Packages changed: MozillaFirefox (100.0.2 -> 101.0) guestfs-tools (1.44.2 -> 1.48.1) kernel-source (5.17.9 -> 5.18.1) libguestfs (1.44.2 -> 1.48.3) perl-Cpanel-JSON-XS (4.28 -> 4.29) perl-Mojolicious (9.25 -> 9.26) virt-v2v (1.44.2 -> 2.0.6) === Details === ==== MozillaFirefox ==== Version update (100.0.2 -> 101.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 101.0 * Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast * All non-configured MIME types can now be assigned a custom action upon download completion * allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility) MFSA 2022-20 (bsc#1200027) * CVE-2022-31736 (bmo#1735923) Cross-Origin resource's length leaked * CVE-2022-31737 (bmo#1743767) Heap buffer overflow in WebGL * CVE-2022-31738 (bmo#1756388) Browser window spoof using fullscreen mode * CVE-2022-31739 (bmo#1765049) Attacker-influenced path traversal when saving downloaded files * CVE-2022-31740 (bmo#1766806) Register allocation problem in WASM on arm64 * CVE-2022-31741 (bmo#1767590) Uninitialized variable leads to invalid memory read * CVE-2022-31742 (bmo#1730434) Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information * CVE-2022-31743 (bmo#1747388) HTML Parsing incorrectly ended HTML comments prematurely * CVE-2022-31744 (bmo#1757604) CSP bypass enabling stylesheet injection * CVE-2022-31745 (bmo#1760944) Incorrect Assertion caused by unoptimized array shift operations * CVE-2022-1919 (bmo#1761275) Memory Corruption when manipulating webp images * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469, bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973, bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869) Memory safety bugs fixed in Firefox 101 - requires * NSS 3.78.1 * rust-cbindgen 0.23.0 * rust 1.59 ==== guestfs-tools ==== Version update (1.44.2 -> 1.48.1) - Update to version 1.48.1 * This is a bug fix release - Update to version 1.48.0 * virt-builder New templates: "alma-8.5", "centosstream-8", "debian-11", "fedora-34", "fedora-34" (armv7l), "fedora-35" "fedora-35" (aarch64) (Lars Kaiser, Stef Walter). New fedora-34 (armv7l) template is built to use UEFI. * virt-customize The yescrypt password hashing method is now supported (Björn Esser). * virt-inspector Recognise "kalilinux", "kylin" and "msdos" operating systems / Linux distros (Laszlo Ersek). Inspection of LUKS encrypted filesystems placed directly on logical volumes is now supported, but you will need libguestfs ? 1.48 (Laszlo Ersek). * virt-sysprep Add a new default operation called "net-nmconn" which removes NetworkManager connection profiles (Laszlo Ersek). * virt-win-reg "virt-win-reg --version" now prints both the version of guestfs tools and the libguestfs library that it is linked with. * Various bug fixes - Drop patches contained in new tarball 63c9cd93-m4-guestfs-ocaml.m4-Fix-deprecated-warning-format.patch a4930f5f-customize-Suppress-OCaml-warning.patch - Fix Requires: gnupg2 -> gpg2 - Initial creation of the guestfs-tools package split out from the libguestfs package. * This release moves many of the virt tools like virt-builder, virt-cat, virt-customize, virt-df, etc. from libguestfs to the guestfs-tools package. This makes libguestfs a bit easier to build and manage. - These patches fix ocaml build errors. 63c9cd93-m4-guestfs-ocaml.m4-Fix-deprecated-warning-format.patch a4930f5f-customize-Suppress-OCaml-warning.patch ==== kernel-source ==== Version update (5.17.9 -> 5.18.1) - Linux 5.18.1 (bsc#1012628). - ALSA: ctxfi: Add SB046x PCI ID (bsc#1012628). - ACPI: sysfs: Fix BERT error region memory mapping (bsc#1012628). - random: check for signals after page of pool writes (bsc#1012628). - random: wire up fops->splice_{read,write}_iter() (bsc#1012628). - random: convert to using fops->write_iter() (bsc#1012628). - random: convert to using fops->read_iter() (bsc#1012628). - random: unify batched entropy implementations (bsc#1012628). - random: move randomize_page() into mm where it belongs (bsc#1012628). - random: move initialization functions out of hot pages (bsc#1012628). - random: make consistent use of buf and len (bsc#1012628). - random: use proper return types on get_random_{int,long}_wait() (bsc#1012628). - random: remove extern from functions in header (bsc#1012628). - random: use static branch for crng_ready() (bsc#1012628). - random: credit architectural init the exact amount (bsc#1012628). - random: handle latent entropy and command line from random_init() (bsc#1012628). - random: use proper jiffies comparison macro (bsc#1012628). - random: remove ratelimiting for in-kernel unseeded randomness (bsc#1012628). - random: move initialization out of reseeding hot path (bsc#1012628). - random: avoid initializing twice in credit race (bsc#1012628). - random: use symbolic constants for crng_init states (bsc#1012628). - siphash: use one source of truth for siphash permutations (bsc#1012628). - random: help compiler out with fast_mix() by using simpler arguments (bsc#1012628). - random: do not use input pool from hard IRQs (bsc#1012628). - random: order timer entropy functions below interrupt functions (bsc#1012628). - random: do not pretend to handle premature next security model (bsc#1012628). - random: use first 128 bits of input as fast init (bsc#1012628). - random: do not use batches when !crng_ready() (bsc#1012628). - random: insist on random_get_entropy() existing in order to simplify (bsc#1012628). - xtensa: use fallback for random_get_entropy() instead of zero (bsc#1012628). - sparc: use fallback for random_get_entropy() instead of zero (bsc#1012628). - um: use fallback for random_get_entropy() instead of zero (bsc#1012628). - x86/tsc: Use fallback for random_get_entropy() instead of zero (bsc#1012628). - nios2: use fallback for random_get_entropy() instead of zero (bsc#1012628). - arm: use fallback for random_get_entropy() instead of zero (bsc#1012628). - mips: use fallback for random_get_entropy() instead of just c0 random (bsc#1012628). - riscv: use fallback for random_get_entropy() instead of zero (bsc#1012628). - m68k: use fallback for random_get_entropy() instead of zero (bsc#1012628). - timekeeping: Add raw clock fallback for random_get_entropy() (bsc#1012628). - powerpc: define get_cycles macro for arch-override (bsc#1012628). - alpha: define get_cycles macro for arch-override (bsc#1012628). - parisc: define get_cycles macro for arch-override (bsc#1012628). - s390: define get_cycles macro for arch-override (bsc#1012628). - ia64: define get_cycles macro for arch-override (bsc#1012628). - init: call time_init() before rand_initialize() (bsc#1012628). - random: fix sysctl documentation nits (bsc#1012628). - HID: amd_sfh: Add support for sensor discovery (bsc#1012628). - lockdown: also lock down previous kgdb use (bsc#1012628). - commit df81444 - Update patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch Update to upstream version, update upstream reference and move into sorted section. - commit 3ae1db7 - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch - commit dc762c4 - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - Update config files -- DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1199932) Set DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT which makes use of dwarf5 on gcc-11 and newer. - commit f439809 - random: do not use input pool from hard IRQs (bsc#1199803). - commit 3352b92 - Add dtb-starfive - commit 9633cc7 - Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" (20220523022438.ofhehjievu2alj3h@lion.mk-sys.cz). - commit 2023975 - Update to 5.18 final - refresh configs (headers only) - commit d0f5e4b ==== libguestfs ==== Version update (1.44.2 -> 1.48.3) - Update to version 1.48.3 * Several bugs fixed in this release since version 1.48.1 * Updated language files - Update to version 1.48.1 * Updated language files * A few bug fixes in this release * Drop requirement for newer ocaml required by Bytes.get_uint8. It is replaced with a local implementation. - Add relevant %post{,un} sections - Add another rpmlint filter - Add uk man dirs - Avoid useless builds, if ocaml version isn't up to the task libguestfs uses get_uint8(), available since ocaml 4.13.0 - Update to version 1.48.0 * Fix allocation and deallocation of string lists in golang bindings (Laszlo Ersek). * Multiple fixes to the OCaml bindings: * Add support for Kylin (Laszlo Ersek). * Add support for Rocky Linux (Neil Hanlon). * Inspection of guests which use LUKS encryption on top of LVM logical volumes should now work (Laszlo Ersek). * "guestfs_list_9p" and "guestfs_mount_9p" are deprecated and now return errors. * "guestfs_remove_drive" has been deprecated and now returns an error. * "guestfs_add_drive" no longer supports hotplugging * In "guestfs_xfs_admin" the "lazycounter" parameter is deprecated because it is no longer supported in recent versions of XFS. * The User-mode Linux ("uml") backend has been removed. * Partition APIs now cope with the broken MBR partition tables created by dosfstools ? 4.2 (Laszlo Ersek). * Various bug fixes - Update to version 1.46.2 * This release has moved many virt tools like virt-builder, virt-cat, virt-customize, virt-df, etc. to the guestfs-tools project. This makes libguestfs a bit easier to build and manage. * The build now uses and requires PCRE2 (instead of PCRE). * This version requires libvirt ? 7.1.0, if libvirt is enabled. * gnulib is no longer bundled with libguestfs, making builds from git much simpler. * Perl Sys::Virt (libvirt bindings for Perl) are no longer required by libguestfs. * The code has been compiled with both LTO and GCC -fanalyzer and many bugs and warnings fixed. * Various fixes for qemu 6.1. * Update appliance packages on SUSE and several other improvements to the init script (Olaf Hering). * We now use the qemu / libvirt feature -cpu max to select the best CPU to run the appliance. * When passing the appliance filesystem UUID to supermin we now read it directly out of the appliance instead of using the file(1) program. This is more reliable. * The qemu -enable-fips option is no longer used. It was not needed and has been deprecated by qemu. * We no longer use qemu's sga (Serial Graphics Adapter) option ROM, instead using the equivalent seabios feature. * Various bug fixes - Package changes * New libguestfs.spec file. * Moved guestfs-tools to a new and separate project and package * Renamed packages guestfs-winsupport -> libguestfs-winsupport guestfsd -> libguestfsd * New packages libguestfs, libguestfs-typelib-Guestfs, libguestfs-gobject, libguestfs-gobject-devel libguestfs-rescue, libguestfs-rsync, libguestfs-xfs * Dropped package libguestfs-test - Dropped scripts and patches Pod-Simple-3.23.tar.xz libguestfs.test.simple.create-opensuse-guest-crypt-on-lvm.sh libguestfs.test.simple.create-opensuse-guest.sh libguestfs.test.simple.create-sles12-guest-crypt-on-lvm.sh libguestfs.test.simple.create-sles12-guest.sh libguestfs.test.simple.run-libugestfs-test-tool.sh 0001-Introduce-a-wrapper-around-xmlParseURI.patch 0002-common-extract-UTF-8-conversion-function.patch 0003-inspector-rpm-summary-and-description-may-not-be-utf.patch 489b14b7-ocaml-examples-Link-examples-to-gnulib.patch 63c9cd93-m4-guestfs-ocaml.m4-Fix-deprecated-warning-format.patch 68a02c2f-customize--resize--sparsify--sysprep-Link-explicitly-with-pthread.patch 9db0c98c-appliance-enable-bashs-Process-Substitution-feature.patch a4930f5f-customize-Suppress-OCaml-warning.patch c0de4de9-appliance-add-reboot-and-netconfig-for-SUSE.patch e26cfa44-daemon-Build-with--pthread.patch f47e0bb6-appliance-reorder-mounting-of-special-filesystems-in-init.patch appliance.patch libguestfs.env.patch makefile-ocaml-find-guestfs.patch netconfig.patch ==== perl-Cpanel-JSON-XS ==== Version update (4.28 -> 4.29) - updated to 4.29 see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes 4.29 2022-05-27 (rurban) - Hack: Revert native bool (unblessed) overloads via JSON::PP 4.08. JSON::PP ignores unblessed bools for now. GH #194 ==== perl-Mojolicious ==== Version update (9.25 -> 9.26) - updated to 9.26 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.26 2022-05-20 - Added EXPERIMENTAL capture method to Mojo::Log. ==== virt-v2v ==== Version update (1.44.2 -> 2.0.6) Subpackages: virt-v2v-bash-completion - Update to version 2.0.6 * This is a bug fix release on top of 2.0.5 - Update to version 2.0.5 * Virt-v2v has been modularised allowing external programs to examine the state of the conversion and inject their own copying step. Further enhancements will be made to this new architecture in forthcoming releases. * The command line is almost identical apart from some debugging features that were removed (see below). The only significant difference is that the output format (-of) now has to be specified if it is different from the input format, whereas previous versions of virt-v2v would use the same output format as input format automatically. * A lot of time was spent improving the performance of virt-v2v in common cases. * Implement conversion of ALT Linux guests (Mikhail Gordeev). * Many bug fixes and performance enhancements were made to oVirt imageio output (Nir Soffer). * There is a new virt-v2v-in-place(1) tool which replaces the existing virt-v2v --in-place option. * Virt-v2v can now convert guests which use LUKS encrypted logical volumes (Laszlo Ersek). * Option -oo rhv-direct has been replaced by -oo rhv-proxy, and direct mode (which is much faster) is now the default when writing to oVirt, with proxy mode available for restricted network configurations (thanks: Nir Soffer). * The following command line options were removed: - -print-estimate, --debug-overlays, --no-copy. * Virt-v2v no longer installs the RHEV-APT tool in Windows guests. This tool was deprecated and then removed in oVirt 4.3. * Deprecated tool virt-v2v-copy-to-local has been removed. This was deprecated in November 2018. - Drop fix-linker-error.patch