Packages changed: MozillaFirefox (74.0.1 -> 75.0) btrfsprogs (5.4.1 -> 5.6) discover grub2 libnotify (0.7.8 -> 0.7.9) libostree (2019.6 -> 2020.3) nano (4.9.1 -> 4.9.2) vulkan-loader (1.2.133 -> 1.2.135) xdg-desktop-portal === Details === ==== MozillaFirefox ==== Version update (74.0.1 -> 75.0) - Mozilla Firefox 75.0 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes MFSA 2020-12 (bsc#1168874) * CVE-2020-6821 (bmo#1625404) Uninitialized memory could be read when using the WebGL copyTexSubImage method * CVE-2020-6822 (bmo#1544181) Out of bounds write in GMPDecodeData when processing large images * CVE-2020-6823 (bmo#1614919) Malicious Extension could obtain auth codes from OAuth login flows * CVE-2020-6824 (bmo#1621853) Generated passwords may be identical on the same site between separate private browsing sessions * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203) Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488, bmo#1619229,bmo#1620719,bmo#1624897) Memory safety bugs fixed in Firefox 75 - removed obsolete patch mozilla-bmo1609538.patch - requires * rust >= 1.41 * rust-cbindgen >= 0.13.1 * mozilla-nss >= 3.51 * nodejs10 >= 10.19 - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch - increase _constraints memory for ppc64le ==== btrfsprogs ==== Version update (5.4.1 -> 5.6) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.6: * inspect logical-resolve: support LOGICAL_INO_V2 as new option '-o', helps advanced dedupe tools * inspect: user larger buffer (64K) for results * subvol delete: support deletion by id (requires kernel 5.7+) * dump-tree: new option --hide-names, replace any names (file, directory, subvolume, xattr) in the output with stubs * various fixes - Update to 5.4.1 * build: fix docbook5 build * check: do extra verification of extent items, inode items and chunks * qgroup: return ENOTCONN if quotas not running (needs updated kernel) * other: various test fixups - BuildRequire pkgconfig(udev) instead of udev: Allow OBS to shortcut through the -mini flavor. - Use pkg-config --modversion udev to identify the current udev version. This is more portable and supports the -mini flavors. - Update to 5.4 * support new hash algorithms (kernel 5.5): * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2 * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5) * check: * --repair delays start with a warning, can be skipped using --force * enhanced detetion of inode types from partial data, more options for repair * receive: fix quiet option * image: speed up chunk loading * fi usage: * sort devices by id * print ratio of used/total per block group type * rescue zero-log: reset the log pointers directly, avoid reading some other potentially damaged structures * new make target install-static to install only static binaries/libraries * other * docs updates * new tests * cleanups and refactoring - Update to 5.3.1: * libbtrfs: fix link breakage due to missing symbols - Updaet to 5.3: * mkfs: * new option to specify checksum algorithm (only crc32c) * fix xattr enumeration * dump-tree: BFS (breadth-first) traversal now default * libbtrfsutil: remove stale BTRFS_DEV_REPLACE_ITEM_STATE_x defines * ci: add support for gitlab * other: * preparatory work for more checksum algorithms * docs update * switch to docbook5 backend for asciidoc * fix build on uClibc due to missing backtrace() * lots of printf format fixups - Enable build of python-bindings for libbtrfsutil - Update to 5.2.2: * check: * fix false report of wrong byte count for orphan inodes * option -E was not handled correctly * new check and repair for root item generation * balance: check for full-balance before background fork * mkfs: check that total device size does not overflow 16EiB * dump-tree: print DEV_STATS key type * other: * new and updated tests * doc fixups and updates - update to 5.2.1 * scrub status: fix ETA calculation after resume * check: fix crash when using -Q * restore: fix symlink owner restoration * mkfs: fix regression with mixed block groups * core: fix commit to process all delayed refs * other: * minor cleanups * test updates - update to 5.2 * subvol show: print qgroup information when available * scrub: * status: show ETA, revamp the whole output * fix reading/writing of last position on resume/cancel, potentially skipping part of the filesystem on next resume * dump-tree: add new option --noscan to use only devices given on the commandline * all-in-one binary (busybox style) with mkfs.btrfs, btrfs-image, btrfs-convert, btrfstune * image: fix hang when there are more than 32 cpus online and compression is requested * convert: fix some false ENOSPC errors when --rootdir is used * build: fix gcc9 warnings * core changes * command handling cleanups * dead code removal * cmds-* files moved to cmds/ * other shared userspace files moved to common/ * utils.c split into more files * preparatory work for more output formats * libbtrfsutil: fix unaligned access * other * new and updated tests * fix tests so CI passes again * sb-mod can modify more superblock items - update to version 5.1 * repair: flush/FUA support to avoid breaking metadata COW * file extents repair no longer relies on data in extent tree * lowmem: fix false error reports about gaps between extents * add inode mode check and repair for various objects * add check for invalid combination of nocow/compressed extents * device scan option to forget scanned devices [new] * mkfs: use same chunk size as kernel for initial creation * dev-repace: better report when other exclusive operation runs * help for sntax errors on command lines, print relevant msgs * defrag: able to open files in RO mode * dump-tree: --block can be specified multiple times - update to version 4.20.2 * dump-super: minor output fixup * revert fix for prefix detection of receive path, this is temporary and unbreaks existing user setups - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) * Remove module-setup.sh * Add module-setup.sh.in - Advise user of fs recovery options when we fail to mount (fate#320443, bsc#1122539) * Add dracut-fsck-help.txt * Add module-setup.sh - update to version 4.20.1 * libbtrfs: fix build of external tools due to missing symbols * ci: enable library test - update to version 4.20 * new feature: metadata uuid * lightweight change of UUID without rewriting all metadata (incompatible change) * done by btrfstune -m/-M, needs kernel support, 5.0+ * image: * fix block groups when restoring from multi-device image * only enlarge result image if it's a regular file * check * more device extent checks and fixes * can repair dir item with mismatched hash * mkfs: uuid tree created with proper contents * fix mount point detection due to partial prefix match * other: * new tests, build fixes, doc updates * libbtrfsutil: fix tests if kernel lacks support for new subvolume ioctls - partial cleanup with spec-cleaner - drop 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch - drop 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch - drop 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch - drop 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch - drop 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - Use %license instead of %doc [bsc#1082318] - Implement fate#325871 * Added 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch * Added 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch * Added 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch * Added 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch * Added 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - update to version 4.19.1 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported * other * new tests * cleanups - update to version 4.19 * check: support repair of fs with free-space-tree feature * core: * port delayed ref infrastructure from kernel * support write to free space tree * dump-tree: new options for BFS and DFS enumeration of b-trees * quota: rescan is now done automatically after 'assign' * btrfstune: incomplete fix to uuid change * subvol: fix 255 char limit checks * completion: complete block devices and now regular files too * docs: * ship uncompressed manual pages * btrfsck uses a manual page link instead of symlink * other * improved error handling * docs * new tests - update to version 4.17.1 * check: * add ability to fix wrong ram_bytes for compressed inline files * beautify progress output * btrfstune: allow to continue uuid change after unclean interruption * several fuzz fixes: * detect overalpping chunks * chunk loading error handling * don't crash with unexpected root refs to extents * relax option parsing again to allow mixing options and non-options arguments * fix qgroup rescan status reporting * build: * drop obsolete dir-test * new configure option to disable building of tools * add compatibility options --disable-static and --disable-shared * other: * cleanups and preparatory work * new test images - spec cleanup - update to version 4.17 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported - Removed patches (upstreamed): * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - Don't require libzstd-devel-static on builds that don't use it. - fix installation of btrfs.5.gz - Fix building on SLE11: * btrfs-progs: convert: fix support for e2fsprogs < 1.42 * btrfs-progs: build: detect whether -std=gnu90 is supported * btrfs-progs: build: autoconf 2.63 compatibility * Fixed mismerged addition of libbtrfsutil1 package description - Added patches: * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - update to version 4.16.1 * remove obsolete tools: btrfs-debug-tree, btrfs-zero-log, btrfs-show-super, btrfs-calc-size * sb-mod: new debugging tool to edit superblock items * mkfs: detect if thin-provisioned device does not have enough space * check: don't try to verify checksums on metadata dump images * build: fail documentation build if xmlto is not found * build: fix build of btrfs.static - Remove patch: 0001-btrfs-progs-build-fix-static-build.patch (upstream) - Update initrd script - update to version 4.16 * libbtrfsutil - new LGPL library to wrap userspace functionality * several 'btrfs' commands converted to use it: * properties * filesystem sync * subvolume set-default/get-default/delete/show/sync * python bindings, tests * build * use configured pkg-config path * CI: add python, musl/clang, built dependencies caching * convert: build fix for e2fsprogs 1.44+ * don't install library links with wrong permissions * fixes * prevent incorrect use of subvol_strip_mountpoint * dump-super: don't verify csum for unknown type * convert: fix inline extent creation condition * check: * lowmem: fix false alert for 'data extent backref lost for snapshot' * lowmem: fix false alert for orphan inode * lowmem: fix false alert for shared prealloc extents * mkfs: * add UUID and otime to root of FS_TREE - with the uuid, snapshots will be now linked to the toplevel subvol by the parent UUID * don't follow symlinks when calculating size * pre-create the UUID tree * fix --rootdir with selinux enabled * dump-tree: add option to print only children nodes of a given block * image: handle missing device for RAID1 * other * new tests * test script cleanups (quoting, helpers) * tool to edit superblocks * updated docs - Add patch: 0001-btrfs-progs-build-fix-static-build.patch - Add new library packages: libbtrfsutil - use documentation shipped by upstream tar, reduce dependencies - enable static build again, zstd now has static version - update to version 4.15 * mkfs --rootdir reworked, does not minimize the final image but can be still done using a new option --shrink * fix allocation of system chunk, don't allocate from the reserved area * other * new and updated tests * cleanups, refactoring * doc updates - spec: fix distro version condition - update to version 4.14.1 * dump-tree: print times of root items * check: fix several lowmem mode bugs * convert: fix rollback after balance * other * new and updated tests, enabled lowmem mode in CI * docs updates * fix travis CI build * build fixes * cleanups - update to version 4.14 * build: libzstd now required by default * check: more lowmem mode repair enhancements * subvol set-default: also accept path * prop set: compression accepts no/none, same as "" * filesystem usage: enable for filesystem on top of a seed device * rescue: new command fix-device-size * other * new tests * cleanups and refactoring * doc updates - Removed patches: - rollback-regression-fix.patch - upstreamed - spec: disable static build, missing libzstd-devel-static - spec: disable zstd support for non-Tumbleweed distros ==== discover ==== Subpackages: discover-backend-flatpak - Add missing kdeclarative-components runtime dependency (boo#1169153) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix GCC 10 build fail (bsc#1158189) * 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch * 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch ==== libnotify ==== Version update (0.7.8 -> 0.7.9) Subpackages: libnotify4 typelib-1_0-Notify-0_7 - Remove service files. - Update to version 0.7.9: + Added man page for notify-send. + Dropped autotools. - Require docbook5-xsl-stylesheets. Needed for manpage generation. ==== libostree ==== Version update (2019.6 -> 2020.3) Subpackages: libostree-1-1 - Update to version 2020.3: * A quick followup to 2020.2, which introduced support for read-only sysroot ended up breaking some of the Fedora CoreOS tests in coreos-assembler which in turn holds back ostree going into FCOS * Now that gap has been closed and more of those tests are being run on the new CI. - Update to version 2020.2: * lib: Fix Since versions for 2020.1 * Post-release version bump * "Brown paper bag" release that actually sets the is_release_build=yes flag and also fixes the Since: on a few new functions. - Update to version 2020.1: * There is now support for making the /sysroot mount point read-only to start. This protects against a lot of accidental damage, and also generalizes and improves the previous special case handling of having /boot read-only. One known issue is that ostree pull is broken with this enabled, and this will be fixed. * Error-handling around GPG verification has had an overhaul. Specifically, libostree now has more specific error codes to distinguish between different verification failures. This should allow apps to have more fine-grained control over how to respond to errors. Do note that the error messages themselves have changed, and we strongly suggest that anyone relying on a specific error message string to migrate to using the API directly. * The original "archive" (split up objects) format didn't make it easy for a client system to know how much data it would be downloading. Later, static deltas were added which addressed this problem, but there are situations in which object fetches still occur. Later then support for optional sizes metadata in commit objects was added but was never really stabilized/publicized. There were also some bugs in it. That is now completed - the sizes data is now stable. and new API was added to read it. * This release adds initial fs-verity support; it doesn't do too much today. Bigger picture it's important to understand that the vision of OSTree is to enable Linux systems that feel like they're "image based" (transactional, versioned updates, no dependency resolution client side), but also to enable things like doing commits on the client side. Today rpm-ostree supports replacing the kernel client side as a first class operation. This is crucially important to make it feel truly like a Linux system that you own. * A small tweak was made to have OSTree create repo structure directories and files (such as objects/ or .lock) with group write permissions. This is useful for managing OSTree remote servers from multiple UIDs. For systems with the default umask of 0022, this should have no effect. * We've extensively reworked CI for the upstream repo. In addition to Travis, testing is now done on top of Fedora CoreOS. Not all tests have been carried over, but expect to see more coming. This rework will also allow us to have more comprehensive tests previously not possible. * Several fixes were made to the test suite to handle the cases of systemd vs no-systemd, and systemd is now advertised in the list of features in ostree --version if present. ==== nano ==== Version update (4.9.1 -> 4.9.2) - GNU nano 4.9.2: * fix crash after undoing an at the end of leading whitespace ==== vulkan-loader ==== Version update (1.2.133 -> 1.2.135) - Update to release 1.2.135 * Updated `CMakeLists.txt` and `common_codegen.py` to allow access to beta types and commands when including `vulkan.h`. Generated new loader header files. ==== xdg-desktop-portal ==== - Add patch from upstream to fix a use-after-free case: * 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch - Add patch from upstream to add AssumedAppArmorLabel key to D-Bus service files to allow sandboxed processes to activate the portal services if the sandbox makes use of AppArmor D-Bus mediation rules that depend on the service's security label: * 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch - Add patch from upstream to fix a null pointer usage when no default handler is set for desired type: * 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch