Mailinglist Archive: opensuse-factory (262 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20200831 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Wed, 02 Sep 2020 15:01:12 +0000
  • Message-id: <159905887249.27759.11269269280477737071@go-agent-stagingbot-2>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20200831

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
bind (9.16.5 -> 9.16.6)
festival
libverto (0.2.6 -> 0.3.1)
permissions (1550_20200811 -> 1550_20200826)
suse-module-tools (15.3.3 -> 15.3.4)
systemd
xdm
xfce4-screensaver
zlib

=== Details ===

==== bind ====
Version update (9.16.5 -> 9.16.6)
Subpackages: bind-chrootenv bind-doc bind-utils libbind9-1600 libdns1605
libirs1601 libisccc1600 libisccfg1600 python3-bind

- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
Fixes five vilnerabilities:
5481. [security] "update-policy" rules of type "subdomain" were
incorrectly treated as "zonesub" rules, which allowed
keys used in "subdomain" rules to update names outside
of the specified subdomains. The problem was fixed by
making sure "subdomain" rules are again processed as
described in the ARM. (CVE-2020-8624) [GL #2055]
5480. [security] When BIND 9 was compiled with native PKCS#11 support,
it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623)
[GL #2037]
5479. [security] named could crash in certain query resolution
scenarios
where QNAME minimization and forwarding were both
enabled. (CVE-2020-8621) [GL #1997]
5478. [security] It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message.
(CVE-2020-8620) [GL #1996]
5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622) [GL #2028]
For the less severe bugs fixed, see the CHANGES file.
[bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
CVE-2020-8620, CVE-2020-8622]

==== festival ====

- Removed unnecessary and unexpected "_link".
- Updated .spec file according to the Tumbleweed's change
(%{_libexecdir} was changed from /usr/lib to /usr/libexec).

==== libverto ====
Version update (0.2.6 -> 0.3.1)
Subpackages: libverto1 libverto1-32bit

- update to 0.3.1:
* Fix rare leak of DSO in module_load
* Turn off -Wcast-function-type
* Work around libev not being c89-compliant
* Minor release bumps for verto_cleanup()
* Leak fixes
* Enforce strict c89 compliance for portability
* Many warning fixes
* Fix memleak in libverto:vfree
* Update mutex usage to improve debugging
* Add verto_cleanup() to free loaded_modules
* Make C99 requirement explicit

==== permissions ====
Version update (1550_20200811 -> 1550_20200826)
Subpackages: chkstat permissions-config permissions-doc

- Update to version 20200826:
* mtr-packet: stop requiring dialout group
* etc/permissions: fix mtr permission
* list_permissions: improve output format
* list_permissions: support globbing in --path argument
* list_permissions: implement simplifications suggested in PR#92
* list_permissions: new tool for better path configuration overview

==== suse-module-tools ====
Version update (15.3.3 -> 15.3.4)

- Update to version 15.3.4:
* spec: rework dependencies

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1
libudev1-32bit systemd-32bit systemd-container systemd-doc systemd-lang
systemd-logger systemd-sysvinit udev

- Adjust %pre and %post for the restoration of upstream tmp.mount (boo#1175779)
- Import commit a4e393eecb9dbe140a6c7d57419c291d786155cf
d8e3bd4e22 Revert "core: don't send SIGKILL to user@.service immediatly
during shutdown"
- Drop requirement on 'sysvinit-tools'
It was used to workaround bug #886599 by explicitly calling
vhangup(8) from getty@.service so when this service was stopped a
virtually hangup on the specified terminal when were stopped to give
the shell a few seconds to save its history.
But this workaround was dropped since it had no effect (SLE12-GM was
released with it but was still suffering from the bug) and was
replaced by commit e9db43d5910717a108, which was released from v226
and backported to SLE12/SLE12-SP1.

==== xdm ====
Subpackages: xdm-xsession

- Require /sbin/startproc: with systemd no longer pulling in
sysvinit-tools. we are responsible for our own deps. /sbin/pidof
and /sbin/startproc both were presented by sysvinit-tools. but
the sole presence of the /sbin/pidof dep is not sufficient, as
this can be provided by various packages (e.g.
busybox-sysvinit-tools, which then does not provide startproc).
Spelling the deps out ensures that we get the right package set
installed.
- Drop insserv-compat dependency when display-manager.service is used
insserv-compat is going to be dropped soon or later on systems with
systemd as init system.
It was only needed by /usr/lib/X11/display-manager script that uses
rc_status to pretty print the status of a command.
Since this script is intended to be used by display-manager.service
and not called directly by users and systemd has already its own
mechanism to report status, the use of rc_status doesn't seem to be
useful.
The exit failure status for each command has been preserved.
- Drop commands in /usr/lib/X11/display-manager that are never used by systemd
Assuming that this script is only called from
display-manager.service unit, some commands of the scripts are
either never used or redundant with systemd functionalities.
More specifically, there's no need to redefine a "stop" command as
this is one basic command that systemd implements already.
Also convert "reload" to make use of $MAINPID exported by systemd
which should be slighly more reliable and hence stop relying on
killproc that might be removed in the future.
- Replace /var/run with /run as /var/run is obsolete since quite some
time now.

==== xfce4-screensaver ====

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

==== zlib ====
Subpackages: libminizip1 libz1 libz1-32bit zlib-devel

- Add patch to fix compression level switching
bsc#1175811 bsc#1175830 bsc#1175831
* zlib-compression-switching.patch
- Set -DDFLTCC_LEVEL_MASK=0x7e on s390/s390x jsc#13776


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages