New ARM MicroOS snapshot 20241130 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20241130 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa Mesa-drivers MicroOS-release (20241127 -> 20241130) cairo container-selinux (2.232.1 -> 2.233.0) file (5.45 -> 5.46) glib2 gnome-session gpgme grub2 libpwquality libssh (0.10.6 -> 0.11.1) netavark python-gobject python-setuptools (72.1.0 -> 75.6.0) python311-packaging (24.1 -> 24.2) qt6-wayland selinux-policy (20241105 -> 20241118) sqlite3 (3.46.1 -> 3.47.1) system-config-printer webkit2gtk3 (2.46.3 -> 2.46.4) webkit2gtk4 (2.46.3 -> 2.46.4) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - trying to make buildservice happy by adding both tarballs to specfile ... - on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167) - adjusted patches for Mesa 24.1.7: * python36-buildfix1-s390x.patch * u_dep_xcb-s390x.patch * u_mesa-CVE-2023-45913-s390x.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium - trying to make buildservice happy by adding both tarballs to specfile ... - on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167) - adjusted patches for Mesa 24.1.7: * python36-buildfix1-s390x.patch * u_dep_xcb-s390x.patch * u_mesa-CVE-2023-45913-s390x.patch ==== MicroOS-release ==== Version update (20241127 -> 20241130) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cairo ==== Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Convert to source service: allows for easier upgrades by the GNOME team. ==== container-selinux ==== Version update (2.232.1 -> 2.233.0) - Update to version 2.233.0: * container_engine_t: small change to allow non root exec in a container * RPM: explicitly list ghosted paths and skip mode verification * container-selinux install on non selinux-policy-targeted systems (#332) * set container_log_t type for /var/log/kube-apiserver * Allow kubelet_t to create a sock file kubelet_var_lib_t * dontaudit spc_t to mmap_zero * Packit: update targets (#330) * container_engine_t: another round of small improvements (#327) * Allow container_device_plugin_t to use the network (#325) * RPM: cleanup changelog (#324) * TMT: Simplify tests ==== file ==== Version update (5.45 -> 5.46) Subpackages: file-magic libmagic1 - Update to 5.46: * Add OFFPOSITIVE * avoid leaking symbols in libmagic * PR/562: jsummers: Search/regex offsets are absolute to the beginning of the file, so adjust them by subtracting the offset that the "use" starts so that we don't double-count it. * PR/543: matshch: bump nbuf so we can get the flags into the buffer. * Add Android elf notes (enh) * Add limit for number of magic warnings allowed * check regex bounds (found by clusterfuzz) - Remove patch file-5.45-type_t.dif now upstream - Port patches * file-4.24-autoconf.dif * file-5.17-option.dif * file-5.18-javacheck.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.22-elf.dif * file-5.28-btrfs-image.dif * file-5.45-type_t.dif * file-secure_getenv.patch - Port patch file-5.45.dif and rename it to file-5.46.dif * Note that our kernel magics do not fit anymore as upstream now has a huge rework and extended features ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Have the glib2-tools postun trigger exit normally if glib2-compile-schemas can't be run. Fixes error when uninstalling if libgio is uninstalled first (bsc#1231463). ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-wayland - Build gnome-session-wayland also on s390x: It was originally excluded because xwayland did not exist. That has been solved in 2021 though. ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 python311-gpg - Add gpgme-fix-python-install.patch: Fix the installation of the python bindings without having to move them around manually. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Support s390x Secure Execution (jsc#PED-9531) * grub2-s390x-secure-execution-support.patch - Update grub2-s390x-set-hostonly.patch to add the patch header and the description ==== libpwquality ==== Subpackages: libpwquality-tools libpwquality1 pam_pwquality - Drop python 2.x support (it's been 4 years). - Add python3-setuptools BuildRequires which is needed for distutils. ==== libssh ==== Version update (0.10.6 -> 0.11.1) Subpackages: libssh-config libssh4 - Update to version 0.11.1: * Fixed default TTY modes that are set when stdin is not connected to tty. * Fixed zlib cleanup procedure, which could crash on i386. * Various test fixes improving their stability. * Remove 0001-disable-timeout-test-on-slow-buildsystems.patch to enable slow tests also in s390 s390x ppc64le. - Set BuildArch: noarch for the config package as it only ships configuration files. - Update to version 0.11.0 https://www.libssh.org/2024/08/08/libssh-0-11-0-release/ - Updated 0001-disable-timeout-test-on-slow-buildsystems.patch - Removed libssh-fix-ipv6-hostname-regression.patch ==== netavark ==== - Fix source definition for netavark-iptables.conf and netavark-nftables.conf - Set default firewall driver based on the project configuration (bsc#1231424) * Require correct dependencies * Add netavark-iptables.conf and netavark-nftables.conf ==== python-gobject ==== Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo - Add python-pygobject provides: help packages to eliminate rpmlint warnings when comparing requrements.txt vs the packages depdency. 'pygobject' is the proper upstream name. ==== python-setuptools ==== Version update (72.1.0 -> 75.6.0) - remove duplicated "uses_network" skip - Skip over the tests which require network. - Don't use pytest-xdist, it breaks test suite. - update to 75.6.0: * Preserve original PKG-INFO into METADATA when creating wheel (instead of calling wheel.metadata.pkginfo_to_metadata). This helps to be more compliant with the flow specified in PEP 517. * Changed the WindowsSdkVersion, FrameworkVersion32 and FrameworkVersion64 properties of setuptools.msvc.PlatformInfo to return an empty tuple instead of None as a fallthrough case -- by :user:`Avasam` - update to 75.5.0: * Removed support for SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is deemed prone to errors. * Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611) Attention! This environment variable was removed in a later version of setuptools. * Require Python 3.9 or later. (#4718) * Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718) * Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:`sys.abiflags`). (#4718) * Updated vendored packaging version to 24.2. (#4740) * Merge with pypa/distutils@251797602, including fix for dirutil.mkpath handling in pypa/distutils#304. * Allowed using dict as an ordered type in setuptools.dist.check_requirements -- by :user:`Avasam` * Ensured methods in setuptools.modified preferably raise a consistent distutils.errors.DistutilsError type (except in the deprecated use case of SETUPTOOLS_USE_DISTUTILS=stdlib) - - by :user:`Avasam` * Fix the ABI tag when building a wheel using the debug build of Python 3.13 on Windows. Previously, the ABI tag was missing the "d" flag. * Fix clashes for optional-dependencies in pyproject.toml and extra_requires in setup.cfg/setup.py. As per PEP 621, optional-dependencies have to be honoured and dynamic behaviour is not allowed. * #4560 * Made errors when parsing Distribution data more explicit about the expected type (tuple[str, ...] | list[str]) -- by :user:`Avasam` * Fix a TypeError when a Distribution's old included attribute was a tuple -- by :user:`Avasam` * Add workaround for bdist_wheel --dist-info-dir errors when customisation does not inherit from setuptools. * Re-use pre-existing .dist-info dir when creating wheels via the build backend APIs (PEP 517) and the metadata_directory argument is passed -- by :user:`pelson`. * Changed egg_info command to avoid adding an empty .egg-info directory while iterating over entry-points. This avoids triggering integration problems with importlib.metadata/importlib_metadata (reference: pypa/pyproject-hooks#206). * Deprecated bdist_wheel.universal configuration. * Removed reference to upload_docs module in entry points. * Declare also the dependencies used by distutils (adds jaraco.collections). * Removed upload_docs command. * Merge with pypa/distutils@7283751. Removed the register and upload commands and the config module that backs them (pypa/distutils#294). Removed the borland compiler. Replaced vendored dependencies with natural dependencies. Cygwin C compiler now gets compilers from sysconfig (pypa/distutils#296). * Fix cross-platform compilation using distutils._msvccompiler.MSVCCompiler -- by :user:`saschanaz` and :user:`Avasam` * Fixed TypeError in sdist filelist processing by adding support for pathlib Paths for the build_base. * Removed degraded and deprecated test_integration (easy_install) from the test suite. * Fixed TypeError in msvc.EnvironmentInfo.return_env when no runtime redistributables are installed. * Added support for defining ext-modules via pyproject.toml (EXPERIMENTAL, may change in future releases). * Merge with pypa/distutils@3dcdf8567, removing the duplicate vendored copy of packaging. * Restored setuptools.msvc.Environmentinfo as it is used externally. * Changed the type of error raised by setuptools.command.easy_install.CommandSpec.from_param on unsupported argument from AttributeError to TypeError -- by :user:`Avasam` * Added detection of ARM64 variant of MSVC -- by :user:`saschanaz` * Made setuptools.package_index.Credential a typing.NamedTuple - - by :user:`Avasam` ... changelog too long, skipping 43 lines ... get_msvcr() (pypa/distutils#274). ==== python311-packaging ==== Version update (24.1 -> 24.2) - update to 24.2: * PEP 639: Implement License-Expression and License-File (:issue:`828`) * Use !r formatter for error messages with filenames (:issue:`844`) * Add support for PEP 730 iOS tags (:issue:`832`) * Fix prerelease detection for > and < (:issue:`794`) * Fix uninformative error message (:issue:`830`) * Refactor canonicalize_version (:issue:`793`) * Patch python_full_version unconditionally (:issue:`825`) * Fix doc for canonicalize_version to mention strip_trailing_zero and a typo in a docstring (:issue:`801`) * Fix typo in Version __str__ (:issue:`817`) * Support creating a SpecifierSet from an iterable of Specifier objects (:issue:`775`) ==== qt6-wayland ==== Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Add patch to fix crash when unplugging a graphics tablet: * 0001-client-Redo-management-of-tablet-object-proxies.patch ==== selinux-policy ==== Version update (20241105 -> 20241118) Subpackages: selinux-policy-targeted - Update to version 20241118: * Add workaround for /run/rpmdb lockfile (bsc#1231127) * Add dedicated health-checker module (bsc#1231127) - Packaging rework: moving all config files to git repository https://gitlab.suse.de/selinux/selinux-policy - Moved booleans to dist/*/booleans.conf and dropped from package: * booleans-minimum.conf - user facing change: boolean settings are now the same as in upstream * booleans-mls.conf - user facing change: boolean settings are now the same as in upstream * booleans-targeted.conf - user facing change: kerberos_enabled boolean was not enabled due to a bug, now it is enabled - Moved booleans.subs_dist to dist/booleans.subs_dist and dropped from package - Moved customizable_types to dist/customizable_types and dropped from package - user facing change: using upstream version - Moved file_contexts.subs_dist to config/file_contexts.subs_dist and dropped from package - user facing change: changed systemd entries in file_contexts.subs_dist: /run/systemd/system -> dropped from file /run/systemd/generator.early /run/systemd/generator /run/systemd/generator.late /run/systemd/generator - Moved modules config to dist/<policytype>/modules.conf and dropped from package: - user facing change: minimum policy: modules base and contrib are merged into modules.lst and modules-enabled.lst was added which contains the enabled modules, replacing modules-minimum-disable.lst * modules-minimum-base.conf * modules-minimum-contrib.conf * modules-minimum-disable.lst * Added: modules-minimum.lst - user facing change: mls policy: modules base + contrib are merged into modules.lst * modules-mls-base.conf * modules-mls-contrib.conf - user facing change: targeted policy: modules base + contrib are merged into modules.lst: * modules-targeted-base.conf * modules-targeted-contrib.conf - Moved securetty config to config/appconfig-<policytype>/securetty_types and dropped from package - user facing change: using upstream version for all policy types * securetty_types-minimum * securetty_types-mls * securetty_types-targeted - Moved setrans config to dist/<policytype>/setrans.conf and dropped from package * setrans-minimum.conf * setrans-mls.conf * setrans-targeted.conf - Moved users config to dist/<policytype>/users and dropped from package * users-minimum - user facing change: added guest_u and xguest_u * users-mls * users-targeted - Fix debug-build.sh to follow symlinks when creating the tarball - Update embedded container-selinux version to commit: * 3f06c141bebc00a07eec4c0ded038aac4f2ae3f0 - Update to version 20241107: * Re-add kanidm module to dist/targeted/modules.conf * Add SUSE-specific file contexts to file_contexts.subs_dist * Disallow execstack in dist/minimum/booleans.conf * Add SUSE-specific booleans to dist/targeted/booleans.conf * Add SUSE specific modules to targeted modules.conf * Label /var/cache/systemd/home with systemd_homed_cache_t * Allow login_userdomain connect to systemd-homed over a unix socket * Allow boothd connect to systemd-homed over a unix socket * Allow systemd-homed get attributes of a tmpfs filesystem * Allow abrt-dump-journal-core connect to systemd-homed over a unix socket * Allow aide connect to systemd-homed over a unix socket * Label /dev/hfi1_[0-9]+ devices * Remove the openct module sources * Remove the timidity module sources * Enable the slrn module * Remove i18n_input module sources * Enable the distcc module * Remove the ddcprobe module sources * Remove the timedatex module sources * Remove the djbdns module sources * Confine iio-sensor-proxy * Allow staff user nlmsg_write * Update policy for xdm with confined users * Allow virtnodedev watch mdevctl config dirs * Allow ssh watch home config dirs * Allow ssh map home configs files * Allow ssh read network sysctls * Allow chronyc sendto to chronyd-restricted * Allow cups sys_ptrace capability in the user namespace * Add policy for systemd-homed * Remove fc entry for /usr/bin/pump * Label /usr/bin/noping and /usr/bin/oping with ping_exec_t * Allow accountsd read gnome-initial-setup tmp files * Allow xdm write to gnome-initial-setup fifo files * Allow rngd read and write generic usb devices * Allow qatlib search the content of the kernel debugging filesystem * Allow qatlib connect to systemd-machined over a unix socket * mls/modules.conf - fix typo * Use dist/targeted/modules.conf in build workflow * Fix default and dist config files * Allow unprivileged user watch /run/systemd * CI: update to actions/checkout@v4 * Allow boothd connect to kernel over a unix socket * Clean up and sync securetty_types * Bring config files from dist-git into the source repo * Confine gnome-remote-desktop * Allow virtstoraged execute mount programs in the mount domain * Make mdevctl_conf_t member of the file_type attribute ==== sqlite3 ==== Version update (3.46.1 -> 3.47.1) - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the "install" target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like "SELECT func(a) FROM tab GROUP BY 1" only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the "order-by-subquery" optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The "indexed-subtype-expr" optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the "long double" data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript "opfs" VFS. Correct "mode=ro" handling for the "opfs" VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-common system-config-printer-dbus-service udev-configure-printer - Add installation-root-dir-from-setup.patch gh#OpenPrinting/system-config-printer#361 to fix cupshelpers installation. ==== webkit2gtk3 ==== Version update (2.46.3 -> 2.46.4) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.46.4: + Improve memory consumption and performance of Canvas getImageData. + Fix preserve-3D intersection rendering. + Fix video dimensions since GStreamer 1.24.9. + Fix the HTTP-based remote Web Inspector not loading in Chromium. + Fix content filters not working on about:blank iframes. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-44308, CVE-2024-44309. - Drop patches fixed upstream: + 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch + webkit2gtk3-CVE-2024-44308.patch + webkit2gtk3-CVE-2024-44309.patch ==== webkit2gtk4 ==== Version update (2.46.3 -> 2.46.4) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.46.4: + Improve memory consumption and performance of Canvas getImageData. + Fix preserve-3D intersection rendering. + Fix video dimensions since GStreamer 1.24.9. + Fix the HTTP-based remote Web Inspector not loading in Chromium. + Fix content filters not working on about:blank iframes. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-44308, CVE-2024-44309. - Drop patches fixed upstream: + 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch + webkit2gtk3-CVE-2024-44308.patch + webkit2gtk3-CVE-2024-44309.patch
participants (1)
-
Guillaume Gardet