New ARM MicroOS snapshot 20240128 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20240128 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 7zip Mesa (23.3.3 -> 23.3.4) Mesa-drivers (23.3.3 -> 23.3.4) MozillaFirefox (121.0.1 -> 122.0) aardvark-dns (1.9.0 -> 1.10.0) btrfsprogs (6.6.2 -> 6.7) cockpit containerd gcc13 (13.2.1+git8205 -> 13.2.1+git8250) gpg2 (2.4.3 -> 2.4.4) grub2 gstreamer-plugins-bad inih (57 -> 58) installation-images-MicroOS (17.111 -> 17.112) kernel-source lftp libmaxminddb (1.8.0 -> 1.9.1) libqmi libsolv (0.7.27 -> 0.7.28) libstorage-ng (4.5.175 -> 4.5.176) man mozilla-nss (3.95 -> 3.96.1) mutter perl-Bootloader (1.10 -> 1.11) podman (4.8.3 -> 4.9.0) postfix (3.8.4 -> 3.8.5) publicsuffix (20240107 -> 20240123) raspberrypi-firmware-dt rootlesskit (1.1.1 -> 2.0.0) ruby (3.2 -> 3.3) ruby3.2 rubygem-gem2rpm thin-provisioning-tools (1.0.9 -> 1.0.10) tiff transactional-update webkit2gtk3 webkit2gtk4 yast2 (5.0.3 -> 5.0.4) yast2-bootloader (5.0.2 -> 5.0.4) yast2-installation (5.0.3 -> 5.0.4) zbar === Details === ==== 7zip ==== - Fix build on SLE-15-SP6 * fix-avx-sle.patch ==== Mesa ==== Version update (23.3.3 -> 23.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.3.4 - -> https://docs.mesa3d.org/relnotes/23.3.4.html ==== Mesa-drivers ==== Version update (23.3.3 -> 23.3.4) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.4 - -> https://docs.mesa3d.org/relnotes/23.3.4.html ==== MozillaFirefox ==== Version update (121.0.1 -> 122.0) - Mozilla Firefox 122.0 https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605) Crash when using some WASM files in devtools * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 - requires NSS 3.96.1 - rebased patches ==== aardvark-dns ==== Version update (1.9.0 -> 1.10.0) - Update to version 1.10.0: * Release 1.10.0 * Release notes for 1.10.0 * chore(deps): update rust crate chrono to 0.4.32 * chore(deps): update dependency containers/automation_images to v20240102 * fix(deps): update rust crate futures-util to 0.3.30 * fix(deps): update rust crate anyhow to 1.0.79 * fix(deps): update rust crate tokio to 1.35.1 * chore(deps): update dependency containers/automation_images to v20231208 * fix(deps): update rust crate tokio to 1.35.0 * fix duplicated IP CI flake * server: remove unused kill switch * fix(deps): update rust crate clap to ~4.4.10 * Bump working version to v1.10.0-dev ==== btrfsprogs ==== Version update (6.6.2 -> 6.7) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.7 * mkfs: make 4k sectorsize default, recommended minimum kernel for that is 6.1 and requires subpage support on architectures with page size > 4k * subvolume create: return correct error code when a target already exists * tree-checker: dump tree block on error (btrfs-convert, ...) * scrub limit: fix reporting of a limit set while there's none * fi usage: fix reporting of unallocated data or raid56 profile without root privs due to lack of that information * convert: * align data block group lengths to 64K * fix conversion of a large filesystem when there are partial inode items present due to caching * other: * build fixes * updated documentation * new and updated tests - update to 6.6.3 * subvol create: accept multiple arguments * subvol delete: print the subvolume id in the output * subvol sync: check if the filesystems is still writeable so it does not wait indefinitely * device delete: add a timeout and warning when deleting multiple devices * scrub status: report limit if set in sysfs/../scrub_speed_max * scrub limit: new command to show or set the per-device scrub limits * scrub start: report the limit if set * build: * fix CPU feature detection on aarch64 * support Botan and OpenSSL (3.2+) as crypto backends * other: * documentation updates, RTD config update * new and updated tests * CI updates ==== cockpit ==== Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - suse_docs.patch: replace with suse docs and move docs with out eqiv to docs-rh (bsc#1219088) - hide-docs.patch: obsolete by above, removed - Provide users/groups cockpit-wsinstance and cockpit-ws: they are generated by cockpit-ws %pre script. - hide-docs.patch: hide RHEL docs in shell/manifest.json ==== containerd ==== - Enable manpage generation - Make devel package noarch - adjust rpmlint filters ==== gcc13 ==== Version update (13.2.1+git8205 -> 13.2.1+git8250) Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1 - Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250 * Includes fix for building TVM. [boo#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [boo#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [boo#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. ==== gpg2 ==== Version update (2.4.3 -> 2.4.4) Subpackages: dirmngr - Update to 2.4.4: [bsc#1219191] * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. * gpg: Add --list-filter properties sig_expires/sig_expires_d. * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don't try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option - -no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Release-info: https://dev.gnupg.org/T6578 * Remove patch upstream: - gnupg-Report-BEGIN_-status-before-examining-the-input.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Reinstate the verification for a non-zero total entry count to skip unmapped data blocks (bsc#1218864) * 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch - Removed temporary fix as reverting it will cause a different XFS parser bug * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable zxing in Leap15 * Leap 15 can not provide zxing >= 1.4.0, zxing is inherited from SLE15 but SLE15 do provide zxing version 1.2.0 only, Factory do have zxing-cpp 2.0.0 however it's not an API compatible version. ==== inih ==== Version update (57 -> 58) - Update to version 58 * Add ini_ prefix even to static names so inih can be used as an [#]include. ==== installation-images-MicroOS ==== Version update (17.111 -> 17.112) - merge gh#openSUSE/installation-images#686 - Remove more binaries appearing with Ruby 3.3 - 17.112 ==== kernel-source ==== - rpm/constraints.in: add static multibuild packages Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for constraints on multibuild) added "kernel-source:" prefix to the dynamically generated kernels. But there are also static ones like kernel-docs. Those fail to build as the constraints are still not applied. So add the prefix also to the static ones. Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it will ever be multibuilt... - commit c2e0681 - Revert "Limit kernel-source build to architectures for which the kernel binary" This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132. The fix for bsc#1108281 directly causes bsc#1218768, revert. - commit 2943b8a - mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases. - commit 308ea09 - rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled. - commit 841012b - rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf plugin) added this precompiled binary blob. Adapt rpmlintrc for kernel-source. - commit b5ccb33 - scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old The previous change added the manual entry from kernel-sources.change.old to old_changelog.txt unnecessarily. Let's fix it. - commit fb033e8 - rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058 (Documentation: Document each netlink family), the build needs python yaml. - commit 6a7ece3 - futex: Prevent the reuse of stale pi_state (bsc#1218841). Update upstream status (Queued in subsystem maintainer repository). - commit a3ee207 - Refresh patches.rpmify/media-solo6x10-replace-max-a-min-b-c-by-clamp-b-a-c.patch. Update usptream status. - commit 589bdfa - Update config files, enable CONFIG_IMA_DISABLE_HTABLE in all archs for Tumbleweed as SLE15-SP6 kernel does (bsc#1218400). - commit 020caa6 ==== lftp ==== - Apply "0001-lftp_ssl-deinitialize-the-lftp_ssl_openssl_instance.patch" to fix a crash that ocurred when lftp is run on s390x with an IBM crypto card installed. The issue has been reported to upstream at https://github.com/lavv17/lftp/issues/716. [bsc#1213984] ==== libmaxminddb ==== Version update (1.8.0 -> 1.9.1) - libmaxminddb 1.9.1: * On very large databases, the calculation to determine the search tree size could overflow. This was fixed and several additional guards against overflows were added * build system tweaks ==== libqmi ==== Subpackages: libqmi-glib5 libqmi-tools - Add patch: * 0001-message-fix-16bit-service-on-big-endian.patch - Fixes 16-bit service indications on big endian architectures. Cherry-picked from upstream qmi-1-34 branch ==== libsolv ==== Version update (0.7.27 -> 0.7.28) Subpackages: libsolv-tools ruby-solv - build for multiple python versions [jsc#PED-6218] - bump version to 0.7.28 ==== libstorage-ng ==== Version update (4.5.175 -> 4.5.176) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.176 ==== man ==== - Skip posttrans dependency on systemd to support container without systemd (boo#1215538) - Use %(trans)filetriggerin and %(trans)filetriggerpostun to get an uptodate man database for installed manual pages ==== mozilla-nss ==== Version update (3.95 -> 3.96.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.96.1 * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups) * bmo#1867408 - add a defensive check for large ssl_DefSend return values * bmo#1869378 - Add dependency to the taskcluster script for Darwin * bmo#1869378 - Upgrade version of the MacOS worker for the CI ==== mutter ==== - Rebase mutter-disable-cvt-s390x.patch for mutter 45.x. ==== perl-Bootloader ==== Version update (1.10 -> 1.11) - merge gh#openSUSE/perl-bootloader#162 - handle script exit codes properly (bsc#1218847) - 1.11 ==== podman ==== Version update (4.8.3 -> 4.9.0) - Update to version 4.9.0: * Bump to v4.9.0 * Fix a small grammar error in RELEASE_NOTES.md * Fix push endpoint stream * Finalized release notes for v4.9.0 * farm build: push built images to registry * Move the --farm flag to farm build command * Clean up farm-build miscommit * [CI:DOCS] Add podman farm build doc * Add release notes for v4.9.0 * gvproxy: Update to 0.7.2 release * [v4.9] Bump Buildah to v1.33.3, c/common to v0.57.2, c/image to v5.29.1 * Add a net health recovery service to Qemu machines * Set up podman machine remote user correctly * Remove Libpod special-init conditions * Fix `podman system reset` with external containers * [v4.8] podman kube play: fix broken annotation parsing * feat: disable pid max in the podman machine * systests: cp: add wait_for_ready * System tests: fixes for RHEL8 gating failures * Add API forwarding support for HyperV * bump to v4.8.4-dev ==== postfix ==== Version update (3.8.4 -> 3.8.5) - update to 3.8.5 * Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html. ==== publicsuffix ==== Version update (20240107 -> 20240123) - Update to version 20240123: * util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921) ==== raspberrypi-firmware-dt ==== - Extend "ARM: dts: bcm27xx: Use better name for spidev" patch coverage. Change compatible "spidev" to "rohm,dh2228fv" in overlay files too. Fixes bsc#1219094. ==== rootlesskit ==== Version update (1.1.1 -> 2.0.0) - Update to version 2.0.0: * v2.0.0 * v2.0.0-beta.0+dev * v2.0.0-beta.0 * CI: update Docker to v24.0.7 * CI: update pasta (2023_12_30.f091893) * Write `$ROOTLESSKIT_STATE_DIR/resolv.conf` * Build(deps): Bump golang.org/x/sys from 0.15.0 to 0.16.0 * fix typo * Build(deps): Bump github.com/urfave/cli/v2 from 2.26.0 to 2.27.1 * Build(deps): Bump github.com/google/uuid from 1.4.0 to 1.5.0 * Build(deps): Bump github.com/containernetworking/plugins * Build(deps): Bump github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 * v2.0.0-alpha.2+dev * v2.0.0-alpha.2 * CI: update pasta (2023_12_04.b86afe3) * pasta: add debug logs * Build(deps): Bump golang.org/x/sys from 0.14.0 to 0.15.0 * Build(deps): Bump github.com/moby/sys/mountinfo from 0.6.2 to 0.7.1 * Build(deps): Bump github.com/gorilla/mux from 1.8.0 to 1.8.1 * Build(deps): Bump golang.org/x/sys from 0.13.0 to 0.14.0 * Build(deps): Bump github.com/google/uuid from 1.3.1 to 1.4.0 * Build(deps): Bump golang.org/x/net from 0.10.0 to 0.17.0 * v2.0.0-alpha.1+dev * v2.0.0-alpha.1 * release.yaml: migrate from `hub` to `gh` * Build(deps): Bump golang.org/x/sys from 0.12.0 to 0.13.0 * Build(deps): Bump gotest.tools/v3 from 3.5.0 to 3.5.1 * Build(deps): Bump golang.org/x/sys from 0.11.0 to 0.12.0 * Build(deps): Bump github.com/google/uuid from 1.3.0 to 1.3.1 * lxc-user-nic: support detach-netns * Build(deps): Bump golang.org/x/sys from 0.10.0 to 0.11.0 * Build(deps): Bump golang.org/x/sys from 0.9.0 to 0.10.0 * Build(deps): Bump gotest.tools/v3 from 3.4.0 to 3.5.0 * v2.0.0-alpha.0+dev * v2.0.0-alpha.0; add --print-semver=(major|minor|patch) * new network driver: `pasta` (with port driver `implicit`) * [Carry 362] support detach-netns * pkg/port: ChildContext: remove unused PID field * cmd/rootlesskit: format logs * Refactor parent-child communication (Add message union) * Refactor parent-child communication (Remove "stages") * pkg/api: split pkg/httputil * Build(deps): Bump github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 * Build(deps): Bump golang.org/x/sys from 0.8.0 to 0.9.0 * Build(deps): Bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 * Build(deps): Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 * v1.1.1+dev ==== ruby ==== Version update (3.2 -> 3.3) - switch the default ruby to 3.3 ==== ruby3.2 ==== Subpackages: libruby3_2-3_2 - Omit test_session_reuse_but_expire if OpenSSL 3.2.0 Add Omit-test_session_reuse_but_expire-if-OpenSSL-3.2.0.patch ==== rubygem-gem2rpm ==== - Update the ruby ABI version in the 3.3.0 paths to the final string. - enable building for ruby 3.3 ==== thin-provisioning-tools ==== Version update (1.0.9 -> 1.0.10) - Update to version 1.0.10: * Bump version to 1.0.10 * [build] Update dependencies * [all] Fix clippy lints and typos * [space_map] Allow non-zero values in unused index block entries * [thin_repair] Fix child keys checking on the node with a zero key * [thin_check] Tweak the logs to avoid confusion with node errors * [thin_check] Support overriding the details tree root * [tests] Update expected help text for _pack and _unpack * [all] Fix clippy lints on optional targets * [build] Simplify the pre-commit hooks by checking all the targets at once * [thin_metadata_unpack] Allow long format for input and output * [space map] Fix incorrect index_entry.nr_free while expansion * thin_metadata_pack: Allow long format for input and output ==== tiff ==== - security update: * CVE-2023-52356 [bsc#1219213] Fix segfault in TIFFReadRGBATileExt() + tiff-CVE-2023-52356.patch ==== transactional-update ==== Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Use "up" instead of "dup" by default on ALP [bsc#1218861] ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add webkit2gtk3-CVE-2024-23222.patch: fix a type confusion issue (bsc#1219113 CVE-2024-23222). ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Add webkit2gtk3-CVE-2024-23222.patch: fix a type confusion issue (bsc#1219113 CVE-2024-23222). ==== yast2 ==== Version update (5.0.3 -> 5.0.4) Subpackages: yast2-logs - Reading Kernel Params: Use kernel cmdline when install.inf is not available (bsc#1216408) - 5.0.4 ==== yast2-bootloader ==== Version update (5.0.2 -> 5.0.4) - Persist s390 cio_ignore kernel argument always when given (bsc#1210525). - 5.0.4 - Do not try finding undefined bootloader name to avoid error in logs (bsc#1218700) - 5.0.3 ==== yast2-installation ==== Version update (5.0.3 -> 5.0.4) - Keep cio_ignore kernel argument when present in the parmfile or use the cio_ignore -k output if not and write it always even in zVM and KVM (bsc#1210525). - 5.0.4 ==== zbar ==== - Fix building for Leap
participants (1)
-
Guillaume Gardet