New ARM MicroOS snapshot 20231120 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&comp... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: dracut (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) gnutls (3.8.1 -> 3.8.2) hplip libksba (1.6.4 -> 1.6.5) libsolv (0.7.25 -> 0.7.26) libxml2 (2.11.5 -> 2.11.6) sssd texlive === Details === ==== dracut ==== Version update (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) Subpackages: dracut-ima - Update to version 059+suse.522.g0fc72191: * fix(install.d): do not create rescue entry when working with UKIs * fix(install.d): skip if $KERNEL_INSTALL_INITRD_GENERATOR is set otherwise * feat(resume): do not attempt to install systemd-hibernate-resume@.service * feat(install.d): add sort-key field to rescue BLS entries * fix(install.d): do not generate a new initrd if any INITRD_FILE is provided * fix(install.d): do not create initramfs if the supplied image is UKI * feat(install.d): allow using dracut in combination with ukify * fix(resume): add new systemd-hibernate-resume.service * feat(systemd): install systemd-executor ==== gnutls ==== Version update (3.8.1 -> 3.8.2) - Update to 3.8.2: [bsc#1217277, CVE-2023-5981] * libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981] * libgnutls: Add API functions to perform ECDH and DH key agreement The functionality has been there for a long time though they were not available as part of the public API. This enables applications to implement custom protocols leveraging non-interactive key agreement with ECDH and DH. * libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452) The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through the AEAD interface. Note that, unlike GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is appended to the ciphertext, not prepended. * libgnutls: transparent KTLS support is extended to FreeBSD kernel The kernel TLS feature can now be enabled on FreeBSD as well as Linux when compiled with the --enable-ktls configure option. * gnutls-cli: New option --starttls-name Depending on deployment, application protocols such as XMPP may require a different origin address than the external address to be presented prior to STARTTLS negotiation. The --starttls-name can be used to specify specify the addresses separately. * API and ABI modifications: - gnutls_pubkey_import_dh_raw: New function - gnutls_privkey_import_dh_raw: New function - gnutls_pubkey_export_dh_raw: New function - gnutls_privkey_export_dh_raw: New function - gnutls_x509_privkey_import_dh_raw: New function - gnutls_privkey_derive_secret: New function - GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t - GNUTLS_CIPHER_AES_128_SIV_GCM: Added - GNUTLS_CIPHER_AES_256_SIV_GCM: Added * Rebase gnutls-FIPS-140-3-references.patch * Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch ==== hplip ==== Subpackages: hplip-hpijs hplip-udev-rules - hppsfilter: booklet printing: change insecure fixed /tmp file paths (bsc#1214399) * add hppsfilter-booklet-printing-change-insecure-fixed-tm.patch ==== libksba ==== Version update (1.6.4 -> 1.6.5) - Update to 1.6.5: * Add Brainpool curve detection using parameters with compressed base point. [rKeb23f853f178] * New configure option --with-libtool-modification. [T6619] * Release-info: https://dev.gnupg.org/T6822 ==== libsolv ==== Version update (0.7.25 -> 0.7.26) Subpackages: libsolv-tools python3-solv ruby-solv - fix evr roundtrip in testcases - do not use deprecated headerUnload with newer rpm versions - bump version to 0.7.26 ==== libxml2 ==== Version update (2.11.5 -> 2.11.6) Subpackages: libxml2-2 libxml2-tools - Update to version 2.11.6: * Regressions: - threads: Fix --with-thread-alloc - xinclude: Fix âlastâ pointer in xmlXIncludeCopyNode * Bug fixes: parser: Fix potential use-after-free in xmlParseCharDataInternal ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Fix spec file for Leap - /usr/etc migration, restore /etc/sssd/sssd.conf.rpmsave after update (bsc#1216865) - Do not install the KRB5 IDP plugin, it is useless without the OIDC child - Drop no longer valid --without-secrets configure switch ==== texlive ==== - Silent some rpmlint errors - Catch all lua based binaries for boo#1216650 - texlive-latex-bin-bin: Ensure the same version of libz1 is installed in system as against what texlive was compiled (boo#1216650).
participants (1)
-
Guillaume Gardet