Packages changed: apparmor expat (2.4.2 -> 2.4.3) gstreamer-plugins-bad installation-images-MicroOS (17.33 -> 17.36) ldb libapparmor nvme-cli (1.16 -> 2.0~0) patterns-microos psmisc (23.3 -> 23.4) rpm-config-SUSE (0.g89 -> 0.g93) sssd systemd-rpm-macros (14 -> 15) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb; (bsc#1192684). ==== expat ==== Version update (2.4.2 -> 2.4.3) Subpackages: libexpat1 - update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480): * CVE-2021-45960 -- Fix issues with left shifts by >=29 places resulting in a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior depending on architecture and precise value for XML documents with >=2^27+1 prefixed attributes on a single XML tag a la "" where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows near memory allocation at multiple places. Mitre assigned a dedicated CVE for each involved internal C function: - CVE-2022-22822 for function addBinding - CVE-2022-22823 for function build_model - CVE-2022-22824 for function defineAttribute - CVE-2022-22825 for function lookup - CVE-2022-22826 for function nextScaffoldPart - CVE-2022-22827 for function storeAtts Impact is denial of service or more. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Drop conditionals for fdk_aac, explicitly add fdk-aac-free-devel BuildRequires, and build it for the main package. ==== installation-images-MicroOS ==== Version update (17.33 -> 17.36) - merge gh#openSUSE/installation-images#564 - do not reset standard file descriptors in inst_setup, linuxrc takes care (bsc#1193910, jsc#SLE-18632) - 17.36 - merge gh#openSUSE/installation-images#567 - Add RPi4 arm-trusted-firmware package (bsc#1173489) - 17.35 - merge gh#openSUSE/installation-images#562 - adjust to recent samba re-packaging - 17.34 ==== ldb ==== - Modify packaging to allow parallel installation with libldb1 (bsc#1192684): + Private libraries are installed in %{_libdir}/ldb2/ + Modules are installed in %{_libdir}/ldb2/modules ==== libapparmor ==== - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb; (bsc#1192684). ==== nvme-cli ==== Version update (1.16 -> 2.0~0) - Fix zsh completion package depenedencies. - Use osc_scm to manage upstream input source. - Fix version string. - Update Source URL and introduce a variable for the release canditate version string. - Update to v2.0-rc0 * Depends on libnvme * rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch * drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - added kde-gtk-config5-gtk3 to the KDE pattern, so that System Settings can also change GTK theming, which is generally used for flatpaks. ==== psmisc ==== Version update (23.3 -> 23.4) - Update to 23.4: * killall: Dynamically link to selinux and use security attributes * pstree: Do not crash on missing processes !21 * pstree: fix layout when using -C !24 * pstree: add time namespace !25 * pstree: Dynamically link to selinux and use attr * fuser: Get less confused about duplicate dev_id !10 * fuser: Only check pathname on non-block devices !31 - Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch - Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch - Port psmisc-22.21-pstree.patch - Delete psmisc-v23.3-selinux.patch as not needed anymore - Rename psmisc-v23.3.dif which is now psmisc-v23.4.dif with correct offsets ==== rpm-config-SUSE ==== Version update (0.g89 -> 0.g93) - Update to version 0.g93: * locale.attr: Match all files inside LC_MESSAGES (boo#1194865) * remove leap_version as it's obsolete ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Upgrade LDB_DIR shell variable to %ldbdir macro. ==== systemd-rpm-macros ==== Version update (14 -> 15) - Bump to version 15 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too