Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20240524 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MicroOS-release (20240522 -> 20240524) containerd (1.7.15 -> 1.7.17) curl docker-buildx (0.14.0 -> 0.14.1) gcc13 (13.2.1+git8761 -> 13.3.0+git8781) glibc gnome-branding-Aeon kf6-qqc2-desktop-style libarchive libcap-ng (0.8.4 -> 0.8.5) llvm18 (18.1.5 -> 18.1.6) lvm2 lvm2-device-mapper openssl-3 permissions (1699_20240513 -> 1699_20240521) polkit-default-privs (1550+20240430.5327266 -> 1550+20240522.4ba9229) python-requests (2.31.0 -> 2.32.2) speech-dispatcher (0.12.0~rc2 -> 0.12.0~rc3) suse-module-tools (16.0.43 -> 16.0.44) talloc (2.4.1 -> 2.4.2) tdb (1.4.9 -> 1.4.10) tevent (0.16.0 -> 0.16.1) udisks2 (2.10.0 -> 2.10.1) vlc === Details === ==== MicroOS-release ==== Version update (20240522 -> 20240524) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== containerd ==== Version update (1.7.15 -> 1.7.17) - Update to containerd v1.7.17. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.7.17> - Switch back to using tar_scm service. Aside from obs_scm using more bandwidth and storage than a locally-compressed tar.xz, it seems there's some weird issue with paths in obscpio that break our SLE-12-only patch. - Rebase patches: * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch - Update to containerd v1.7.16. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.7.16> CVE-2023-45288 bsc#1221400 ==== curl ==== Subpackages: libcurl4 - Add split-provides for libcurl-devel -> libcurl-devel-doc. - Spin documentation off to libcurl-devel-doc, this saves buildroots 495 files and time (mandb is run in %posttrans). ==== docker-buildx ==== Version update (0.14.0 -> 0.14.1) - Update to version 0.14.1: * Fix possible duplicate requests when setting up a connection to buildkit instance #2467 * Fix error handling when merging multi-node build results #2424 * Fix creating metadata file if --print is used #2422 * Fix creating an empty image when "default load" and --print are both set #2421 * Fix bake files that use same named context pointing to another target multiple times with different names #2444 * Defer metrics provider setup to updated docker/cli library [#2460] ==== gcc13 ==== Version update (13.2.1+git8761 -> 13.3.0+git8781) - Update to GCC 13.3 release ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599, bsc#1223423, BZ #31677) - glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch: nscd: Do not send missing not-found response in addgetnetgrentX (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, CVE-2024-33602, bsc#1223425, BZ #31680) - nscd-netgroup-cache-timeout.patch: Use time_t for return type of addgetnetgrentX (CVE-2024-33602, bsc#1223425) - glibc-fix-cve-2024-33599.patch: renamed - ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue for _start routine (bsc#1221940) - utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS independence (BZ #30701) - elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ [#31686]) ==== gnome-branding-Aeon ==== - Wait for network for all aeon-mig-firstboot tasks - Introduce aeon-mig-firstboot to help tuneup home directories after migration - Minor locale bugfixes and cleanup - Rewrite aeon-firstboot to be multi-threaded and install locales (boo#1224328, boo#1213055, boo#1208869, boo#1217466, boo#1223608) ==== kf6-qqc2-desktop-style ==== - Update qqc2-desktop-style-lang obsoleted version ==== libarchive ==== - Fix bsdunzip test failing due to a locale issue * fix-bsdunzip-test.patch ==== libcap-ng ==== Version update (0.8.4 -> 0.8.5) - Update to version 0.8.5: * Remove python global exception handler since it's deprecated * Make the utilities link against just built libraries * Remove unused macro in cap-ng.h - Remove libcap-ng.rpmlintrc, it doesn't seem to be used any more. ==== llvm18 ==== Version update (18.1.5 -> 18.1.6) - Update to version 18.1.6. * Fixes issues where LLVM is either generating the incorrect thunk for a function with aligned parameters or didn't correctly pass through the return value when StructRet was used. * `-Xclang -target-feature -Xclang +unaligned-scalar-mem` can be used to enable unaligned scalar memory accesses for CPUs that do not support unaligned vector accesses. `-mno-strict-align` will enable unaligned scalar and vector memory accesses. * Don't replace an aliasee with an alias that has weak linkage. This avoids incorrect linkage that can lead to using the wrong symbols during linking time. * Fixes build failures when compiling AVX512 code using `-march=native` on machines without AVX512. The problem was introduced in LLVM 18.1.5. * Fixes crash in AArch64 backend when having `true` or `false` as operand for `fcmp` instruction on IR level. * Fixes compiler crash when user specifies `-mno-evex512` with AVX512 features but no AVX512VL. * Fixes a bug that tries to do VBROADCAST_LOAD for `f16` without AVX2. - Rebase llvm-do-not-install-static-libraries.patch. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1224388, CVE-2024-4603] * Check DSA parameters for excessive sizes before validating * Add openssl-CVE-2024-4603.patch ==== permissions ==== Version update (1699_20240513 -> 1699_20240521) Subpackages: permctl permissions-config - Update to version 1699_20240521: * permctl: return special exit code in --warn mode if entries need fixing ==== polkit-default-privs ==== Version update (1550+20240430.5327266 -> 1550+20240522.4ba9229) - Update to version 1550+20240522.4ba9229: * whitelist gnome-remote-desktop (bsc#1222159) ==== python-requests ==== Version update (2.31.0 -> 2.32.2) - Update to 2.32.2 * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. - Update to 2.32.1 * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (bsc#1224788, CVE-2024-35195) * verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7. * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. ==== speech-dispatcher ==== Version update (0.12.0~rc2 -> 0.12.0~rc3) - Update to version 0.12.0~rc3: * Detect module failures from generic module. * Make the fallback espeak-ng and dummy modules hardcoded. * Better detect generic module failures to disable them. * pulse: Use asynchronous API to avoid buffer underruns. * generic: Make stripping punctuation use locale charset. - Add speech-dispatcher-missing-return-vals.patch: add missing return statements. ==== suse-module-tools ==== Version update (16.0.43 -> 16.0.44) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.44: * Include unblacklist in initramfs (bsc#1224320) * regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) ==== talloc ==== Version update (2.4.1 -> 2.4.2) - Update to 2.4.2 * build with Python 3.12 (bso#15513) * documentation fixes * Update patch talloc-python3.5-fix-soabi_name.patch ==== tdb ==== Version update (1.4.9 -> 1.4.10) - Update to 1.4.10 * build with Python 3.12 (bso#15513) * documentation fixes * minor build fixes ==== tevent ==== Version update (0.16.0 -> 0.16.1) - Update to version 0.16.1 * build with Python 3.12 (bso#15513) * documentation fixes ==== udisks2 ==== Version update (2.10.0 -> 2.10.1) Subpackages: libudisks2-0 - update to version 2.10.1 - Update Ukrainian translation - tests: Wipe used devices for LVM2 RAID tests - tests: Settle down before checking the LVM RAID MissingPhysicalVolumes property - tests: Rescan vdevs after lvm raid tests - Update German translation - tests: Mark UDF fstab filesystem tests as unstable - tests: Add offline and online filesystem grow tests - doc: Clarify the Filesystem.Size property presence - udiskslinuxfilesystem: Force native tools for mounted XFS fs size retrieval - udiskslinuxfilesystem: Refactor internal whitelists - tests: Fix Python class invocation in nvme tests - udisksctl: Add "--no-partition-scan" option for "loop-setup" command - tests: Fix regex escaping - integration-test: Fix invalid escaping - tests: Mark LVM RAID tests as unstable - tests: Fix LSM drive objects crawl - iscsi: Fix login on firmware-discovered nodes - udiskslinuxmanager: Properly handle disabled modules - tests: Replace deprecated unittest assert calls - udisksctl: Guard object lookup - Update ka.po - udiskslinuxloop: Avoid warnings on empty loop devices - Update Polish translation - Limit getting filesystem size only to Ext and XFS - build: Check for gobject-introspection m4 macro presence - tests: start the polkitd mock with the corresponding user if it exists - Drop merged upstream patches: 0001-doc-Clarify-the-Filesystem.Size-property-presence.patch 0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch 0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch 0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch 0001-tests-Add-offline-and-online-filesystem-grow-tests.patch ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-noX vlc-qt - Add 770789f2.patch: Fix missing cast in chromaprint (boo#1223909).