Packages changed: curl (7.80.0 -> 7.81.0) dnf fwupd-efi gupnp (1.4.1 -> 1.4.2) keylime (6.2.0 -> 6.2.1) libcamera (0.0.0+g3076.d79b4120 -> 0.0.0+g3381.1db1e31e) logrotate (3.18.1 -> 3.19.0) mutter noto-coloremoji-fonts (20200916 -> 20211101) pipewire (0.3.42 -> 0.3.43) system-config-printer wireplumber (0.4.5 -> 0.4.6) wpa_supplicant === Details === ==== curl ==== Version update (7.80.0 -> 7.81.0) Subpackages: libcurl4 - update to 7.81.0: * mime: use percent-escaping for multipart form field and file names * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer * azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper * BINDINGS: add cURL client for PostgreSQL * BINDINGS: add one from Everything curl and update a link * checksrc: detect more kinds of NULL comparisons we avoid * CI: build examples for additional code verification * CI: bump job to use mbedtls 3.1.0 * cmake: don't set _USRDLL on a static Windows build * cmake: prevent dev warning due to mismatched arg * cmake: private identifiers use CURL_ instead of CMAKE_ prefix * config.d: update documentation to match the path search * configure: add -lm to configure for rustls build. * configure: better diagnostics if hyper is built wrong * configure: don't enable TLS when --without-* flags are used * configure: fix runtime-lib detection on macOS * curl.1: require "see also" for every documented option * curl: improve error message for --head with -J * curl_easy_cleanup.3: remove from multi handle first * curl_easy_escape.3: call curl_easy_cleanup in example * curl_easy_unescape.3: call curl_easy_cleanup in example * curl_multi_init.3: fix EXAMPLE formatting * curl_multi_perform/socket_action.3: clarify what errors mean * curl_share_setopt.3: split out options into their own manpages * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL * digest: compute user:realm:pass digest w/o userhash * docs/checksrc: Add documentation for STRERROR * docs/cmdline-opts: do not say "protocols: all" * docs/examples: workaround broken -Wno-pedantic-ms-format * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing * docs/INSTALL.md: typo fix : added missing "get" verb * docs/URL-SYNTAX.md: space is not fine in a given URL * docs: add known bugs list to HTTP3.md * docs: address proselint nits * docs: consistent manpage SYNOPSIS * docs: fix dead links, remove ECH.md * docs: fix typo in OpenSSL 3 build instructions * docs: Update the Reducing Size section * example/progressfunc: remove code for old libcurls * examples/multi-single.c: remove WAITMS() * FAQ: typo fix : "yout" ? "your" * ftp: disable warning 4706 in MSVC * gen.pl: improve example output format * github workflow: add wolfssl (removed from zuul) * github/workflows: add mbedtls and mbedtls-clang (removed from zuul) * gtls: check return code for gnutls_alpn_set_protocols * hash: lazy-alloc the table in Curl_hash_add() * http2:set_transfer_url() return early on OOM * HTTP3: update quiche build instructions * http: enable haproxy support for hyper backend * http: Fix CURLOPT_HTTP200ALIASES * http_proxy: don't close the socket (too early) * insecure.d: detail its use for SFTP and SCP as well * insecure.d: expand and clarify * libcurl-multi.3: "SOCKS proxy handshakes" are not blocking * libcurl-security.3: mention address and URL mitigations * libssh2: fix error message for sha256 mismatch * libtest: avoid "assignment within conditional expression" * lift: ignore is a deprecated config option, use ignoreRules * linkcheck.yml: add CI job that checks markdown links * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion * Makefile.m32: rename -winssl option to -schannel and tidy up * mbedTLS: add support for CURLOPT_CAINFO_BLOB * mbedtls: fix CURLOPT_SSLCERT_BLOB * mbedtls: fix private member designations for v3.1.0 * misc: remove unused doh flags when CURL_DISABLE_DOH is defined * misc: s/e-mail/email * multi: cleanup the socket hash when destroying it * multi: handle errors returned from socket/timer callbacks * multi: shut down CONNECT in Curl_detach_connnection * netrc.d: edit the .netrc example to look nicer * ngtcp2: verify the server cert on connect (quictls) * ngtcp2: verify the server certificate for the gnutls case * nss:set_cipher don't clobber the cipher list * openldap: implement STARTTLS * openldap: process search query response messages one by one * openldap: several minor improvements * openldap: simplify ldif generation code * openssl: check the return value of BIO_new() * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable * openssl: remove usage of deprecated `SSL_get_peer_certificate` * openssl: use non-deprecated API to read key parameters * page-footer: add a mention of how to report bugs to the man page * page-footer: document more environment variables * request.d: refer to 'method' rather than 'command' * retry-all-errors.d: make the example complete * runtests: make the SSH library a testable feature * rustls: read of zero bytes might be okay * rustls: remove comment about checking handshaking * rustls: remove incorrect EOF check * sha256/md5: return errors when init fails * socks5: use appropriate ATYP for numerical IP address host names * test1156: enable for hyper * test1156: fixup the stdout check for Windows * test1525: tweaked for hyper * test1526: enable for hyper * test1527: enable for hyper * test1528: enable for hyper * test1554: adjust for hyper * test1556: adjust for hyper * test302[12]: run only with the libssh2 backend * test661: enable for hyper * tests/CI.md: add more information on CI environments * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 * tftp: mark protocol as not possible to do over CONNECT * tool_findfile: updated search for a file in the homedir * tool_operate: only set SSH related libcurl options for SSH URLs * tool_operate: warn if too many output arguments were found * url.c: fix the SIGPIPE comment for Curl_close * url: check ssl_config when re-use proxy connection * url: reduce ssl backend count for CURL_DISABLE_PROXY builds * urlapi: accept port number zero * urlapi: if possible, shorten given numerical IPv6 addresses * urlapi: provide more detailed return codes * urlapi: reject short file URLs * version_win32: Check build number and platform id * vtls/rustls: adapt to the updated rustls_version proto * writeout: fix %{http_version} for HTTP/3 * x509asn1: return early on errors * zuul.d: update rustls-ffi to version 0.8.2 * zuul: fix quiche build pointing to wrong Cargo ==== dnf ==== - Add /etc/dnf/modules.d directory to -data subpackage (boo#1193706) ==== fwupd-efi ==== - Re-add fwupdx64.efi.signed symlink (boo#1192206) ==== gupnp ==== Version update (1.4.1 -> 1.4.2) - Update to version 1.4.2: + Context: Fix a memory leak if ACL was used + RootDevice: Deprecate get_relative_location call + RootDevice, Device & Service: Fix use-after-free if Service lives longer than RootDevice + Service: Declare _valist functions deprecated + ServiceAction: Deprecate _return() call + ServiceProxy: - Fix re-queueing the message if POST fails - Fix double-free on ProxyAction + ServiceProxyAction: add _set() to the public API + ControlPoint: Deprecate get_context() call + Doc: - Add missing ContextFilter description - Add note regarding ACL and host_path() - Add note regarding error handling of call API - Add gupnp-build-man-pages.patch: Build and install the manpage. ==== keylime ==== Version update (6.2.0 -> 6.2.1) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Update to version v6.2.1: * Another addition to gitignore * Update .gitignore with more Keylime-specific files * json: add support for sqlalchemy.engine.row.Row in newer sqlalchemy * ima_ast: check if the PCR is the same as in the config * Fix permissions issue on volume mount in run_local.sh * Make run_local.sh use a local copy of the repo * Small updates to GOVERNANCE.md * Move cargo-tarpaulin install to separate command * config: drop registrar_* TLS options in [registrar] section * Fix missing && in Dockerfile * Remove simplejson from scripts and docs * Replace simplejson with built-in json module * Add rust-keylime container dependencies * config: fix getboolean with fallback * Clean up CI scripts and rewrite run_local.sh * ima: for ToMToU errors skip template content validation * ima: Use a set of entry numbers and file offsets to remember multiple positions * Rename CONTRIBUTORS.md to CONTRIBUTING.md * Update GOVERNANCE.md to match MAINTAINERS.md rename * Update MAINTAINERS * Update README: remove Gitter, Travis CI * ca: Use UTC when setting certificate validity * Tenant commands return json * scripts: Allow passing a base policy to create_policy tool * ima: Handle the case of ima-sig with a path with spaces in them * add length to string object * scripts: Implement create_policy to create the JSON allowlist from files * ima: Also add a sha256 default boot_aggregate hash with 64 '0's * ima: Use seek() to get to the last known last entry * ima: Extend allowlist to be able to handle generic ima-buf entries * ima: Extend JSON allowlist with 'ima' entry and 'ignored_keyrings' * ima: Populate verifier keyrings with keys taken from ima-buf log line * ima: Remove methods from ImaKeyring that are now in ImaKeyrings * ima: Start passing ima_keyrings through APIs replacing ima_keyring * Extend AgentAttestState with ima_keyrings field and use it * ima: Implement ImaKeyrings class to support multiple keyrings * verifier: Extend verifier DB to persist learned keyrings * Fix a couple of pylint errors * ima: Fix spurious attestation failures * ima: make ToMToU errors not a failure by default * Simple fix for tenant error message printout. * pylint: Fix errors related to R1714 * pylint: Suppress C0201, C0209 and W0602 newly reported errors * installer: do not install tpm2-abrmd * tpm: by default use /dev/tpmrm0 instead of tpm2-abrmd * verifier: add option to send revocation messages via webhook ==== libcamera ==== Version update (0.0.0+g3076.d79b4120 -> 0.0.0+g3381.1db1e31e) - Update to version 0.0.0+g3381.1db1e31e: * No changelog available. ==== logrotate ==== Version update (3.18.1 -> 3.19.0) - update to 3.19.0: * continue on EINTR in compressLogFile() (#430) * enforce stricter parsing of configuration files (#427, #431) * avoid confusing error message in debug mode (#426) * fix full_write() on incomplete write (#415) * do not use alloca() any more (#412) * do not rotate hard links unless allowhardlink is used (#407) * change directory after dropping privileges (#397) * add defence in depth when dropping privileges (#400) * remove invalid configuration on error (#408) * do not open symbolic link log files by accident (#399) * do not write state if state file is /dev/null (#395) - rebased logrotate-3.13.0-systemd_add_home_env.patch and renamed to logrotate-3.19.0-systemd_add_home_env.patch - removed obsolete logrotate-dont_warn_on_size=_syntax.patch ==== mutter ==== - Add mutter-initialize-saved_rect_fullscreen.patch: Some applications that starts in fullscreen disappear when switching back to normal size mode, because mutter forget to initialize saved_rect_fullscreen which is used for unfullscreen, this patch fixes it (glgo#GNOME/mutter!2210, bsc#1185444). ==== noto-coloremoji-fonts ==== Version update (20200916 -> 20211101) - Update to v2.034 * Unicode 14.0 update ==== pipewire ==== Version update (0.3.42 -> 0.3.43) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.43: * Highlights: - Flatpak apps such as Ardour can now remove links again. - Many fixes to pulse-server. Memory usage should be improved. Some crashes are fixed. Underrun handling should work better. Better compatibility with GStreamer based applications after seeking. - Many of the samplerate and quantum changes bugs in previous releases were fixed. This fixes some issues where the microphone would fail to work. - Many more small fixes and improvements all over the place. ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-common system-config-printer-dbus-service udev-configure-printer - Add python-rpm-macros BuildRequires in case some build environment does not pull it automatically. This is needed by macros like %{python3_sitelib}. ==== wireplumber ==== Version update (0.4.5 -> 0.4.6) Subpackages: libwireplumber-0_4-0 wireplumber-audio - Reformat .changes file to limit lines to 67 chars when possible. - Update to version 0.4.6: * Fix a lot of race condition bugs that would cause strange crashes or many log messages being printed when streaming clients would connect and disconnect very fast. * Improve the logic for selecting a default target device. * Fix switching to headphones when the wired headphones are plugged in. * Fix an issue where "udevadm trigger" would break wireplumber. * Fix an issue where switching profiles of a device could kill client nodes. * Fix briefly switching output to a secondary device when switching device profiles (#85) * Fix "wpctl status" showing default device selections when dealing with module-loopback virtual sinks and sources. * WirePlumber now ignores hidden files from the config directory. * Fix an interoperability issue with jackdbus. * Fix an issue where pulseaudio tcp clients would not have permissions to connect to PipeWire. * Fix a crash in the journald logger with NULL debug messages. * Enable real-time priority for the bluetooth nodes to run in RT. * Make the default stream volume configurable. * Scripts are now also looked up in $XDG_CONFIG_HOME/wireplumber/scripts * Update documentation on configuring WirePlumber and fixed some more documentation issues. * Add support for using strings as log level selectors in WIREPLUMBER_DEBUG. - Drop patches merged upstream: * 0001-m-reserve-device-replace-the-hash-table-key-on-new-insert.patch * 0002-policy-node-wait-for-nodes-when-we-become-unlinked.patch - Add patch from upstream to fix a pulse client hanging issue: * 0001-policy-node-schedule-rescan-without-timeout-if-defined-target-is-not-found.patch - Add patch from upstream to fix an issue with libpipewire-module-echo-cancel: * 0002-policy-node-find-best-linkable-if-default-one-cannot-be-linked.patch ==== wpa_supplicant ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * wpa_supplicant.service