New MicroOS snapshot 20221127 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20221127 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: filesystem gawk (5.2.0 -> 5.2.1) iputils (20211215 -> 20221126) kdump (1.0.2+git20.gcb129d0 -> 1.0.2+git26.gc6fab38) libX11 libcontainers-common (20210626 -> 20221122) libeconf (0.4.8+git20221114.7ff7704 -> 0.4.9) libgcrypt (1.9.4 -> 1.10.1) mpfr === Details === ==== filesystem ==== - Add %_user_tmpfilesdir to the filesystem - Added zh_Hans (simplified Chinese) and zh_Hant (traditional chinese) locales ==== gawk ==== Version update (5.2.0 -> 5.2.1) - Update to gawk 5.2.1 * Issues related to the sign of NaN and Inf values on RiscV have been fixed * A few issues with the debugger have been fixed. * More subtle issues with untyped array elements being passed to functions have been fixed. * The rwarray extension's readall() function has had some bugs fixed. * The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x. - double-free.patch, pma.patch, nan-sign.patch: Removed ==== iputils ==== Version update (20211215 -> 20221126) - Update to version 20221126 https://github.com/iputils/iputils/releases/tag/20221126 - Update configure variables (ninfod, rarpd and rdisc were removed from upstream in next release => remove -DBUILD_NINFOD=false -DBUILD_RARPD=false - DBUILD_RDISC=false) - Remove 2 backported fixes from this release 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ==== kdump ==== Version update (1.0.2+git20.gcb129d0 -> 1.0.2+git26.gc6fab38) - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - ppc64: rebuild initrd image after migration (bsc#1191410) - kdumptool calibrate: modify fadump suggestions (jsc#IBM-1027) ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * fixed Firefox freezes (regression since 1.8.2) (boo#1205778) ==== libcontainers-common ==== Version update (20210626 -> 20221122) - Update bundled common to 0.50.1 - Update bundled image to 5.23.1 - Update bundled storage to 1.44.0 - Drop bundled podman - Bump version to 20221122 - Install container-storage-driver.sh in /etc/ on Leap & SLE ==== libeconf ==== Version update (0.4.8+git20221114.7ff7704 -> 0.4.9) - Update to version 0.4.9: * libeconf.h: added missing sys/types.h header (#171) * new API calls: econf_readFileWithCallback, econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172) * Checking NULL comment parameter in the parsing functions. ==== libgcrypt ==== Version update (1.9.4 -> 1.10.1) - Update to 1.10.1: * Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc. * Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules. * Add the hardware optimizations config file hwf.deny to the /etc/gcrypt/ directory. This file can be used to globally disable the use of hardware based optimizations. * Remove not needed separate_hmac256_binary hmac256 package - Update to 1.10.0: * New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification. * Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures. * Bug fixes: - Fix Elgamal encryption for other implementations. [bsc#1190239, CVE-2021-40528] - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. - Simplification of the entropy gatherer when using the getentropy system call. * Interface changes relative to the 1.10.0 release: - GCRYCTL_SET_DECRYPTION_TAG NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code. - GCRYCTL_NO_FIPS_MODE = 83 NEW control code. - GCRY_CIPHER_MODE_SIV NEW mode. - GCRY_CIPHER_MODE_GCM_SIV NEW mode. - GCRY_CIPHER_EXTENDED NEW flag. - GCRY_SIV_BLOCK_LEN NEW macro. - gcry_cipher_set_decryption_tag NEW macro. - GCRY_KDF_ARGON2 NEW constant. - GCRY_KDF_BALLOON NEW constant. - GCRY_KDF_ARGON2D NEW constant. - GCRY_KDF_ARGON2I NEW constant. - GCRY_KDF_ARGON2ID NEW constant. - gcry_kdf_hd_t NEW type. - gcry_kdf_job_fn_t NEW type. - gcry_kdf_dispatch_job_fn_t NEW type. - gcry_kdf_wait_all_jobs_fn_t NEW type. - struct gcry_kdf_thread_ops NEW struct. - gcry_kdf_open NEW function. - gcry_kdf_compute NEW function. - gcry_kdf_final NEW function. - gcry_kdf_close NEW function. - gcry_pk_hash_sign NEW function. - gcry_pk_hash_verify NEW function. - gcry_pk_random_override_new NEW function. * Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename to libgcrypt-1.10.0-allow_FSM_same_state.patch * Remove unused CAVS tests and related patches: - cavs_driver.pl cavs-test.sh - libgcrypt-1.6.1-fips-cavs.patch - drbg_test.patch * Remove DSA sign/verify patches for the FIPS CAVS test since DSA has been disabled in FIPS mode: - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch * Rebase libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt_indicators_changes.patch and libgcrypt-indicate-shake.patch and merge both into libgcrypt-FIPS-SLI-hash-mac.patch * Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to libgcrypt-FIPS-SLI-kdf-leylength.patch * Rebase libgcrypt-jitterentropy-3.4.0.patch * Rebase libgcrypt-FIPS-rndjent_poll.patch * Rebase libgcrypt-out-of-core-handler.patch and rename to libgcrypt-1.10.0-out-of-core-handler.patch * Since the FIPS .hmac file is now calculated with the internal tool hmac256, only the "module is complete" trigger .fips file is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch to libgcrypt-1.10.0-use-fipscheck.patch * Remove patches fixed upstream: - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - libgcrypt-fix-rng.patch - libgcrypt-1.8.3-fips-ctor.patch - libgcrypt-1.8.4-use_xfree.patch - libgcrypt-1.8.4-getrandom.patch - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch - libgcrypt-dsa-rfc6979-test-fix.patch - libgcrypt-fix-tests-fipsmode.patch ... changelog too long, skipping 27 lines ... * Update libgcrypt.keyring ==== mpfr ==== - Add mpfr-4.1.1-patch01.patch to fix bug with code using the mpfr_custom_get_kind macro.
participants (1)
-
Richard Brown