Packages changed: ImageMagick (7.1.1.26 -> 7.1.1.29) bash bluez fillup glibc gmp google-noto-fonts (20240101 -> 20240301) gpm gzip libao libmpd libnscd liboauth librepository libserializer libstorage-ng (4.5.193 -> 4.5.196) libunwind (1.8.0 -> 1.8.1) lomoco lv mc (4.8.30 -> 4.8.31) openssl-3 openssl pcsc-lite perl-IPC-Run3 (0.048 -> 0.49.0) perl-LWP-Protocol-https (6.110.0 -> 6.130.0) perl-URI (5.210.0 -> 5.270.0) perl-libwww-perl (6.720.0 -> 6.760.0) phalanx presage procinfo procmail procps projectM psmisc pwgen python-cffi python-kiwi (9.25.19 -> 9.25.22) python-pygit2 (1.14.0 -> 1.14.1) python311 python311-core slang susefirewall2-to-firewalld time unbound (1.19.0 -> 1.19.1) update-alternatives === Details === ==== ImageMagick ==== Version update (7.1.1.26 -> 7.1.1.29) Subpackages: ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.29 https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - Use %patch -P N instead of deprecated %patchN. - version update to 7.1.1.28 https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - version update to 7.1.1.27 https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - only one configuration again, based on upstream 'secure' policy - other upstream policies packaged in documentation - use correct policy.xml - Fix incomplete removal of update-alternatives for config - Replace obsolete 'otherproviders(imagick-%{config_spec})' with 'Conflicts: imagick-%{config_spec}' ==== bash ==== Subpackages: bash-doc bash-lang bash-sh - Harden bash to be compiled with gcc 14 (boo#1220564) * Modify patch bash-4.2-nscdunmap.dif to include * Port bash-5.2.dif to the former change * Add patch bash-5.2-gcc14.patch ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - Add necessary Supplements (gnome-bluetooth, blueman, bluedevil5) to bluez-obexd, so that file transfer features of the applications can be used by default (bsc#1209153). - Update the description of bluez-obexd. ==== fillup ==== - Use %patch -P N instead of deprecated %patchN. ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - nsswitch.conf: Add systemd also for shadow lookups, use merge strategy for group lookups - s390-clone-error-clobber-r7.patch: S390: Do not clobber r7 in clone (BZ [#31402]) ==== gmp ==== Subpackages: libgmp10 libgmp10-32bit - Use %patch -P N instead of deprecated %patchN. ==== google-noto-fonts ==== Version update (20240101 -> 20240301) - Update to 20240301 * Fixes to Balinese, Sans Canadian Aboriginal, Sans Georgian and Kufi Arabic - Remove fonttools build requires - Delete old specfile constructs. ==== gpm ==== Subpackages: libgpm2 - Use %patch -P N instead of deprecated %patchN. ==== gzip ==== - Use %patch -P N instead of deprecated %patchN. ==== libao ==== Subpackages: libao-plugins4 libao4 - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== libmpd ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== libnscd ==== Subpackages: libnscd1 libnscd1-32bit - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== liboauth ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== librepository ==== - Use %patch -P N instead of deprecated %patchN. ==== libserializer ==== - Use %patch -P N instead of deprecated %patchN. ==== libstorage-ng ==== Version update (4.5.193 -> 4.5.196) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) - 4.5.196 - Translated using Weblate (Italian) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#989 - simplify memory handling in SystemCmd class - 4.5.195 - Translated using Weblate (German) (bsc#1149754) - 4.5.194 ==== libunwind ==== Version update (1.8.0 -> 1.8.1) - Update to 1.8.1: * Fix issue #713 by @cshung in #717 * Add do-release script by @bregma in #725 * Backport dotnet-runtime fixes to the 1.8 branch by @bregma in #726 * [v1.8] Make tests installable by @bregma in #722 * Bump version to 1.8.1 by @bregma in #727 ==== lomoco ==== - Use %patch -P N instead of deprecated %patchN. ==== lv ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== mc ==== Version update (4.8.30 -> 4.8.31) Subpackages: mc-lang - Use %patch -P N instead of deprecated %patchN. - Update to 4.8.31 - Core * Minimal version of GLib is 2.32.0. - VFS * fish: drop support of native FISH server and protocol. Rename VFS to shell (#4232) * extfs; - uc1541 extfs: update up to 3.6 version (#4511) - s3+: port to Python3 (#4324) * Support for LZO/LZOP compression format (#4509) - Misc * Skins: add color for non-printable characters in editor (#4433) - Fixes * FTBFS on FreeBSD with ext2fs attribute support (#4493) * Broken stickchars (-a) mode (#4498) * Wrong timestamp after resuming of file copy operation (#4499) * Editor: wrong deletion of marked column (#3761) * Diff viewer: segfault when display of line numbers is enabled (#4500) * Tar VFS: broken handling of hard links (#4494) * Sftp VFS: failure establishing SSH session due hashed host names in ~/.ssh/known_hosts (#4506) * Shell VFS: incorrect file names with cyrillic or diacritic symbols (#4507) * mc.ext.ini: incorrect description of of how multiple sections and keys with same names are processed (#4497) * mc.ext.ini: unescaped backslash \ is treated as invalid escape sequence in glib-2.77.3 and glib-2.79 (#4502) * mc.ext.ini: file "Makefile.zip" is handled as Makefile not as zip-arhive (#4419) - Rebase mc-ext-audio.patch, mc-extd-xdg.patch and mc-vfs-fish-deleted_source_file.patch ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Build the 32bit flavor of libopenssl-3-fips-provider [bsc#1220232] * Update baselibs.conf ==== openssl ==== - Build the 32bit flavor of libopenssl-fips-provider [bsc#1220232] * Update baselibs.conf ==== pcsc-lite ==== Subpackages: libpcsclite1 - Use %patch -P N instead of deprecated %patchN. ==== perl-IPC-Run3 ==== Version update (0.048 -> 0.49.0) - updated to 0.049 see /usr/share/doc/packages/perl-IPC-Run3/Changes 0.049 2024-01-20 - avoid some uninitialized warnings in ProfLogReader - improve errno handling on Windows (thanks, Graham Ollis) - avoid leaking fds (thanks, Dan Book) - fix typos in docs (thanks, Yoshikazu Sawa and Jakub Wilk) ==== perl-LWP-Protocol-https ==== Version update (6.110.0 -> 6.130.0) - updated to 6.13 see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes 6.13 2024-02-06 01:00:50Z - Fix ssl upgrade for regular host names (GH#77) (Axel Burri) 6.12 2024-01-22 17:51:31Z - Enable MultiHomed for IO::Socket::SSL (GH#61) (ℕicolas ℝ.) - Making it possible to use IPv6 in https call through https proxy environment (in case of using CONNECT method to create a tunnel) (GH#74) (Dmitriy Shamatrin) ==== perl-URI ==== Version update (5.210.0 -> 5.270.0) - updated to 5.27 see /usr/share/doc/packages/perl-URI/Changes 5.27 2024-02-09 15:01:24Z - Add missing NAME section to POD of URI::geo (GH#142) (gregor herrmann) 5.26 2024-02-02 19:04:40Z - Add URI::geo (GH#141) (david-dick) 5.25 2024-01-27 16:11:41Z - cache scheme so it never attempt to load it again (GH#55) (mschae94) 5.24 2024-01-26 04:36:32Z - Really revert "use Scalar::Util::reftype instead of ref to check for ARRAY" (GH#136) (Olaf Alders) 5.23 2024-01-25 21:02:18Z - Revert the reftype change introduced in 5.22 as it causes warnings. (GH#134) (Olaf Alders) 5.22 2024-01-25 15:22:54Z - Use Scalar::Util::reftype instead of ref to check for ARRAY (GH#132) (Jacques Deguest) ==== perl-libwww-perl ==== Version update (6.720.0 -> 6.760.0) - updated to 6.76 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.76 2024-01-25 18:31:25Z - Simplify code slightly for Perl v5.8+ (GH#455) (James Raspass) - Move HTTP::CookieJar::LWP to test requires (GH#453) (Olaf Alders) 6.75 2024-01-24 14:29:17Z - Update lwp-request to suport PATCH HTTP method (GH#452) (Javier Puche) 6.74 2024-01-22 17:48:18Z - Making it possible to use IPv6 in https call through https proxy environment (in case of using CONNECT method to create a tunnel) (GH#450) (Dmitriy Shamatrin) 6.73 2024-01-13 20:19:09Z - Fix no_proxy subdomain matching (GH#447) (Axel Burri) ==== phalanx ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== presage ==== Subpackages: libpresage1 presage-data - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== procinfo ==== - Use %patch -P N instead of deprecated %patchN. ==== procmail ==== - Use %patch -P N instead of deprecated %patchN. ==== procps ==== Subpackages: libprocps8 procps-lang - Use %patch -P N instead of deprecated %patchN. ==== projectM ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== psmisc ==== Subpackages: psmisc-lang - Use %patch -P N instead of deprecated %patchN. ==== pwgen ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== python-cffi ==== - drop unnecessary buildrequire python-py ==== python-kiwi ==== Version update (9.25.19 -> 9.25.22) - Fix activation of luks pool in the initrd kiwi called systemd-cryptsetup directly which does not take the settings available in /etc/crypttab into account. This commit changes the activation procedure in a way that the generator created unit file systemd-cryptsetup@... is used This Fixes bsc#1219009 - Add changelog fix file for commit 31deb0 The commit used a wrong e-mail address which should not land in the created changes file for the packaging - Apply changelog fixes by glob Does not require Makefile changes when maintaining branches - Add changelog fix file for commit deb6ca The commit used a wrong e-mail address which should not land in the created changes file for the packaging - Set default output console to gfxterm for grub If no console setting is done in the image description for grub the default output console is set to: gfxterm and the default input console is set to: console. This Fixes bsc#1219074 - Allow terminal emulation setup from the cmdline Using rd.kiwi.term will export the TERM variable into the initrd environment. In case the default value for the terminal emulation is not appropriate rd.kiwi.term can be used to overwrite the default. The environment is also passed to the systemd unit which calls dialog based programs in kiwi dracut code, such that the TERM setting will be effective there too. For example: rd.kiwi.term=vt100 This is related to bsc#1218095 - Followup fix for .profile.extra Allow to source .profile.extra such that it is possible to read and act on e.g cmdline parameters. This is related to bsc#1218095 - Include partprobe in initrd for s390 This commit includes partprobe, in addition to parted, on s390 based systems. Otherwise partx is used and apparently it does not properly support s390. Fixes bsc#1219798 Signed-off-by: David Cassany - Add support for reading .profile.extra in initrd If there is the file /.profile.extra available in the initrd, kiwi will import this additional environment file after the import of the standard /.profile file. This is related to bsc#1218095 - Follow up fix for drop of hybrid boot snippets The following is left over code from the drop of the hybrid boot templates. - Drop hybrid boot snippets from the GRUB 2 configuration template Sometime between GRUB 2.04 and GRUB 2.06, it became no longer necessary to use "linuxefi"+"initrdefi" for UEFI boot. The standard "linux"+"initrd" stanzas work for both legacy BIOS boot and modern UEFI boot. Some distributions no longer support "linuxefi"+"initrdefi" at all anymore, so let's just use "linux"+"initrd" for everything now. - Disable workflow runs from master The following github actions will be disabled from master because they are expected to run from main: - ci-publish-pages.yml - ci-publish-to-pypi.yml - ci-update-build-tests.yml - Bump version: 9.25.21 → 9.25.22 - Fixed regression in GRUB_SERIAL_COMMAND setup The condition to write the serial line setup was broken. This commit fixes it. Related to Issue #2419 - Fixed grub terminal setup The grub terminal setup is divided into the setting for the output and the input console. For both settings different parameters exists. So far kiwi did not differentiate between the two parts of the console setup and that could lead to a wrong setting if only one value is provided in kiwi's console= attribute which lead to the grub setting, GRUB_TERMINAL=value. If value is set to e.g gfxterm grub takes this for both input and output and it's obviously wrong for the input. To make this less error prune the kiwi code changes with this commit to set GRUB_TERMINAL_INPUT and GRUB_TERMINAL_OUTPUT rather than GRUB_TERMINAL and also runs sanity checks on the provided values if they are applicable. The information for setting up the console in the schema stays untouched though. That's because it's used for all bootloaders and also because grub supports multiple values for the console in/out setting in one GRUB_TERMINAL variable even though kiwi does no longer use it. To make this clear for the users also the documentation for the console attribute setup has been updated. If we want to wish two distinct attributes for input and output console settings a schema change and also differentiation between bootloaders is needed and that I only see for the kiwi-10 branch if at all. This Fixes #2419 - Fix tox.ini python 3.12 unit target did not specify a 3.12 interpreter - Fix overwrite of kiwi_oemunattended In case rd.kiwi.oem.installdevice is set, there is an overwrite of the kiwi_oemunattended setting. However the variable was set in local scope of a function and therefore the change was not effective in other methods which also evaluates this variable. This commit fixes it such that the overwrite happens in the early initialize method which provides the environment for all code running in the dracut module. This is related to jira#PED-7180 - Ensure setfiles is detected inside the image-root We do not actually use setfiles from the host, we use it from the image root we create for the image build. Thus, we should look in the image root instead of on the host system. This prevents us from incorrectly detecting that setfiles is not available for setting SELinux contexts. ... changelog too long, skipping 42 lines ... with this PR ==== python-pygit2 ==== Version update (1.14.0 -> 1.14.1) - update to 1.14.1: * Now `Object.filemode` returns `enums.FileMode` and `Reference.type` returns `enums.ReferenceType` * Fix tests on Fedora 40 * Deprecate `ReferenceType.OID`, use `ReferenceType.DIRECT` * Deprecate `ReferenceType.LISTALL`, use `ReferenceType.ALL` ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Remove double definition of /usr/bin/idle%%{version} in %%files. ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Remove double definition of /usr/bin/idle%%{version} in %%files. ==== slang ==== - Drop slsh/lib/test/test_timestamp.sl: Do not test timestamps but trust on upstream (calculations in leap years are off in the test). ==== susefirewall2-to-firewalld ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== time ==== - Use %patch -P N instead of deprecated %patchN. ==== unbound ==== Version update (1.19.0 -> 1.19.1) Subpackages: libunbound8 unbound-anchor - Update to 1.19.1: * Bug Fixes: [bsc#1219823, CVE-2023-50387][bsc#1219826, CVE-2023-50868] - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. ==== update-alternatives ==== - Prepare for RPM 4.20.