New ARM Kubic snapshot 20220508 released!
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20220508
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
bluez
bzip2
fillup
fmt
freetype2 (2.12.0 -> 2.12.1)
fuse3 (3.10.5 -> 3.11.0)
gpg2 (2.3.4 -> 2.3.6)
kustomize
libapparmor
libdnf (0.66.0 -> 0.67.0)
libnetfilter_cthelper (1.0.0 -> 1.0.1)
libnetfilter_cttimeout (1.0.0 -> 1.0.1)
libqmi (1.30.4 -> 1.30.6)
libseccomp (2.5.3 -> 2.5.4)
libunwind (1.5.0 -> 1.6.2)
libxcb (1.14 -> 1.15)
libxml2 (2.9.13 -> 2.9.14)
mozilla-nss (3.76.1 -> 3.77)
open-iscsi
python-SQLAlchemy (1.4.35 -> 1.4.36)
raspberrypi-firmware-dt (2022.02.25 -> 2022.04.24)
rpm
snapper (0.10.1 -> 0.10.2)
sqlite3 (3.38.2 -> 3.38.3)
vim (8.2.4745 -> 8.2.4877)
weave
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
(boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
==== bluez ====
- add Requires(post): systemd for bluez-auto-enable-devices
* fixes boo#1198906
==== bzip2 ====
- Port rpmlintrc format to rpmlint 2.x.
==== fillup ====
- use https as url
==== fmt ====
- Replace obsolete macro %make_jobs by %cmake_build
==== freetype2 ====
Version update (2.12.0 -> 2.12.1)
- drop revert-ft212-subpixel-hinting-change.patch: upstream
- Update to 2.12.1:
- Loading CFF fonts sometimes made FreeType crash (bug introduced in
version 2.12.0)
- Loading a fully hinted TrueType glyph a second time (without
caching) sometimes yielded different rendering results if TrueType
hinting was active (bug introduced in version 2.12.0).
- The generation of the pkg-config file `freetype2.pc` was broken if
the build was done with cmake (bug introduced in version 2.12.0).
- The meson build no longer enforces both static and dynamic
versions of the library by default.
- The internal zlib library was updated to version 1.2.12. Note,
however, that FreeType is *not* affected by CVE-2018-25032 since
it only does decompression.
- Drop freetype-2.12.0-cff_slot_load-segfault.patch
- Drop 079a22da037835daf5be2bd9eccf7bc1eaa2e783.patch
==== fuse3 ====
Version update (3.10.5 -> 3.11.0)
- Update to version 3.11.0:
* Add support for flag FOPEN_NOFLUSH for avoiding flush on close.
* Fixed returning an error condition to ioctl(2)
==== gpg2 ====
Version update (2.3.4 -> 2.3.6)
- GnuPG 2.3.6:
* Up to five times faster verification of detached signatures,
doubled detached signing speed, threefold decryption speedup
for large files, nearly double the AES256.OCB encryption speed
* Add support for GeNUA cards
* Added and improved options for crypto options, and all-around
bug fixes
==== kustomize ====
- Remove dependency on binutils-gold as the package will be removed
in the future. Gold linker is unmaintained by the upstream project.
==== libapparmor ====
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
(boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
==== libdnf ====
Version update (0.66.0 -> 0.67.0)
Subpackages: libdnf-repo-config-zypp libdnf2
- Update to 0.67.0:
* Add 'loongarch' support
* Use dnf solv userdata to check versions and checksum (rh#2027445)
* context: Substitute all repository config options (rh#2076853)
==== libnetfilter_cthelper ====
Version update (1.0.0 -> 1.0.1)
- Update to release 1.0.1
* Allow build on uclinux
* Resolve use-after-free in nfct_helper_free()
* Resolve double free in nfct-helper-add example
* Fixed incorrect netlink message building with multiple nfct
helper policies
- Drop fix_h_expect_policy_free.patch (merged)
==== libnetfilter_cttimeout ====
Version update (1.0.0 -> 1.0.1)
- Update to release 1.0.1
* Allow building on uclinux
==== libqmi ====
Version update (1.30.4 -> 1.30.6)
- Update to 1.30.6
* meson: fix 'export_packages' in GIR setup.
* net-port-manager: use unaligned netlink attribute length.
- Drop the unneeded rpmlintrc file
==== libseccomp ====
Version update (2.5.3 -> 2.5.4)
- Deactive python3 by default, it's just not a good idea for ring0.
- Update to release 2.5.4
* Update the syscall table for Linux v5.17.
* Fix minor issues with binary tree testing and with empty
binary trees.
* Minor documentation improvements including retiring the
mailing list.
- buildrequire python-rpm-macros
- reenable python bindings at least for the distro default python3
package:
- adds make-python-build.patch
==== libunwind ====
Version update (1.5.0 -> 1.6.2)
- update to 1.6.2:
* Fix off-by-one error in x86_64 stack frames
* Fix error in aarch64 unw_sigcontext
* resolve possible null pointer dereference
* Switch to C11 atomics
* RISC-V support
* aarch64 getcontext functionality
==== libxcb ====
Version update (1.14 -> 1.15)
Subpackages: libxcb-render0 libxcb-shm0 libxcb1
- buildrequire xcb-proto >= 1.15
- Update to version 1.15
* xcb_auth: Quiet -Wimplicit-fallthrough warning in get_authptr()
* Fix integer overflows in xcb_in.c
* Use the 'present' field to properly check that the XC-MISC
* Fix a memory leak
* Increment libtool version info for libxcb-dri3
* Add newline when printing auth/connection failure string to stderr
* Fix build on Windows
* Fix writev emulation on Windows
* c_client.py: Extract get_expr_field_names()
* c_client.py: Use get_expr_field_names directly to resolve list fields
* c_client: Extract _c_get_field_mapping_for_expr()
* c_client.py: Implement handling of <length> element
* tests: don't use deprecated fail_unless check API
* gitignore: add files generated by make check
* Avoid request counter truncation in replies map after 2**32 requests
* Fix hang in xcb_request_check()
* Improve/fix docs for reply fds functions
==== libxml2 ====
Version update (2.9.13 -> 2.9.14)
Subpackages: libxml2-2 libxml2-tools
- Update to 2.9.14:
* Security:
+ [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
+ Fix potential double-free in xmlXPtrStringRangeFunction
+ Fix memory leak in xmlFindCharEncodingHandler
+ Normalize XPath strings in-place
+ Prevent integer-overflow in htmlSkipBlankChars() and
xmlSkipBlankChars()
+ Fix leak of xmlElementContent
* Bug fixes:
+ Fix parsing of subtracted regex character classes
+ Fix recursion check in xinclude.c
+ Reset last error in xmlCleanupGlobals
+ Fix certain combinations of regex range quantifiers
+ Fix range quantifier on subregex
* Improvements:
+ Fix recovery from invalid HTML start tags
* Build system, portability:
+ Define LFS macros before including system headers
+ Initialize XPath floating-point globals
+ configure: check for icu DEFS
+ configure.ac: produce tar.xz only (GNOME policy)
+ CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
+ Fix build with older Python versions
+ Fix --without-valid build
==== mozilla-nss ====
Version update (3.76.1 -> 3.77)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Updated to latest upstream version, tagged 2.1.7. Changes
included:
* updated/fixed test script
* updated build system
* several bug fixes, including one for bsc#1199264
==== python-SQLAlchemy ====
Version update (1.4.35 -> 1.4.36)
- update to 1.4.36:
* details on https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.36
* Fixed regression where the change made for #7861, released in version
1.4.33, that brought the Insert construct to be partially recognized as an
ORM-enabled statement
* Modified the DeclarativeMeta metaclass to pass cls.__dict__ into the
declarative scanning process to look for attributes, rather than the
separate dictionary passed to the type?s __init__() method
* Fixed a memory leak in the C extensions which could occur when calling upon
named members of Row when the member does not exist under Python 3
* Added a warning regarding a bug which exists in the Result.columns() method
when passing 0 for the index in conjunction with a Result that will return
a single ORM entity, which indicates that the current behavior of
Result.columns() is broken in this case as the Result object will yield scalar
values and not Row objects
* Fixed bug where ForeignKeyConstraint naming conventions using the
referred_column_0 naming convention key would not work if the foreign key
constraint were set up as a ForeignKey object rather than an explicit
ForeignKeyConstraint object.
==== raspberrypi-firmware-dt ====
Version update (2022.02.25 -> 2022.04.24)
- Use last patch commit date instead patch creation date when creating
device tree archive and package version. Patch creation date could be
much earlier than patch commit date, which could mislead which patches
are included inside the package.
For example:
commit 7e72dd813a175ea7bf166655217ce60fbd7d4a21
Author: Dom Cobley
participants (1)
-
Guillaume Gardet