Packages changed:
Mesa (22.1.3 -> 22.1.4)
Mesa-drivers (22.1.3 -> 22.1.4)
MozillaFirefox (102.0.1 -> 103.0.1)
apparmor (3.0.5 -> 3.0.6)
bind
firewalld
gcal
gdb (11.1 -> 12.1)
gnome-settings-daemon
gnutls (3.7.6 -> 3.7.7)
iso-codes (4.10.0 -> 4.11.0)
kernel-source (5.18.12 -> 5.18.15)
libapparmor (3.0.5 -> 3.0.6)
libavif
libblockdev (2.26 -> 2.27)
libgcrypt
libnvme (1.1~rc0 -> 1.1)
libvirt (8.5.0 -> 8.6.0)
mokutil (0.5.0 -> 0.6.0)
mpg123 (1.30.1 -> 1.30.2)
nvme-cli (2.1~rc0 -> 2.1.1)
oath-toolkit
opencc (1.1.3 -> 1.1.4)
polkit
poppler (22.07.0 -> 22.08.0)
poppler-qt5 (22.07.0 -> 22.08.0)
python-Genshi (0.7.5 -> 0.7.7)
python-cffi (1.15.0 -> 1.15.1)
python-cryptography (37.0.2 -> 37.0.4)
python-gobject (3.42.1 -> 3.42.2)
python-hatchling (1.4.1 -> 1.6.0)
python-httpcore (0.14.7 -> 0.15.0)
python-importlib-metadata (4.11.4 -> 4.12.0)
python-kiwi (9.24.41 -> 9.24.45)
python-libvirt-python (8.5.0 -> 8.6.0)
python-numexpr
python-psutil
python-pycairo
python-scipy
python-urllib3 (1.26.9 -> 1.26.11)
python-wcwidth
read-only-root-fs (1.0+git20200730.1243fd0 -> 1.0+git20220801.cbb90bc)
rsync
unbound (1.16.1 -> 1.16.2)
util-linux
util-linux-systemd
vim (9.0.0073 -> 9.0.0135)
xdg-utils (1.1.3+20201113 -> 1.1.3+20210805)
=== Details ===
==== Mesa ====
Version update (22.1.3 -> 22.1.4)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- update to 22.1.4:
* anv: disable non uniform indexing of UBOs
* anv: use the right helper to invalidate memory
* intel/fs: ray query fix for global address
* isl: add new helper for format component compatibility
* radeonsi: fix random PS wave size
* r300: Keep rc_rename_regs() from overflowing
* aco/ra: update register file when updating phi definition
* radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard
==== Mesa-drivers ====
Version update (22.1.3 -> 22.1.4)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2
- update to 22.1.4:
* anv: disable non uniform indexing of UBOs
* anv: use the right helper to invalidate memory
* intel/fs: ray query fix for global address
* isl: add new helper for format component compatibility
* radeonsi: fix random PS wave size
* r300: Keep rc_rename_regs() from overflowing
* aco/ra: update register file when updating phi definition
* radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard
==== MozillaFirefox ====
Version update (102.0.1 -> 103.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 103.0.1
* Enabled hardware acceleration on newer AMD cards.
* Fixed a crash on Firefox shutdown caused by a bug in the
audio manager
- Mozilla Firefox 103.0
https://www.mozilla.org/en-US/firefox/103.0/releasenotes
MFSA 2022-28 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36317 (bmo#1759951)
Long URL would hang Firefox for Android
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local .lnk files could cause unexpected
network loads
* CVE-2022-36315 (bmo#1762520)
Preload Cache Bypasses Subresource Integrity
* CVE-2022-36316 (bmo#1768583)
Performance API leaked whether a cross-site resource is
redirecting
* CVE-2022-36320 (bmo#1759794, bmo#1760998)
Memory safety bugs fixed in Firefox 103
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- requires
NSS >= 3.80
rust = 1.61
rust-cbindgen >= 0.24.3
- Move %limit_build set before mozilla config to actually set the
value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64
==== apparmor ====
Version update (3.0.5 -> 3.0.6)
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor
- update to AppArmor 3.0.6
- fix LTO build in the parser
- remove dbus deny rule in abstractions/exo-open
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff
==== bind ====
Subpackages: bind-doc bind-utils
- Add systemd drop-in directory for named service
[bsc#1201689, bind.spec]
==== firewalld ====
Subpackages: firewalld-bash-completion firewalld-lang firewalld-zsh-completion python3-firewall
- readd ipset buildrequires to reenable ipset support (bsc#1202043)
- readd ebtables too, as there is no builtin support.
==== gcal ====
Subpackages: gcal-lang
- use -D_FORTIFY_SOURCE=2 to fix crashes
==== gdb ====
Version update (11.1 -> 12.1)
- Maintenance script qa.sh:
* Add SLE-12/x86_64 to "known clean configs".
* Add fail for PR29405.
* Add fail for PR26915.
- Patches added:
* gdb-testsuite-fix-gdb.threads-killed-outside.exp-on-aarch64.patch
- Maintenance script qa.sh:
* Remove PR29247 internal-error.
* Add SLE-15/aarch64 to "known clean configs".
- Patches added:
* gdb-fix-watchpoints-triggered.patch
- Maintenance script qa.sh:
* Add kfails for PR25038, PR29253, and PR29423.
* Remove gdb.mi/mi-var-invalidate-shlib.exp kfails.
- Mention qa-local.sh, qa-remote.sh and README.qa as sources.
- Maintenance script qa-local.sh:
* Use have_combo consistently.
- Maintenance script qa.sh:
* Add kfail_aarch64.
* Add PR29419/PR29409 kfails.
* Update PR29247 kfails.
- Patches added:
* make-gdb.ada-float-bits.exp-more-generic.patch
* gdb-testsuite-fix-gdb.ada-literals.exp-with-aarch64.patch
- Actually apply fixup-gdb-test-bt-cfi-without-die.patch and
fixup-2-gdb-rhbz1553104-s390x-arch12-test.patch.
- Also remove gdb-6.5-readline-long-line-crash-test.patch from
patches list in gdb.spec.
- Patches added:
* powerpc-add-support-for-ieee-128-bit-format.patch
* powerpc-correct-the-gdb-ioctl-values-for-tcgets-tcsets-tcsetsw-and-tcsetsf.patch
* gdb-testsuite-remove-target-limits-in-gdb.base-catch-syscall.exp.patch
* powerpc-fix-for-gdb.base-eh_return.exp.patch
* fix-comparison-of-unsigned-long-int-to-int-in-record_linux_system_call.patch
* gdb-testsuite-fix-gdb.reverse-test_ioctl_tcsetsw.exp-with-libc-debuginfo.patch
* fixup-gdb-test-bt-cfi-without-die.patch
* fix-core-file-detach-crash-corefiles-29275.patch
* gdb-testsuite-fix-gdb.dwarf2-dw2-out-of-range-end-of-seq.exp-on-aarch64.patch
* gdb-testsuite-fix-gdb.base-catch-syscall.exp-without-enable-targets.patch
* gdb-testsuite-fix-gdb.base-catch-syscall.exp-with-with-expat-no.patch
* fix-for-gdb.base-solib-search.exp-test.patch
- Patch removed:
* gdb-6.7-ppc-clobbered-registers-O2-test.patch
* gdb-6.5-readline-long-line-crash-test.patch
- Patches updated:
* gdb-tdep-update-syscalls-ppc64-ppc-linux.xml.patch
* gdb-testsuite-handle-pipe2-syscall-in-gdb.base-catch-syscall.exp.patch
- Maintenance script qa.sh:
* Add PR28504 KFAILs.
* Make .sum file matching less complex.
* Add fedora test-case kfail.
- Maintenance script qa-local.sh:
* Fix incorrect path name.
- Update comments in gdb.spec.
- Patches added:
* powerpc-update-expected-floating-point-output-for-gdb.arch-altivec-regs.exp-and-gdb.arch-vsx-regs.exp.patch
- Patches updated:
* gdb-testsuite-support-recording-of-getrandom.patch
(add aarch64 part)
- Maintenance script qa.sh:
* Add i586 to known clean configs.
- Patches added:
* gdb-testsuite-enable-some-test-cases-for-x86_64-m32.patch
* gdb-testsuite-fix-gdb.reverse-i387-env-reverse.exp-for-pie.patch
* gdb-testsuite-support-recording-of-getrandom.patch
- Patches updated:
* gdb-record-handle-statx-system-call.patch
- Maintenance script qa.sh:
* Allow only two summary files, for i586.
* Add i586 KFAILs.
- Maintenance script qa-local.sh:
* Add i586.
- Maintenance script qa-local.sh:
* Fix rpm pathname.
- Maintenance script qa-remote.sh:
* Skip stale config openSUSE_Leap_15.2.
- Maintenance script qa.sh:
* Drop known clean config: Leap 15.2 x86_64.
- Maintenance script qa-local.sh:
* Add cleanup step.
* Add "build all configs without testsuite" step.
* For "build all configs with testsuite" step, redirect output
to log and produce PASS/FAIL line, and make sure buildroot is
removed also in case of missing rpm.
* Use "--clean --trust-all-projects" for osc build commands.
* Drop openSUSE_Leap_15.2.
- Maintenance script qa.sh:
* Rename argument 6 to -local.
* Add PR29247 KFAILs.
* Update internal-error regexps.
- New maintenance script qa-remote.sh.
- Add "build all configs without testsuite" step in README.qa.
- Patches added (backport from trunk):
* gdb-testsuite-remove-attach-test-from-can_spawn_for_attach.patch
- README.qa:
* Add remote qa entry.
* Update local qa entry:
* Add notes entry.
* Other updates to match changes in qa-local.sh.
... changelog too long, skipping 312 lines ...
* Add Leap 15.4 x86_64 to know good configs.
==== gnome-settings-daemon ====
Subpackages: gnome-settings-daemon-lang
- Change dependency from polkit to /usr/bin/pkexec: pkexec has been
split out of polkit. Requiring the explicit capability seems
better here than having to worry what package carries the binary.
==== gnutls ====
Version update (3.7.6 -> 3.7.7)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac
- Update to 3.7.7: [bsc#1202020, CVE-2022-2509]
* libgnutls: Fixed double free during verification of pkcs7
signatures. CVE-2022-2509
* libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
less than or equal to 255 times hash digest size, to comply with
RFC 5869 2.3.
* libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters
* libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
* libgnutls: New block cipher functions have been added to
transparently handle padding. gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3 can be used in combination of
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
padding if the length of the original plaintext is not a multiple
of the block size.
* libgnutls: New function for manual FIPS self-testing.
* API and ABI modifications:
- gnutls_fips140_run_self_tests: New function
- gnutls_cipher_encrypt3: New function
- gnutls_cipher_decrypt3: New function
- gnutls_cipher_padding_flags_t: New enum
* guile: Guile 1.8 is no longer supported
* guile: Session record port treats premature termination as EOF Previously,
a 'gnutls-error' exception with the 'error/premature-termination' value
would be thrown while reading from a session record port when the
underlying session was terminated prematurely. This was inconvenient
since users of the port may not be prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
session termination.
* guile: Session record ports can have a 'close' procedure. The
'session-record-port' procedure now takes an optional second parameter,
and a new 'set-session-record-port-close!' procedure is provided to
specify a 'close' procedure for a session record port. This 'close'
procedure lets users specify cleanup operations for when the port is
closed, such as closing the file descriptor or port that backs the
underlying session.
* Rebase patches:
- gnutls-3.6.6-set_guile_site_dir.patch
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-disable-failing-tests.patch
* Remove patch merged upstream:
- gnutls-FIPS-PBKDF2-KAT-requirements.patch
- https://gitlab.com/gnutls/gnutls/merge_requests/1561
==== iso-codes ====
Version update (4.10.0 -> 4.11.0)
Subpackages: iso-codes-lang
- Update to version 4.11.0:
+ Update ISO 639-3 codes from SIL website.
+ Updated translations.
==== kernel-source ====
Version update (5.18.12 -> 5.18.15)
- Linux 5.18.15 (bsc#1012628).
- watch-queue: remove spurious double semicolon (bsc#1012628).
- ASoC: SOF: Intel: disable IMR boot when resuming from ACPI S4
and S5 states (bsc#1012628).
- ASoC: SOF: pm: add definitions for S4 and S5 states
(bsc#1012628).
- ASoC: SOF: pm: add explicit behavior for ACPI S1 and S2
(bsc#1012628).
- watchqueue: make sure to serialize 'wqueue->defunct' properly
(bsc#1012628).
- x86/alternative: Report missing return thunk details
(bsc#1012628).
- x86/amd: Use IBPB for firmware calls (bsc#1012628).
- exfat: use updated exfat_chain directly during renaming
(bsc#1012628).
- exfat: fix referencing wrong parent directory information
after renaming (bsc#1012628).
- crypto: qat - re-enable registration of algorithms
(bsc#1012628).
- crypto: qat - add param check for DH (bsc#1012628).
- crypto: qat - add param check for RSA (bsc#1012628).
- crypto: qat - remove dma_free_coherent() for DH (bsc#1012628).
- crypto: qat - remove dma_free_coherent() for RSA (bsc#1012628).
- crypto: qat - fix memory leak in RSA (bsc#1012628).
- crypto: qat - add backlog mechanism (bsc#1012628).
- crypto: qat - refactor submission logic (bsc#1012628).
- crypto: qat - use pre-allocated buffers in datapath
(bsc#1012628).
- crypto: qat - set to zero DH parameters before free
(bsc#1012628).
- dlm: fix pending remove if msg allocation fails (bsc#1012628).
- clk: lan966x: Fix the lan966x clock gate register address
(bsc#1012628).
- x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced
IBRS parts (bsc#1012628).
- perf/x86/intel/lbr: Fix unchecked MSR access error on HSW
(bsc#1012628).
- sched/deadline: Fix BUG_ON condition for deboosted tasks
(bsc#1012628).
- bpf: Make sure mac_header was set before using it (bsc#1012628).
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
(bsc#1012628).
- KVM: Don't null dereference ops->destroy (bsc#1012628).
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref
for non DMA transfers (bsc#1012628).
- KVM: selftests: Fix target thread to be migrated in rseq_test
(bsc#1012628).
- gpio: gpio-xilinx: Fix integer overflow (bsc#1012628).
- selftests: gpio: fix include path to kernel headers for out
of tree builds (bsc#1012628).
- net/sched: cls_api: Fix flow action initialization
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_max_reordering
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_abort_on_overflow
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_rfc1337 (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_stdurg (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_recovery (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_early_retrans
(bsc#1012628).
- tcp: Fix data-races around sysctl knobs related to SYN option
(bsc#1012628).
- udp: Fix a data-race around sysctl_udp_l3mdev_accept
(bsc#1012628).
- ip: Fix data-races around sysctl_ip_prot_sock (bsc#1012628).
- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields
(bsc#1012628).
- ipv4: Fix data-races around sysctl_fib_multipath_hash_policy
(bsc#1012628).
- ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh
(bsc#1012628).
- can: rcar_canfd: Add missing of_node_put() in rcar_canfd_probe()
(bsc#1012628).
- drm/imx/dcss: Add missing of_node_put() in fail path
(bsc#1012628).
- drm/panel-edp: Fix variable typo when saving hpd absent delay
from DT (bsc#1012628).
- amt: do not use amt->nr_tunnels outside of lock (bsc#1012628).
- amt: drop unexpected multicast data (bsc#1012628).
- amt: drop unexpected query message (bsc#1012628).
- amt: drop unexpected advertisement message (bsc#1012628).
- amt: add missing regeneration nonce logic in request logic
(bsc#1012628).
- amt: use READ_ONCE() in amt module (bsc#1012628).
- amt: remove unnecessary locks (bsc#1012628).
- amt: use workqueue for gateway side message handling
(bsc#1012628).
- net: dsa: vitesse-vsc73xx: silent spi_device_id warnings
(bsc#1012628).
- net: dsa: sja1105: silent spi_device_id warnings (bsc#1012628).
- be2net: Fix buffer overflow in be_get_module_eeprom
(bsc#1012628).
... changelog too long, skipping 599 lines ...
- commit fcd7336
==== libapparmor ====
Version update (3.0.5 -> 3.0.6)
Subpackages: libapparmor1 libapparmor1-32bit
- update to AppArmor 3.0.6
- fix LTO build in the parser
- remove dbus deny rule in abstractions/exo-open
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff
==== libavif ====
- Enable libyuv on TW
==== libblockdev ====
Version update (2.26 -> 2.27)
Subpackages: libbd_btrfs2 libbd_crypto2 libbd_fs2 libbd_loop2 libbd_lvm2 libbd_mdraid2 libbd_part2 libbd_swap2 libbd_utils2 libblockdev2
- Update to version 2.27:
+ Fix for s390x: Remove double fclose in bd_s390_dasd_online
+ fs: Return BD_FS_ERROR_UNKNOWN_FS on mounting unknown
filesystem
+ overrides: Fix translating exceptions in ErrorProxy
+ vdo_stats: Default to 100 % savings for invalid savings values
+ lvm-dbus: Add support for changing compression and
deduplication
+ lvm:
- Fix reading statistics for VDO pools with VDO 8
- Do not set global config to and empty string
- Do not include duplicate entries in bd_lvm_lvs output
- Use correct integer type in for comparison
+ crypto: Remove useless comparison in progress report in
luks_format
==== libgcrypt ====
Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac
- Fix reproducible build problems:
- Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
- Fix date call messed up by spec-cleaner
==== libnvme ====
Version update (1.1~rc0 -> 1.1)
- Update to version 1.1:
* Regenerate all documentation
* json: fixup dhchap_ctrl_key definitions
* fabrics: Fix build_options() return values
* fabrics: sanitize dump-config output
* Fix poll.h includes
* build: Drop -nostdinc for LibreSSL header checks
* ioctl: Honor rae in nvme_get_nsid_log
* build: Add support to build against LibreSSL
* rpmbuild: Enable 'make rpm' to build rpm pkgs #408
* mi: unify MI Get Log Page function with ioctl API
* python: add missing ctrl attrs to Python bindings
* mi-mctp: Add timeout support to MCTP transport
* mi: Add maximum More Processing Required limit API
* mi: Add endpoint get/set timeout API
==== libvirt ====
Version update (8.5.0 -> 8.6.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- Update to libvirt 8.6.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-6-0-2022-08-01
- spec: Don't redefine libexecdir
boo#1201565
==== mokutil ====
Version update (0.5.0 -> 0.6.0)
- Update to 0.6.0
+ 6c98907 SBAT revocation update support
+ 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys
+ 57bc385 mokutil: enable setting fallback verbosity and noreboot mode
+ b15e7c4 util: add the missing stdio.h
- Drop mokutil-fix-missing-header.patch (upstream)
==== mpg123 ====
Version update (1.30.1 -> 1.30.2)
Subpackages: libmpg123-0 mpg123-openal
- Update to version 1.30.2
* Only use EWOULDBLOCK if the macro is defined.
==== nvme-cli ====
Version update (2.1~rc0 -> 2.1.1)
Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion
- Update to version 2.1.1:
* build: Update version to v2.1.1
* build: Extend release script to support micro version releases
* build: Add minimum build requirement on libnvme
* wrapper: Add weak nvme_init_copy_range_f1 symbol
* build: Update version before regenerating docs
* build: Update release version rules
- Update to version v2.1:
* nvme: Do not print error message in collect_effects_log helper
* fabrics: Remove dhchap-ctrl-secret from discover/connect-all
* nvme-print: sanitize the get-feature async event config output
* nvme: Set default rae value for nvme_get_nsid_log users
* fabrics: Avoid nvme_scan_ctrl when disconnecting
* print: Fix nvme_id_uuid_list
==== oath-toolkit ====
- Use %_pam_moduledir instead of hardcoding %{_lib}/security
- Define macro _pam_moduledir if not set to fix builds for Leap and SLE
==== opencc ====
Version update (1.1.3 -> 1.1.4)
Subpackages: libopencc1_1 opencc-data
- update to 1.1.4:
* Add python 3.10 support
* remove support for python < 3.7 and node 10.x
* small bugfixes
- add fix-soversion.patch for fixing the leftover .so version tag
==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0
- add split-provides for polkit:/usr/bin/pkexec. (bsc#1202070)
==== poppler ====
Version update (22.07.0 -> 22.08.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- update to 22.08.0:
* Fix rendering text on some forms
* CairoOutputDev: Support Type3 charprocs having Resources
* Fix crashes on malformed files
==== poppler-qt5 ====
Version update (22.07.0 -> 22.08.0)
- update to 22.08.0:
* Fix rendering text on some forms
* CairoOutputDev: Support Type3 charprocs having Resources
* Fix crashes on malformed files
==== python-Genshi ====
Version update (0.7.5 -> 0.7.7)
- Update to 0.7.7:
* Declared setuptools as the build backend (#65)
* Fixed deprecation warnings caused by escape sequences in regex pattern
strings (#63)
- Changes from 0.7.6:
* Added support for Python 3.10 and 3.11 (#54, #56, #58)
* Replaced assertEquals with assertEqual. assertEquals was deprecated in
Python 3.2. (#42)
* Removed used of element.getchildren() which has been removed from the Python
standard library elementtree in Python 3.9. (#57)
* Added support for Python 3.10 by using CodeType.replace in
`build_code_chunk` to make code object updates more robust against changes
in CodeType. (#49)
* Moved tests and releases workflows to GitHub Actions (#61, #51)
* Fixed reference leak in Markup.join C implementation. (#47)
* Sort directives only by directive index. Previously they were sorted by the
class, namespace and arguments of the directives. This was acceptable in
Python 2, but is a bug in Python 3 since some the arguments may not be
comparable. (#44)
* Add support for msgctxt to i18n. (#13)
* Implemented skipping of empty attributes during translation to match the
behaviour during translation extraction (i.e. don't try to translate empty
strings that are not extracted). (#38)
* Ported setuptools options to declarative config in setup.cfg. (#40)
* Removed used of deprecated setuptools Feature in setup.py. (#39)
- Removed patches, already in upstream:
* Genshi-pr39-fix-setuptools-extension.patch
* Genshi-pr49-fix-python310-tests.patch
==== python-cffi ====
Version update (1.15.0 -> 1.15.1)
- update to 1.15.1:
* If you call ffi.embedding_api() but don’t write any extern “Python” function
there, then the resulting C code would fail an assert. Fixed.
* Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to
ease future updates (thanks Niyas Sait!)
==== python-cryptography ====
Version update (37.0.2 -> 37.0.4)
- update to 37.0.4:
* updated wheels to b ecompiled against openssl 3.0.5
==== python-gobject ====
Version update (3.42.1 -> 3.42.2)
Subpackages: python310-gobject python310-gobject-Gdk python310-gobject-cairo
- Update to version 3.42.2:
+ Error out instead of crashing when marshaling unsupported
fundamental types in some cases.
+ Add a workaround for a PyPy 3.9+ bug when threads are used.
+ Fix crashes when marshaling zero terminated arrays for certain
item types.
+ Fix a crash/refcounting error in case marshaling a hash table
fails.
+ Make the test suite pass again with PyPy.
+ tests: support running tests with (MSVC) CPython 3.8+ on
Windows.
+ interface: Fix leak when overriding GInterfaceInfo.
+ setup.py: look up pycairo headers without importing the module
(helps with building on Windows and MSVC CPython 3.8+).
- Work around vendored distutils in setuptools >= 60 incorrectly
installing pkgconfig files into the wrong libdir
==== python-hatchling ====
Version update (1.4.1 -> 1.6.0)
- update to version 1.6.0:
* Changed:
+ When no build targets are specified on the command line, now
default to sdist and wheel targets rather than what happens
to be defined in config
+ The code version source now only supports files with known
extensions
+ Global build hooks now run before target-specific build hooks
to better match expected behavior
* Added:
+ The code version source now supports loading extension
modules
+ Add search-paths option for the code version source
* Fixed:
+ Fix removing sources using an empty string value in the
mapping
+ The strict-naming option now also applies to the metadata
directory of wheel targets
- update to version 1.5.0:
* Added:
+ Support the final draft of PEP 639
+ Add strict-naming option for sdist and wheel targets
* Fixed: Project names are now stored in sdist and wheel target
core metadata exactly as defined in pyproject.toml without
normalization to allow control of how PyPI displays them
- require python 3.7 as minimum version to match upstream
requirement
==== python-httpcore ====
Version update (0.14.7 -> 0.15.0)
- Update to 0.15.0
* Drop Python 3.6 support (#535)
* Ensure HTTP proxy CONNECT requests include timeout
configuration. (#506)
* Switch to explicit typing.Optional for type hints (#513)
* For trio map OSError exceptions to ConnectError (#543)
- Fix forgotten test package dep drops -- gh#encode/httpcore#473
==== python-importlib-metadata ====
Version update (4.11.4 -> 4.12.0)
- update to 4.12.0:
* py-93259: Now raise ``ValueError`` when ``None`` or an empty
string are passed to ``Distribution.from_name`` (and other
callers).
==== python-kiwi ====
Version update (9.24.41 -> 9.24.45)
- Bump version: 9.24.44 → 9.24.45
- Umount device before cloning
In case a clone should be created from a partition we need
to make sure to umount the device after sync and prior cloning.
Otherwise the clone operation is not safe because the rsynced
data might still be in memory and not synced out to the block
device.
- Fixed custom disk start sector setup
The attribute disk_start_sector allows to specify a custom
start sector for the first partition of the disk. On GPT
tables everything works nicely, on DOS tables the used tools
fdisk/sfdisk are not able to manage the start/end values of
subsequent partitions if the first partition doesn't start
with the tooling default. This patch allows to set the
start sector after the partition table has been created
- Fixed CentOS-8 repo setup
- Bump version: 9.24.43 → 9.24.44
- Make sure to rebuild rpm database
For rpm based distributions make sure to call
rpm --rebuilddb unconditionally prior using rpm
with the chroot. This Fixes #2165
- github: Refresh issue template to cover more operating scenarios
KIWI is often used for cross-distribution image builds, so we
should ask for that information when appropriate.
Additionally, clarify "OBS" as "Open Build Service" to disambiguate.
Finally, add a line about Koji since Koji can run kiwi to build
images now.
- Fixed unit tests
- Forcefully disable versionlock plugin in DNF
[ INFO ]: 09:39:08 | Uninstalling system packages (chroot)
[ INFO ]: 09:39:08 | Using package manager backend: dnf
[ INFO ]: 09:39:08 | --> package: linux-firmware
[ INFO ]: 09:39:08 | Uninstall system packages (chroot)
[ DEBUG ]: 09:39:08 | EXEC: [chroot /tmp/myimage8/build/image-root dnf --config /kiwi_v708wllp -y --releasever=8 autoremove linux-firmware]
[ INFO ]: Processing: [########################################] 100%
[ ERROR ]: 09:39:08 | KiwiPackagesDeletePhaseFailed: System package deletion failed: Package deletion failed: Error: Locklist not set
The versionlock plugin does not bring any benefit anyways as we
completely override plugin configs.
Also refactor configparser related stuff a bit.
Signed-off-by: Igor Raits
- Support squashfs in custom partitions
When using squashfs in a custom partitions setup like the following:
The build fails because the filesystem needs to be created
using the create_on_file() API and not the create_on_device()
API. In addition the size estimation is bogus when using
squashfs and cannot be pre-calculated because we only know
how much space the filesystem really needs after mksquashfs
as worked on the data and the compression. Thus this commit
also relaxes the required size check in case of squashfs.
Last but not least a squashfs filesystem does not provide
label or UUID and can only be referenced by the PARTUUID
it gets dumped on or by the native unix device node. As
the unix node is a loop during build time of the image and
meaningless this commit also forces by-partuuid mapping in
fstab when mounting the squashfs based device.
- Fixed use of CommandCapabilities
The class allows to check for data produced on stdout
and stderr. However, programs reporting data on stderr
usually fails with an exit code != 0. If the command
is not called with raise_on_error=False it will never
be possible to catch information from stderr. As we
don't know if programs returns a failed exit code
even on their e.g --usage message we should always
pass the no raise option to make this more useful
- Fix volume mount path and adapt unit tests
Signed-off-by: David Cassany
- Handle older versions of setfiles correctly
In older versions of setfiles we need a two pass setup
First set the policy, second apply the security context.
This commit checks in the usage message of setfiles which
invocation syntax is required
- Bump version: 9.24.42 → 9.24.43
- Fixed error handling for setfiles policy lookup
Errors from os.scandir were not catched. In addition the path
to run scandir was not properly created
- Mount /sys also for disks.sh
/sys is needed to be able to run dracut in disks.sh
- Fix btrfs volume mounting
If the second argument of os.path.join is an absolute directory, the
result would be that directory. The intention is to produce a
subdirectory of the mountpoint though. So pass a relative path.
Without the fix, kiwi would try to e.g mount the /var subvolume of
the image over the /var of the host, screwing everthing up of course
:-)
- Prefer file based syscall in kexec when possible
Use file based syscall in kexec if available. This is needed to
support boot on an secure boot enabled system and is in general
more reliable to boot into the system on real hardware platforms
- Bump version: 9.24.41 → 9.24.42
==== python-libvirt-python ====
Version update (8.5.0 -> 8.6.0)
- Update to 8.6.0
- Add all new APIs and constants in libvirt 8.6.0
==== python-numexpr ====
- Fix requirements
==== python-psutil ====
- Fix tests: setuptools changed the builddir library path and does
not find the module from it. Use the installed platlib instead
and exclude psutil.tests only later.
- Refresh skip-obs.patch
==== python-pycairo ====
- Work around vendored distutils in setuptools >= 60 incorrectly
installing pkgconfig files into the wrong libdir
- Deduplicate files in python_sitearch
==== python-scipy ====
- Keep lowercase egg-info despite setuptools 60+
==== python-urllib3 ====
Version update (1.26.9 -> 1.26.11)
- update to 1.26.11
* Fix OverflowError when TLS is used on some Python versions
- update to 1.26.10:
* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
- refresh remove_mock.patch with extra mock usages
==== python-wcwidth ====
- Add patch remove-pkg_resources.patch:
* Use importlib.metadata rather than pkg_resources.
- Since importlib.metadata is not as a stickler as pkg_resources is, remove
multibuild.
==== read-only-root-fs ====
Version update (1.0+git20200730.1243fd0 -> 1.0+git20220801.cbb90bc)
- Update to version 1.0+git20220801.cbb90bc:
* Add another workaround for read-only subvolumes (boo#1202000)
* Correctly declare mount-overlay.sh as Bash file
- Update source service URL
==== rsync ====
- Security fix: [bsc#1201840, CVE-2022-29154]
* arbitrary file write vulnerability via do_server_recv function
* Added patch rsync-rsync-CVE-2022-29154.patch
==== unbound ====
Version update (1.16.1 -> 1.16.2)
Subpackages: libunbound8 unbound-anchor
- update to 1.16.2 (boo#1202031 boo#1202033)
* Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
* Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
==== util-linux ====
Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang
- exclude bash-completion stuff for programs that are in
util-linux-systemd from util-linux for real.
==== util-linux-systemd ====
- exclude bash-completion stuff for programs that are in
util-linux-systemd from util-linux for real.
==== vim ====
Version update (9.0.0073 -> 9.0.0135)
Subpackages: gvim vim-data vim-data-common
- Updated to version 9.0.0135, fixes the following problems
* Coverity warns for double free.
* Some compilers warn for using an uninitialized variable. (Tony Mechelynck)
* No test for what patch 8.1.1424 fixes.
* When switching window in autocmd the restored cursor position may be wrong.
* Star register is changed when deleting and both "unnamed" and "unnamedplus"
are in 'clipboard'.
* Error in autoload script not reported for 'foldexpr'.
* Compiler warning for size_t to int conversion.
* Command line completion of user command may have duplicates. (Dani
Dickstein)
* Cannot interrupt global command from command line.
* ModeChanged event not triggered when leaving the cmdline window.
* Using "terraform" filetype for .tfvars file is bad.
* ":write" fails after ":file name" and then ":edit".
* Tabline is not redrawn when entering command line.
* MS-Windows: CTRL-[ on Belgian keyboard does not work like Esc.
* Pattern for detecting bitbake files is not sufficient.
* Fuzzy argument completion doesn't work for shell commands.
* No error when assigning bool to a string option with setwinvar().
* Duplicate error number.
* Plugins cannot change v:completed_item.
* Sway config files are recognized as i3config.
* Cursor restored unexpected with nested autocommand.
* Conditions are always true.
* Flag "new_value_alloced" is always true.
* Long quickfix line is truncated for :clist.
* missing include file in timer_create configure check.
* Scrollback can be wrong after redrawing the command line.
* Get hit-enter prompt for system() when '!' is in 'guioptions'.
* Invalid memory access in diff mode with "dp" and undo.
* Reading past end of line with insert mode completion.
* If running configure with cached results -lrt may be missing.
* Illegal memory access when pattern starts with illegal byte.
* Illegal byte regexp test doesn't fail when fix is reversed.
* Condition always has the same value.
* Configure check for timer_create may give wrong error.
* Writing over the end of a buffer on stack when making list of spell
suggestions.
* Help tag generation picks up words in code examples.
* "nocombine" is missing from synIDattr().
* has() is not strict about parsing the patch version.
* The command line takes up space even when not used.
* When 'cmdheight' is zero pressing ':' may scroll a window.
* Virtual text not displayed if 'signcolumn' is "yes".
* Text of removed textprop with text is not freed.
* No test for what patch 9.0.0155 fixes.
* Tiny chance that creating a backup file fails.
* Cannot put virtual text after or below a line.
* Breakindent test fails.
* Cannot build with small features.
* Code has more indent than needed.
* Cursor positioned wrong with virtual text after the line.
* Expanding file names fails in directory with more than 255 entries.
* Unused variable.
* Coverity complains about possible double free.
* Compiler warning for int/size_t usage.
* Cursor position wrong when inserting around virtual text.
* Virtual text with Tab is not displayed correctly.
* Multi-byte characters in virtual text not handled correctly.
* Virtual text after line moves to joined line. (Yegappan Lakshmanan)
* No test for text property with column zero.
==== xdg-utils ====
Version update (1.1.3+20201113 -> 1.1.3+20210805)
- Update to version 1.1.3+20210805:
* xdg-email fails on kde with desktop files #187
- switch to obs_scm