New ARM Kubic snapshot 20211127 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20211127 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ceph (16.2.6.462+g5fefbbf8888 -> 16.2.6.463+g22e7612f9ad) dbus-1 gpg2 (2.2.27 -> 2.3.3) installation-images-MicroOS (17.22 -> 17.27) librsvg (2.52.3 -> 2.52.4) ncurses (6.3.20211115 -> 6.3.20211120) python-PyYAML (5.4.1 -> 6.0) python-psutil toolbox (2.2+git20210823.dd0fff8 -> 2.2+git20211124.09791b1) === Details === ==== ceph ==== Version update (16.2.6.462+g5fefbbf8888 -> 16.2.6.463+g22e7612f9ad) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.2.6-463-g22e7612f9ad: + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links - Preservation of Bugzilla, Jira and CVE citations from earlier incarnations of this changes file after double-checking that none of these fixes got lost in the pacific rebase: + bsc#1163764 (--container-init feature cherry-picked to octopus) + bsc#1170200 (mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically) + bsc#1172926 (mgr/orchestrator: Sort 'ceph orch device ls' by host) + bsc#1173079 (mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster) + bsc#1174466 (mon: have 'mon stat' output json as well) + bsc#1174526 (mgr/dashboard: allow getting fresh inventory data from the orchestrator) + bsc#1174529 (rpm: on SUSE, podman is required for cephadm to work) + bsc#1174644 (cephadm: log to file) + bsc#1175120 (downstream branding) + bsc#1175161 (downstream branding) + bsc#1175169 (downstream branding) + bsc#1176390 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176451 (Drop patch "rpm: on SUSE, podman is required for cephadm to work") + bsc#1176489 (mgr/cephadm: lock multithreaded access to OSDRemovalQueue) + bsc#1176499 (mgr/cephadm: fix RemoveUtil.load_from_store()) + bsc#1176638 (ceph-volume: batch: call the right prepare method) + bsc#1176679 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176828 (cephadm: command_unit: call systemctl with verbose=True) + bsc#1177078 (mgr/dashboard: Fix bugs in a unit test and i18n translation) + bsc#1177151 (python-common: do not skip unavailable devices) + bsc#1177319 (--container-init feature cherry-picked to octopus) + bsc#1177344 (mgr/dashboard: support Orchestrator and user-defined Ganesha cluster) + bsc#1177360 (cephadm: silence "Failed to evict container" log msg) + bsc#1177450 (ceph-volume: don't exit before empty report can be printed) + bsc#1177643 (Revert "spec: Podman (temporarily) requires apparmor-abstractions on suse") + bsc#1177676 (cephadm: allow uid/gid == 0 in copy_tree, copy_files, move_files) + bsc#1177843 (CVE-2020-25660) + bsc#1177857 (mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails) + bsc#1177933 (cephadm: configure journald as the logdriver) + bsc#1178531 (cephadm: set default container_image to registry.suse.com/ses/7/ceph/ceph) + bsc#1178837 (rgw: cls/user: set from_index for reset stats calls) + bsc#1178860 (mgr/dashboard: Disable TLS 1.0 and 1.1) + bsc#1178905 (CVE-2020-25678) + bsc#1178932 (cephadm: reference the last local image by digest) + bsc#1179016 (rpm: require smartmontools on SUSE) + bsc#1179452 (mgr/insights: Test environment requires 'six') + bsc#1179526 (rgw: during GC defer, prevent new GC enqueue) + bsc#1179569 (cephadm: reference the last local image by digest) + bsc#1179802 (CVE-2020-27781) + bsc#1179997 (CVE-2020-27839) + bsc#1180107 (ceph-volume: pass --filter-for-batch from drive-group subcommand) + bsc#1180155 (CVE-2020-27781) + bsc#1181291 (mgr/cephadm: alias rgw-nfs -> nfs) + bsc#1182766 (cephadm: fix 'inspect' and 'pull') + bsc#1183074 (CVE-2021-20288) + bsc#1183561 (mgr/cephadm: on ssh connection error, advice chmod 0600) + bsc#1183899 (bluestore: fix huge reads/writes at BlueFS) + bsc#1184231 (cephadm: Allow to use paths in all <_devices> drivegroup sections) + bsc#1184517 (cls/rgw: look for plane entries in non-ascii plain namespace too) + bsc#1185246 (rgw: check object locks in multi-object delete) + bsc#1185619 (CVE-2021-3524) + bsc#1185619 (CVE-2021-3524) + bsc#1186020 (CVE-2021-3531) + bsc#1186021 (CVE-2021-3509) + bsc#1186348 (mgr/zabbix: adapt zabbix_sender default path) + bsc#1188979 ("mgr/cephadm: pass --container-init to "cephadm deploy" if specified" and "Revert "cephadm: default container_init to False") + bsc#1189173 (downstream branding) + jsc#SES-1071 (ceph-volume: major batch refactor - upstream PR#34740) + jsc#SES-185 (SES support with cache software) + jsc#SES-704 (mgr/snap_schedule) ==== dbus-1 ==== Subpackages: libdbus-1-3 - Add CONFIG parameter to %sysusers_generate_pre - Added BuildRequires alts for libalternatives. - Fixed spec file regarding removing old update-alternatives entries. - Use libalternatives instead of update-alternatives. ==== gpg2 ==== Version update (2.2.27 -> 2.3.3) - GnuPG 2.3.3: * agent: Fix segv in GET_PASSPHRASE (regression) * dirmngr: Fix Let's Encrypt certificate chain validation * gpg: Change default and maximum AEAD chunk size to 4 MiB * gpg: Print a warning when importing a bad cv25519 secret key * gpg: Fix --list-packets for undecryptable AEAD packets * gpg: Verify backsigs for v5 keys correctly * keyboxd: Fix checksum computation for no UBID entry on disk * keyboxd: Fix "invalid object" error with cv448 keys * dirmngr: New option --ignore-cert * agent: Fix calibrate_get_time use of clock_gettime * Support a gpgconf.ctl file under Unix and use this for the regression tests - GnuPG 2.3.2: * gpg: Allow fingerprint based lookup with --locate-external-key. * gpg: Allow decryption w/o public key but with correct card inserted. * gpg: Auto import keys specified with --trusted-keys. * gpg: Do not use import-clean for LDAP keyserver imports. * gpg: Fix mailbox based search via AKL keyserver method. * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. * gpg: Use a more descriptive prompt for symmetric decryption. * gpg: Improve speed of secret key listing. * gpg: Support keygrip search with traditional keyring. * gpg: Let --fetch-key return an exit code on failure. * gpg: Emit the NO_SECKEY status again for decryption. * gpgsm: Support decryption of password based encryption (pwri). * gpgsm: Support AES-GCM decryption. * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. * gpgsm: Fix finding of issuer in use-keyboxd mode. * gpgsm: New option --ldapserver as an alias for --keyserver. * agent: Use SHA-256 for SSH fingerprint by default. * agent: Fix calling handle_pincache_put. * agent: Fix importing protected secret key. * agent: Fix a regression in agent_get_shadow_info_type. * agent: Add translatable text for Caps Lock hint. * agent: New option --pinentry-formatted-passphrase. * agent: Add checkpin inquiry for pinentry. * agent: New option --check-sym-passphrase-pattern. * agent: Use the sysconfdir for a pattern file. * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. * dirmngr: LDAP search by a mailbox now ignores revoked keys. * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. * dirmngr: Allow for non-URL specified ldap keyservers. * dirmngr: New option --ldapserver. * dirmngr: Fix regression in KS_GET for mail address pattern. * card: New option --shadow for the list command. * tests: Make sure the built keyboxd is used. * scd: Fix computing shared secrets for 512 bit curves. * scd: Fix unblock PIN by a Reset Code with KDF. * scd: Fix PC/SC removed card problem. * scd: Recover the partial match for PORTSTR for PC/SC. * scd: Make sure to release the PC/SC context. * scd: Fix zero-byte handling in ECC. * scd: Fix serial number detection for Yubikey 5. * scd: Add basic support for AET JCOP cards. * scd: Detect external interference when --pcsc-shared is in use. * scd: Fix access to the list of cards. * gpgconf: Do not list a disabled tpm2d. * gpgconf: Make runtime changes with different homedir work. * keyboxd: Fix searching for exact mail adddress. * keyboxd: Fix searching with multiple patterns. * tools: Extend gpg-check-pattern. * wkd: Fix client issue with leading or trailing spaces in user-ids. * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. * Change the default keyserver to keyserver.ubuntu.com. This is a temporary change due to the shutdown of the SKS keyserver pools. - GnuPG 2.3.1: * The new configuration file common.conf is now used to enable the use of the key database daemon with "use-keyboxd". Using this option in gpg.conf and gpgsm.conf is supported for a transitional period. See doc/example/common.conf for more. * gpg: Force version 5 key creation for ed448 and cv448 algorithms. * gpg: By default do not use the self-sigs-only option when importing from an LDAP keyserver. * gpg: Lookup a missing public key of the active card via LDAP. * gpgsm: New command --show-certs. * scd: Fix CCID driver for SCM SPR332/SPR532. * scd: Further improvements for PKCS#15 cards. * New configure option --with-tss to allow the selection of the TSS library. - Rebase patches: * gnupg-add_legacy_FIPS_mode_option.patch * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-dont-fail-with-seahorse-agent.patch * gnupg-set_umask_before_open_outfile.patch - GnuPG 2.3.0: * A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. * New tool gpg-card as a flexible frontend for all types of supported smartcards. * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent. * The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed. * tpm2d: New daemon to physically bind keys to the local machine. * gpg: Switch to ed25519/cv25519 as default public key algorithms. * gpg: Verification results now depend on the --sender option and the signer's UID subpacket. * gpg: Do not use any 64-bit block size cipher algorithm for encryption. Use AES as last resort cipher preference instead of 3DES. This can be reverted using --allow-old-cipher-algos. * gpg: Support AEAD encryption mode using OCB or EAX. * gpg: Support v5 keys and signatures. * gpg: Support curve X448 (ed448, cv448). * gpg: Allow use of group names in key listings. * gpg: New option --full-timestrings to print date and time. * gpg: New option --force-sign-key. * gpg: New option --no-auto-trust-new-key. * gpg: The legacy key discovery method PKA is no longer supported. The command --print-pka-records and the PKA related import and export options have been removed. * gpg: Support export of Ed448 Secure Shell keys. * gpgsm: Add basic ECC support. * gpgsm: Support creation of EdDSA certificates. [#4888] * agent: Allow the use of "Label:" in a key file to customize the pinentry prompt. * agent: Support ssh-agent extensions for environment variables. With a patched version of OpenSSH this avoids the need for the "updatestartuptty" kludge. * scd: Improve support for multiple card readers and tokens. * scd: Support PIV cards. * scd: Support for Rohde&Schwarz Cybersecurity cards. * scd: Support Telesec Signature Cards v2.0 * scd: Support multiple application on certain smartcard. * scd: New option --application-priority. * scd: New option --pcsc-shared; see man page for important notes. * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. * The symcryptrun tool, a wrapper for the now obsolete external Chiasmus tool, has been removed. * Full Unicode support for the command line. - dropped legacy commands: gpg-zip ==== installation-images-MicroOS ==== Version update (17.22 -> 17.27) - merge gh#openSUSE/installation-images#550 - always include bash -> sh link - 17.27 - merge gh#openSUSE/installation-images#549 - use xz with threading to compress the initrd - 17.26 - merge gh#openSUSE/installation-images#546 - linuxrc handles LIBSTORAGE_* and YAST_* boot options (jsc#SLE-21308) - 17.25 - merge gh#openSUSE/installation-images#540 - add kernel modules for MPS3 USB (jsc#SLE-20148) - 17.24 - merge gh#openSUSE/installation-images#544 - xf86-input-libinput now exists on s390x - 17.23 ==== librsvg ==== Version update (2.52.3 -> 2.52.4) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 - Disable testsuite for now, let upstream figure out the issue with harfbuzz 3.1.1. - Update to version 2.52.4: + New features: - Support the isolation property from the Compositing and Blending Level 1 specification. - Support Visual Studio 2022. + Bug fixes: - The opacity and mix-blend-mode properties were not being applied when an element has a mask. - Fix panic when an empty group has a pattern fill and filters. - Fix the tests on Windows; the still only work when Fontconfig is present. - Work around a bug in the cairo-rs bindings in the test suite, that only manifests itself in s/390x due to its calling convention. See https://github.com/gtk-rs/gtk-rs-core/issues/335 ==== ncurses ==== Version update (6.3.20211115 -> 6.3.20211120) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20211120 + add dim, ecma+strikeout to st-0.6 -TD + deallocate the tparm cache when del_curterm is called for the last allocated TERMINAL structure (report/testcase by Bram Moolenaar, cf: 20200531). + modify test-package to more closely conform to Debian multi-arch. + if the --with-pkg-config-libdir option is not given, use ${libdir}/pkgconfig as a default (prompted by discussion with Ross Burton). - Correct offsets of patch ncurses-6.3.dif ==== python-PyYAML ==== Version update (5.4.1 -> 6.0) - Add patch setuptools.patch - update to 6.0 * drop Python 2.7 * always require `Loader` arg to `yaml.load()` * fix float resolver to ignore `.` and `._` * fix representation of Enum subclasses * fix libyaml extension compiler warnings * fix ResourceWarning on leaked file descriptors * remove remaining direct distutils usage ==== python-psutil ==== - Update skip-obs.patch to also skip TestProcess.test_ionice_linux ==== toolbox ==== Version update (2.2+git20210823.dd0fff8 -> 2.2+git20211124.09791b1) - Update to version 2.2+git20211124.09791b1: * Introduce -n/--nostop switch so mutiple sessions can be run inside an existing toolbox
participants (1)
-
Guillaume Gardet