Packages changed: conmon (2.1.9 -> 2.1.10) discover dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) fwupd jbigkit jq (1.7 -> 1.7.1) kdump krb5 (1.21.1 -> 1.21.2) libpwquality libssh2_org libstorage-ng (4.5.162 -> 4.5.163) metamail mozilla-nss (3.94 -> 3.95) mutter open-vm-tools perl-Bootloader (1.9 -> 1.10) podman python-hiredis (2.2.2 -> 2.3.2) python-lark (1.1.5 -> 1.1.8) python311 python311-core rsync sudo (1.9.15p2 -> 1.9.15p4) systemd vim (9.0.2146 -> 9.0.2181) vte (0.74.1 -> 0.74.2) wtmpdb (0.9.3 -> 0.10.0) zbar === Details === ==== conmon ==== Version update (2.1.9 -> 2.1.10) - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock (removes fix-incorrect-free-in-conn_sock.patch) * logging: Respect log-size-max immediately after open ==== discover ==== Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier - Update appstream build requirement for compatibility with 1.0.0 (boo#1217047) - Remove obsolete version checks ==== dracut ==== Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) Subpackages: dracut-ima - Update to version 059+suse.533.g5a7cf9fa: * feat(dracut.sh): protect `push_host_devs` function * fix(dracut.sh): do not add device if `find_block_device` returns an error ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== jbigkit ==== - security update - added patches fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler + jbigkit-CVE-2022-1210.patch ==== jq ==== Version update (1.7 -> 1.7.1) Subpackages: libjq1 - Update to version 1.7.1 Security * Fix CVE-2023-50246 (boo#1218034) + Fix heap buffer overflow in jvp_literal_number_literal. * Fix CVE-2023-50268 (boo#1218038) fix stack-buffer-overflow if comparing nan with payload. CLI changes * Make the default background color more suitable for bright backgrounds. * Allow passing the inline jq script after --. * Fix possible uninitialised value dereference if jq_init() fails Language changes * Simplify paths/0 and paths/1. * Reject U+001F in string literals. * Remove unused nref accumulator in block_bind_library. * Remove a bunch of unused variables, and useless assignments. * main.c: Remove unused EXIT_STATUS_EXACT option. * Actually use the number correctly casted from double to int as index. * src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. * Remove undefined behavior caught by LLVM 10 UBSAN. * Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. * Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. * Fix memory leak on failed get for setpath/2. * Fix nan from json parsing also for nans with payload that start with 'n'. * Allow carriage return characters in comments. Documentation changes * Generate links in the man page. libjq * Add extern C for C++. ==== kdump ==== - Update calibrate values for riscv64 ==== krb5 ==== Version update (1.21.1 -> 1.21.2) - update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. ==== libpwquality ==== Subpackages: libpwquality-lang libpwquality-tools libpwquality1 pam_pwquality - add: prereq "pam-config" in baselibs.conf * post scriptlet in pam_pwquality-32bit runs: pam-config ==== libssh2_org ==== - Security fix: [bsc#1218127, CVE-2023-48795] * Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * Add libssh2_org-CVE-2023-48795.patch ==== libstorage-ng ==== Version update (4.5.162 -> 4.5.163) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#970 - consistent (and original) naming of bcache operations - coding style - improved logging - updated integration tests - fixed typo - 4.5.163 ==== metamail ==== - Have fixed date in mgrep.1 (boo#1047218) ==== mozilla-nss ==== Version update (3.94 -> 3.95) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.95 * bmo#1842932 - Bump builtins version number. * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS. * bmo#1850982 - Remove Camerfirma root certificates from NSS. * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate. * bmo#1860670 - Add four Commscope root certificates to NSS. * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates. * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL* * bmo#1861728 - Include P-256 Scalar Validation from HACL*. * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * bmo#1837987 - Add means to provide library parameters to C_Initialize * bmo#1573097 - clang format * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber * bmo#1573097 - Fix Invalid casts in instance.c ==== mutter ==== Subpackages: mutter-lang - Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3 requrires byte based offset but Clutter uses char based offset for delete_surrounding_text, fix it by converting before passing arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712). ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== perl-Bootloader ==== Version update (1.9 -> 1.10) - merge gh#openSUSE/perl-bootloader#160 - fix 'pbl --version' to show correct version number - 1.10 ==== podman ==== - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available ==== python-hiredis ==== Version update (2.2.2 -> 2.3.2) - update to 2.3.2: * Added Python 3.12 to test matrix and classifiers (#174) * Linking to Redis learning resources (#173) * Updating client license to clear, MIT (#170) * Integrating spellcheck into CI (#169) * hiredis 1.2.0 support, versioning as 2.3.0 (#168) * Fix including tests in sdist (#166) * Use absolute imports and remove __init__.py from tests. * Implement garbage collection support in Reader (#162) (#163) ==== python-lark ==== Version update (1.1.5 -> 1.1.8) - update to 1.1.8: * Populate the `Token.end_*` fields for ignored tokens * Include .lark files in package data * Add an error message when using Lark.save() when parser!='lalr' * Add and improve docstrings * Small update to PR #1338 * Fix 1345 attempt two * Earley now uses OrderedSet for better output stability * ContextualLexer now uses self.basic_lexer for easy extensibility (iss… * Improved typing around LALR and ParserState * Typing fixes. Mypy now produces 0 type errors * Standalone: Added support for interactive parser. - update to 1.1.7: * Bugfix in propagate_positions (issue #1304) - update to 1.1.6: * Added strict-mode, enabled by `strict=True`, implemented using interegular by @MegaIng * Read more here: https://lark- parser.readthedocs.io/en/latest/how_to_use.html#strict-mode * Cache: Replace md5 hashing with sha256. * Support for Python-style comments in Lark grammar * Updates to python.lark * Bugfixes and cleanup ==== python311 ==== Subpackages: python311-curses python311-dbm - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== rsync ==== - Moved rsyncd.conf and rsyncd.secrets to /usr/etc. * Add rsync-usr-etc.patch ==== sudo ==== Version update (1.9.15p2 -> 1.9.15p4) Subpackages: sudo-plugin-python - For existing products (SLE15-SP* and older) keep using /etc and don't switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products will use both /etc and /usr/etc locations. - Update to 1.9.15p4: * Fixed a bug introduced in sudo 1.9.15 that could prevent a user’s privileges from being listed by sudo -l if the sudoers entry in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the ability to run commands via sudo. Bug #1063. - Update to 1.9.15p3: * Always disable core dumps when sudo sends itself a fatal signal. Fixes a problem where sudo could potentially dump core dump when it re-sends the fatal signal to itself. This is only an issue if the command * received a signal that would normally result in a core dump but the command did not actually dump core. * Fixed a bug matching a command with a relative path name when the sudoers rule uses shell globbing rules for the path name. Bug #1062. * Permit visudo to be run even if the local host name is not set. GitHub issue #332. * Fixed an editing error introduced in sudo 1.9.15 that could prevent sudoreplay from replaying sessions correctly. GitHub issue #334. * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang on Linux systems. GitHub issue #335. * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified in sudoers were not applied to the command being run. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev - udev: only require kmod in the full flavor. udev-mini is only used inside OBS in a strictly defined setup and udev will never have to load device drivers there. - Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f 071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails 963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282) 6f53f71d2d vconsole-setup: simplify error handling ==== vim ==== Version update (9.0.2146 -> 9.0.2181) Subpackages: vim-data vim-data-common vim-small xxd - update to 9.0.2181: * Vim9: missing error messages * update helptags * POSIX function name in exarg causes issues * no filetype detection for execline scripts * reg_executing() wrong for :normal with range * Wrong cursor position when dragging out of window * Update Serbian messages translation * runtime(netrw): prevent E11 on FocusGained autocommand * Update Japanese translation * runtime(8th): updated 8th syntax * change dependabot prefix to "CI" * Update change.txt * Compile error with Motif UI + mouse support * Create Changelog until v9.0.2175 * Update Italian translations * Update tmux syntax rules * Update Turkish translations * Compiler warning for uninitialized var * update fortran syntax rules and doc notes * Vim9: segfault when assigning to type * remove deprecation warning for gdefault * Vim9: crash when compiling for statement and non-existing type * Vim9: compiling :defer may fail * Updated Irish translation * Update Logtalk runtime files for the latest language spec * update Racket runtime files * Update colorschemes * The options[] array is still not sorted alphabetically * Vim9: no support for const/final class/objects vars * Vim9: builtin funcs may accept a non-value * Moving tabpages on :drop may cause an endless loop * sync runtime files with upstream * grammar & typo fixes * add Tbreak command * Vim9: not consistently using :var for declarations * Memory leak in Configure Script when checking GTK * Vim9: can simplify arg type checking code * Vim9: can use type a func arg/return value * escape curdir in BrowseUpDir * Vim9: type can be assigned to list/dict * Vim9: type documentation out-dated * Vim9: not able to use imported interfaces and classes * instanceof() should use varargs as second arg * Update syntax file, fix missing for highlight * screenpos() may crash with neg. column * [security]: use-after-free in check_argument_type * Vim9: incorrectly parses :def func definitions * Vim9: can use typealias in assignment * ft detection maybe wrong if 'fic' set for *.[CH] * re-generate helptags * do not set b:did_ftplugin before sourcing scala ftplugin(#13657) * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2` * fix examples in comments for JSON formatting * Add json formating plugin (Issue #11426) * Update syntax file * link cmdline completion to to |wildcards| and fix typos * Update eval.txt * Vim9: type not kept when assigning vars * The option[] array is not sorted * unlet b:filetype_in_cpp_family for cpp & squirrel * fix typo in change.txt * update syntax and ftplugins * Update syntax file and syntax test * Sort options.txt alphabetically * update todo items * sort option-list alphabetically * no support to build on OpenVMS * Using type unknown for List/Dict containers * 'breakindent' is not drawn after diff filler lines * remove non-existent parameter in shift-command * Using int for errbuflen in option funcs * [security]: use-after-free in exec_instructions() * Vim does not detect pacman.log file * reference 'go-!' inside os_win32.txt for !start * Type check tests fail without the channel feature ==== vte ==== Version update (0.74.1 -> 0.74.2) Subpackages: libvte-2_91-0 vte-lang - Update to version 0.74.2: * lib,bidi: Work on the heap rather than the stack * stream: Fix a rare corruption when advancing the tail * widget: Fix initial cursor blink state * build: Post release version bump ==== wtmpdb ==== Version update (0.9.3 -> 0.10.0) Subpackages: libwtmpdb0 - Update to version 0.10.0 - last: support matching for username and/or tty ==== zbar ==== - security update: * CVE-2023-40889 [bsc#1214770] Fix heap based buffer overflow in qr_reader_match_centers() + zbar-CVE-2023-40889.patch * CVE-2023-40890 [bsc#1214771] Fix stack based buffer overflow in lookup_sequence() + zbar-CVE-2023-40890.patch