New MicroOS snapshot 20230929 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20230929
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (117.0.1 -> 118.0.1)
argyllcms (2.3.1 -> 3.0.0)
glibc
gstreamer (1.22.5 -> 1.22.6)
gstreamer-plugins-bad (1.22.5 -> 1.22.6)
gstreamer-plugins-base (1.22.5 -> 1.22.6)
gstreamer-plugins-good (1.22.5 -> 1.22.6)
libqt5-qtbase
libssh
libvpx
mpg123 (1.31.3 -> 1.32.2)
open-vm-tools
openssl-3 (3.1.2 -> 3.1.3)
openssl (3.1.2 -> 3.1.3)
perl-HTTP-Message (6.44 -> 6.450.0)
python-greenlet (2.0.2 -> 3.0.0~rc3)
sddm
smartmontools
yast2-python-bindings (4.6.0 -> 5.0.1)
=== Details ===
==== MozillaFirefox ====
Version update (117.0.1 -> 118.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 118.0.1
MFSA 2023-44 (bsc#1215814)
* CVE-2023-5217 (bmo#1855550),
Heap buffer overflow in libvpx
- Mozilla Firefox 118.0
MFSA 2023-41 (bsc#1215575)
* CVE-2023-5168 (bmo#1846683)
Out-of-bounds write in FilterNodeD2D1
* CVE-2023-5169 (bmo#1846685)
Out-of-bounds write in PathOps
* CVE-2023-5170 (bmo#1846686)
Memory leak from a privileged process
* CVE-2023-5171 (bmo#1851599)
Use-after-free in Ion Compiler
* CVE-2023-5172 (bmo#1852218)
Memory Corruption in Ion Hints
* CVE-2023-5173 (bmo#1823172)
Out-of-bounds write in HTTP Alternate Services
* CVE-2023-5174 (bmo#1848454)
Double-free in process spawning on Windows
* CVE-2023-5175 (bmo#1849704)
Use-after-free of ImageBitmap during process shutdown
* CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
and Thunderbird 115.3
- requires NSS 3.93
- add mozilla-bmo1822730.patch
- deactivated KDE integration temporarily
(removed mozilla-kde.patch and firefox-kde.patch for now)
==== argyllcms ====
Version update (2.3.1 -> 3.0.0)
- Update to 3.0.0:
* Updated ccast/axTLS to get ChromCast working again with latest Google CC
operating software.
* Extensive re-write/re-factor of icclib to make it more future-proof.
See https://www.argyllcms.com/doc/ChangesSummary.html for details.
* Added ref/ColorCheckerPassport.ti2 and ref/ColorCheckerHalfPassport.ti2
to allow measuring ColorCheckerPassport with instrument.
* Fixed bug in Munki spectro hi-res mode with some instruments. Luminance
matching between normal and hi-res was sometimes quite poor.
* Added ARGYLL_CREATE_DISPLAY_PROFILE_WITHOUT_CHAD environment variable.
* Changed colprof -U flag to -u. Changed dispcal -J flag to -K to accommodate
a potential new flag for colprof and dispcal.
* Added workaround for bug in madHcNet64.dll32/64.dll which sometimes causes
failure.
* Added delay after USB set_config on OS X to help Spyder 3/4 on Ventura OS.
* Added -Y parameter to dispwin to override automatic patch delay.
* Changed i1d3 driver to cope with Rev. B "0x83" error robustly. This should
fix any issues measuring low level Red only patch values on OLED displays,
but with slower measurements when this occurs.
* Added spotread -Y S option to save spectral sensitivity curves and added
corresponding support in i1d3 driver. This allows for comparison of different
instruments factory calibrations.
* Added a -h scale parameter to dispread, to allow the automatic instrument
calibration test patch values to be scaled down from their default 100%
value. This is useful with HDR displays.
* Added manifest to MSWindows executables to use UTF-8 code pages on Windows
1903 and later. This should improve non-ASCII filename and path handling.
* Added a Violet colorant to the targen colorant list.
* Fixed problem with OS X 64 bit backwards compatibility where it failed to
locate serial instruments when the binaries are run on OS X V12 or latter
machines.
* Fixed bug in i1Pro3 driver where it was not returning the correct
measurement conditions enum.
* Fixed spotread so that ambient measure for monochrome sources doesn't error
out due to bad CCT/VCT/VDT. Also change -T so that it suppresses CCT etc. if
ambient mode is used.
* Added hacky workaround to strange Mac M2/rosetta bug in del_i1proimp().
- Make the argyllcms-doc package noarch.
==== glibc ====
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- fstat-implementation.patch: io: Do not implement fstat with fstatat
- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the
fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884)
- getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in
getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843)
- Do not build any cross packages in SLES
- no-aaaa-read-overflow.patch: Stack read overflow with large TCP
responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842)
- Add systemd to passwd, group and shadow lookups (jsc#PED-5188)
- ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64
with __USE_FILE_OFFSET64 (BZ #30804)
- libio-io-vtables.patch: libio: Fix oversized __io_vtables
- call-init-proxy-objects.patch: elf: Do not run constructors for proxy
objects
- dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse
constructor order (BZ #30785)
- intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C
locale (BZ #16621)
- glibc-disable-gettext-for-c-utf8.patch: Removed
==== gstreamer ====
Version update (1.22.5 -> 1.22.6)
Subpackages: gstreamer-lang libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.22.6:
+ Highlighted bugfixes:
- Security fixes for the MXF demuxer and H.265 video parser
- Fix latency regression in H.264 hardware decoder base class
- androidmedia: fix HEVC codec profile registration and fix
coded_data handling
- decodebin3: fix switching from a raw stream to an encoded
stream
- gst-inspect: prettier and more correct signal and action
signals printing
- rtmp2: Allow NULL flash version, omitting the field, for
better RTMP server compatibility
- rtspsrc: better compatibility with buggy RTSP servers that
don't set a clock-rate
- rtpjitterbuffer: fix integer overflow that led to more
packets being declared lost than have been lost
- v4l2: fix video encoding regression on RPi and fix support
for left and top padding
- waylandsink: Crop surfaces to their display width height
- cerbero: Recognise Manjaro; add Rust support for MSVC ARM64;
cmake detection fixes
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ gstreamer:
- gst-inspect: prettier and more correct signal printing, and
print action signals in g_signal_emit_by_name() format
- gst-launch: Disable fault signal handlers on macOS
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-bad ====
Version update (1.22.5 -> 1.22.6)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.22.6:
+ audiolatency: Forward latency query and event upstream
+ av1parser: Fix segmentation params update
+ codecparsers: Fix MPEG-1 aspect ratio table
+ d3d11convert: Passthrough allocation query on same caps
+ h264decoder: Update latency dynamically
+ h265parser:
- Allow partially broken hvcC data
- Fix possible overflow using max_sub_layers_minus1
+ hlssink2: Always use forward slash separator
+ mdns: Fix a crash on context error
+ mxfdemux: Fix integer overflow causing out of bounds writes
when handling invalid uncompressed video and check channels for
AES3
+ nvencoder: Fix negotiation error when interlace-mode is
unspecified
+ rtmp2: Allow NULL flash version, omitting the field
+ rtmp2sink: fix crash if message conversion failed
+ transcodebin: Fixes for upstream selectable support
+ va: Fix in error logs functions mismatches
+ waylandsink:
- Crop surfaces to their display width height
- Fix cropping for video with non-square aspect ratio
+ webrtc: Fix docs for create-data-channel action signal
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-base ====
Version update (1.22.5 -> 1.22.6)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0
- Update to version 1.22.6:
+ audio: Make sure to stop ringbuffer on error
+ decodebin3:
- Avoid identity, sinkpad, parsebin leakage when reset input
- Ensure the slot is unlinked before linking to decoder
+ sdp:
- Fix wrong debug log error message for missing clock-rate in
caps
- Parse zero clock-rate as default
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-good ====
Version update (1.22.5 -> 1.22.6)
Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang
- Update to version 1.22.6:
+ adaptivedemux2: fix memory leak
+ pulsedeviceprovider: fix incorrect usage of GST_ELEMENT_ERROR
+ qt:
- Unbreak build with qt-egl enabled but viv_fb missing
- Fix searching of qt5/qt6 tools with qmake in Meson
+ qtdemux:
- Fix premature EOS when some files are played in push mode
- Attach cbcs crypt info at the right moment
+ rtpjitterbuffer: Avoid integer overflow in max saveable packets
calculation with negative offset
+ videoflip: fix concurrent access when modifying the tag list
+ v4l2:
- allocator: Don't close foreign dmabuf
- bufferpool:
. Fix large encoded stream regression
. Problems when checking for truncated buffer
- Fix support for left and top padding
+ v4l2object: clear format lists if source change event is
received
- Rebase reduce-required-meson.patch
- Add libqt5-linguist BuildRequires: New dependency.
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- switch icu-devel requires to pkgconfig to allow switching libicu
versions
==== libssh ====
Subpackages: libssh-config libssh4
- Enable crypto-policies support: [bsc#1211301]
* Rebase libssh_client.config libssh_server.config
==== libvpx ====
- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778)
added CVE-2023-5217.patch
==== mpg123 ====
Version update (1.31.3 -> 1.32.2)
Subpackages: libmpg123-0 mpg123-openal
- Update to version 1.32.2
* libmpg123: Re-introduce _64 symbols on native 64 bit offset
platforms. This was a regression since 1.31 series. Sorry,
too much cleanup, not enough testing.
* build:
+ Better O_LARGEFILE logic, avoiding redefintion.
* ports/cmake:
+ Require C99 (bug 360, among other points, thanks to Ozkan
Sezer).
+ Fix broken O_LARGEFILE logic (bug 360).
+ Typo fix and cleanup, also manual SSE switch for Android
on old x86 (bug 359).
- Update to version 1.32.1
* Include man pages again in tarball and install. We cannot
avoid the empty man directory when disabling programs with
autoconf.
* Fix signal handler prototype, avoiding some justified warnings.
* ports/cmake:
+ Include CheckTypeSize, which seems to be needed sometimes
+ Avoid O_LARGEFILE redefinition, logic closer to autoconf.
- Update to version 1.32.0
* build
+ Move version handling out of configure.ac to ease other
build systems.
+ Include "fmt123.h" instead of
participants (1)
-
Richard Brown