Packages changed: 389-ds (2.3.0~git22.8fedec0 -> 2.3.2~git53.a01e230) arj dracut (059+suse.366.gf45bc67a -> 059+suse.368.g2e7ac134) edict (20211231 -> 20230411) gnutls (3.7.9 -> 3.8.0) hxtools (20221120 -> 20230411) libXt (1.2.1 -> 1.3.0) libopenraw libpcap (1.10.3 -> 1.10.4) libvirt xf86-video-neomagic (1.3.0 -> 1.3.1) yast2-trans (84.87.20230401.d443fd75ae -> 84.87.20230408.14f26575c7) zvbi === Details === ==== 389-ds ==== Version update (2.3.0~git22.8fedec0 -> 2.3.2~git53.a01e230) Subpackages: lib389 libsvrcore0 - bsc#1210027 - apply upstream fix for setuptools - Update to version 2.3.2~git53.a01e230: * Issue 5705 - Add config parameter to close client conns on failed bind (#5712) * Issue 4758 - Add tests for WebUI * Issue 5643 - Memory leak in entryrdn during delete (#5717) * Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations * Issue 5701 - CLI - Fix referral mode setting (#5708) * Bump openssl from 0.10.45 to 0.10.48 in /src (#5709) * Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) * Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698) * Issue 1081 - Stop schema replication from overwriting x-origin * Issue 4812 - Listener thread does not scale with a high num of established connections (#5706) - Update to version 2.3.2~git44.5e4551e: * Issue 4812 - Listener thread does not scale with a high num of established connections (#5706) * Issue 4812 - Listener thread does not scale with a high num of established connections (#5681) * Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) * Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) * Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) * Issue 5687 - UI - sensitive information disclosure * Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676) * Issue 5554 - Add more tests to security_basic_test suite * Issue 4583 - Update specfile to skip checks of ASAN builds * Issue 4758 - Add tests for WebUI ==== arj ==== - Extend arj-3.10.22-fixstrcpy.patch to avoid trouble with strcpy in two more places ==== dracut ==== Version update (059+suse.366.gf45bc67a -> 059+suse.368.g2e7ac134) - Update to version 059+suse.368.g2e7ac134: * chore(suse): remove mkinitrd wrapper (bsc#1202351) (jsc#PED-1919) ==== edict ==== Version update (20211231 -> 20230411) Subpackages: edict2 jmdict - Update to snapshot 20230411 * No changelog recorded. ==== gnutls ==== Version update (3.7.9 -> 3.8.0) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - Temporarily disable GNULIB's year2038 support for 64bit time_t by using the --disable-year2038 flag. This omits support for timestamps past the year 2038: * Fixes the public API on 32-bit architectures avoiding to change the size of time_t as it cannot be changed without breaking the ABI compatibility. * Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466 - Update to 3.8.0: [bsc#1205763, bsc#1209627] * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] * libgnutls: C++ library is now header only. All definitions from gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++ interface have two options: 1. include gnutlsxx.h in their application and link against the C library. (default) 2. include gnutlsxx.h in their application, compile with GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link against the C++ library. * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST priority modifier have been added to allow disabling of the status_request TLS extension in the client side. * libgnutls: TLS heartbeat is disabled by default. The heartbeat extension in TLS (RFC 6520) is not widely used given other implementations dropped support for it. To enable back support for it, supply --enable-heartbeat-support to configure script. * libgnutls: SRP authentication is now disabled by default. It is disabled because the SRP authentication in TLS is not up to date with the latest TLS standards and its ciphersuites are based on the CBC mode and SHA-1. To enable it back, supply - -enable-srp-authentication option to configure script. * libgnutls: All code has been indented using "indent -ppi1 -linux". CI/CD has been adjusted to catch regressions. This is implemented through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s commit-check. You may run devel/indent-gnutls to fix any indentation issues if you make code modifications. * guile: Guile-bindings removed. They have been extracted into a separate project to reduce complexity and to simplify maintenance, see . * minitasn1: Upgraded to libtasn1 version 4.19. * API and ABI modifications: GNUTLS_NO_STATUS_REQUEST: New flag GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member * Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch and gnutls-FIPS-jitterentropy-threadsafe.patch into the main patch gnutls-FIPS-jitterentropy.patch * Rebase gnutls-FIPS-140-3-references.patch * Rebase patches with upstream version: - gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch * Remove patches merged/fixed upstream: - gnutls-FIPS-disable-failing-tests.patch - gnutls-verify-library-HMAC.patch - gnutls_ECDSA_signing.patch - gnutls-Make-XTS-key-check-failure-not-fatal.patch - gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch * Update keyring with https://gnutls.org/gnutls-release-keyring.gpg - FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] * Add gnutls-FIPS-jitterentropy-threadsafe.patch - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Rebase patches with the version submitted upstream. * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch ==== hxtools ==== Version update (20221120 -> 20230411) Subpackages: fd0ssh ofl - Update to release 20230411 * checkbrack: remove -p option * gpsh: avoid spurious "mkvmerge failed" report * wktimer: -S option behavior split off to -X ==== libXt ==== Version update (1.2.1 -> 1.3.0) - update to 1.3.0 * gitlab CI: add a basic build test * Fix spelling/wording issues * gitlab CI: stop requiring Signed-off-by in commits * Use memcpy() instead of memmove() when buffers are known not to overlap * Use memcpy() instead of XtMemmove() when buffers are known to differ * tests: update g_test_bug_base url from bugzilla to gitlab * tests: Use XORG_MEMORY_CHECK_FLAGS from xorg-macros 1.16 * tests: Replace g_assert() calls with g_assert_*() calls * configure.ac: Replace HAVE_LIBRARY with AC_CHECK_LIB * Add xfilesearchpath to xt.pc * TMstate.c: Handle -Wduplicated-branches warnings * Remove "All rights reserved" from Oracle copyright notices * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * test: Add unit tests for XtMalloc, XtCalloc, & XtRealloc * Add XtReallocArray() for overflow checking of multiplied args * Replace XtRealloc() calls with XtReallocArray() * Replace XtMalloc() calls with XtMallocArray() * Define LONG64 if __SIZEOF_LONG__ indicates 64-bit long * XtArgVal: Support architectures where pointers are bigger than long * Use XtUIntPtr for integer types that can hold pointers * Cast via intptr_t when converting integers to pointers * Fix XrmResource layout if pointers are bigger than long * Fix InternalCallbackRec layout if pointers are bigger than 64 bits * Support buttons > 5 in translation tables [v2] * add _X_NORETURN to agree with header-file * codespell-fixes * cppcheck and clang --analyze fixes * fixes for gcc13 warnings * cppcheck fixes (const, null dereferencing, uninitialized, scope) * cppcheck (revise IsDescendant() to fix possible null-dereference) * update copyright-date ==== libopenraw ==== Subpackages: gdk-pixbuf-loader-libopenraw libopenraw9 - Add 03f8270d6bb255ca6618505e83169ab9d95ccef1.patch: Include stdint.h where needed. This fixes an issue building with gcc 13. ==== libpcap ==== Version update (1.10.3 -> 1.10.4) - update to 1.10.4: * rpcap: Fix name of launchd service. * documentation updates and build system tweaks ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - service: Remove unnecessary auth token from github URL ==== xf86-video-neomagic ==== Version update (1.3.0 -> 1.3.1) - Update to version 1.3.1 * Fix spelling/wording issues * gitlab CI: add a basic build test * gitlab CI: stop requiring Signed-off-by in commits * NEOGetRec: Fix -Wmisleading-indentation warning * NEOPreInit: Handle -Wimplicit-fallthrough warning * Use fabs() instead of abs() on double value. ==== yast2-trans ==== Version update (84.87.20230401.d443fd75ae -> 84.87.20230408.14f26575c7) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230408.14f26575c7: * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Georgian) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'snapper'. * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'country'. * New POT for text domain 'cluster'. * New POT for text domain 'base'. ==== zvbi ==== - Set minimum version for gettext