Packages changed: apparmor gtk4 (4.10.3 -> 4.10.4) kdump (1.0.2+git50.g4b01402 -> 1.0.3) libapparmor libnettle (3.9 -> 3.9.1) mozilla-nss (3.89 -> 3.89.1) postfix (3.8.0 -> 3.8.1) python-setuptools (67.7.2 -> 67.8.0) rust-keylime sushi (43.0 -> 44.2) vte (0.72.1 -> 0.72.2) yast2-storage-ng (4.6.10 -> 4.6.11) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) ==== gtk4 ==== Version update (4.10.3 -> 4.10.4) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.10.4: + GtkFileChooser: Fix some memory leaks + GtkUriLauncher: Validate the uri + GtkStack: Fix a crash + GtkGridView: Respect css border-spacing + GtkScrolledWindow: Propagate child measure size whenever possible + GtkPopoverMenu: Avoid unnecessary left padding + GtkSearchEntry: Improve size allocation for the clear icon + X11: - Avoid black flickering with xwayland window decorations - Trap XRandr errors + CSS: Various fixes to transitions + Updated translations. - Drop patches fixed upstream: + fix-gridview.patch + gtk4-correctly-refresh-after-delete.patch + 966a2350.patch ==== kdump ==== Version update (1.0.2+git50.g4b01402 -> 1.0.3) - bumped version update to v1.0.3 - Honor the KDUMP_VERBOSE setting in kdump-save - fix distro prefix for ALP - add calibrate values for ALP (copied from TW) ==== libapparmor ==== - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) ==== libnettle ==== Version update (3.9 -> 3.9.1) Subpackages: libhogweed6 libnettle8 - Include the nettle library manual in HTML and PDF formats in the devel package. - update to 3.9.1: [bsc#1212112] * Fix bug in the new OCB code may be exploitable for denial of service or worse due to memory corruption ==== mozilla-nss ==== Version update (3.89 -> 3.89.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.89.1 * bmo#1804505 - Update the technical constraints for KamuSM. * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates. ==== postfix ==== Version update (3.8.0 -> 3.8.1) - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf - M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf - M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. ==== python-setuptools ==== Version update (67.7.2 -> 67.8.0) - Update to 67.8.0: * #3128: In deprecated easy_install, reload and merge the pth file before saving. * #3915: Adequate tests to the latest changes in virtualenv for Python 3.12. ==== rust-keylime ==== Subpackages: keylime-ima-policy - Recommends the IMA Policy subpackage only if SELinux is configured ==== sushi ==== Version update (43.0 -> 44.2) Subpackages: sushi-lang - Update to version 44.2: + Fix loading certain documents in evince. + Updated translations. ==== vte ==== Version update (0.72.1 -> 0.72.2) Subpackages: libvte-2_91-0 vte-lang - Update to version 0.72.2: * emulation: Fix infinite loop on non-number OSC 104 param * widget: Don't consume right clicks on gtk4 - Drop 24547fb3.patch: Fixed upstream. ==== yast2-storage-ng ==== Version update (4.6.10 -> 4.6.11) - Prevent setting the volume label for a mounted btrfs or swap (bsc#1211337) - 4.6.11