Packages changed: cockpit dracut (057+suse.353.g6dab83eb -> 059+suse.358.g8ecd6e83) gdm gdm-branding-openSUSE gedit (44.1 -> 44.2) glib2 (2.74.4 -> 2.74.5) gnome-desktop (43 -> 43.1) gpgme keylime (6.5.2 -> 6.5.3) kpipewire libcontainers-common libraw (0.21.0 -> 0.21.1) microos-tools (2.17 -> 2.18) nautilus (43.1 -> 43.2) python-numpy soundtouch (2.3.1 -> 2.3.2) sudo (1.9.12p1 -> 1.9.12p2) transactional-update (4.1.0 -> 4.1.2) vim (9.0.1188 -> 9.0.1234) vte yast2-network (4.5.12 -> 4.5.14) yast2-trans (84.87.20230116.80083546af -> 84.87.20230123.08c503a922) === Details === ==== cockpit ==== Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - enable build of cockpit-selinux module - changes to keep it sync with sle micro (0002-selinux-temporary-remove-setroubleshoot-section.patch) ==== dracut ==== Version update (057+suse.353.g6dab83eb -> 059+suse.358.g8ecd6e83) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 059+suse.358.g8ecd6e83: See https://github.com/dracutdevs/dracut/releases/tag/058 for details (059 just adds missing entries in NEWS.md). Additional changes: * chore(suse): add execute permission to all scripts * chore(suse): update spec - Update to version 057+suse.355.g1b722fda: * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ==== gdm ==== Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update gdm-disable-gnome-initial-setup.patch: Refactoring to disable it on SLE runtime, so with the same executable it is still possible to run on Leap (jsc#PED-1719). ==== gdm-branding-openSUSE ==== - Bring back gnome-initial-setup for Leap 15.5 while keep it disabled on SLE 15 SP5 (jsc#PED-1719). ==== gedit ==== Version update (44.1 -> 44.2) Subpackages: gedit-lang python3-gedit - Update to version 44.2: + File Browser plugin: bug fix. + Updated translations. ==== glib2 ==== Version update (2.74.4 -> 2.74.5) Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - Update to version 2.74.5: + Bugs fixed: glgo#GNOME/GLib#2843, glgo#GNOME/GLib#2881, glgo#GNOME/GLib#2883, glgo#GNOME/GLib!3165, glgo#GNOME/GLib!3166, glgo#GNOME/GLib!3182, glgo#GNOME/GLib!3197, glgo#GNOME/GLib!3204, glgo#GNOME/GLib!3214. + Updated translations. - Drop 1539540.patch: Fixed upstream. ==== gnome-desktop ==== Version update (43 -> 43.1) Subpackages: gnome-desktop-lang libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeDesktop-3_0 - Update to version 43.1: + Fix gnome_parse_locale returning NULL for the C locale + Use more sensible default keyboard for es_US + Delete failed thumbnail if successfully savings thumbnail + Skip territory if no translation available + Updated translations. ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 python310-gpg - Update upstream keyring: https://gnupg.org/signature_key.asc - add python311.patch to build language bindings for python 3.11 ==== keylime ==== Version update (6.5.2 -> 6.5.3) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Update to version v6.5.3: * Bump version number to 6.5.3 * durable attestation: a simple "attestation replay" CLI utility * cmd_exec: Replace cast()s to bytes with asserts isinstance(..., bytes) * codestyle: Add type annotations to db/keylime_db.py and add to mypy * codestyle: Add type annotations to requests_client.py and add to mypy * codestyle: Add type annotations to tornado_requests.py and add to mypy * mypy: Change list of checked files to shorter list of unchecked files * codestyle: Add missing annotations to cmd_exec.py and add to mypy * codestyle: Have all files in ima directory checked by mypy * pylint: ignore zmq Context abstract-class-instantiated warnings * tenant: reliable and consistent add/delete operations (fixes #1158) (#1271) * tenant: fix the exit code for `bulkinfo` operation * config: support override via environment variables * Extend test execution instructions in TESTING.md * packit-ci: Add hotfix for tpm2-tss Fedora BZ#2158598 * tenant: Remove code hashing a public key and using hash as UUID * linters: Exclude intentionally invalid python file * config: Check for available config upgrade on startup * Do not install keylime nor configuration files during tests * .ci/test_wrapper: Add test user keylime:tss * config: Support quoted strings for TOML compatibility * gitignore: Do not use 'config' as a match pattern * tests: Add test for convert_config script * convert_config: Set version for each mapping processed * cmd/convert_config: Remove quotes and spaces around version string * convert_config: Set default output path as /etc/keylime for root * convert_config: Do not use keys() to iterate on maps * Install config upgrade script as keylime_upgrade_config * templates: Remove log_destination option * Fix default values in mappings * Correctly strip elements of a list on config v2.0 adjust script * setup: Don't use keylime.conf to generate the split configuration * convert_config: Add --defaults option to use default values * convert_config: Use str_to_version from common module * Add keylime/common/version.py for version manipulation * elchecking: load policy modules explicitly * Revert "tpm_abstract: move import of measured_boot into check_pcrs(..)" * codestyle: Add type-annotations to cli/policies.py and add to mypy * codestyle: Add type-annotations to cli/options.py and add to mypy * Introduce a RetDictType for return type of cmd_exec.run() * requirements, docs: add typing-extensions as a dependency * ima_dm: add type checks and hints * Switch code coverage measurement to Fedora 37 * codestyle: Fix annotation of mb_measurement_data * ima: Fix the ima_sign_verification_keys initial datatype * elchecking: add support for MeasuredBoot when SecureBoot is disabled * verifier: a (very simple) cache implementation for IMA policies (solves #1167) * codestyle: Add type annotations to cmd/convert_ima_policy.py and add to mypy * codestyle: Add type annotations to cmd/ima_emulator_adapter.py and add to mypy * codestyle: Add type annotations to cmd/user_data_encrypt.py and add to mypy * codestyle: Add type annotations to cmd/verifier.py and add to mypy * codestyle: Add type annotations to cmd/tenant.py and add to mypy * codestyle: Add type annotations to cmd/registrar.py and add to mypy * codestyle: Add type annotations to cmd/ca.py and add to mypy * codestyle: Add type annotations to cmd/agent.py and add to mypy * CI tests: Do not remove Fedora tag repository * tpm_abstract: move import of measured_boot into check_pcrs(..) * docker: fix and improve build_locally.sh * docker: use version 5.4 of tpm2-tools * docker: update container to Fedora 37 * codestyle: Type-annotate files in revocation_actions & add to mypy * Remove redundant parameter from enforce_pcrs() * codestyle: Add missing type annotations to files in common & add to mypy * api_version: Catch InvalidVersion for packaging v22.0 * verifier: fix for IMA policy checksum calculation * codestyle: Type-annotate measured_boot.py and add to mypy * codestyle: Fix variable assigments in tpm2_object_test.py and add to mypy * codestyle: Fix and add type annotations to tpm2_objects.py and add to mypy * codestyle: Cast the agent Dict to allow Any types to be assigned to it * codestyle: Change verifier_port annotation from int to str * codestyle: Avoid switching datatypes of agent by using differnt variable * codestyle: Fix event parameter to be an Optional[Event] * codestyle: Fix annotation of tosend parameter to be a Dict[str, Any] * codestyle: add type hints to elchecking module * codestyle: Type-annotate web_util.py and add to mypy * codestyle: Add missing type annotations to ima.py and add to mypy * codestyle: Add missing type annotations to ima_test.py and add to mypy * codestyle: Add missing type annotations to file_signatures.py and add to mypy * logging: remove option to log into separate file * codestyle: Add type annotations to tpm classes and address issues * codestyle: Add type-annotations to signing.py and add to mypy * codestyle: Add missing type annotations to api_version.py and add to mypy * codestyle: Add keylime_logging.py to mypy * codestyle: Add missing type-annotations to agentstates and add to mypy * codestyle: Add missing type annotations to failure.py and add to mypy * codestyle: Type-annotate user_utils_test.py and add to mypy * codestyle: Type-annotate user_utils.py and add to mypy * codestyle: Type-annotate ca_util.py and add to mypy * codestyle: Add missing annotations to cert_utils and add to mypy * codestyle: Type-annotate ca_impl_openssl and add to mypy * codestyle: Type-annotate tpm_ek_ca.py and add to mypy * codestyle: Type-annotate fs_util.py and add to mypy * codestyle: Add json.py to mypy.ini * codestyle: Type-annotate secure_mount.py and add to mypy * codestyle: Add missing annotations to crypto.py and add to mypy * common: remove metrics * cmd: removal of keylime_migrations_apply * codestyle: Set type of trusted_server_ca to List[str] and initialize with list ... changelog too long, skipping 87 lines ... * tpm_main: fix ek creation for tpm2-tools versions > 4.2 ==== kpipewire ==== Subpackages: kpipewire-imports libKPipeWire5 libKPipeWire5-lang libKPipeWireRecord5 - Require pipewire-devel for the -devel package ==== libcontainers-common ==== - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf ==== libraw ==== Version update (0.21.0 -> 0.21.1) - update to 0.21.1: * fixed typo in panasonic metadata parser * Multiple fixes inspired by oss-fuzz project * Phase One/Leaf IIQ-S v2 support * Canon CR3 filmrolls * Canon CRM (movie) files * Tiled bit-packed (and 16-bit unpacked) DNGs * (non-standard) Deflate-compressed integer DNG files are allowed * Canon EOS R3, R7 and R10 * Fujifilm X-H2S, X-T30 II * OM System OM-1 * Leica M11 * Sony A7-IV (ILCE-7M4) * DJI Mavic 3 * Nikon Z9: standard compression formats only ==== microos-tools ==== Version update (2.17 -> 2.18) - Update to version 2.18: - Add TMPDIR to tukit binddirs for Salt - 98selinux-microos: Add chroot as dependency - Fix spelling error in warning ==== nautilus ==== Version update (43.1 -> 43.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 nautilus-lang - Update to version 43.2: + Regressions addressed: - Launch search from shell correctly - Make nautilus-autorun-software work again - Restore 2-dimensional navigation from sushi - Resolve stuttering scrolling - Reintroduce 64px icon size for grid view - Show full filename again in grid, using tooltips + Other bugfixes: - Avoid a many crashes - Stop showing � in the type on Properties - Show rename error dialogs again - Handle X11-only drag-and-drop quirks - Allow autorun.sh without executable bit - Improve selection-setting - Restrict DND actions over drag source - Focus replaces files - Improve keyboard focus navigation on the new views - Stop blocking on the tracker connection - Don't add missing emblems + Updated translations. ==== python-numpy ==== - Slightly reformat the specfile condition blocks: The %python_subpackages generator misses " %if" lines with a preceding whitespace. Relevant for d:l:p:backports not having libalternatives. ==== soundtouch ==== Version update (2.3.1 -> 2.3.2) - update to 2.3.2: * autotools improvements ==== sudo ==== Version update (1.9.12p1 -> 1.9.12p2) Subpackages: sudo-plugin-python - Update to 1.9.12p2: * Fixes bsc#1207082 * Changes in 1.9.12p2: Fixed a compilation error on Linux/aarch64. GitHub issue #197. Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer. Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the iolog_file sudoers setting contains six or more Xs. Fixed a compilation issue on AIX with the native compiler. GitHub issue #231. Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. For more information, see Sudoedit can edit arbitrary files. ==== transactional-update ==== Version update (4.1.0 -> 4.1.2) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.1.2 - Don't try to mount user mounts if they don't exist [boo#1207366] - Version 4.1.1 - Mount user specific binddirs last: Prevously the internal mounts would potentially overwrite user bind mounts [boo#1205011] - selinux: Relabel shadowed /var files during update to make sure they don't interfere with the update [boo#1205937] - Clean up /var/lib/overlay more aggressively [boo#1206947] - tukit: Merge /etc overlay into parent if --discard is used together with --continue - previously the files were incorrectly always merged with the currently running system - status: do not execute the status command if experimental - Don't delete created mount point dirs any more - Small code optimizations ==== vim ==== Version update (9.0.1188 -> 9.0.1234) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1234, fixes the following problems * Return value of type() for class and object unclear. * Invalid memory access with folding and using "L". * Some Bazel files are not recognized. * No error when class function argument shadows a member. * Cannot map when using the Kitty key protocol. * Compiler warning for comparing pointer with int. * Restoring KeyTyped when building statusline not tested. * Code is indented more than necessary. * Dump file missing from patch. * Abstract class not supported yet. * Crash when using kitty and using a mapping with . * AppVeyor builds with an old Python version. * Assignment with operator doesn't work in object method. * Crash when iterating over list of objects. * Return type of values() is always list. * Expression compiled the wrong way after using an object. * Crash when handling class that extends another class with more than one object members. * Testing with Python on AppVeyor does not work properly. * Error when object type is expected but getting "any". * Code is indented more than necessary. * Getting interface member does not always work. * Compiler complains about declaration after label. * Storing value in interface member does not always work. * Cannot read back what setcellwidths() has done. * Adding a line below the last one does not expand fold. * File left behind after running tests. * Using isalpha() adds dependency on current locale. * Coverity warns for ignoring return value. * Using an object member in a closure doesn't work. * Completion includes functions that don't work. * Handling of FORTIFY_SOURCE flags doesn't match Fedora usage. * Termcap/terminfo entries do not indicate where modifiers might appear. * Code is indented more than necessary. * Cannot use setcellwidths() below 0x100. * Cannot call a :def function with a number for a float argument. * Reading past the end of a line when formatting text. ==== vte ==== Subpackages: libvte-2_91-0 vte-lang - Add ddb2c8a.patch: widget: Use correct end row for getting the selected text. The range is end-exclusive, so use end_row() instead of last_row(). Fixes glgo#GNOME/vte#2584 ==== yast2-network ==== Version update (4.5.12 -> 4.5.14) - Fix the return of packages needed by the selected backend when running an autoinstallation (bsc#1207221) - 4.5.14 - Fixed dirname evaluation when creating the directory for the configuration files to be copied to the target system (bsc#1206723, bsc#1207382) - 4.5.13 ==== yast2-trans ==== Version update (84.87.20230116.80083546af -> 84.87.20230123.08c503a922) Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20230123.08c503a922: * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese)