Quit join; please
发件人: Richard Brown
日期: 星期三, 2023年11月29日 11:25
收件人: microos@lists.opensuse.org
主题: New MicroOS snapshot 20231127 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenqa.opensuse.org%2Ftests%2Foverview%3Fdistri%3Dmicroos%26groupid%3D1%26version%3DTumbleweed%26build%3D20231127&data=05%7C01%7C%7C1aa420bad5954049613708dbf08ad5b0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638368251319562399%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uDq%2FoZJJUH%2BWEFsc9IjviC4Y8xKDZ6CU9WTfea%2FG8yk%3D&reserved=0https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20231127
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.opensuse.org%2Fbuglist.cgi%3Fproduct%3DopenSUSE%2520Tumbleweed%26component%3DMicroOS%26query_format%3Dadvanced%26resolution%3D---&data=05%7C01%7C%7C1aa420bad5954049613708dbf08ad5b0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638368251319569123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=s2oLVKlD7MlLYVl4r8efTKxj%2FshZEtR7A5FBMxklUnQ%3D&reserved=0https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.opensuse.org%2FopenSUSE%3ASubmitting_bug_reports&data=05%7C01%7C%7C1aa420bad5954049613708dbf08ad5b0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638368251319572026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ggkljMyWIJRNMnhTJBp0ceXrTqtGkBw1Tx9yhlvixOQ%3D&reserved=0https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (119.0.1 -> 120.0)
gstreamer-plugins-bad
icewm (3.4.3 -> 3.4.4)
inxi (3.3.27 -> 3.3.31)
kyotocabinet (1.2.77 -> 1.2.80)
libdrm (2.4.117 -> 2.4.118)
nghttp2 (1.57.0 -> 1.58.0)
opencc (1.1.6 -> 1.1.7)
pam-config (2.9 -> 2.10)
pipewire (0.3.85 -> 1.0.0)
policycoreutils
python-charset-normalizer (3.3.0 -> 3.3.2)
tpm2-0-tss
usbutils (015 -> 017)
wireplumber (0.4.15 -> 0.4.16)
xwayland
=== Details ===
==== MozillaFirefox ====
Version update (119.0.1 -> 120.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 120.0
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mozilla.org%2Fen-US%2Ffirefox%2F120.0%2Freleasenotes&data=05%7C01%7C%7C1aa420bad5954049613708dbf08ad5b0%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638368251319574779%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6rqp6YZi0FQ6OFKoqfh0BvGxlMQXp6iW%2FALm1nxtsoY%3D&reserved=0https://www.mozilla.org/en-US/firefox/120.0/releasenotes
MFSA 2023-49 (bsc#1217230)
* CVE-2023-6204 (bmo#1841050)
Out-of-bound memory access in WebGL2 blitFramebuffer
* CVE-2023-6205 (bmo#1854076)
Use-after-free in MessagePort::Entangled
* CVE-2023-6206 (bmo#1857430)
Clickjacking permission prompts using the fullscreen
transition
* CVE-2023-6207 (bmo#1861344)
Use-after-free in ReadableByteStreamQueueEntry::Buffer
* CVE-2023-6208 (bmo#1855345)
Using Selection API would copy contents into X11 primary
selection.
* CVE-2023-6209 (bmo#1858570)
Incorrect parsing of relative URLs starting with "///"
* CVE-2023-6210 (bmo#1801501)
Mixed-content resources not blocked in a javascript: pop-up
* CVE-2023-6211 (bmo#1850200)
Clickjacking to load insecure pages in HTTPS-only mode
* CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
bmo#1862782)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5
* CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
Memory safety bugs fixed in Firefox 120
- rebased patches
==== gstreamer-plugins-bad ====
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Stop passing sctp=disabled and pass sctp=enabled to meson setup
instead, enable build of sctp plugin.
==== icewm ====
Version update (3.4.3 -> 3.4.4)
Subpackages: icewm-config-upstream icewm-default icewm-lang
- update to 3.4.4:
* Use fcsmart for capturing loadText data.
* Support TIFF and WEBP in icewmbg.
* More permissive parsing of a PAM image header in icesh.
* Remove obsolete winoption examples and add one for
plank.
* Use --disable-librsvg instead of --disable-rsvg.
* Add `supportsFormat` to check for support of additional
image formats.
* Support JXL, JP2, RAW, SVG, TGA image formats in
icewmbg.
* Test if a color can be considered dark for issue #715.
* Brighten the color of inactive preview icons for dark
themes for issue
* Fix a crash when a ping timeout dialog is destroyed for
issue #729.
* Let icewmbg interpret command-line arguments relative
to the current working directory.
* Clarify prefoverride and closes #750
* When mapping a client by PID, search for the best
match.
* Don't enforce the use of clang++ in the debug build.
* Fix ordering in the 4th configuration
* Fix minor warnings from recent CMake and GCC
* Translated using Weblate (Portuguese (Brazil))
==== inxi ====
Version update (3.3.27 -> 3.3.31)
- Updated to version 3.3.31:
+ /usr/share/doc/packages/inxi/inxi.changelog.
- Updated spec file for new location of inxi at codeberg.org.
==== kyotocabinet ====
Version update (1.2.77 -> 1.2.80)
- update to 1.2.80:
- configure.in supports strict C99 rules.
- Fixed errors of kcdirtest on BtrFS.
- Fixed build warnings.
==== libdrm ====
Version update (2.4.117 -> 2.4.118)
Subpackages: libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1
- update to 2.4.118:
* improve SMPTE color LUT accuracy
* util: factor out and optimize C8 SMPTE color LUT
* util: add support for DRM_FORMAT_C[124]
* util: store number of colors for indexed formats
* util: add SMPTE pattern support for C4 format
* util: add SMPTE pattern support for C1 format
* util: add SMPTE pattern support for C2 format
* modetest: add support for DRM_FORMAT_C[124]
* modetest: add SMPTE pattern support for C[124] formats
* intel: determine target endianness using meson
* util: fix 32 bpp patterns on big-endian
* util: fix 16 bpp patterns on big-endian
* util: add missing big-endian RGB16 frame buffer formats
* modetest: add support for parsing big-endian formats
* util: add test pattern support for big-endian XRGB1555/RGB565
* util: fix pwetty on big-endian
* util: add pwetty support for big-endian RGB565
* modetest: add support for big-endian XRGB1555/RGB565
* modetest: add support for DRM_FORMAT_NV{15,20,30}
* modetest: switch usage to proper options grammar
* xf86drm: add drmGetNodeTypeFromDevId
* Sync headers with drm-next
* xf86drmMode: add drmModeCloseFB()
==== nghttp2 ====
Version update (1.57.0 -> 1.58.0)
- update to 1.58.0:
* Update manual pages
* Bump neverbleed
* Bump ngtcp2
* Prefer clock_gettime if __CYGWIN__ defined
* Do not require strict c++ mode
* nghttpx: Stricter transfer-encoding checks
* Refactor character comparison
* Integration servertester h3
* integration: Enable http3 test with cmake
==== opencc ====
Version update (1.1.6 -> 1.1.7)
Subpackages: libopencc1_1 opencc-data
- update to 1.1.7:
* Added python package rebuild on commit to verify package
generation (#822).
* Support Python 3.12 and Node 20, remove builds for Python 3.7
and Node 16 (#820).
* Add support of CMake config modules (#763).
* Several other minor fixes.
- drop fix-soversion.patch (obsolete)
==== pam-config ====
Version update (2.9 -> 2.10)
- Update to version 2.10
- Enable session and account support for kanidm and himmelblau
==== pipewire ====
Version update (0.3.85 -> 1.0.0)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.0.0 (El Presidente):
* Highlights
- Fix a memfd/dmabuf leak when uploading buffers while shutting
down.
- Handle concurrent jack_port_get_buffer() calls because ardour
seems to be doing this.
- Improve time reporting (less jitter) in ALSA when using IRQ.
- Many doc improvements.
* PipeWire
- Respect PIPEWIRE_DLCLOSE everywhere, remove pw_in_valgrind().
- Remove a warning when a client tries to change ignored
properties.
* Modules
- Fix a memfd/dmabuf leak when uploading buffers while shutting
down.
- Fix a potential segfault when copying mix structures. (#3658)
- Avoid races in setrlimit in module-rt.
- Fix a memory leak in filter-chain.
- Set rtp.ptime on senders, not receivers.
- The ROC modules were ported to ROC 0.3
* SPA
- Improve time reporting (less jitter) in ALSA when using IRQ.
(#3657)
- Add latency param query in libcamera.
- Fix some compiler warnings.
- The EVL plugin was updated.
* Bluetooth
- LC3 codec and compatibility improvements.
* Pulse server
- Fix emission of events when a sink/source state changes.
(#3660)
* JACK
- Improve transport and time handling. Use unique ids to make
consistent snapshots of the current time and transport.
- Avoid enumerating port params that we are not going to use.
- Optimize buffer reuse.
- Handle concurrent jack_port_get_buffer() calls because ardour
seems to be doing this. (#3632)
* Docs
- Many doc improvements.
- Add man pages for pw-dump, pw-loopback, modules,
pipewire-pulse.
- Manpages are now made with Doxygen.
- Add docs for pulse-modules
==== policycoreutils ====
Subpackages: policycoreutils-lang policycoreutils-python-utils python3-policycoreutils
- Change deprecated `%patch1 -p1` syntax to supported `%patch -P1 -p1`
(bsc#1216669)
==== python-charset-normalizer ====
Version update (3.3.0 -> 3.3.2)
- update to 3.3.2:
* Unintentional memory usage regression when using large
payload that match several encoding (#376)
* Regression on some detection case showcased in the
documentation (#371)
* Noise (md) probe that identify malformed arabic
representation due to the presence of letters in isolated
form
* Optional mypyc compilation upgraded to version 1.6.1 for
Python >= 3.8
* Improved the general detection reliability based on reports
from the community
==== tpm2-0-tss ====
Subpackages: libtss2-esys0 libtss2-fapi1 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0
- libtss2-fapi1 requires system-user-tss for tmpfile creation
==== usbutils ====
Version update (015 -> 017)
- update to 017:
* lsusb: fix up [unknown] vendor and product strings.
* lsusb: fix build warning for
dump_billboard_alt_mode_capability_desc()
* lsusb: add fallback names for 'lsusb -v' output
* names: simplify get_vendor_product_with_fallback() a
bit
* rezso (1):
* Honor system libdir and includedir
* usbutils 016
* usbutils: lsusb-t: print entries for devices with no
interfaces
* Fix a typo in usb-spec.h
* lsusb.py.in: Display (device) power/wakeup via -w
option.
* Fix an incorrect length value in hid descriptor.
* Fix misalignments in hid device descripptor.
* Use bigger buffer to place speed value string
* lsusb -h returns an error
* lsusb -h fixups
* lsusb -t: sort in bus order, not reverse order
* lsusb -t: print ports and busses and devices with same
width
* lsusb -t: assign_interface_to_parent() fixups
* lsusb.8.in: fix up missing '-' in text
* README.md: add source location
* lsusb.py: fix up wakeup logic for devices that do not
support it
* lsusb.py.in: add another default path for usb.ids
* names.c: if a string can not be found in the usb.ids
file, return [unknown]
* lsusb-t: if a driver is not bound to an interface,
report "[none]"
* Generate usbutils.pc pkgconfig file
* usbreset: Allow idProduct and idVendor to be 0
* usb-devices: make shellcheck happy
* lsusb: Add function that sorts the output by device ID.
* lsusb: Additional sorting by bus number.
* lsusb: This is a more compact implementation of the
device list sort implemented within this pull request. The
output remains the same as the one demonstrated in the
previous commit.
==== wireplumber ====
Version update (0.4.15 -> 0.4.16)
Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang
- Update to version 0.4.16:
* Additions:
- Added a new "sm-objects" script that allows loading objects
on demand via metadata entries that describe the object to
load; this can be used to load pipewire modules, such as
filters or network sources/sinks, on demand
- Added a mechanism to override device profile priorities in
the configuration, mainly as a way to re-prioritize Bluetooth
codecs, but this also can be used for other devices
- Added a mechanism in the endpoints policy to allow connecting
filters between a certain endpoint's virtual sink and the
device sink; this is specifically intended to allow plugging
a filter-chain to act as equalizer on the Multimedia endpoint
- Added wp_core_get_own_bound_id() method in WpCore
* Changes:
- PipeWire 0.3.68 is now required
- policy-dsp now has the ability to hide hardware nodes behind
the DSP sink to prevent hardware misuse or damage
- JSON parsing in Lua now allows keys inside objects to be
without quotes
- Added optional argument in the Lua JSON parse() method to
limit recursions, making it possible to partially parse a
JSON object
- It is now possible to pass nil in Lua object constructors
that expect an optional properties object; previously,
omitting the argument was the only way to skip the properties
- The endpoints policy now marks the endpoint nodes as
"passive" instead of marking their links, adjusting for the
behavior change in PipeWire 0.3.68
- Removed the "passive" property from si-standard-link, since
only nodes are marked as passive now
* Fixes:
- Fixed the wpctl clear-default command to completely clear all
the default nodes state instead of only the last set default
- Reduced the amount of globals that initially match the
interest in the object manager
- Used an idle callback instead of pw_core_sync() in the object
manager to expose tmp globals
- Remove patches included upstream:
* 0001-object-manager-reduce-the-amount-of-globals-that-initially.patch
* 0002-object-manager-use-an-idle-callback-to-expose-tmp-globals.patch
* 0001-policy-dsp-add-ability-to-hide-parent-nodes.patch
- Update split-config-file.py
==== xwayland ====
- This release contains the following patches mentioned in previous
sle15 releases
* U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch:
fixes regression introduced with security update for
CVE-2022-46340 (bsc#1205874)
* U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch:
fix handling of PropModeAppend/Prepend ((CVE-2023-5367, ZDI-CAN-22153,
bsc#1216135)
* U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch,
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch:
Server Damage Object Use-After-Free Local Privilege Escalation
Vulnerability (CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)
* U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch:
fixes a regresion, which can trigger a segfault in Xwayland on
exit, introduced by
U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
(CVE-2023-5574, ZDI-CAN-21213, bsc#1216261)