Packages changed: arphic-ukai-fonts crda diffutils (3.8 -> 3.9) installation-images-MicroOS (17.67 -> 17.68) libXpm libevent librsvg libstorage-ng (4.5.63 -> 4.5.64) manpages-l10n (4.16.0 -> 4.17.0) ncurses (6.4.20230107 -> 6.4.20230114) perl pipewire podman python-configobj python-httpx (0.23.0 -> 0.23.3) python310-packaging (22.0 -> 23.0) redis (7.0.7 -> 7.0.8) rpm rust-keylime (0.1.0+git.1666019359.f5de47b -> 0.1.0+git.1672681780.762cec8) yast2-storage-ng (4.5.15 -> 4.5.16) === Details === ==== arphic-ukai-fonts ==== - amend license SUSE-Arphic to SPDX's Arphic-1999 ==== crda ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== diffutils ==== Version update (3.8 -> 3.9) Subpackages: diffutils-lang - diffutils 3.9: * fixes for other platforms ==== installation-images-MicroOS ==== Version update (17.67 -> 17.68) - merge gh#openSUSE/installation-images#618 - switch from curl to osc api to avoid authentication hassle with IBS - add 'ignore_packages' environment setting to allow more control over package config - update docs - 17.68 ==== libXpm ==== - U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch - U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, bsc#1207029) - U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch * libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617, bsc#1207030) - U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch * libXpm: compression commands depend on $PATH (CVE-2022-4883, bsc#1207031) - U_regression-bug1207029_1207030_1207031.patch * regression fix for above patches - U_regression2-bug1207029_1207030_1207031.patch * second regression fix: Use gzip -d instead of gunzip ==== libevent ==== - Disable the select backend, this can be easily done by lying to configure. This is done due to: * using fd number > 1024 on an fd_set results in a runtime fortify source assertion, preventing further doom. * select will not be changed to handle fd > 1024. * this limit is unreasonable low for this century. ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - update vendor tarball - actually run the testsuite for x86_64 (bsc#1207167) ==== libstorage-ng ==== Version update (4.5.63 -> 4.5.64) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#912 - allow both 'swap' and 'none' as path for swap in fstab - added testcase - 4.5.64 ==== manpages-l10n ==== Version update (4.16.0 -> 4.17.0) Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR - Update to version 4.17.0: * Updated many translations. * Swedish is now actively maintained. * New language: Russian. ==== ncurses ==== Version update (6.4.20230107 -> 6.4.20230114) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230114 + change RV to XR/xr, to avoid conflict with pre-existing usage in vim, to use RV/rv to denote DA2 and its response (discussion with Bram Moolenaar) -TD + add XF flag to xterm+focus so that termcap applications can be aware of terminals which may support focus in/out -TD + use xterm+focus in xterm-p370 and tmux -TD + improve configure-script macros vs compiler warnings. - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.4.dif ==== perl ==== Subpackages: perl-base - Replace usage of deprecated fgrep with grep -F. ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to avoid division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953): * 0001-alsa-guard-against-some-invalid-values.patch - Add patch from upstream to fix causing an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680): * 0001-spa-Fix-audioconvert-overflow-when-scaling.patch - Add patch from upstream to fix a crash on arm: * 0001-cpu-arm-Fix-incorrect-free.patch ==== podman ==== Subpackages: podman-cni-config - add patch: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch (backport of https://github.com/containers/storage/pull/1468) - Make the priority for picking the storage driver configurable (bsc#1197093) (backport of https://github.com/containers/storage/pull/1460) - add patch: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch ==== python-configobj ==== - require setuptools ==== python-httpx ==== Version update (0.23.0 -> 0.23.3) - Update to 0.23.3 * Version 0.23.2 accidentally included stricter type checking on query parameters. This shouldn've have been included in a minor version bump, and is now reverted. (#2523, #2539) - 0.23.2 (2nd Jan, 2023) * Support digest auth nonce counting to avoid multiple auth requests. (#2463) * Multipart file uploads where the file length cannot be determine now use chunked transfer encoding, rather than loading the entire file into memory in order to determine the `Content-Length`. (#2382) * Raise `TypeError` if content is passed a dict-instance. (#2495) * Partially revert the API breaking change in 0.23.1, which removed `RawURL`. We continue to expose a `url.raw` property which is now a plain named-tuple. This API is still expected to be deprecated, but we will do so with a major version bump. (#2481) - 0.23.1 (18th Nov, 2022) * *Note**: The 0.23.1 release should have used a proper version bump, rather than a minor point release. There are API surface area changes that may affect some users. See the "Removed" section of these release notes for details. [#]## Added * Support for Python 3.11. (#2420) * Allow setting an explicit multipart boundary in `Content-Type` header. (#2278) * Allow `tuple` or `list` for multipart values, not just `list`. (#2355) * Allow `str` content for multipart upload files. (#2400) * Support connection upgrades. See https://www.encode.io/httpcore/extensions/#upgrade-requests [#]## Fixed * Don't drop empty query parameters. (#2354) [#]## Removed * Upload files *must* always be opened in binary mode. (#2400) * Drop `.read`/`.aread` from `SyncByteStream`/`AsyncByteStream`. (#2407) * Drop `RawURL`. (#2241) ==== python310-packaging ==== Version update (22.0 -> 23.0) - Update to v23.0 * Remove unused LPAREN token from tokenizer by @hrnciar in #630 * Reorganise the project layout and version management by @pradyunsg in #626 * Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634 * Use stable Python 3.11 in tests by @153957 in #641 * Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643 * Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642 * refactor _generic_api to use EXT_SUFFIX by @mattip in #607 * Allow "extra" to be None in the marker environment by @pradyunsg in #650 * Fix typos by @kianmeng in #648 * Update changelog for release by @pradyunsg in #656 ==== redis ==== Version update (7.0.7 -> 7.0.8) - redis 7.0.8 * CVE-2022-35977: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic boo#1207202 * CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service boo#1207203 * Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD, and ZRANDMEMBER commands and gets disconnected by client output buffer limit * Make sure that fork child doesn't do incremental rehashing * Fix a bug where blocking commands with a sub-second timeout would block forever * Fix sentinel issue if replica changes IP ==== rpm ==== Subpackages: librpmbuild9 - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== rust-keylime ==== Version update (0.1.0+git.1666019359.f5de47b -> 0.1.0+git.1672681780.762cec8) - Update to version 0.1.0+git.1672681780.762cec8: * build(deps): bump openssl from 0.10.41 to 0.10.45 * build(deps): bump tokio from 1.21.1 to 1.23.0 * Disable dnf-makecache.service to save RAM * CI tests: Do not remove Fedora tag repository * add support for cargo deb * Pacify clippy::needless-borrow * Move tpm.rs from keylime-agent to the library * Split crates into library and applications - Add 0001-keylime-agent-remove-const_err-deny.patch - Fix "cargo install" with workspaces https://github.com/rust-lang/cargo/issues/7599 - Add 0001-Cargo.toml-tss-esapi-bindings.patch - Update to version 0.1.0+git.1670590616.e80c67a: * main: only read uuid from KeylimeConfig * Enabling more e2e tests in Packit CI * systemd: start agent after network is online * Cargo: Drop unused dependencies rust-ini and toml ==== yast2-storage-ng ==== Version update (4.5.15 -> 4.5.16) - Extended regexp to identify Dell BOSS storage devices (bsc#1200975) - 4.5.16