Packages changed: apparmor curl (7.77.0 -> 7.78.0) gtk3 (3.24.29 -> 3.24.30) keylime libapparmor libidn2 (2.3.1 -> 2.3.2) libproxy makedumpfile (1.6.8 -> 1.6.9) ncurses (6.2.20210626 -> 6.2.20210718) open-iscsi openssh shim-leap systemd === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ==== curl ==== Version update (7.77.0 -> 7.78.0) Subpackages: libcurl4 - Update to 7.78.0: [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925] * Changes: - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - hostip: make 'localhost' return fixed values - mbedtls: add support for cert and key blob options - metalink: remove all support for it - mqtt: add support for username and password * Bugfixes: - ares: always store IPv6 addresses first - c-hyper: abort CONNECT response reading early on non 2xx responses - c-hyper: add support for transfer-encoding in the request - c-hyper: bail on too long response headers - c-hyper: clear NTLM auth buffer when request is issued - c-hyper: fix NTLM on closed connection tested with test159 - conncache: lowercase the hash key for better match - curl_multibyte: Remove local encoding fallbacks - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - Curl_ssl_getsessionid: fail if no session cache exists - easy: during upkeep, attach Curl_easy to connections in the cache - gnutls: set the preferred TLS versions in correct order - hsts: ignore numberical IP address hosts - HSTS: not experimental anymore - http2: init recvbuf struct for pushed streams - http: fix crash in rate-limited upload - http: make the haproxy support work with unix domain sockets - http_proxy: deal with non-200 CONNECT response with Hyper - lib: don't compare fd to FD_SETSIZE when using poll - lib: fix compiler warnings with CURL_DISABLE_NETRC - lib: fix type of len passed to *printf's %*s - lib: more %u for port and int for %*s fixes - lib: use %u instead of %ld for port number printf - libssh2: limit time a disconnect can take to 1 second - mqtt: detect illegal and too large file size - msnprintf: return number of printed characters excluding null byte - multi: add scan-build-6 work-around in curl_multi_fdset - multi: alter transfer timeout ordering - multi: do not switch off connect_only flag when closing - multi: fix crash in curl_multi_wait / curl_multi_poll - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - openssl: avoid static variable for seed flag - openssl: don't remove session id entry in disassociate - socketpair: fix potential hangs - socks4: scan for the IPv4 address in resolve results - ssl: read pending close notify alert before closing the connection - telnet: fix option parser to not send uninitialized contents - TLS: prevent shutdown loops to get stuck - vtls: exit addsessionid if no cache is inited - vtls: fix connection reuse checks for issuer cert and case sensitivity ==== gtk3 ==== Version update (3.24.29 -> 3.24.30) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 - Update to version 3.24.30: + Input: - Ignore NoSymbol key events (happens with some XKB options). - Fix incomplete reset in some cases. + GtkEmojiChooser: - Update data from CLDR 39. - Support translated keywords for multiple languages. - Allow inserting multiple Emoji with Ctrl. - Match keywords for search. - Fix a memory leak. + GtkFileChooser: Accessibility improvements. + GtkTreeView: - Fix an accessibility-related memory leak. - Fix assertion failures in some cases. + Printing: Remove the Google Cloud Print backend, since the service was shut down. + Wayland: Work with pointer-gestures v1 protocol. + Updated translations. ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Add tenant-do_cvdelete-wait-until-404.patch to fix the update command - Adjust the default revocation notifier binding IP - Default to CFSSL in keylime.conf ==== libapparmor ==== - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ==== libidn2 ==== Version update (2.3.1 -> 2.3.2) - Update to 2.3.2: * Upgrade TR46 tables from Unicode 11 to Unicode 13. - Refresh libidn2.keyring ==== libproxy ==== - Do no longer BuildRequire libmodman-devel: libproxy 0.4.17 was changed upstream to only support to internal version (no other consumer of libmodman exists). - No longer pass -DFORCE_SYSTEM_LIBMODMAN=ON to cmake: not understood anymore (boo#1188265). ==== makedumpfile ==== Version update (1.6.8 -> 1.6.9) - Update to 1.6.9 * Add initial mips64 support * Support newer kernels up to v5.12 * x86_64: fix a use-after-free bug in -e option * arm64: support flipped VA and 52-bit kernel VA * Add shorthand --show-stats option to show report stats * Add --dry-run option to prevent writing the dumpfile * printk: add support for lockless ringbuffer - Fix rpmlintrc to not be version agnostic - Refresh makedumpfile-override-libtinfo.patch - Drop upstream merged * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch * makedumpfile-printk-use-committed-finalized-state-value.patch * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ==== ncurses ==== Version update (6.2.20210626 -> 6.2.20210718) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210718 + correct typo in "vip" comments (report by Nick Black), reviewed this against Glink manual -TD + fill in some missing pieces for pccons, to make it comparable to the vt220 entry -TD + modify mk-1st.awk to account for extra-suffix configure option (report by Juergen Pfeifer). + change default for --disable-wattr-macros option to help packagers who reuse wide ncursesw header file with non-wide ncurses library. + build-fix for test/test_opaque.c, for configurations without opaque curses structs. - Add ncurses patch 20210710 + improve history section for tset manpage based on the 1BSD tarball, which preceded BSD's SCCS checkins by more than three years. + improve CF_XOPEN_CURSES macro used in test/configure (report by Urs Jansen). + further improvement of libtool configuration, adding a dependency of the install.tic rule, etc., on the library in the build-tree. + update config.sub ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Merge latest upstream, which includeds: * Support the "qede" CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - The linux kernel has close_range(2) syscall which current glibc uses to implement closefrom(3) which will be then used by openssh. whitelist the new system call so closefrom does not fail or fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch) ==== shim-leap ==== - Update to shim to 15.4-lp152.4.17.1 from openSUSE Leap 15.2 + Version: 15.4, "Thu Jul 15 2021" + Updated openSUSE x86 signature + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232. - Remove shim-install because the shim-install is updated in Leap 15.2 RPM. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Added patches to fix CVE-2021-33910 (bsc#1188063) Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Added 1003-basic-unit-name-adjust-comments.patch These patches will be moved to the git repo once the bug will become public. - systemd-hwdb-update.service should be shipped by the udev package