Packages changed: apr ceph discover dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) fwupd jbigkit jq (1.7 -> 1.7.1) kdump krb5 (1.21.1 -> 1.21.2) libpwquality libssh2_org libstorage-ng (4.5.162 -> 4.5.163) libvirt metamail mozilla-nss (3.94 -> 3.95) mutter open-vm-tools perl-Bootloader (1.9 -> 1.10) ppp (2.4.9 -> 2.5.0) python-hiredis (2.2.2 -> 2.3.2) python-lxml (4.9.3 -> 4.9.4) python311 python311-core rsync sudo (1.9.15p2 -> 1.9.15p4) systemd vim (9.0.2146 -> 9.0.2181) vinagre vte (0.74.1 -> 0.74.2) wtmpdb (0.9.3 -> 0.10.0) zbar === Details === ==== apr ==== - Add reproducible.patch to drop build host name (boo#1084909) ==== ceph ==== Subpackages: librados2 librbd1 - Add ceph-cmake-3.28.patch: Fix build with cmake 3.28 and no git command found (https://github.com/ceph/ceph/pull/54963, boo#1218111). ==== discover ==== Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Update appstream build requirement for compatibility with 1.0.0 (boo#1217047) - Remove obsolete version checks ==== dracut ==== Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) - Update to version 059+suse.533.g5a7cf9fa: * feat(dracut.sh): protect `push_host_devs` function * fix(dracut.sh): do not add device if `find_block_device` returns an error ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== jbigkit ==== - security update - added patches fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler + jbigkit-CVE-2022-1210.patch ==== jq ==== Version update (1.7 -> 1.7.1) Subpackages: libjq1 - Update to version 1.7.1 Security * Fix CVE-2023-50246 (boo#1218034) + Fix heap buffer overflow in jvp_literal_number_literal. * Fix CVE-2023-50268 (boo#1218038) fix stack-buffer-overflow if comparing nan with payload. CLI changes * Make the default background color more suitable for bright backgrounds. * Allow passing the inline jq script after --. * Fix possible uninitialised value dereference if jq_init() fails Language changes * Simplify paths/0 and paths/1. * Reject U+001F in string literals. * Remove unused nref accumulator in block_bind_library. * Remove a bunch of unused variables, and useless assignments. * main.c: Remove unused EXIT_STATUS_EXACT option. * Actually use the number correctly casted from double to int as index. * src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. * Remove undefined behavior caught by LLVM 10 UBSAN. * Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. * Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. * Fix memory leak on failed get for setpath/2. * Fix nan from json parsing also for nans with payload that start with 'n'. * Allow carriage return characters in comments. Documentation changes * Generate links in the man page. libjq * Add extern C for C++. ==== kdump ==== - Update calibrate values for riscv64 ==== krb5 ==== Version update (1.21.1 -> 1.21.2) Subpackages: krb5-client - update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. ==== libpwquality ==== Subpackages: libpwquality1 pam_pwquality - add: prereq "pam-config" in baselibs.conf * post scriptlet in pam_pwquality-32bit runs: pam-config ==== libssh2_org ==== - Security fix: [bsc#1218127, CVE-2023-48795] * Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * Add libssh2_org-CVE-2023-48795.patch ==== libstorage-ng ==== Version update (4.5.162 -> 4.5.163) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#970 - consistent (and original) naming of bcache operations - coding style - improved logging - updated integration tests - fixed typo - 4.5.163 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - apparmor: Add capabilities for PCI passthrough to virtxend profile bsc#1216656 ==== metamail ==== - Have fixed date in mgrep.1 (boo#1047218) ==== mozilla-nss ==== Version update (3.94 -> 3.95) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.95 * bmo#1842932 - Bump builtins version number. * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS. * bmo#1850982 - Remove Camerfirma root certificates from NSS. * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate. * bmo#1860670 - Add four Commscope root certificates to NSS. * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates. * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL* * bmo#1861728 - Include P-256 Scalar Validation from HACL*. * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * bmo#1837987 - Add means to provide library parameters to C_Initialize * bmo#1573097 - clang format * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber * bmo#1573097 - Fix Invalid casts in instance.c ==== mutter ==== - Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3 requrires byte based offset but Clutter uses char based offset for delete_surrounding_text, fix it by converting before passing arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712). ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== perl-Bootloader ==== Version update (1.9 -> 1.10) - merge gh#openSUSE/perl-bootloader#160 - fix 'pbl --version' to show correct version number - 1.10 ==== ppp ==== Version update (2.4.9 -> 2.5.0) - Update to version 2.5.0. This release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. * CVE-2022-4603, bsc#1218251: improper validation of array index of the component pppdump * Support for PEAP authentication * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment * Support for pkgconfig * Bunch of fixes and cleanup to PPPoE and IPv6 support * Major revision to PPPD's Plugin API * Lots of internal fixes and cleanups for Radius and PPPoE * Dropped IPX support, as Linux has dropped it in version 5.15 * Pppd is no longer installed setuid-root * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. - Obsoleted patches: * ppp-lib64.patch * ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch * ppp-pie.patch - Source file pppoe-discovery.8.gz is now part of the tarball. - Enable support for systemd notification. ==== python-hiredis ==== Version update (2.2.2 -> 2.3.2) - update to 2.3.2: * Added Python 3.12 to test matrix and classifiers (#174) * Linking to Redis learning resources (#173) * Updating client license to clear, MIT (#170) * Integrating spellcheck into CI (#169) * hiredis 1.2.0 support, versioning as 2.3.0 (#168) * Fix including tests in sdist (#166) * Use absolute imports and remove __init__.py from tests. * Implement garbage collection support in Reader (#162) (#163) ==== python-lxml ==== Version update (4.9.3 -> 4.9.4) - update to 4.9.4: * LP#2046398: Inserting/replacing an ancestor into a node's children could loop indefinitely. * LP#1980767, GH#379: ``TreeBuilder.close()`` could fail with a ``TypeError`` after parsing incorrect input. * LP#1522052: A file-system specific test is now optional and should no longer fail on systems that don't support it. * Built with Cython 0.29.37. - drop libxml2212-tests.patch (upstream) ==== python311 ==== Subpackages: python311-curses python311-dbm - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== rsync ==== - Moved rsyncd.conf and rsyncd.secrets to /usr/etc. * Add rsync-usr-etc.patch ==== sudo ==== Version update (1.9.15p2 -> 1.9.15p4) Subpackages: sudo-plugin-python - For existing products (SLE15-SP* and older) keep using /etc and don't switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products will use both /etc and /usr/etc locations. - Update to 1.9.15p4: * Fixed a bug introduced in sudo 1.9.15 that could prevent a user’s privileges from being listed by sudo -l if the sudoers entry in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the ability to run commands via sudo. Bug #1063. - Update to 1.9.15p3: * Always disable core dumps when sudo sends itself a fatal signal. Fixes a problem where sudo could potentially dump core dump when it re-sends the fatal signal to itself. This is only an issue if the command * received a signal that would normally result in a core dump but the command did not actually dump core. * Fixed a bug matching a command with a relative path name when the sudoers rule uses shell globbing rules for the path name. Bug #1062. * Permit visudo to be run even if the local host name is not set. GitHub issue #332. * Fixed an editing error introduced in sudo 1.9.15 that could prevent sudoreplay from replaying sessions correctly. GitHub issue #334. * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang on Linux systems. GitHub issue #335. * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified in sudoers were not applied to the command being run. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - udev: only require kmod in the full flavor. udev-mini is only used inside OBS in a strictly defined setup and udev will never have to load device drivers there. - Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f 071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails 963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282) 6f53f71d2d vconsole-setup: simplify error handling ==== vim ==== Version update (9.0.2146 -> 9.0.2181) Subpackages: vim-data vim-data-common xxd - update to 9.0.2181: * Vim9: missing error messages * update helptags * POSIX function name in exarg causes issues * no filetype detection for execline scripts * reg_executing() wrong for :normal with range * Wrong cursor position when dragging out of window * Update Serbian messages translation * runtime(netrw): prevent E11 on FocusGained autocommand * Update Japanese translation * runtime(8th): updated 8th syntax * change dependabot prefix to "CI" * Update change.txt * Compile error with Motif UI + mouse support * Create Changelog until v9.0.2175 * Update Italian translations * Update tmux syntax rules * Update Turkish translations * Compiler warning for uninitialized var * update fortran syntax rules and doc notes * Vim9: segfault when assigning to type * remove deprecation warning for gdefault * Vim9: crash when compiling for statement and non-existing type * Vim9: compiling :defer may fail * Updated Irish translation * Update Logtalk runtime files for the latest language spec * update Racket runtime files * Update colorschemes * The options[] array is still not sorted alphabetically * Vim9: no support for const/final class/objects vars * Vim9: builtin funcs may accept a non-value * Moving tabpages on :drop may cause an endless loop * sync runtime files with upstream * grammar & typo fixes * add Tbreak command * Vim9: not consistently using :var for declarations * Memory leak in Configure Script when checking GTK * Vim9: can simplify arg type checking code * Vim9: can use type a func arg/return value * escape curdir in BrowseUpDir * Vim9: type can be assigned to list/dict * Vim9: type documentation out-dated * Vim9: not able to use imported interfaces and classes * instanceof() should use varargs as second arg * Update syntax file, fix missing for highlight * screenpos() may crash with neg. column * [security]: use-after-free in check_argument_type * Vim9: incorrectly parses :def func definitions * Vim9: can use typealias in assignment * ft detection maybe wrong if 'fic' set for *.[CH] * re-generate helptags * do not set b:did_ftplugin before sourcing scala ftplugin(#13657) * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2` * fix examples in comments for JSON formatting * Add json formating plugin (Issue #11426) * Update syntax file * link cmdline completion to to |wildcards| and fix typos * Update eval.txt * Vim9: type not kept when assigning vars * The option[] array is not sorted * unlet b:filetype_in_cpp_family for cpp & squirrel * fix typo in change.txt * update syntax and ftplugins * Update syntax file and syntax test * Sort options.txt alphabetically * update todo items * sort option-list alphabetically * no support to build on OpenVMS * Using type unknown for List/Dict containers * 'breakindent' is not drawn after diff filler lines * remove non-existent parameter in shift-command * Using int for errbuflen in option funcs * [security]: use-after-free in exec_instructions() * Vim does not detect pacman.log file * reference 'go-!' inside os_win32.txt for !start * Type check tests fail without the channel feature ==== vinagre ==== - Disable RDP support for the time being: vinagre has been archived upstream and does not support freerdp 3.0. If you rely on RDP connections, please switch to GNOME Connections. ==== vte ==== Version update (0.74.1 -> 0.74.2) Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 - Update to version 0.74.2: * lib,bidi: Work on the heap rather than the stack * stream: Fix a rare corruption when advancing the tail * widget: Fix initial cursor blink state * build: Post release version bump ==== wtmpdb ==== Version update (0.9.3 -> 0.10.0) Subpackages: libwtmpdb0 - Update to version 0.10.0 - last: support matching for username and/or tty ==== zbar ==== - security update: * CVE-2023-40889 [bsc#1214770] Fix heap based buffer overflow in qr_reader_match_centers() + zbar-CVE-2023-40889.patch * CVE-2023-40890 [bsc#1214771] Fix stack based buffer overflow in lookup_sequence() + zbar-CVE-2023-40890.patch