Packages changed: bolt (0.9.7 -> 0.9.8) gdk-pixbuf (2.42.11 -> 2.42.12) glib2 (2.80.0 -> 2.80.2) grub2 hwdata (0.380 -> 0.382) iproute2 (6.8 -> 6.9) libbpf (1.4.1 -> 1.4.2) libmodulemd libxml2 (2.12.6 -> 2.12.7) makedumpfile (1.7.4 -> 1.7.5) mozilla-nss (3.99 -> 3.100) passt (20240426.d03c4e2 -> 20240510.7288448) patterns-base perl-URI (5.270.0 -> 5.280.0) pipewire powerdevil6 sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) soundtouch (2.3.2 -> 2.3.3) xwayland (23.2.6 -> 24.1.0) === Details === ==== bolt ==== Version update (0.9.7 -> 0.9.8) - update to 0.9.8: * A new NHI for REMBRANDT. * CI fixes. * Don't install an empty DB directory. * Fixed: Determine the string length before writing file. * Fixed: Free on error to prevent resource leak. ==== gdk-pixbuf ==== Version update (2.42.11 -> 2.42.12) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.12: + Fix a build failure, + Fix occasional build failures, + ani: Reject files with multiple INA or IART chunks, + ani: Reject files with multiple anih chunks (CVE-2022-48622), + ani: validate chunk size, + Updated translations. - Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed upstream. ==== glib2 ==== Version update (2.80.0 -> 2.80.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.80.2: + Fix a regression with IBus caused by the fix for CVE-2024-34397. + Fix installation directory of the GVariant specification. + Bugs fixed: - GVariant specification installed in wrong directory. - Backport "gdbusconnection: Fix test signal subscription ordering" to glib-2-80. - Backport “Correct installation directory of GVariant specification” to glib-2-80. - Backport “gdbusconnection: Allow name owners to have the syntax of a well-known name” to glib-2-80. - Changes from version 2.80.1 + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch ==== hwdata ==== Version update (0.380 -> 0.382) - update to 0.382: * Update pci, usb and vendor ids ==== iproute2 ==== Version update (6.8 -> 6.9) - Update to release 6.9 * ss: add option to suppress queue columns * m_mirred: allow mirred to block * tc: add NLM_F_ECHO support for actions and filters * ip/bond: add coupled_control support * ss: add support for BPF socket-local storage * ip: ioam6: add monitor command ==== libbpf ==== Version update (1.4.1 -> 1.4.2) - update to 1.4.2: * Another struct_ops-focused bug fix release. It addresses a few more corner cases when dealing with SEC("struct_ops") programs. * It also improves error messaging around common use case of declaring struct_ops BPF program and not referencing it from SEC(".struct_ops") variable (backed by struct_ops BPF map). * This release should improve overall experience of using BPF struct_ops functionality. ==== libmodulemd ==== - Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path for GLib 2.80.2 (https://github.com/fedora-modularity/libmodulemd/pull/618). ==== libxml2 ==== Version update (2.12.6 -> 2.12.7) Subpackages: libxml2-2 libxml2-tools - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== makedumpfile ==== Version update (1.7.4 -> 1.7.5) - Update to 1.7.5: * Support for kernels up to v6.8 (x86_64) * Support for printk caller_id by --dump-dmesg option * [PATCH] ppc64: get vmalloc start address from vmcoreinfo * [PATCH] ppc64: read cur_mmu_type from vmcoreinfo * [PATCH] add PRINTK_CALLER id support to --dump-dmesg option * [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces * [PATCH 1/2] s390x: fix virtual vs physical address confusion Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch file based on version 1.7.5 of the code ==== mozilla-nss ==== Version update (3.99 -> 3.100) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.100 - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. - bmo#1893752 - remove ckcapi. - bmo#1893162 - avoid a potential PK11GenericObject memory leak. - bmo#671060 - Remove incomplete ESDH code. - bmo#215997 - Decrypt RSA OAEP encrypted messages. - bmo#1887996 - Fix certutil CRLDP URI code. - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. - bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH. - bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c. - bmo#1548723 - Moving the decodedCert allocation to NSS. - bmo#1885404 - Allow developers to speed up repeated local execution of NSS tests that depend on certificates. ==== passt ==== Version update (20240426.d03c4e2 -> 20240510.7288448) Subpackages: passt-selinux - Update to version 20240510.7288448: * apparmor: allow read access on /tmp for pasta * tcp_splice: Set OUT_WAIT_ flag whenever pipe isn't emptied * udp: Single buffer for IPv4, IPv6 headers and metadata * udp: Use the same buffer for the L2 header for all frames * udp: Share payload buffers between IPv4 and IPv6 * udp: Explicitly set checksum in guest-bound UDP headers * udp: Combine initialisation of IPv4 and IPv6 iovs * udp: Split tap-bound UDP packets into multiple buffers using io vector * test: Allow sftp via vsock-ssh in tests * tcp: Update tap specific header too in tcp_fill_headers[46]() * iov: Helper macro to construct iovs covering existing variables or fields * tap, tcp: (Re-)abstract TAP specific header handling * tcp: Simplify packet length calculation when preparing headers * treewide: Standardise variable names for various packet lengths * checksum: Make csum_ip4_header() take a host endian length * treewide: Remove misleading and redundant endianness notes * tap: Remove unused structs tap_msg, tap_l4_msg * tap: Split tap specific and L2 (ethernet) headers * checksum: Use proto_ipv6_header_psum() for ICMPv6 as well * netlink: Fix iterations over nexthop objects ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - add procps into the base pattern as recommended together with zypper (which dropped the dependency) ==== perl-URI ==== Version update (5.270.0 -> 5.280.0) - updated to 5.28 see /usr/share/doc/packages/perl-URI/Changes 5.28 2024-03-27 01:49:44Z - Using Scalar::Util::reftype instead of just ref(), but mindful this time about definedness to avoid warnings (GH#140) (Jacques Deguest) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move modules jack-tunnel and jackdbus-detect to the pipewire-spa-plugins-0_2-jack since those modules should only be used when the real jack server is running. This fixes pipewire starting jackdbus on start. ==== powerdevil6 ==== - Recommend ddcutil-i2c-udev-rules (boo#1224197) ==== sdbootutil ==== Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240514.56dc89c: * Add show-entry command * Add SYSTEMD_COLORS flag * Add byte order mark to boot.csv ==== soundtouch ==== Version update (2.3.2 -> 2.3.3) - Update to 2.3.3: * Fixing compiler warnings, maintenance fixes to make/build files for various systems - Refresh disable-ffast-math.patch ==== xwayland ==== Version update (23.2.6 -> 24.1.0) - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased