Packages changed: dracut (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) gnutls (3.8.1 -> 3.8.2) hplip libksba (1.6.4 -> 1.6.5) libsolv (0.7.25 -> 0.7.26) libxml2 (2.11.5 -> 2.11.6) sssd texlive === Details === ==== dracut ==== Version update (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) Subpackages: dracut-ima - Update to version 059+suse.522.g0fc72191: * fix(install.d): do not create rescue entry when working with UKIs * fix(install.d): skip if $KERNEL_INSTALL_INITRD_GENERATOR is set otherwise * feat(resume): do not attempt to install systemd-hibernate-resume@.service * feat(install.d): add sort-key field to rescue BLS entries * fix(install.d): do not generate a new initrd if any INITRD_FILE is provided * fix(install.d): do not create initramfs if the supplied image is UKI * feat(install.d): allow using dracut in combination with ukify * fix(resume): add new systemd-hibernate-resume.service * feat(systemd): install systemd-executor ==== gnutls ==== Version update (3.8.1 -> 3.8.2) - Update to 3.8.2: [bsc#1217277, CVE-2023-5981] * libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981] * libgnutls: Add API functions to perform ECDH and DH key agreement The functionality has been there for a long time though they were not available as part of the public API. This enables applications to implement custom protocols leveraging non-interactive key agreement with ECDH and DH. * libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452) The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through the AEAD interface. Note that, unlike GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is appended to the ciphertext, not prepended. * libgnutls: transparent KTLS support is extended to FreeBSD kernel The kernel TLS feature can now be enabled on FreeBSD as well as Linux when compiled with the --enable-ktls configure option. * gnutls-cli: New option --starttls-name Depending on deployment, application protocols such as XMPP may require a different origin address than the external address to be presented prior to STARTTLS negotiation. The --starttls-name can be used to specify specify the addresses separately. * API and ABI modifications: - gnutls_pubkey_import_dh_raw: New function - gnutls_privkey_import_dh_raw: New function - gnutls_pubkey_export_dh_raw: New function - gnutls_privkey_export_dh_raw: New function - gnutls_x509_privkey_import_dh_raw: New function - gnutls_privkey_derive_secret: New function - GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t - GNUTLS_CIPHER_AES_128_SIV_GCM: Added - GNUTLS_CIPHER_AES_256_SIV_GCM: Added * Rebase gnutls-FIPS-140-3-references.patch * Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch ==== hplip ==== Subpackages: hplip-hpijs hplip-udev-rules - hppsfilter: booklet printing: change insecure fixed /tmp file paths (bsc#1214399) * add hppsfilter-booklet-printing-change-insecure-fixed-tm.patch ==== libksba ==== Version update (1.6.4 -> 1.6.5) - Update to 1.6.5: * Add Brainpool curve detection using parameters with compressed base point. [rKeb23f853f178] * New configure option --with-libtool-modification. [T6619] * Release-info: https://dev.gnupg.org/T6822 ==== libsolv ==== Version update (0.7.25 -> 0.7.26) Subpackages: libsolv-tools python3-solv ruby-solv - fix evr roundtrip in testcases - do not use deprecated headerUnload with newer rpm versions - bump version to 0.7.26 ==== libxml2 ==== Version update (2.11.5 -> 2.11.6) Subpackages: libxml2-2 libxml2-tools - Update to version 2.11.6: * Regressions: - threads: Fix --with-thread-alloc - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode * Bug fixes: parser: Fix potential use-after-free in xmlParseCharDataInternal ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Fix spec file for Leap - /usr/etc migration, restore /etc/sssd/sssd.conf.rpmsave after update (bsc#1216865) - Do not install the KRB5 IDP plugin, it is useless without the OIDC child - Drop no longer valid --without-secrets configure switch ==== texlive ==== - Silent some rpmlint errors - Catch all lua based binaries for boo#1216650 - texlive-latex-bin-bin: Ensure the same version of libz1 is installed in system as against what texlive was compiled (boo#1216650).