Packages changed: audit (3.0.6 -> 3.0.9) audit-secondary (3.0.6 -> 3.0.9) elfutils elfutils-debuginfod freeipmi (1.6.9 -> 1.6.10) fuse3 (3.13.1 -> 3.14.0) permissions (1599_20221220 -> 1599_20230217) psmisc python-kiwi (9.24.55 -> 9.24.57) python-reportlab python-zope.event (4.5.0 -> 4.6) python310-pyparsing shadow tree (2.0.4 -> 2.1.0) vim xen === Details === ==== audit ==== Version update (3.0.6 -> 3.0.9) Subpackages: libaudit1 libaudit1-32bit libauparse0 - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ==== audit-secondary ==== Version update (3.0.6 -> 3.0.9) Subpackages: audit python3-audit system-group-audit - Replace transitional %usrmerged macro with regular version check (boo#1206798) - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ==== elfutils ==== Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Fix build with libcurl version 7.88.0 for various deprecated constants. Add patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch - Add support-DW_TAG_unspecified_type.patch that fixes PR30047. ==== elfutils-debuginfod ==== Subpackages: debuginfod-profile libdebuginfod1 - Fix build with libcurl version 7.88.0 for various deprecated constants. Add patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch - Add support-DW_TAG_unspecified_type.patch that fixes PR30047. ==== freeipmi ==== Version update (1.6.9 -> 1.6.10) Subpackages: libfreeipmi17 libipmiconsole2 libipmidetect0 - freeipmi 1.6.10 * Support IPv6 Lan configuration in ipmi-config IPv6 configuration is supported in the new Lan6_Conf section - add upstream signing key and source signature ==== fuse3 ==== Version update (3.13.1 -> 3.14.0) Subpackages: libfuse3-3 - Update to release 3.14 * Split config.h into private and public config - Delete 0001-Split-config.h-into-private-and-public-config.patch (merged). ==== permissions ==== Version update (1599_20221220 -> 1599_20230217) Subpackages: chkstat permissions-config - Update to version 20230217: * shadow: newgidmap,newuidmap: use capabilities (bsc#1208309) * profiles: whitelist kismet capabilities (bsc#1200954) (#171) ==== psmisc ==== Subpackages: psmisc-lang - allow to switch off Apparmor support via bcond ==== python-kiwi ==== Version update (9.24.55 -> 9.24.57) - Bump version: 9.24.56 → 9.24.57 - Allow squashfscompression for plain squashfs The schematron rule to limit the squashfscompression attribute to certain image types did not allow it for a plain squashfs filesystem build. This commit fixes that limitation. This Fixes #2241 - Use rsync defaults to sync the initrd root-tree This commits makes use of rsync default options to sync the root-tree of the boot image for custom initrds. Fixes bsc#1207128 where it was noted hardlinks were not preserved inside the initrd. Signed-off-by: David Cassany - Fixed wrong test assertions Former versions of pytest did ignore invalid assertions. Now they are reported as an error and show the mistakes of the past - Added 90-brd.conf for test-image-disk-ramdisk By default the brd ramdisk module is no longer added to the initrd. For ramdisk deployments this is required though. This Fixes #2230 - Delete CentOS v7 build tests CentOS v7 is EOL for kiwi image build tests - Allow to specify fixed size for the root partition So far the last partition (typically root) in the partition table takes all the rest space of the partition table in the image file. At deployment/boot time users had several options to let that partition grow to a custom size. However, during build time of the image it was not possible to specify a specific fixed size for the root partition as we don't wanted to produce gaps of unpartitioned space in the image file. It has turned out that there is hardware available which requires a partition to be an exact multiple of some blocksize. As kiwi supports size constraints for all other partitions but not for root this commit now allows for it. The oem-systemsize element is now also taken into account at build time of the image if the oem-resize which would do that at deployment/boot time is switched off like the following example shows: ```xml 2048 false ``` This Fixes #2203 - Delete ppc:fedora from testing report - Remove Fedora PPC build test from index The integration test unfortunately never got tested anywhere is outdated and I have no PPC hardware here to run any tests. Let's add a real test if there is demand for it - Added kiwi-settings for Fedora arm build tests - Allow fat16/fat32 as filesystem in partitions The partitions element allows to specify the filesystem for the individual partition. In the schema fat16 and fat32 were missing - Stick with tox v3.28.0 for unit testing tox >= 3.0.15 together with virtualenv >= 20.17.1 raises strange incompatibilities and prevents the unit test run because tox calls virtualenv in a wrong way leading to strange error messages like: - -- usage: virtualenv ... virtualenv: error: argument dest: destination '{check,devel,packagedoc,doc,doc_gh_pages,doc_suse,doc_man,scripts,}: /home/runner/work/kiwi/kiwi/.tox/3\n/home/runner/work/kiwi/kiwi/.tox/3.8' must not contain the path separator (:) as this would break the activation scripts - -- All this doesn't make sense to me at all and worked without any issues before. - Bump version: 9.24.55 → 9.24.56 - Fix gh-pages publish ==== python-reportlab ==== - pick the primary interpreter for doc generation even if it is not "python3" ==== python-zope.event ==== Version update (4.5.0 -> 4.6) - update to 4.6: * Port documentation to Python 3. * Add support for Python 3.10, 3.11. ==== python310-pyparsing ==== - do primary/all split only for tumbleweed (similar to flit-core) ==== shadow ==== Subpackages: libsubid4 login_defs - Update shadow-fix-print-login-timeout.patch - Reorder source files and patches - Remove scripts that claim to be config but are in /usr (boo#1191578) * userdel-script.patch * useradd-script.patch * useradd.local * userdel-post.local * userdel-pre.local ==== tree ==== Version update (2.0.4 -> 2.1.0) - tree 2.1.0: * Add support for --info and --gitignore for the --fromfile option. (Suggested by Piotr Andruszkow) * Add options --infofile and --gitfile to load .info and .gitignore files explicitly. Each implies --info or --gitignore respectively. * Add NULL guard for json_printinfo() and xml_printinfo() (and fix ftype printing for XML) (Kenta Arai) * Fix getcharset() to not return a getenv() pointer (fix for ENV34-C issue.) (Kenta Arai) * Another attempt at fixing extraneous /'s in HTML URLs/output. (Sebastian Rose) * Fixed XML output (Dave Rice) * Remove the (very outdated) French version of the manpage. Look to localization projects such as Debian's 'manpages-l10n' for localized translations. (hmartink) * Add support for the NO_COLOR environment variable (https://no-color.org/). Equivalent to the -n option (can be still be overridden with -C). (Timm Fitschen) * Removed many C99isms to enable compiling on C90 compilers with fewer warnings. (Sith Wijesinghe and Matthew Sessions) It should not be necessary to avoid using a standard that is old enough to drink, furthermore it is all but impossible to remove the remaining warnings and have modern features like compound literals. In the meantime I've added - std=c11 to the default CFLAGS for Linux and will likely not worry about C90 compatibility going forward unless there is some other reason for it. * Added a helper function for long command line arguments to clean up option processing (and fixes the processing for a few of the options such as - -timefmt= (наб?).) * Added --hintro and --houtro options to select files to use as the HTML intro and outro. Use /dev/null or an empty file to eliminate them entirely. This should make it much easier to create your own custom CSS or embed one or more trees into a web page. * Defer printing the version until the character set is known so we can use the linedraw copyright symbol. * Revert change to the error code to not return an error (code 2) when attempting to list a non-directory that actually exists. Tree will still return an error when attempting to list a non-existing directory/file. * Added option --fflinks which will process symbolic link information from a file generated with 'tree -if --noreport' when using --fromfile. (Suggested by Chentao Credungtao) * Updated the totals reporting code to also include in the total the file or directory that is being listed. This should make a correct report when doing something like 'tree *'. ==== vim ==== Subpackages: vim-data vim-data-common - Add patch vim-fix-sh-syntax.patch which fixes broken sh syntax. ==== xen ==== Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return Address Predictions (XSA-426) 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch