New ARM MicroOS snapshot 20220622 released! - openSUSE Kubic

23 Jun 2022


      Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&...
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&...
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
  alsa (1.2.7 -> 1.2.7.1)
  checkpolicy (3.3 -> 3.4)
  cockpit
  container-selinux (2.180.0 -> 2.187.0)
  keyutils
  lame
  libqt5-qtbase
  librsvg (2.54.3 -> 2.54.4)
  libselinux (3.3 -> 3.4)
  libselinux-bindings (3.3 -> 3.4)
  libsemanage (3.3 -> 3.4)
  libsepol (3.3 -> 3.4)
  libvorbis
  llvm14 (14.0.4 -> 14.0.5)
  logrotate
  patterns-microos
  perl-HTTP-Message (6.36 -> 6.37)
  perl-libwww-perl (6.66 -> 6.67)
  policycoreutils (3.3 -> 3.4)
  python-semanage (3.3 -> 3.4)
  selinux-policy (20220124 -> 20220520)
  serd (0.30.10 -> 0.30.12)
  sratom (0.6.8 -> 0.6.10)
  vim (8.2.5083 -> 8.2.5136)
  zlib-ng-compat
=== Details ===
==== alsa ====
Version update (1.2.7 -> 1.2.7.1)
- Update to version 1.2.7.1: minor bug fixes, including the previous
  patches.  For details, see
    https://www.alsa-project.org/wiki/Changes_v1.2.7_v1.2.7.1#alsa-lib
- Drop obsoleted patches:
  0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch
  0002-control-eld-fix-the-decoding-for-older-hw.patch
==== checkpolicy ====
Version update (3.3 -> 3.4)
- Update to version 3.4
  * warn on bogus IP address or netmask in nodecon statement
  * allow wildcard permissions in constraints
  * mention class name on invalid permission
==== cockpit ====
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- Re-arrange patches and apply them manually again.
  Some were accidentally added and should be sle only
==== container-selinux ====
Version update (2.180.0 -> 2.187.0)
- Update to version 2.187.0:
  * Allow container domains to use /dev/zero
- Changes from 2.186.0:
  * Create policy for a container_device_t
  * Allow containers to shutdown & setopt userdomain:sockets
- Changes from 2.183.0:
  * Allow containers to inherit all socket classes from container runtimes.
- Changes from 2.182.0:
  * Allow containers to inherit all socket classes
- Changes from 2.181.0:
  * Allow socket activated domains for tcp sockets from init_t and userdomains.
==== keyutils ====
Subpackages: libkeyutils1
- Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones
==== lame ====
- Remove bad %defattr - not needed and causes SHLIB non-executable
  rpmlint error
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5
- Add patch to fix some HTTP/2 communication (boo#1200715, kde#455540):
  * 0001-H2-remove-a-rather-useless-limit-on-the-number-of-st.patch
==== librsvg ====
Version update (2.54.3 -> 2.54.4)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.54.4:
  + Support CSS Color 4 syntax for <alpha-value>. Opacities can be
    specified as numbers or percentages now, e.g. 0.5 or 50%.
  + Roll back minimum required version of Pango to 1.46.0.
  + Fix Windows NMake install when documentation is not built.
==== libselinux ====
Version update (3.3 -> 3.4)
Subpackages: libselinux1 selinux-tools
- Update to version 3.4:
  * Use PCRE2 by default
  * Make selinux_log() and is_context_customizable() thread-safe
  * Prevent leakeing file descriptors
  * Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
==== libselinux-bindings ====
Version update (3.3 -> 3.4)
- Update to version 3.4:
  * Use PCRE2 by default
  * Make selinux_log() and is_context_customizable() thread-safe
  * Prevent leakeing file descriptors
  * Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
==== libsemanage ====
Version update (3.3 -> 3.4)
Subpackages: libsemanage-conf libsemanage2
- Update to version 3.4
  * Optionally rebuild policy when modules are changed externally
  * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
  * Allow spaces in user/group names
==== libsepol ====
Version update (3.3 -> 3.4)
- Update to version 3.4
  * Add 'ioctl_skip_cloexec' policy capability
  * Add sepol_av_perm_to_string
  * Add policy utilities
  * Support IPv4/IPv6 address embedding
  * Hardened/added many validations
  * Add support for file types in writing out policy.conf
  * Allow optional file type in genfscon rules
==== libvorbis ====
Subpackages: libvorbis0 libvorbisenc2 libvorbisfile3
- Remove bad %defattr - not needed and causes SHLIB non-executable
  rpmlint error
==== llvm14 ====
Version update (14.0.4 -> 14.0.5)
- Update to version 14.0.5.
  * This release contains bug-fixes for the LLVM 14.0.0 release.
    This release is API and ABI compatible with 14.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
==== logrotate ====
- Removed %{_distconfdir}/logrotate.d directory from spec file.
  It will be handled by package filesystem.
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Remove tallow, doesn't work with firewalld using nft anymore
==== perl-HTTP-Message ====
Version update (6.36 -> 6.37)
- updated to 6.37
  see /usr/share/doc/packages/perl-HTTP-Message/Changes
  6.37      2022-06-14 14:08:55Z
  - Support for Brotli "br" encoding (GH#163) (trizen and Julien Fiegehenn)
  - Don't test Perl > 5.32 on Windows in GH Actions (GH#174) (Olaf Alders)
==== perl-libwww-perl ====
Version update (6.66 -> 6.67)
- updated to 6.67
  see /usr/share/doc/packages/perl-libwww-perl/Changes
  6.67      2022-06-14 20:20:12Z
  - Remove undocumented LWP::Version sub (GH#416) (James Raspass)
==== policycoreutils ====
Version update (3.3 -> 3.4)
Subpackages: policycoreutils-python-utils python3-policycoreutils
- Handle missing translations properly in chcat. Added
  chcat_handle_missing_translations.patch (bsc#1200752)
- Build and package translations for python-utils (boo#1200752).
- Update to version 3.4
  * fixfiles: Use parallel relabeling
- Refreshed patches
  * get_os_version.patch
  * run_init.pamd.patch
==== python-semanage ====
Version update (3.3 -> 3.4)
- Update to version 3.4
  * Optionally rebuild policy when modules are changed externally
  * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
  * Allow spaces in user/group names
==== selinux-policy ====
Version update (20220124 -> 20220520)
Subpackages: selinux-policy-targeted
- Update to version 20220520 to pass stricter 3.4 toolchain checks
- Update to version 20220428. Refreshed:
  * fix_apache.patch
  * fix_hadoop.patch
  * fix_init.patch
  * fix_iptables.patch
  * fix_kernel_sysctl.patch
  * fix_networkmanager.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_unprivuser.patch
  * fix_usermanage.patch
  * fix_wine.patch
- Add fix_dnsmasq.patch to fix problems with virtualization on Microos
  (bsc#1199518)
- Modified fix_init.patch to allow init to setup contrained environment
  for accountsservice. This needs a better, more general solution
  (bsc#1197610)
- Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition.
  This happens in certain boot conditions (bsc#1182500)
- Changed fix_unconfineduser.patch to not transition into ldconfig_t
  from unconfined_t (bsc#1197169)
==== serd ====
Version update (0.30.10 -> 0.30.12)
- update to 0.30.12:
  * Fix warnings and build issues with clang 13 and VS 2019
  * Fix writing long literals with triple quotes
  * Improve documentation style
  * Support combining several BSD-style command line flags in serdi
  * Write statements with invalid URI characters in lax mode
==== sratom ====
Version update (0.6.8 -> 0.6.10)
- update to 0.6.10:
  * Fix documentation installation directory
  * Fix potential blank node ID truncation
- drop fix-FORTIFY_SOURCE3.patch: obsolete
==== vim ====
Version update (8.2.5083 -> 8.2.5136)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.5136, fixes the following problems
  * Autocmd test still fails on MS-Windows.
  * When the GUI shows a dialog tests get stuck.
  * Gcc gives warning for signed/unsigned difference.
  * CI runs on Windows 2019.
  * Cannot build with clang on MS-Windows.
  * Value of cmod_verbose is a bit complicated to use.
  * Some functions return a different value on failure.
  * Terminal test fails with some shell commands.
  * Using "'<,'>" in Ex mode may compare unrelated pointers.
  * Error message for unknown command may mention the command twice. (Malcolm
  Rowe)
  * Terminal test still fails with some shell commands.
  * Using uninitialized memory when using 'listchars'.
  * Spelldump test sometimes hangs.
  * Some terminal tests are not retried.
  * Memory usage tests are not retried.
  * MS-Windows with MinGW: $CC may be "cc" instead of "gcc".
  * Interrupt not caught in test.
  * Build fails with small features.
  * Default cmdwin mappings are re-mappable.
  * Some callers of rettv_list_alloc() check for not OK. (Christ van Willegen)
  * Retab test disabled because it hangs on MS-Windows.
  * Mode not updated after CTRL-O CTRL-C in Insert mode.
  * Icon filetype not recognized from the first line.
  * No test for --gui-dialog-file.
  * Timer becomes invalid after fork/exec, :gui gives errors. (Gabriel Dupras)
  * Time limit on searchpair() does not work properly.
  * Search timeout is overrun with some patterns.
  * "limit" option of matchfuzzy() not always respected.
  * Crash when calling a Lua callback from a :def function. (Bohdan Makohin)
  * Searching for quotes may go over the end of the line.
  * Interrupt test sometimes fails.
  * Lisp indenting my run over the end of the line.
  * Using invalid index when looking for spell suggestions.
  * When syntax timeout test fails it does not show the time.
  * Substitute may overrun destination buffer.
  * Using assert_true() does not show value on failure.
  * Syntax highlighting disabled when using synID() in searchpair() skip
  expression and it times out. (Jaehwang Jung)
  * Timeout handling is not optimal.
  * Edit test for mode message fails when using valgrind.
  * Timeout implementation is not optimal.
  * :mkview test doesn't test much.
  * Function has confusing name.
  * Running configure gives warnings for main() return type.
==== zlib-ng-compat ====
- Backport https://github.com/zlib-ng/zlib-ng/pull/1297 to fix
  boo#1200578:
  * 1297.patch