New MicroOS snapshot 20210422 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20210422 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream (0.14.1 -> 0.14.3) blog giflib grub2 harfbuzz (2.7.4 -> 2.8.0) hwinfo (21.72 -> 21.73) jack (1.9.17 -> 1.9.18) ldb (2.2.1 -> 2.3.0) libcontainers-common libdnf (0.60.0 -> 0.62.0) libfido2 (1.6.0 -> 1.7.0) libqt5-qtwebengine librepo (1.13.0 -> 1.14.0) libvpx (1.9.0 -> 1.10.0) libxkbcommon (1.2.0 -> 1.2.1) lua54 (5.4.2 -> 5.4.3) makedumpfile microdnf (3.7.1 -> 3.8.0) podman (3.0.1 -> 3.1.1) qalculate (3.16.1 -> 3.18.0) samba (4.13.4+git.199.be6e11f5ab2 -> 4.14.2+git.159.2a8872214bf) selinux-policy (20210309 -> 20210419) snapper (0.8.16 -> 0.9.0) sqlite3 (3.35.2 -> 3.35.5) sudo (1.9.5p2 -> 1.9.6p1) xorg-x11-server (1.20.10 -> 1.20.11) === Details === ==== AppStream ==== Version update (0.14.1 -> 0.14.3) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.14.3 * spec: Mention that license-IDs are case-sensitive * compose: Don't loop endlessly if external desktop l10n function is set * Never create a predictable dir in /tmp for caching * qt: Implement missing Pool::componentsByCategories * Share one user-owned read-only system metadata cache between all applications * pool: Clean up user sysdata caches if we start to use the system cache * Port over some parsing improvements for desktop-files from asgen * compose: Add helper for reading desktop-entry files * compose: Handle bad UTF-8 in desktop-entry files even better * search: Perform partial token matches instead of prefix matches * search: Unconditionally perform partial term matching after exact matching * news-to-metainfo: Recognize the "Contributors" section * Update our own metainfo file for appstreamcli * Read descriptions from collection XML correctly again * search: Make whole-search string matching a lot more strict * validator: Resolve false-positive when testing remote icon URL validity * utils: Improve textwrap if text is just one excessively long word * compose: Permit U+00AD SOFT HYPHEN in string values * Validate our own metainfo file * compose: Don't assume lowest priority for desktop-entry-only components * search: Only replace full words with greylist terms, not partial ones * ascli: Take all positional parameters as search terms when searching ==== blog ==== Subpackages: libblogger2 - Fix package split done for shared library packaging guideline (bsc#1184479). ==== giflib ==== - prep section should just extract and patch, further modifications have to be done in the build section - Added patch: * PIE.patch + build path independent objects ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix build error on armv6/armv7 (bsc#1184712) * 0001-emu-fix-executable-stack-marking.patch - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch ==== harfbuzz ==== Version update (2.7.4 -> 2.8.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 2.8.0: + Shape joining scripts other than Arabic/Syriac using the Universal Shaping Engine. Previously these were shaped using the generalized Arabic shaper. + Fix regression in shaping of U+0B55 ORIYA SIGN OVERLINE. + Update language tags. + Variations: reduce error: do not round each interpolated delta. + Documentation improvements. + Subsetter improvements: subsets most, if not all, lookup types now. + Fuzzer-found fixes and other improvements when memory failures happen. + Removed most atomic implementations now that we have C++11 atomic impl. + General codebase upkeep; using more C++11 features: constexpr constructors, etc. ==== hwinfo ==== Version update (21.72 -> 21.73) - merge gh#openSUSE/hwinfo#95 - don't rely on select() updating its timeout arg (bsc#1184339) - 21.73 ==== jack ==== Version update (1.9.17 -> 1.9.18) - update to 1.9.18: * Add zalsa_in/out as internal client (based on zita-a2j/j2a and jack1 code) * Fix jack_midi_dump deadlock on close after the jack server is restarted * Fix interrupt signal for linux futex waits * Fix usage of meta-data in official macOS builds (private DB errors) * Log error message when cleaning previous DB (macOS and Windows) ==== ldb ==== Version update (2.2.1 -> 2.3.0) Subpackages: libldb2 python3-ldb - Update to ldb 2.3.0 ==== libcontainers-common ==== - Force overlay as default storage driver if system is not btrfs (gh#containers/buildah#3153) - Update common to 0.36.0 - Update podman to 3.1.1 - Update storage to 1.29.0 - Update image to 5.11.0 ==== libdnf ==== Version update (0.60.0 -> 0.62.0) Subpackages: libdnf-repo-config-zypp libdnf2 - Add patch to fix crash when loading DVD repositories + Patch: 0001-Fix-a-crash-when-repoId-not-found-in-loaded-conf-gke.patch - Update to 0.62.0 + Change order of TransactionItemReason (rh#1921063) + Add two new comperators for security filters (rh#1918475) + Apply security filters for candidates with lower priority + Fix: Goal - translation of messages in global maps + Enhance description of modular solvables + Improve performance for module query + Change mechanism of modular errata applicability (rh#1804234) + dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags + Fix a couple of memory leaks + Fix: Setting of librepo handle in newHandle function + Remove failsafe data when module is not enabled (rh#1847035) + Expose librepo's checksum functions via SWIG + Fix: Mising check of "hy_split_nevra()" return code + Do not allow 1 as installonly_limit value (rh#1926261) + Fix check whether the subkey can be used for signing + Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, boo#1183779) + Add a config option sslverifystatus, defaults to false (rh#1814383) + [context] Add API for distro-sync ==== libfido2 ==== Version update (1.6.0 -> 1.7.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open?s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream * Added fix-cmake-linking.patch to fix linking ==== libqt5-qtwebengine ==== - Add patch to fix build with GCC 11: * 0001-Fix-build-with-GCC-11.patch - Update _constraints to avoid OOM - Add back missing part in fix1163766.patch (boo#1184610) ==== librepo ==== Version update (1.13.0 -> 1.14.0) - Update to 1.14.0 + Fix LRO_PRESERVETIME behavior + Support multiple checksums in xattr (rh#1931904) + Return "calculated" checksum if requested w/caching + Fix lr_yum_download_url in case lr_handle is NULL ==== libvpx ==== Version update (1.9.0 -> 1.10.0) - using service/obspcio again because upstream tar ball is changing, leading to trust validation errors - udpate to 1.10.0: This maintenance release adds support for darwin20 and new codec controls, as well as numerous bug fixes. - Upgrading: New codec control is added to disable loopfilter for VP9. New encoder control is added to disable feature to increase Q on overshoot detection for CBR. Configure support for darwin20 is added. New codec control is added for VP9 rate control. The control ID of this interface is VP9E_SET_EXTERNAL_RATE_CONTROL. To make VP9 use a customized external rate control model, users will have to implement each callback function in vpx_rc_funcs_t and register them using libvpx API vpx_codec_control_() with the control ID. - Enhancement: Use -std=gnu++11 instead of -std=c++11 for c++ files. - Bug fixes: Override assembler with --as option of configure for MSVS. Fix several compilation issues with gcc 4.8.5. Fix to resetting rate control for temporal layers. Fix to the rate control stats of SVC example encoder when number of spatial layers is 1. Fix to reusing motion vectors from the base spatial layer in SVC. 2 pass related flags removed from SVC example encoder. ==== libxkbcommon ==== Version update (1.2.0 -> 1.2.1) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.2.1 [boo#1184688] * Fix `xkb_x11_keymap_new_from_device()` failing when the keymap contains key types with missing level names, like the one used by the `numpad:mac` option in xkeyboard-config. (Regressed in 1.2.0.) ==== lua54 ==== Version update (5.4.2 -> 5.4.3) Subpackages: liblua5_4-5 - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 1,2,3 for build and tests respectively. - Update to version 5.4.3: * Fixes bugs found in Lua 5.4.2 - Removed upstream-bugs.patch: new release (no bugs found yet) - Removed upstream-bugs-test.patch: new release (no bugs found yet) ==== makedumpfile ==== - Update patch metadata. - Fix guessing of va_bits (bsc#1183977) * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ==== microdnf ==== Version update (3.7.1 -> 3.8.0) - Update to 3.8.0 + Add "makecache" command + Add "distro-sync" command ==== podman ==== Version update (3.0.1 -> 3.1.1) Subpackages: podman-cni-config - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume "U" option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors ==== qalculate ==== Version update (3.16.1 -> 3.18.0) - Update to 3.18.0: * Improve handling of expressions with log-based units * Improve conversion of expression with multiple units to a single unit (e.g. m/W to W) * Output (kilo)gram instead of tonne with small prefix * New functions for statistical distributions: probit(), betadist(), cauchydist(), chisqdist(), expinv(), fdist(), gammadist(), tdist(), wblinv(), weibulldist() * Improve functions for statistical distribution * Improve sexagesimal input and output, and add geodistance() for calculation of distance between two GPS coordinates * Add command() function, which runs an external command and returns the output * erfinv() function and support for solving equations with error functions * Fix conversion with relative temperature units activated * Fix gammainc() function * Fix keyboard focus when run hidden automatically at startup * Temperature calculation modes (absolute, relative, hybrid) * Allow prefixes, with full name, without units (e.g. kilo = 10^3) * Extended and improved simplified Chinese translation * Save handle vector function argument property * Fix never ending loop when calculating []*[] * Minor bug fixes and feature improvements ==== samba ==== Version update (4.13.4+git.199.be6e11f5ab2 -> 4.14.2+git.159.2a8872214bf) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Update to 4.14.2 * Release with dependency on ldb version 2.3.0. - Update to 4.14.1 * CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655); * CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs; (bso#14595); - Update to 4.14.0 * VFS layer modernized. * Printers publishing in AD improved. * Client group policies support for sudoers configuration and cron jobs. * Improved consistency of samba-tool subcommands. * CTDB now uses the terms leader and follower instead of master and slave. Configuration options have changed accordingly. * The ctdb isnotrecmaster command is removed. * For details on all items see WHATSNEW.txt in samba-doc package. ==== selinux-policy ==== Version update (20210309 -> 20210419) Subpackages: selinux-policy-targeted - Update to version 20210419 - Refreshed: * fix_dbus.patch * fix_hadoop.patch * fix_init.patch * fix_unprivuser.patch ==== snapper ==== Version update (0.8.16 -> 0.9.0) Subpackages: libsnapper5 - fix build on 32 bit musl systems (gh#openSUSE/snapper#644) - improved error handling (see gh#openSUSE/snapper#626) - version 0.9.0 ==== sqlite3 ==== Version update (3.35.2 -> 3.35.5) - SQLite3 3.35.5: * Fix defects in the new ALTER TABLE DROP COLUMN feature that could corrupt the database file * Fix an obscure query optimizer problem that might cause an incorrect query result - Fix build on SLE-12 - use https urls - SQLite 3.35.4: * Fix a defect in the query planner optimization * Fix a defect in the new RETURNING syntax * Fix the new RETURNING feature so that it raises an error if one of the terms in the RETURNING clause references a unknown table, instead of silently ignoring that error * Fix an assertion associated with aggregate function processing that was incorrectly triggered by the push-down optimization - SQLite 3.35.3: * Enhance the OP_OpenDup opcode of the bytecode engine so that it works even if the cursor being duplicated itself came from OP_OpenDup * When materializing correlated common table expressions, do so separately for each use case, as that is required for correctness. This fixes a problem that was introduced by the MATERIALIZED hint enhancement. * Fix a problem in the filename normalizer of the unix VFS * Fix the "box" output mode in the CLI so that it works with statements that returns one or more rows of zero columns (such as PRAGMA incremental_vacuum) * Improvements to error messages generated by faulty common table expressions * Fix some incorrect assert() statements * Fix to the SELECT statement syntax diagram so that the FROM clause syntax is shown correctly * Fix the EBCDIC character classifier so that it understands newlines as whitespace * Improvements the xBestIndex method in the implementation of the (unsupported) wholenumber virtual table extension so that it does a better job of convincing the query planner to avoid trying to materialize a table with an infinite number of rows ==== sudo ==== Version update (1.9.5p2 -> 1.9.6p1) - update to 1.9.6p1 * Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments. * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. * Fixed a regression introduced in sudo 1.9.4 where the - -disable-root-mailer configure option had no effect. * Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time. * Plugged some memory leaks identified by oss-fuzz and ASAN. * Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand. * Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents). * The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON. * Fixed typos that prevented "make uninstall" from working. * Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present. * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new - -enable-fuzzer configure option can be combined with the - -enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via "make fuzz" or as part of "make check" (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc). * Fixed the --enable-static-sudoers configure option. * Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of "max_groups" in sudo.conf. * Added an "admin_flag" sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. * The "max_groups" setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed. * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" sudoers command options. A path "~/foo" was expanded to "/home/userfoo" instead of "/home/user/foo". This also affects the runchroot and runcwd Defaults settings. * Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. * Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct. * The default for the "group_source" setting in sudo.conf is now "dynamic" on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. * Fixed a potential use-after-free in the PAM conversation function. * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. ==== xorg-x11-server ==== Version update (1.20.10 -> 1.20.11) Subpackages: xorg-x11-server-Xvfb - disable build of Xwayland, which is now being built in separate xwayland package with more recent sources (boo#1182677) - Update to version 1.20.11 * bugfix release - supersedes U_Fix-XChangeFeedbackControl-request-underflow.patch, U_xkb-Fix-heap-overflow-caused-by-optimized-away-min.patch - U_Fix-XChangeFeedbackControl-request-underflow.patch * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472, ZDI-CAN-1259, bsc#1180128)
participants (1)
-
Richard Brown