Packages changed: compat-usrmerge glib2 krb5 libseccomp (2.5.1 -> 2.5.2) microos-tools (2.11 -> 2.12) open-iscsi python-Jinja2 python38 (3.8.11 -> 3.8.12) python38-core (3.8.11 -> 3.8.12) qemu systemd === Details === ==== compat-usrmerge ==== - statically link xmv to avoid glibc 2.34 dependency (__libc_start_main@GLIBC_2.34) - turn on filetriggers in main package. Needed for single transaction upgrades (boo#1189788) ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - desktop-file-utils: add Pantheon desktop environment ==== krb5 ==== - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ==== libseccomp ==== Version update (2.5.1 -> 2.5.2) - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ==== microos-tools ==== Version update (2.11 -> 2.12) - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ==== python-Jinja2 ==== - Add no-warnings-as-errors.patch: * Do not treat warnings as errors until upstream fix using async loops. ==== python38 ==== Version update (3.8.11 -> 3.8.12) - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== python38-core ==== Version update (3.8.11 -> 3.8.12) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== qemu ==== - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Drop dependency on m4 (replaced by Jinja2)