Packages changed: audit (3.0.3 -> 3.0.5) audit-secondary (3.0.3 -> 3.0.5) codec2 (1.0.0 -> 1.0.1) crypto-policies (20210225.05203d2 -> 20210917.c9d86d1) diffutils ffmpeg-4 gd libmtp (1.1.18 -> 1.1.19) mozjs78 (78.13.0 -> 78.14.0) openSUSE-build-key perl-libwww-perl (6.56 -> 6.57) selinux-policy === Details === ==== audit ==== Version update (3.0.3 -> 3.0.5) Subpackages: libaudit1 libauparse0 - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ==== audit-secondary ==== Version update (3.0.3 -> 3.0.5) Subpackages: audit python3-audit system-group-audit - Fix hardened auditd.service (bsc#1181400) * add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/* to auditd.service. - Enable stop rules for audit.service (cf. bsc#1190227) * add enable-stop-rules.patch - Change default log_format from ENRICHED to RAW (bsc#1190500): * add change-default-log_format.patch (SUSE-specific patch) - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ==== codec2 ==== Version update (1.0.0 -> 1.0.1) - Update to version 1.0.1: * Release to support freedv-gui 1.6.1 ==== crypto-policies ==== Version update (20210225.05203d2 -> 20210917.c9d86d1) - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch ==== diffutils ==== - Skip stack overflow tests under qemu emulation (bsc#1190046) ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libswresample3_9 - Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix denial of service vulnerability exists due to a memory leak in avcodec_alloc_context3 at options.c (bsc#1186756). ==== gd ==== - reenable gd/gd2 legacy formats, was disabled by upstream by default [bsc#1190762] ==== libmtp ==== Version update (1.1.18 -> 1.1.19) Subpackages: libmtp-udev libmtp9 - updated to 1.1.19 release - Lots of USB ids added, especially Garmin devices - use a local libusb context, not the global one - various bugfixes ==== mozjs78 ==== Version update (78.13.0 -> 78.14.0) - Update to version 78.14.0esr. ==== openSUSE-build-key ==== - Only add openSUSE Backports key when building for a Leap system (sle_version > 0). Tumbleweed does not use Backports. ==== perl-libwww-perl ==== Version update (6.56 -> 6.57) - updated to 6.57 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.57 2021-09-20 20:20:14Z - Update docs for protocols_allowed and protocols forbidden (GH#386) (Olaf Alders) ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Fix auditd service start with systemd hardening directives (boo#1190918) * add fix_auditd.patch