless use of cat - Simplify %sysusers_requires - Drop shebang, rpm passes it to /bin/sh itself - Packages providing users need /usr/bin/cat installed to create them. Add that to the PreRequires. - Create system groups for system users - Fix bug introduced by simplification of check for useradd -g - Refactor use of sed away - Use eval set -- $LINE instead of read for parsing - Clean up sysusers2shadow and make it use only /bin/sh - Don't let busybox adduser create the home directory, it breaks permissions of e.g. /sbin (home of daemon) - Use only /bin/sh in sysusers-generate-pre and the generated code - Drop use of tail from the generated %pre scriptlets - Look for /bin/busybox, too - Add special handling for busybox and groups - Use suggests shadow to prefer that over busybox in normal systems - Add support for busybox adduser/addgroup - Change requirements from shadow to useradd_or_adduser_dep - Fix default home directory [bsc#1105934] - Use _rpmmacrodir for macro file - Further enhance sysusers-generate-pre: inside the build environment, it can be acceptable to be failing to create the users (e.g when building sysuser-tools or system-user-root, since those two packages have to be speificallty excluded). Always return with error code 0 if /.buildenv exists. - sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod call fails: the resulting system is quite undefined if this should happen. - sysusers-generate-pre: exit the pre script with the exit code of sysusers2shadow.sh. - sysuser-tools needs to require sysuser-shadow - Add requires for shadow to sysuser-shadow - Put helper script into own subpackage - Convert sysusers config file to shadow arguments and use shadow suite to create user and groups. Fixes [bsc#1041497] and serveral dependency loops. - Don't ignore errors of systemd-sysusers [bsc#1039708] - Don't remove 'm' and 'r' entries from sysusers configuration - Add macros.sysusers - initial package ==== xfsprogs ==== Version update (5.9.0 -> 5.10.0) - update to 5.10.0: - xfs_repair: remove old code for mountpoint inodes - xfsprogs: Add inode btree counter feature - xfsprogs: Add bigtime feature for Y2038 - xfsprogs: Polish translation update - mkfs.xfs: Add config file feature - mkfs.xfs: allow users to specify rtinherit=0 - xfs_repair: simplify bmap_next_offset - man: various manpage updates - libxfs: remove some old dead code - libxfs: add realtime extent tracking - libxfs changes merged from kernel 5.10 - refresh 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch against libxfs changes