Packages changed: bluez (5.70 -> 5.71) ell (0.60 -> 0.61) mozilla-nss plasma-branding-Kalpa (20231218 -> 20231227) poppler (23.11.0 -> 23.12.0) poppler-qt5 (23.11.0 -> 23.12.0) postfix protobuf-c (1.4.1 -> 1.5.0) python-Babel (2.13.1 -> 2.14.0) python-alembic (1.13.0 -> 1.13.1) python-importlib-metadata (7.0.0 -> 7.0.1) python-jsonschema-specifications (2023.11.2 -> 2023.12.1) python-psutil (5.9.6 -> 5.9.7) qpdf (11.6.4 -> 11.7.0) timezone (2023c -> 2023d) tpm2.0-tools (5.5 -> 5.6) === Details === ==== bluez ==== Version update (5.70 -> 5.71) Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - update to 5.71: * Fix issue with not registering CSIS service. * Fix issue with registering pairing callbacks. * Fix issue with corruption during discovery filter parsing. - drop CVE-2023-45866.patch, Fix-.device_probe-failing-if-SDP-record-is-not.patch: upstream - update bluez-disable-broken-tests.diff: disable failing vcp test ==== ell ==== Version update (0.60 -> 0.61) - Update to release 0.61 * netconfig: Always set DHCP MAC address on start * netlink: Add workaround for missing NLM_F_ACK_TLVS and NLM_F_CAPPED ==== mozilla-nss ==== Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - add nss-allow-slow-tests-s390x.patch: "certutil dump keys with explicit default trust flags" test needs longer than the allowed 6 seconds on s390x ==== plasma-branding-Kalpa ==== Version update (20231218 -> 20231227) - Added eval to kalpa-firstboot and kalpa-firstboot-aarch64 (boo#1218367) - Updated to 20231227 - Fixed typos in kalpa-firstboot and kalpa-firstboot-aarch64 (boo#1218367) * Removed improper "" around $dbusRef * Corrected PATH for flathub remote * Removed installation of kwrite flatpak, GUI text editor is being provided via RPM in the pattern ==== poppler ==== Version update (23.11.0 -> 23.12.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler133 poppler-tools - version update to 23.12.0 core: * Rewrite FoFiType1::parse to be more flexible * Small internal code refactoring ==== poppler-qt5 ==== Version update (23.11.0 -> 23.12.0) - version update to 23.12.0 core: * Rewrite FoFiType1::parse to be more flexible * Small internal code refactoring ==== postfix ==== - update default configuration to enable the long-term fix for bsc#1218304, CVE-2023-51764, SMTP smuggling attack: * smtpd_forbid_bare_newline = yes * smtpd_forbid_bare_newline_exclusions = $mynetworks ==== protobuf-c ==== Version update (1.4.1 -> 1.5.0) - update to 1.5.0: * Use CMAKE_CURRENT_BINARY_DIR instead of CMAKE_BINARY_DIR * remove deprecated functionality * Avoid "unused variable" compiler warning * Update autotools * Support for new Google protobuf 22.x, 23.x releases * Remove protobuf 2.x support ==== python-Babel ==== Version update (2.13.1 -> 2.14.0) - update to 2.14.0: * ``Locale.number_symbols`` will now have first-level keys for each numbering system. * Babel no longer directly depends on either ``distutils`` or ``setuptools``; if you had been using the Babel setuptools command extensions, you would need explicitly depend on ``setuptools`` * CLDR/Numbers: Add support of local numbering systems for number symbols * CLDR: Upgrade to CLDR 43 * Frontend: Allow last_translator to be passed as an option to extract_message * Frontend: Decouple `pybabel` CLI frontend from distutils/setuptools * Numbers: Improve parsing of malformed decimals ==== python-alembic ==== Version update (1.13.0 -> 1.13.1) - update to 1.13.1: * Fixed :class:`.Rewriter` so that more than two instances could be chained together correctly, also allowing multiple ``process_revision_directives`` callables to be chained. * Fixed issue where the method :meth:`.EnvironmentContext.get_x_argument` using the :paramref:`.EnvironmentContext.get_x_argument.as_dictionary` parameter would fail if an argument key were passed on the command line as a name alone, that is, without an equal sign ``=`` or a value. Behavior is repaired where this condition is detected and will return a blank string for the given key, consistent with the behavior where the ``=`` sign is present and no value. * Fixed issue where the "unique" flag of an ``Index`` would not be maintained when generating downgrade migrations. * Fixed bug in versioning model where a downgrade across a revision with two down revisions with one down revision depending on the other, would produce an erroneous state in the alembic_version table, making upgrades impossible without manually repairing the table. * Updated pep-484 typing to pass mypy "strict" mode, however including per-module qualifications for specific typing elements not yet complete. * This allows us to catch specific typing issues that have been ongoing such as import symbols not properly exported. ==== python-importlib-metadata ==== Version update (7.0.0 -> 7.0.1) - update to 7.0.1: * Corrected the interface for SimplePath to encompass the expectations of locate_file and PackagePath. * Fixed type annotations to allow strings. ==== python-jsonschema-specifications ==== Version update (2023.11.2 -> 2023.12.1) - update to 2023.12.1: * Ignore dotfiles when collectimg schemas ==== python-psutil ==== Version update (5.9.6 -> 5.9.7) - update to 5.9.7: * 2324_: enforce Ruff rule `raw-string-in-exception`, which helps providing clearer tracebacks when exceptions are raised by psutil. * 2325_, [PyPy]: psutil did not compile on PyPy due to missing `PyErr_SetExcFromWindowsErrWithFilenameObject` cPython API. - drop logind_y2038.patch (upstream) ==== qpdf ==== Version update (11.6.4 -> 11.7.0) - update to 11.7.0: * Add QPDFAcroFormDocumentHelper::disableDigitalSignatures, which disables any digital signature fields, leaving their visual representations intact. The --remove-restrictions command-line argument now calls this. * Generate a more complete qpdf "man page" from the same source as qpdf --help. Fixes #1064. * Allow the syntax "--encrypt --user-password=user-password - -owner-password=owner-password --bits={40,128,256}" when encrypting PDF files. This is an alternative to the syntax "--encrypt user-password owner-password {40,128,256}", which will continue to be supported. The new syntax works better with shell completion and allows creation of passwords that start with "-". * When setting a check box value, allow any value other than /Off to mean checked. This is permitted by the spec. * Fix to QPDF JSON: a floating point number that appears in scientific notation will be converted to fixed-point notation, rounded to six digits after the decimal point. * Fix to QPDF JSON: the syntax "n:/pdf-syntax" is now accepted as an alternative way to represent names. This can be used for any name (e.g. "n:/text#2fplain"), but it is necessary when the name contains binary characters. * Update code and tests so that qpdf's test suite no longer depends on the output of any specific zlib implementation. This makes it possible to get a fully passing test suite with any API-compatible zlib library. CI tests with the default zlib as well as zlib-ng (including verifying that zlib-ng is not the default), but any zlib implementation should work. Fixes [#774]. * Bug fix: with --compress-streams=n, don't compress object, XRef, or linearization hint streams. * Add new C++ functions "qpdf_c_get_qpdf" and "qpdf_c_wrap" to qpdf-c.h that make it possible to write your own extern "C" functions in C++ that interoperate with the C API. See examples/extend-c-api for more information. ==== timezone ==== Version update (2023c -> 2023d) - update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. ==== tpm2.0-tools ==== Version update (5.5 -> 5.6) - Update to version 5.6 + tpm2_eventlog: * add H-CRTM event support * add support of efivar versions less than 38 * Add support to check for efivar/efivar.h manually * Minor formatting fixes * tpm2_eventlog: add support for replay with different StartupLocality * Fix pcr extension for EV_NO_ACTION * Extend test of yaml string representation * Use helper for printing a string dump * Fix upper bound on unique data size * Fix YAML string formatting + tpm2_policy: * Add support for parsing forward seal TPM values * Use forward seal values in creating policies * Move dgst_size in evaluate_populate_pcr_digests() * Allow more than 8 PCRs for sealing * Move dgst_size in evaluate_populate_pcr_digests * Allow more than 8 PCRs for sealing * Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs + tpm2_encryptdecrypt: Fix pkcs7 padding stripping + tpm2_duplicate: * Support -a option for attributes * Add --key-algorithm option + tpm2_encodeobject: Use the correct -O option instead of -C + tpm2_unseal: Add qualifier static to enhance the privacy of unseal function + tpm2_sign: * Remove -m option which was added mistakenly * Revert sm2 sign and verifysignature + tpm2_createek: * Correct man page example * Fix usage of nonce * Fix integrating nonce + tpm2_clear: add more details about the action + tpm2_startauthsession: allow the file attribute for policy authorization. + tpm2_getekcertificate: Add AMD EK support + tpm2_ecdhzgen: Add public-key parameter + tpm2_nvreadpublic: Prevent free of unallocated pointers on failure + Bug-fixes: * The readthedocs build failed with module 'jinja2' has no attribute 'contextfilter' a requirement file was added to fix this problem * An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa implementation. This error can be avoided by switching off the optimization with pragma * Changed wrong function name of "Esys_Load" to "Esys_Load" * Function names beginning with Esys_ are wrongly written as Eys_ * Reading and writing a serialized persistent ESYS_TR handles * cirrus-ci update image-family to freebsd-13-2 from 13-1 + misc: * Change the default Python version to Python3 in the helper's code * Skip test which uses the sign operator for comparison in abrmd_policynv.sh * tools/tr_encode: Add a tool that can encode serialized ESYS_TR for persistent handles from the TPM2B_PUBLIC and the raw persistent TPM2_HANDLE * Add safe directory in config