Packages changed: atftp (0.7.2 -> 0.7.4) cppcheck elfutils (0.184 -> 0.185) elfutils-debuginfod (0.184 -> 0.185) expat (2.3.0 -> 2.4.1) gcc11 glibc konsole libnftnl (1.1.9 -> 1.2.0) libseccomp (2.5.0 -> 2.5.1) lvm2 lvm2-device-mapper ncurses (6.2.20210501 -> 6.2.20210515) perl-Mojolicious (9.17 -> 9.19) python-kiwi (9.23.28 -> 9.23.31) === Details === ==== atftp ==== Version update (0.7.2 -> 0.7.4) - Update to version 0.7.4 * fix compile, missing include * fix compile, add missing defines * link against libpthread for atftp * fixed atftp fails to write to /proc/self/fd/1 * Fix for DoS issue CVE-2020-6097 * remove inline keyword from definitions * remove extern inlines * sys/cdefs usage - Drop fixed atftp-CVE-2020-6097.patch ==== cppcheck ==== - Add GCC compatibility fixes: * 0001-Fix-gcc11-build-errors.patch * 0002-Another-gcc11-fix-3179.patch ==== elfutils ==== Version update (0.184 -> 0.185) Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ==== elfutils-debuginfod ==== Version update (0.184 -> 0.185) - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ==== expat ==== Version update (2.3.0 -> 2.4.1) Subpackages: libexpat-devel libexpat1 libexpat1-32bit - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. * Bug fixes: - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. - Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 * Other changes: - xmlwf: Improve help output and the xmlwf man page - xmlwf: Improve maintainability through some refactoring - xmlwf: Fix man page DocBook validity - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR - CMake: Add support for standard variable BUILD_SHARED_LIBS - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters - Resolve macro HAVE_EXPAT_CONFIG_H - Delete unused legacy helper file "conftools/PrintPath" - doc/reference.html: Fix XHTML validity - doc/reference.html: Replace the 90s look by OK.css - Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump.de/ for what these numbers do ==== gcc11 ==== Subpackages: cpp11 gcc11-info gcc11-locale libasan6 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc11 libstdc++6-locale libstdc++6-pp-gcc11 libstdc++6-pp-gcc11-32bit libtsan0 libubsan1 - Fix value of %slibdir64 for usrmerge ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX check - rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr ==== konsole ==== Subpackages: konsole-part konsole-part-lang - Add patch to fix scrollbar appearance in some configurations (kde#437223): * 0001-Fix-alpha-channel-of-scrollbar-colors.patch ==== libnftnl ==== Version update (1.1.9 -> 1.2.0) - Update to release 1.2.0 * table: add table owner support * expr: socket: add cgroups v2 support ==== libseccomp ==== Version update (2.5.0 -> 2.5.1) - update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys - remove testsuite-riscv64-missing-syscalls.patch ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 libdevmapper1_03-32bit - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== ncurses ==== Version update (6.2.20210501 -> 6.2.20210515) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20210515 + improve manual pages for wgetnstr, newwin (prompted by report/testcase by Bill Gray). - Add ncurses patch 20210508 + modify tputs' error check to allow it to be used without first calling tgetent or setupterm, noting that terminfo initialization is requires for supporting the terminfo delay feature (report by Sebastiano Vigna). + fix several warnings from clang --analyze + add null-pointer check in comp_parse.c, when a "use=" clause refers to a nonexisting terminal description (report/patch by Miroslav Lichvar, cf: 20210227). ==== perl-Mojolicious ==== Version update (9.17 -> 9.19) - updated to 9.19 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.19 2021-06-01 - This release contains fixes for security issues, everybody should upgrade! - Swiched from HMAC-SHA1 to HMAC-SHA256 for signed cookies. Note that this means that all sessions will be reset. - Improved signed cookie based sessions to pad short values, to make it harder to brute force attack the application secret. (jberger) - updated to 9.18 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.18 2021-05-09 - Remove Font Awesome from distribution. ==== python-kiwi ==== Version update (9.23.28 -> 9.23.31) - Bump version: 9.23.30 ? 9.23.31 - Stop plymouth also for progress dialogs - Prevent explicit man page compression The manual pages are compressed by the packager tooling. There is no need to do this ourselves - Bump version: 9.23.29 ? 9.23.30 - Increase integration tests boot timeout Increase integration tests timeout from 2sec to 10sec - Update integration tests to be non interactive Some integration tests allows for interactive dialogs on the bootloader menu or in the installation process. As we plan to use these tests for automated functional testing there should be no interaction whenever possible. This Fixes #1811 - Update kiwi installation documentation The installation chapter contained information about the manual install of package keys. That information is suspect to be always outdated because these keys changes. Instead of describing the manual install of the package key the docs moved to use the auto-import feature of the package manager. As the instructions were also rpm specific but we also support install via other package mangers the complete chapter was a bit reworked and should be more straight forward now. This Fixes #1799 - Update documentation qemu calls We use the kiwi integration tests as base for the documentation example images now. The integration tests are all configured to set the console to serial. Thus the docs should explain the qemu call for test runs using the -serial stdio option to make sure the console information is displayed to the user - Update and fix documentation The documentation had a broken link to the buildservice tests for suse. Since we changed this into leap and tumbleweed the subproject link to :suse became invalid. In addition to the fix the macro setup and build instructions were moved to use the kiwi integration tests as example appliance descriptions. The user experience in building the integration test images should be better because we only release kiwi if those appliances build successfully. This Fixes #1812 - Fixed package build The new version of sphinx puts manual pages into doc/build/man/8 when it was doc/build/man before. This breaks the Makefile target to install the documentation. This commit updates the Makefile to follow the change. - Fix dnf arch setting - Update shim path lookup Distributions like Fedora has changed the EFI binaries location to be shim.efi in /boot/efi/EFI/ in order to support multiarch setup for UEFI. This change requires the lookup in KIWI to be more global matching. This Fixes #1806 - Move integration test for Fedora to v34 - Fixed live network setup to be generic In dracut the network setup comes with different models providing a different set of functions. The ifup method as used in the live iso dracut module is only available with the network-legacy mode and fails with network-wicked. This commit uses a dracut conf file in /etc/cmdline.d which uses the dracut network interface parameters instead of calling module specific methods. This Fixes #1802 - Fixed setup of repository architecture Unfortunately the architecture reported by uname is not necessarily the same name as used in the repository metadata. Therefore it was not a good idea to set the architecture and manage the name via a mapping table. It also has turned out that repo arch names are distro specific which causes more complexity on an eventual mapping table. In the end this commit changes the way how the repository architecture is setup in a way that we only set the architecture if a name was explicitly specified such that the user keeps full control over it without any mapping magic included This Fixes bsc#1185287 - Bump version: 9.23.28 ? 9.23.29