New ARM Kubic snapshot 20220111 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20220111 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: curl (7.80.0 -> 7.81.0) dnf kernel-source (5.15.12 -> 5.16.0) keylime (6.2.0 -> 6.2.1) kuberlr (0.3.1 -> 0.4.1) logrotate (3.18.1 -> 3.19.0) python-attrs (21.2.0 -> 21.4.0) python-charset-normalizer (2.0.9 -> 2.0.10) python-msgpack (1.0.2 -> 1.0.3) python-psutil (5.8.0 -> 5.9.0) python-zipp (3.6.0 -> 3.7.0) systemd wpa_supplicant === Details === ==== curl ==== Version update (7.80.0 -> 7.81.0) Subpackages: libcurl4 - update to 7.81.0: * mime: use percent-escaping for multipart form field and file names * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer * azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper * BINDINGS: add cURL client for PostgreSQL * BINDINGS: add one from Everything curl and update a link * checksrc: detect more kinds of NULL comparisons we avoid * CI: build examples for additional code verification * CI: bump job to use mbedtls 3.1.0 * cmake: don't set _USRDLL on a static Windows build * cmake: prevent dev warning due to mismatched arg * cmake: private identifiers use CURL_ instead of CMAKE_ prefix * config.d: update documentation to match the path search * configure: add -lm to configure for rustls build. * configure: better diagnostics if hyper is built wrong * configure: don't enable TLS when --without-* flags are used * configure: fix runtime-lib detection on macOS * curl.1: require "see also" for every documented option * curl: improve error message for --head with -J * curl_easy_cleanup.3: remove from multi handle first * curl_easy_escape.3: call curl_easy_cleanup in example * curl_easy_unescape.3: call curl_easy_cleanup in example * curl_multi_init.3: fix EXAMPLE formatting * curl_multi_perform/socket_action.3: clarify what errors mean * curl_share_setopt.3: split out options into their own manpages * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL * digest: compute user:realm:pass digest w/o userhash * docs/checksrc: Add documentation for STRERROR * docs/cmdline-opts: do not say "protocols: all" * docs/examples: workaround broken -Wno-pedantic-ms-format * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing * docs/INSTALL.md: typo fix : added missing "get" verb * docs/URL-SYNTAX.md: space is not fine in a given URL * docs: add known bugs list to HTTP3.md * docs: address proselint nits * docs: consistent manpage SYNOPSIS * docs: fix dead links, remove ECH.md * docs: fix typo in OpenSSL 3 build instructions * docs: Update the Reducing Size section * example/progressfunc: remove code for old libcurls * examples/multi-single.c: remove WAITMS() * FAQ: typo fix : "yout" ? "your" * ftp: disable warning 4706 in MSVC * gen.pl: improve example output format * github workflow: add wolfssl (removed from zuul) * github/workflows: add mbedtls and mbedtls-clang (removed from zuul) * gtls: check return code for gnutls_alpn_set_protocols * hash: lazy-alloc the table in Curl_hash_add() * http2:set_transfer_url() return early on OOM * HTTP3: update quiche build instructions * http: enable haproxy support for hyper backend * http: Fix CURLOPT_HTTP200ALIASES * http_proxy: don't close the socket (too early) * insecure.d: detail its use for SFTP and SCP as well * insecure.d: expand and clarify * libcurl-multi.3: "SOCKS proxy handshakes" are not blocking * libcurl-security.3: mention address and URL mitigations * libssh2: fix error message for sha256 mismatch * libtest: avoid "assignment within conditional expression" * lift: ignore is a deprecated config option, use ignoreRules * linkcheck.yml: add CI job that checks markdown links * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion * Makefile.m32: rename -winssl option to -schannel and tidy up * mbedTLS: add support for CURLOPT_CAINFO_BLOB * mbedtls: fix CURLOPT_SSLCERT_BLOB * mbedtls: fix private member designations for v3.1.0 * misc: remove unused doh flags when CURL_DISABLE_DOH is defined * misc: s/e-mail/email * multi: cleanup the socket hash when destroying it * multi: handle errors returned from socket/timer callbacks * multi: shut down CONNECT in Curl_detach_connnection * netrc.d: edit the .netrc example to look nicer * ngtcp2: verify the server cert on connect (quictls) * ngtcp2: verify the server certificate for the gnutls case * nss:set_cipher don't clobber the cipher list * openldap: implement STARTTLS * openldap: process search query response messages one by one * openldap: several minor improvements * openldap: simplify ldif generation code * openssl: check the return value of BIO_new() * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable * openssl: remove usage of deprecated `SSL_get_peer_certificate` * openssl: use non-deprecated API to read key parameters * page-footer: add a mention of how to report bugs to the man page * page-footer: document more environment variables * request.d: refer to 'method' rather than 'command' * retry-all-errors.d: make the example complete * runtests: make the SSH library a testable feature * rustls: read of zero bytes might be okay * rustls: remove comment about checking handshaking * rustls: remove incorrect EOF check * sha256/md5: return errors when init fails * socks5: use appropriate ATYP for numerical IP address host names * test1156: enable for hyper * test1156: fixup the stdout check for Windows * test1525: tweaked for hyper * test1526: enable for hyper * test1527: enable for hyper * test1528: enable for hyper * test1554: adjust for hyper * test1556: adjust for hyper * test302[12]: run only with the libssh2 backend * test661: enable for hyper * tests/CI.md: add more information on CI environments * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 * tftp: mark protocol as not possible to do over CONNECT * tool_findfile: updated search for a file in the homedir * tool_operate: only set SSH related libcurl options for SSH URLs * tool_operate: warn if too many output arguments were found * url.c: fix the SIGPIPE comment for Curl_close * url: check ssl_config when re-use proxy connection * url: reduce ssl backend count for CURL_DISABLE_PROXY builds * urlapi: accept port number zero * urlapi: if possible, shorten given numerical IPv6 addresses * urlapi: provide more detailed return codes * urlapi: reject short file URLs * version_win32: Check build number and platform id * vtls/rustls: adapt to the updated rustls_version proto * writeout: fix %{http_version} for HTTP/3 * x509asn1: return early on errors * zuul.d: update rustls-ffi to version 0.8.2 * zuul: fix quiche build pointing to wrong Cargo ==== dnf ==== - Add /etc/dnf/modules.d directory to -data subpackage (boo#1193706) ==== kernel-source ==== Version update (5.15.12 -> 5.16.0) - Refresh patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch. * Update upstream status * Update to the latest (upstream) version * Move it within series to upstream-soon patches - commit c4ca5fd - Refresh patches.suse/rtw89-update-partition-size-of-firmware-header-on-sk.patch. Update upstream status. - commit a6f5d1b - Update to 5.16 final - refresh configs (headers only) - commit b8251b4 - Refresh BT workaround patch (bsc#1193124) Fix yet another broken device 8086:0aa7 - commit 163b552 - Linux 5.15.13 (bsc#1012628). - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1012628). - tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok() (bsc#1012628). - tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() (bsc#1012628). - net/sched: Extend qdisc control block with tc control block (bsc#1012628). - parisc: Clear stale IIR value on instruction access rights trap (bsc#1012628). - platform/mellanox: mlxbf-pmc: Fix an IS_ERR() vs NULL bug in mlxbf_pmc_map_counters (bsc#1012628). - platform/x86: apple-gmux: use resource_size() with res (bsc#1012628). - memblock: fix memblock_phys_alloc() section mismatch error (bsc#1012628). - ALSA: hda: intel-sdw-acpi: harden detection of controller (bsc#1012628). - ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2 (bsc#1012628). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1012628). - powerpc/ptdump: Fix DEBUG_WX since generic ptdump conversion (bsc#1012628). - efi: Move efifb_setup_from_dmi() prototype from arch headers (bsc#1012628). - selinux: initialize proto variable in selinux_ip_postroute_compat() (bsc#1012628). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (bsc#1012628). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1012628). - net/mlx5: Fix error print in case of IRQ request failed (bsc#1012628). - net/mlx5: Fix SF health recovery flow (bsc#1012628). - net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (bsc#1012628). - net/mlx5e: Fix interoperability between XSK and ICOSQ recovery flow (bsc#1012628). - net/mlx5e: Fix ICOSQ recovery flow for XSK (bsc#1012628). - net/mlx5e: Use tc sample stubs instead of ifdefs in source file (bsc#1012628). - net/mlx5e: Delete forward rule for ct or sample action (bsc#1012628). - udp: using datalen to cap ipv6 udp max gso segments (bsc#1012628). - selftests: Calculate udpgso segment count without header adjustment (bsc#1012628). - sctp: use call_rcu to free endpoint (bsc#1012628). - net/smc: fix using of uninitialized completions (bsc#1012628). - net: usb: pegasus: Do not drop long Ethernet frames (bsc#1012628). - net: ag71xx: Fix a potential double free in error handling paths (bsc#1012628). - net: lantiq_xrx200: fix statistics of received bytes (bsc#1012628). - NFC: st21nfca: Fix memory leak in device probe and remove (bsc#1012628). - net/smc: don't send CDC/LLC message if link not ready (bsc#1012628). - net/smc: fix kernel panic caused by race of smc_sock (bsc#1012628). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1012628). - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (bsc#1012628). - drm/amd/display: Set optimize_pwr_state for DCN31 (bsc#1012628). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1012628). - net/mlx5e: Fix wrong features assignment in case of error (bsc#1012628). - net: bridge: mcast: add and enforce query interval minimum (bsc#1012628). - net: bridge: mcast: add and enforce startup query interval minimum (bsc#1012628). - selftests/net: udpgso_bench_tx: fix dst ip argument (bsc#1012628). - selftests: net: Fix a typo in udpgro_fwd.sh (bsc#1012628). - net: bridge: mcast: fix br_multicast_ctx_vlan_global_disabled helper (bsc#1012628). - net/ncsi: check for error return from call to nla_put_u32 (bsc#1012628). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (bsc#1012628). - fsl/fman: Fix missing put_device() call in fman_port_probe (bsc#1012628). - i2c: validate user data in compat ioctl (bsc#1012628). - nfc: uapi: use kernel size_t to fix user-space builds (bsc#1012628). - uapi: fix linux/nfc.h userspace compilation errors (bsc#1012628). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1012628). - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (bsc#1012628). - drm/amdgpu: add support for IP discovery gc_info table v2 (bsc#1012628). - drm/amd/display: Changed pipe split policy to allow for multi-display pipe split (bsc#1012628). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (bsc#1012628). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (bsc#1012628). - usb: mtu3: add memory barrier before set GPD's HWO (bsc#1012628). - usb: mtu3: fix list_head check warning (bsc#1012628). - usb: mtu3: set interval of FS intr and isoc endpoint (bsc#1012628). - nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert (bsc#1012628). - binder: fix async_free_space accounting for empty parcels (bsc#1012628). - scsi: vmw_pvscsi: Set residual data length conditionally (bsc#1012628). - Input: appletouch - initialize work before device registration (bsc#1012628). - Input: spaceball - fix parsing of movement data packets (bsc#1012628). - mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' (bsc#1012628). - net: fix use-after-free in tw_timer_handler (bsc#1012628). - fs/mount_setattr: always cleanup mount_kattr (bsc#1012628). - perf intel-pt: Fix parsing of VM time correlation arguments (bsc#1012628). - perf script: Fix CPU filtering of a script's switch events (bsc#1012628). - perf scripts python: intel-pt-events.py: Fix printing of switch events (bsc#1012628). - commit 01786ae - Revert "config: disable BTRFS_ASSERT in default kernels" This was pushed without enough review, reverting. - commit e86c2a0 - Revert "config: disable BTRFS_ASSERT in default kernels" This was pushed without enough review, reverting. - commit 4fb1cfd - Revert "config: disable BTRFS_ASSERT in default kernels" This reverts commit 81985a674cf03fa1ef7c290050be04e57f8490dc. This is a change affecting correctness, trading it for some performance. This was done without prior discussion with btrfs people, so revert it to previous state. - commit 55f2c08 - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - commit b3f1eb0 - Update to 5.16-rc8 - commit b59b474 - config: Enable CONFIG_CMA on riscv64 Non-default dependent config changes: - DMA_CMA=y - commit c0aa71e - igc: Do not enable crosstimestamping for i225-V models (bsc#1193039). - commit a77f415 ==== keylime ==== Version update (6.2.0 -> 6.2.1) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Update to version v6.2.1: * Another addition to gitignore * Update .gitignore with more Keylime-specific files * json: add support for sqlalchemy.engine.row.Row in newer sqlalchemy * ima_ast: check if the PCR is the same as in the config * Fix permissions issue on volume mount in run_local.sh * Make run_local.sh use a local copy of the repo * Small updates to GOVERNANCE.md * Move cargo-tarpaulin install to separate command * config: drop registrar_* TLS options in [registrar] section * Fix missing && in Dockerfile * Remove simplejson from scripts and docs * Replace simplejson with built-in json module * Add rust-keylime container dependencies * config: fix getboolean with fallback * Clean up CI scripts and rewrite run_local.sh * ima: for ToMToU errors skip template content validation * ima: Use a set of entry numbers and file offsets to remember multiple positions * Rename CONTRIBUTORS.md to CONTRIBUTING.md * Update GOVERNANCE.md to match MAINTAINERS.md rename * Update MAINTAINERS * Update README: remove Gitter, Travis CI * ca: Use UTC when setting certificate validity * Tenant commands return json * scripts: Allow passing a base policy to create_policy tool * ima: Handle the case of ima-sig with a path with spaces in them * add length to string object * scripts: Implement create_policy to create the JSON allowlist from files * ima: Also add a sha256 default boot_aggregate hash with 64 '0's * ima: Use seek() to get to the last known last entry * ima: Extend allowlist to be able to handle generic ima-buf entries * ima: Extend JSON allowlist with 'ima' entry and 'ignored_keyrings' * ima: Populate verifier keyrings with keys taken from ima-buf log line * ima: Remove methods from ImaKeyring that are now in ImaKeyrings * ima: Start passing ima_keyrings through APIs replacing ima_keyring * Extend AgentAttestState with ima_keyrings field and use it * ima: Implement ImaKeyrings class to support multiple keyrings * verifier: Extend verifier DB to persist learned keyrings * Fix a couple of pylint errors * ima: Fix spurious attestation failures * ima: make ToMToU errors not a failure by default * Simple fix for tenant error message printout. * pylint: Fix errors related to R1714 * pylint: Suppress C0201, C0209 and W0602 newly reported errors * installer: do not install tpm2-abrmd * tpm: by default use /dev/tpmrm0 instead of tpm2-abrmd * verifier: add option to send revocation messages via webhook ==== kuberlr ==== Version update (0.3.1 -> 0.4.1) - Update to version 0.4.1: * Tag release 0.4.1 * Fixing issue of process holding on to file during rename - Update to version 0.4.0: * Release version 0.4.0 * Fix error reporting inside of downloader * Add `get` command * Update github.com/blang/semver dependency * Don't parse kubectl commandline with flag.Parse() - Update to version 0.3.2: * Tag version v0.3.2 * Act on linter directives * Copy the temp file to dest only if rename fails * style improvements - no functional change * download the hash before the document * ioutil.TempFile returns an open file object * Convert the sha mismatch error msg into a custom error * When downloading versions of kubectl, verify their contents against known SHA256 hashes * Remove vendored tree * Allow to override build date with SOURCE_DATE_EPOCH - BuildRequire go 1.16 or higher - major overhaul of the package to adhere to common go build commands - use 'buildmode=pie' - strip binary - do not use the Makefile, instead directly run the few commands ==== logrotate ==== Version update (3.18.1 -> 3.19.0) - update to 3.19.0: * continue on EINTR in compressLogFile() (#430) * enforce stricter parsing of configuration files (#427, #431) * avoid confusing error message in debug mode (#426) * fix full_write() on incomplete write (#415) * do not use alloca() any more (#412) * do not rotate hard links unless allowhardlink is used (#407) * change directory after dropping privileges (#397) * add defence in depth when dropping privileges (#400) * remove invalid configuration on error (#408) * do not open symbolic link log files by accident (#399) * do not write state if state file is /dev/null (#395) - rebased logrotate-3.13.0-systemd_add_home_env.patch and renamed to logrotate-3.19.0-systemd_add_home_env.patch - removed obsolete logrotate-dont_warn_on_size=_syntax.patch ==== python-attrs ==== Version update (21.2.0 -> 21.4.0) - update to 21.4.0: * Fixed the test suite on PyPy3.8 where ``cloudpickle`` does not work. * Fixed ``coverage report`` for projects that use ``attrs`` and don't set a ``--source``. * When using ``@define``, converters are now run by default when setting an attribute on an instance -- additionally to validators. * ``import attrs`` has finally landed! * ``attr.asdict(retain_collection_types=False)`` (default) dumps collection-esque keys as tuples. * ``__match_args__`` are now generated to support Python 3.10's * If the class-level *on_setattr* is set to ``attrs.setters.validate`` (default in ``@define`` and ``@mutable``) but no field defines a validator, pretend that it's not set. * The generated ``__repr__`` is significantly faster on Pythons with f-strings. * Attributes transformed via ``field_transformer`` are wrapped with ``AttrsClass`` again. * Generated source code is now cached more efficiently for identical classes. * Added ``attrs.converters.to_bool()``. * ``attrs.resolve_types()`` now resolves types of subclasses after the parents are resolved. * Added new validators: ``lt(val)`` (< val), ``le(va)`` (? val), ``ge(val)`` (? val), ``gt(val)`` (> val), and ``maxlen(n)``. * ``attrs`` classes are now fully compatible with cloudpickle * Added new context manager ``attrs.validators.disabled()`` and functions ``attrs.validators.(set|get)_disabled()``. They deprecate ``attrs.(set|get)_run_validators()``. All functions are interoperable and modify the same internal state. They are not ? and never were ? thread-safe, though. ==== python-charset-normalizer ==== Version update (2.0.9 -> 2.0.10) - update to 2.0.10: * Fallback match entries might lead to UnicodeDecodeError for large bytes sequence * Skipping the language-detection (CD) on ASCII ==== python-msgpack ==== Version update (1.0.2 -> 1.0.3) - update to 1.0.3: * add python 3.10 support * bugfixes ==== python-psutil ==== Version update (5.8.0 -> 5.9.0) - update to 5.9.0: * [Linux]: `cpu_freq()`_ is slow on systems with many CPUs. Read current frequency values for all CPUs from ``/proc/cpuinfo`` instead of opening many files in ``/sys`` fs. (patch by marxin) * `NoSuchProcess`_ message now specifies if the PID has been reused. * error classes (`NoSuchProcess`_, `AccessDenied`_, etc.) now have a better formatted and separated ``__repr__`` and ``__str__`` implementations. * [Linux]: `disk_partitions()`_: convert ``/dev/root`` device (an alias used on some Linux distros) to real root device path. * ``PSUTIL_DEBUG`` mode now prints file name and line number of the debug messages coming from C extension modules. * rewrite HISTORY.rst to use hyperlinks pointing to psutil API doc. * [Linux]: `wait_procs()`_ should catch ``subprocess.TimeoutExpired`` exception. * [Linux]: `sensors_battery()`_ can raise ``TypeError`` on PureOS. * [Linux]: psutil does not handle ``ENAMETOOLONG`` when accessing process file descriptors in procfs. (patch by Nikita Radchenko) * **[critical]**: ``memoize_when_activated`` decorator is not thread-safe. * **[critical]**: `process_iter()`_ is not thread safe and can raise ``TypeError`` if invoked from multiple threads. * [Linux]: `cpu_freq()`_ return order is wrong on systems with more than 9 CPUs. ==== python-zipp ==== Version update (3.6.0 -> 3.7.0) - update to 3.7.0: * Require Python 3.7 or later. - add python-rpm-macros buildrequires ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-sysvinit udev - Added patches to fix CVE-2021-3997 (bsc#1194178) 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch These patches will be dropped and cherry-picked from upstream once upstream will commit them in their main branch. - Import commit a54f80116ccf105dff11aef5d18dd110ebd3e8ee 30cbebc56f tmpfiles: 'st' may have been used uninitialized 5443654ec0 macro: add new helper RET_NERRNO() 8d90ecc435 rm-rf: optionally fsync() after removing directory tree 591344010d rm-rf: refactor rm_rf_children(), split out body of directory iteration loop 8c7762c4f1 Bump the max number of inodes for /dev to a million (bsc#1192858) dc9476c881 journal: don't remove the flushed flag when journald is stopped 29efc29efd TEST-10: don't attempt to write a byte to the socket 773fb785b6 Bump the max number of inodes for /dev to 128k (bsc#1192858) ==== wpa_supplicant ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * wpa_supplicant.service
participants (1)
-
Guillaume Gardet