New MicroOS snapshot 20231029 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20231029 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: avahi avahi-glib2 containerd (1.7.7 -> 1.7.8) docker (24.0.6_ce -> 24.0.7_ce) glib2 (2.78.0 -> 2.78.1) gnome-settings-daemon gnome-software gvfs libsoup (3.4.3 -> 3.4.4) libstorage-ng (4.5.154 -> 4.5.155) mozilla-nss (3.93 -> 3.94) open-vm-tools p11-kit (0.25.0 -> 0.25.1) vim (9.0.2043 -> 9.0.2078) xdg-desktop-portal (1.18.0 -> 1.18.1) === Details === ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473). ==== avahi-glib2 ==== - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473). ==== containerd ==== Version update (1.7.7 -> 1.7.8) - Update to containerd v1.7.8. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.7.8> ==== docker ==== Version update (24.0.6_ce -> 24.0.7_ce) Subpackages: docker-bash-completion docker-rootless-extras - Update to Docker 24.0.7-ce. See upstream changelong online at <https://docs.docker.com/engine/release-notes/24.0/#2407>. - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * cli-0001-docs-include-required-tools-in-source-tree.patch ==== glib2 ==== Version update (2.78.0 -> 2.78.1) Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - Update to version 2.78.1: + Fix truncating files when `g_file_set_contents_full()` is called without `G_FILE_SET_CONTENTS_CONSISTENT` + Fix `-Dlibelf=disabled` on Linux + Bugs fixed: - NetworkManager 1.44.0 crashes repeatedly with glib 2.78.0 - gsubprocess-testprog.c: build error with cygwin (sys/ptrace.h: No such file or directory) - gio clears modification time in microseconds when setting with `set_modification_date_time` - Build of glib 2.78.0 ignores -Dlibelf=disabled - glib-2.78.0 fails at gio/tests/gsubprocess.p/gsubprocess.c.o - Segfault when creating GIO GPropertyAction without properties - `g_file_set_contents_full()` doesn't truncate the file (without `G_FILE_SET_CONTENTS_CONSISTENT`) - guniprop.c: Avoid creating (temporarily) out-of-bounds pointers - Fixes for integer cast warnings when targeting CHERI - Fix test_find_program on FreeBSD - gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC - Fix gutils-user-database test on macOS - Add value annotation to G_TYPE_FUNDAMENTAL_MAX - meson: Fix Windows build with PCRE2 as sibling subproject - gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC - glocalfileinfo: Preserve microseconds for access/modify times - Make sure the `GTask` is freed on a graceful disconnect - Buffer needs to be aligned correctly to receive linux_dirent64. - gtestutils.h: Fix warning with -Wsign-conversion caused by g_assert_cmpint - tests: Drop unnecessary include from gsubprocess-testprog.c - wakeup: do single read when using eventfd() - wakeup: Fix g_wakeup_acknowledge if signal comes inâ - Use g_task_return in task threads - build: Fix -Dlibelf=disabled on Linux - gfileutils: Add a missing ftruncate() call when writing files + Updated translations. - Drop 0005-gthreadedresolver-Fix-race.patch: Fixed upstream. ==== gnome-settings-daemon ==== Subpackages: gnome-settings-daemon-lang - Add 538816ff42f682fc4b541810ca107486abab9976.patch: smartcard: Steal error when propagating through GTask. ==== gnome-software ==== Subpackages: gnome-software-lang gnome-software-plugin-packagekit - Rebase gnome-software-disable-offline-update.patch(bsc#1216603). - Add gnome-software-plugin-opensuse-distro-upgrade.patch: plugins: add opensuse-distro-upgrade plugin(glgo#GNOME/gnome-software!1557). ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - Use older way than autopatch on SLE/Leap, which is not ready for the macro. - Rebase gvfs-nvvfs.patch. ==== libsoup ==== Version update (3.4.3 -> 3.4.4) Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0 - Update to version 3.4.4: + Improve HTTP/2 performance when a lot of buffering happens + Support building libnghttp2 as a subproject ==== libstorage-ng ==== Version update (4.5.154 -> 4.5.155) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#963 - extended testsuite - 4.5.155 ==== mozilla-nss ==== Version update (3.93 -> 3.94) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.94 * bmo#1853737 - Updated code and commit ID for HACL* * bmo#1840510 - update ACVP fuzzed test vector: refuzzed with current NSS * bmo#1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * bmo#1774659 - NSS needs a database tool that can dump the low level representation of the database * bmo#1852179 - declare string literals using char in pkixnames_tests.cpp * bmo#1852179 - avoid implicit conversion for ByteString * bmo#1818766 - update rust version for acvp docker * bmo#1852011 - Moving the init function of the mpi_ints before clean-up in ec.c * bmo#1615555 - P-256 ECDH and ECDSA from HACL* * bmo#1840510 - Add ACVP test vectors to the repository * bmo#1849077 - Stop relying on std::basic_string<uint8_t> * bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp - rebased patches - added nss-fips-test.patch to fix broken test ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Fix (bsc#1216432) - VUL-0: CVE-2023-34058: open-vm-tools: SAML token signature bypass vulnerability. - Fix (bsc#1216433) - VUL-0: : CVE-2023-34059: open-vm-tools: file descriptor hijack vulnerability + Add patch: - CVE-2023-34058.patch - CVE-2023-34059.patch ==== p11-kit ==== Version update (0.25.0 -> 0.25.1) Subpackages: libp11-kit0 p11-kit-tools - Update to 0.25.1: * fix probing of C_GetInterface [#535] * p11-kit: add command to list tokens [#581] * p11-kit: add command to list mechanisms supported by a token [#576] * p11-kit: add command to generate private-public keypair on a token [#551, #582] * p11-kit: add commands to import/export certificates and public keys into/from a token [#543, #549, #568, #588] * p11-kit: add commands to list and delete objects of a token [#533, #544, #571] * p11-kit: add --login option to login into a token with object and profile management commands [#587] * p11-kit: adjust behavior of PKCS#11 profile management commands [#558, #560, #583, #591] * p11-kit: print PKCS#11 URIs in list-modules [#532] * bug and build fixes [#528 #529, #534, #537, #540, #541, #545, [#547], #550, #557, #572, #575, #579, #585, #586, #590] * test fixes [#553, #580] * Remove patch fixed upstream: - d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch ==== vim ==== Version update (9.0.2043 -> 9.0.2078) Subpackages: vim-data vim-data-common vim-small xxd - Update to version 9.0.2078 * several problems with type aliases * Vim9: No support for type aliases * TextChangedI may not always trigger * Completion menu may be wrong * don't echo empty lines (#13431) * typo in quickfix.c comments * update debian related runtime files (#13423) * Vim9: no nr2str conversion in list-unpack * objdump files not recognized * [security] disallow setting env in restricted mode * possible to escape bracketed paste mode with Ctrl-C * [security] overflow in :history * clarify bracketed paste mode * missing code formatting in if_pyth.txt * xxd: coloring was disabled on Cygwin * xxd: corrupting files when reversing bit dumps * EXPAND flag set for filetype option * cannot use buffer-number for errorformat * Fix typos in several documents (#13420) * pacman hooks are detected as conf filetype * Janet files are not recognised * not able to detect xkb filetypes * *.{gn,gni} files are not recognized * small updates to the documentation for varargs * Update ftplugin - comment motions (#13412) * outstanding exceptions may be skipped * tests: avoid error when no swap files exist * Vim9: no strict type checks for funcrefs varargs * do not use hard-coded match id (#13393) * no digraph for quadruple prime * Vim9: non-consistent error messages * win32: iscygpty needs update * Add new ftplugin (#13385) * zig filetype detection test wrong * win32: using deprecated wsock32 api * Vim9: wrong error for non-existing object var * Update Zig runtime files (#13388) * Vim9: crash with deferred function call and exception * Vim9: not recognizing qualified class vars for infix ops * python: uninitialized warning * perl: warning about inconsistent dll linkage * tests: checking for swap files takes time * Vim9: exceptions confuse defered functions * allow for overriding systemd ftplugin settings (#13373) ==== xdg-desktop-portal ==== Version update (1.18.0 -> 1.18.1) Subpackages: xdg-desktop-portal-lang - Update to version 1.18.1: + Communicate better when the Background portal kills an app. + Properly quote Flatpak command in the Background portal. + Improve documentation of the "cursor_mode" propery of the ScreenCast backend D-Bus interface. + Fix ScreenCast portal removing transient restore permissions too early. This fixes screen sharing dialogs on Chromium asking for the screen multiple times. + Only send the Closed session signal to the sender. + Add Meson options to disable building with Bubblewrap, and without the Flatpak portal documentation. Disabling Bubblewrap is highly discouraged, and only meant to be used on platforms that do not currently support it. By disabling Bubblewrap, bitmap validation happens without a sandbox, which is highly insecure since image parsing is a common source of exploits. Really, just do not disable Bubblewrap please. + Improve the manpage of portals.conf. + Various spelling fixes to the Document portal. + Add a new website! We don't have a fancy domain yet, but the website can be accessed at https://flatpak.github.io/xdg-desktop-portal/ + Improve pid mapping for host system apps. This should get rid of some rare, unnecessary warnings. + Adjust documentation of Global Shortcuts portal's timestamps to millisecond granularity. + Bump minimum Meson version to 0.58.
participants (1)
-
Richard Brown