Packages changed: 389-ds (3.1.1~git0.aef1668 -> 3.1.1~git13.a9c7ff9) erofs-utils libavif (1.0.4 -> 1.1.1) libfido2 (1.14.0 -> 1.15.0) libpcap (1.10.4 -> 1.10.5) live555 (2024.06.26 -> 2024.08.01) nbdkit (1.40.1 -> 1.40.2) openSUSE-release (20240903 -> 20240904) python-kiwi (10.1.2 -> 10.1.4) zlib-ng-compat (2.1.6 -> 2.2.1) === Details === ==== 389-ds ==== Version update (3.1.1~git0.aef1668 -> 3.1.1~git13.a9c7ff9) Subpackages: lib389 libsvrcore0 - bsc#1229948 - CVE-2024-43806 - rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion - Update to version 3.1.1~git13.a9c7ff9: * Issue 2472 - Add a CI test (#6314) * Issue 6276 - Schema lib389 object is not keeping custom schema data upon editing (#6279) * Issue 3555 - UI - Fix audit issue with npm - micromatch (#6310) * Issue 5843 - Fix size formatting in dscreate output and enhance tests (#6309) * Issue 6301 - Fix long delay when setting replication agreement with dsconf (#6303) * Issue 6280 - Changelog trims updates from a given RID even if a consumer has not received any of them (#6281) * Issue 6296 - basic_test.py::test_conn_limits fails in main branch (#6300) * Issue 6295 - test_password_modify_non_utf8 should set default password storage scheme * Issue 6294 - Nightly copr builds are failing * Issue 6288 - dsidm crash with account policy when alt-state-attr is disabled (#6292) * Issue 2324 - Add a CI test (#6289) * Issue 6284 - BUG - freelist ordering causes high wtime (#6285) * Issue 6282 - BUG - out of tree build fails (#6283) ==== erofs-utils ==== - Enable zstd [boo#1229961] ==== libavif ==== Version update (1.0.4 -> 1.1.1) - update to 1.1.1: * In avif.h, change "AVIF_API AVIF_NODISCARD" back to "AVIF_NODISCARD AVIF_API" to fix clang-cl and MSVC compilation errors in the shared library build on Windows. * Fix -DAVIF_GTEST=SYSTEM * Fix infe_type and codec_config_type wrongly read as byte- aligned fields in the * experimental feature AVIF_ENABLE_EXPERIMENTAL_METAV1. * When building aom as a local dependency, runtime CPU detection (`CONFIG_RUNTIME_CPU_DETECT`) is now always `ON`; * Fix CMake config shared library leaks * Update gain map metadata to current ISO 21496-1 draft. * cmake: Only search for ASM_NASM language on x86_64 platforms. * Fix "No known features for CXX compiler" CMake error. * Fix aom link flags so that transitive library link flags are included when aom is a static library * Fix out-of-order 'dimg' grid associations * Report files with an item used in multiple 'dimg' boxes with * AVIF_RESULT_NOT_IMPLEMENTED instead of AVIF_RESULT_INVALID_IMAGE_GRID. * Add experimental API for reading and writing gain maps in AVIF files. * If enabled at compile time, add `gainMap` field to `avifImage`, * add `qualityGainMap` field to `avifEncoder`, add `gainMapPresent`, `enableDecodingGainMap`, `enableParsingGainMapMetadata` and `ignoreColorAndAlpha` to `avifDecoder`. * Utility functions for working with gain maps are also added. * Gain maps allow readers that support them to display HDR images that look good on both HDR and SDR displays. * Add experimental support for converting jpeg files with gain maps to AVIF files with gain maps. Requires libxml2, and the AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP compilation flag. * Add a --qgain-map flag to control the gain map quality in avifenc. * Add the headerFormat member of new type avifHeaderFormat to avifEncoder. * Add experimental API for reading and writing "mif3"-branded AVIF files behind the compilation flag AVIF_ENABLE_EXPERIMENTAL_METAV1. * Implement avifImageScale() fallback when libyuv is not available. * Partial import of libyuv to third_party/libyuv (new LICENSE). * Add avifenc flag suffixes ":update" and ":u". Quality- relative, tiling-relative and codec-specific flags can now be positional, relative to input files. * Add experimental support for layered AVIF encoding in avifenc. * Use the --layered flag to enable layered AVIF encoding. * Layered AVIF has multiple layers, which works like frame of animated AVIF, and layers can be rendered in progressive manner on supported viewers * Only aom supports layered AVIF encoding at the time of writing. * Add --scaling-mode flag to set scaling mode of each layer. * This part of AV1 encoder is not as thoroughly tested, so there are higher possibility encoder may crash when given certain configuration or input. * Add imageSequenceTrackPresent flag to the avifDecoder struct. * avifImageScale() function was made part of the public ABI. * Add avif_cxx.h as a C++ header with basic functionality. * Add enum aliases AVIF_COLOR_PRIMARIES_SRGB, AVIF_COLOR_PRIMARIES_BT2100, * AVIF_COLOR_PRIMARIES_DCI_P3, AVIF_TRANSFER_CHARACTERISTICS_PQ. * Add avifResult enum entry AVIF_RESULT_INTERNAL_ERROR. * Require libyuv by default (but it can still be disabled with * -DAVIF_LIBYUV=OFF). * Add avifdec --icc flag to override the output color profile. * Add experimental API for reading and writing 16-bit AVIF files behind the * compilation flag AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM. * Add AVIF_CHROMA_SAMPLE_POSITION_RESERVED to avifChromaSamplePosition enum. ==== libfido2 ==== Version update (1.14.0 -> 1.15.0) Subpackages: libfido2-1 libfido2-udev - update to 1.15.0: * bio, credman: improved CTAP 2.1 support. * hid_osx: fix issue where fido_hid_read() may block unnecessarily; gh#757. * fido2-token -I: print maxcredbloblen. * hid_linux: improved support for uhid devices. * New API calls: - fido_cred_set_attobj; - fido_cred_x5c_list_count; - fido_cred_x5c_list_len; - fido_cred_x5c_list_ptr. ==== libpcap ==== Version update (1.10.4 -> 1.10.5) - Update to 1.10.5: * Security fixes: - [bsc#1230020, CVE-2023-7256] double free via addrinfo in sock_initaddress() - [bsc#1230034, CVE-2024-8006] null pointer derefence in pcap_findalldevs_ex() * Thread safety: Make some static variables thread-local * Packet filtering: - Return an error from pcap_compile() if the scanner fails to initialize. - Optimizer fix from Archit Shah to recompute dominators after moving code; (although the resulting filter isn't empty). - Optimizer fix from Archit Shah to mark value as unknown when store of that value is deleted. * Linux: - Don't use DLT_LINUX_SLL2 for anything other than the "any" device. - Avoid 32-bit unsigned integer overflow in USB captures. - Fix a file descriptor leak. - Fix DLT_CAN_SOCKETCAN handling of CAN FD. - Add CAN XL support to DLT_CAN_SOCKETCAN. - Clean up the code that sets the "real" ("original") length for isochronous USB transfers. - Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and Bluetoth modules. * Haiku: - Report non-existent devices correctly. - Fix handling of packet statistics. - Fix packet timestamping. - Fix packet filtering with low snaplen. - Improve connection status reporting. - Add support for promiscuous mode. - Detect DLTs and loopback capture support at run time. - Report IEEE 802.11 as PCAP_IF_WIRELESS. * BSD, macOS, AIX, Solaris 11, Linux: - Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture mechanism is not present, in the hopes that, for example, attempts to capture on Windows Services for Linux 1, in which the NT kernel attempts to simulate Linux system calls but does not support packet sockets, can get an error that better indicates the underlying problem. * AirPcap: Format an error message if we run out of memory. * nflog: Make sure we don't overflow when rounding up the TLV length. * rpcap: - Handle routines removed in at least some OpenSSL libraries. - CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid double frees in some cases. - Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int on UN*Xes and as SOCKET on Windows. - CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a path to a directory that cannot be opened. * Savefiles: - Handle DLT_/LINKTYPE_ mapping better, to handle some OpenBSD-specific link types better. - Treat if_tsoffset as signed in pcapng files, as the spec says. - Don't try to fix the "real" length for isochronous USB transfers if the number of USB descriptors is too large. - Reject pcap files where one of the reserved fields in the "link-layer type plus other stuff" is non-zero. * Rebase libpcap-1.0.0-s390.patch ==== live555 ==== Version update (2024.06.26 -> 2024.08.01) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 libliveMedia112 - update to 2024-08-01: * Updated "ServerMediaSession::generateSDPDescription()" to treat "time_t" as (long long). ==== nbdkit ==== Version update (1.40.1 -> 1.40.2) Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin nbdkit-vddk-plugin - Update to version 1.40.2: * Version 1.40.2. * tests/dummy-vddk.c: Stop the background thread in dummy _Exit function * vddk: Check create-size is aligned to VIXDISKLIB_SECTOR_SIZE * vddk: Detect possible VDDK crash and warn * docs: Refresh nbdkit-service(1) page - Enable bzip2 filter ==== openSUSE-release ==== Version update (20240903 -> 20240904) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-kiwi ==== Version update (10.1.2 -> 10.1.4) - Bump version: 10.1.3 → 10.1.4 - Add note about guestOS values for vmware ovftools. - Add note about guestOS values for vmware platform. - Fixed resize of dos table type on s390 On s390, parted is used to detect the partition table type. In contrast to blkid the name for DOS tables is reported as 'msdos' and not 'dos' which impacts several conditions in the kiwi initrd code which checks for 'dos'. This commit fixes the get_partition_table_type() method to return a consistent table name for DOS tables. This Fixes bsc#1228729 - Revert "remove dependency on /usr/bin/python" This reverts commit 15b450188483b567ca10bb459bf50ed90e905bb7. The change provided here entirely broke kiwi in OBS. With this patch applied every image build in OBS fails with the following message: 'line 1: /usr/sbin/kiwi: No such file or directory' - Bump version: 10.1.2 → 10.1.3 - Fix bundle extension for archive types When bundling result files that uses an archive type like tbz or docker, kiwi creates them with the extension tar.xz/tar.gz The bundler code only uses the extension from the last tuple in a "." split which is wrong for "tar." filenames. This commit adds an exception to the prefix rule for this output filenames and Fixes #2628 - Fix ImageSystem mount procedure The mount() method did not take custom partitions into account. This commit fixes it. This Fixes #2619 - remove dependency on /usr/bin/python - Add support for isomd5sum for tagging iso files The isomd5sum tool suite is used and available on all supported distributions except SUSE distributions, and is necessary to produce conformant ISOs for most Linux distributions. This change adds support for isomd5sum tool suite for kiwi, though it does not extend the kiwi-live dracut module to use it. The upstream dracut dmsquash-live module must be used instead. Co-authored-by: Dan Čermák - kiwi/builder/live: Log the correct value for Application ID Since it is now possible to set a custom application ID, we want to see this when it is being used for the image. - kiwi/builder/live: Clean up leftover dracut configuration file The existence of this file breaks installers on live media that sync the full filesystem to disk and are not aware of this configuration before generating the target system initramfs. - Allow string versions and test "word" versions There are descriptions out in the wild that use "non-numeric" versions in their descriptions, particularly without separators for splitting. This change switches all of this to strings rather than assuming numbers and gracefully handles the single word case. - Add documentation for boxbuild tweaks - Fixed wrong log level on --logfile When using --logfile, the log generated there matches the stdout log (which without --debug, does not include any debug info). This is in contrast to the automatically generated one in the output directory, which always does and also not following the way how it is documented. This Fixes #2503 - Fixed arch flag for namedCollection The arch flag in a namedCollection was not taken into account. This commit fixes this and also makes sure the result information is sorted and unique like we have it for the package lists. This Fixes #2600 - Fix handling of zipl.conf in plain zipl bootloader When using the plain zipl bootloader kiwi created a /etc/zipl.conf file. However, this file was only useful during image build as it points to a loop target device and geometry but does not represent a proper config file to be used in the running system. In addition the different distributors provides their own version and layout of the zipl.conf to be used inside of the system and with their respective tools. Thus this commit changes the way how kiwi operates in a way that the zipl.conf used in the initial image only exists during the image build process. An eventual present /etc/zipl.conf will not be touched by kiwi. This Fixes #2597 ==== zlib-ng-compat ==== Version update (2.1.6 -> 2.2.1) - Update to 2.2.1: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.2.1