Packages changed:
bolt (0.9.7 -> 0.9.8)
gdk-pixbuf (2.42.11 -> 2.42.12)
glib2 (2.80.0 -> 2.80.2)
grub2
hwdata (0.380 -> 0.382)
iproute2 (6.8 -> 6.9)
libbpf (1.4.1 -> 1.4.2)
libmodulemd
libxml2 (2.12.6 -> 2.12.7)
makedumpfile (1.7.4 -> 1.7.5)
mozilla-nss (3.99 -> 3.100)
passt (20240426.d03c4e2 -> 20240510.7288448)
patterns-base
perl-URI (5.270.0 -> 5.280.0)
pipewire
powerdevil6
sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c)
soundtouch (2.3.2 -> 2.3.3)
xwayland (23.2.6 -> 24.1.0)
=== Details ===
==== bolt ====
Version update (0.9.7 -> 0.9.8)
- update to 0.9.8:
* A new NHI for REMBRANDT.
* CI fixes.
* Don't install an empty DB directory.
* Fixed: Determine the string length before writing file.
* Fixed: Free on error to prevent resource leak.
==== gdk-pixbuf ====
Version update (2.42.11 -> 2.42.12)
Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0
- Update to version 2.42.12:
+ Fix a build failure,
+ Fix occasional build failures,
+ ani: Reject files with multiple INA or IART chunks,
+ ani: Reject files with multiple anih chunks (CVE-2022-48622),
+ ani: validate chunk size,
+ Updated translations.
- Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed
upstream.
==== glib2 ====
Version update (2.80.0 -> 2.80.2)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0
- Update to version 2.80.2:
+ Fix a regression with IBus caused by the fix for
CVE-2024-34397.
+ Fix installation directory of the GVariant specification.
+ Bugs fixed:
- GVariant specification installed in wrong directory.
- Backport "gdbusconnection: Fix test signal subscription
ordering" to glib-2-80.
- Backport “Correct installation directory of GVariant
specification” to glib-2-80.
- Backport “gdbusconnection: Allow name owners to have the
syntax of a well-known name” to glib-2-80.
- Changes from version 2.80.1
+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
names are vulnerable to unicast spoofing.
+ Updated translations.
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Update to the latest upstreaming TPM2 patches
* 0001-key_protector-Add-key-protectors-framework.patch
- Replace 0001-protectors-Add-key-protectors-framework.patch
* 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
- Merge other TSS patches
* 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
* 0002-tpm2-Add-more-marshal-unmarshal-functions.patch
* 0003-tpm2-Implement-more-TPM2-commands.patch
* 0003-key_protector-Add-TPM2-Key-Protector.patch
- Replace 0003-protectors-Add-TPM2-Key-Protector.patch
* 0004-cryptodisk-Support-key-protectors.patch
* 0005-util-grub-protect-Add-new-tool.patch
* 0001-tpm2-Support-authorized-policy.patch
- Replace 0004-tpm2-Support-authorized-policy.patch
* 0001-tpm2-Add-extra-RSA-SRK-types.patch
* 0001-tpm2-Implement-NV-index.patch
- Replace 0001-protectors-Implement-NV-index.patch
* 0002-cryptodisk-Fallback-to-passphrase.patch
* 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
* 0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Refresh affected patches
* 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
* grub2-bsc1220338-key_protector-implement-the-blocklist.patch
- New manpage for grub2-protect
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
==== hwdata ====
Version update (0.380 -> 0.382)
- update to 0.382:
* Update pci, usb and vendor ids
==== iproute2 ====
Version update (6.8 -> 6.9)
- Update to release 6.9
* ss: add option to suppress queue columns
* m_mirred: allow mirred to block
* tc: add NLM_F_ECHO support for actions and filters
* ip/bond: add coupled_control support
* ss: add support for BPF socket-local storage
* ip: ioam6: add monitor command
==== libbpf ====
Version update (1.4.1 -> 1.4.2)
- update to 1.4.2:
* Another struct_ops-focused bug fix release. It addresses a few more corner
cases when dealing with SEC("struct_ops") programs.
* It also improves error messaging around common use case of declaring
struct_ops BPF program and not referencing it from SEC(".struct_ops")
variable (backed by struct_ops BPF map).
* This release should improve overall experience of using BPF struct_ops
functionality.
==== libmodulemd ====
- Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path
for GLib 2.80.2
(https://github.com/fedora-modularity/libmodulemd/pull/618).
==== libxml2 ====
Version update (2.12.6 -> 2.12.7)
Subpackages: libxml2-2 libxml2-tools
- Update to version 2.12.7:
+ Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459).
+ xmllint: Fix --pedantic option.
+ save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
==== makedumpfile ====
Version update (1.7.4 -> 1.7.5)
- Update to 1.7.5:
* Support for kernels up to v6.8 (x86_64)
* Support for printk caller_id by --dump-dmesg option
* [PATCH] ppc64: get vmalloc start address from vmcoreinfo
* [PATCH] ppc64: read cur_mmu_type from vmcoreinfo
* [PATCH] add PRINTK_CALLER id support to --dump-dmesg option
* [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces
* [PATCH 1/2] s390x: fix virtual vs physical address confusion
Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch
file based on version 1.7.5 of the code
==== mozilla-nss ====
Version update (3.99 -> 3.100)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.100
- bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
faster Xyber operations.
- bmo#1893752 - remove ckcapi.
- bmo#1893162 - avoid a potential PK11GenericObject memory leak.
- bmo#671060 - Remove incomplete ESDH code.
- bmo#215997 - Decrypt RSA OAEP encrypted messages.
- bmo#1887996 - Fix certutil CRLDP URI code.
- bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH.
- bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c.
- bmo#1548723 - Moving the decodedCert allocation to NSS.
- bmo#1885404 - Allow developers to speed up repeated local execution
of NSS tests that depend on certificates.
==== passt ====
Version update (20240426.d03c4e2 -> 20240510.7288448)
Subpackages: passt-selinux
- Update to version 20240510.7288448:
* apparmor: allow read access on /tmp for pasta
* tcp_splice: Set OUT_WAIT_ flag whenever pipe isn't emptied
* udp: Single buffer for IPv4, IPv6 headers and metadata
* udp: Use the same buffer for the L2 header for all frames
* udp: Share payload buffers between IPv4 and IPv6
* udp: Explicitly set checksum in guest-bound UDP headers
* udp: Combine initialisation of IPv4 and IPv6 iovs
* udp: Split tap-bound UDP packets into multiple buffers using io vector
* test: Allow sftp via vsock-ssh in tests
* tcp: Update tap specific header too in tcp_fill_headers[46]()
* iov: Helper macro to construct iovs covering existing variables or fields
* tap, tcp: (Re-)abstract TAP specific header handling
* tcp: Simplify packet length calculation when preparing headers
* treewide: Standardise variable names for various packet lengths
* checksum: Make csum_ip4_header() take a host endian length
* treewide: Remove misleading and redundant endianness notes
* tap: Remove unused structs tap_msg, tap_l4_msg
* tap: Split tap specific and L2 (ethernet) headers
* checksum: Use proto_ipv6_header_psum() for ICMPv6 as well
* netlink: Fix iterations over nexthop objects
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- add procps into the base pattern as recommended together
with zypper (which dropped the dependency)
==== perl-URI ====
Version update (5.270.0 -> 5.280.0)
- updated to 5.28
see /usr/share/doc/packages/perl-URI/Changes
5.28 2024-03-27 01:49:44Z
- Using Scalar::Util::reftype instead of just ref(), but mindful this time
about definedness to avoid warnings (GH#140) (Jacques Deguest)
==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Move modules jack-tunnel and jackdbus-detect to the
pipewire-spa-plugins-0_2-jack since those modules should only
be used when the real jack server is running. This fixes pipewire
starting jackdbus on start.
==== powerdevil6 ====
- Recommend ddcutil-i2c-udev-rules (boo#1224197)
==== sdbootutil ====
Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20240514.56dc89c:
* Add show-entry command
* Add SYSTEMD_COLORS flag
* Add byte order mark to boot.csv
==== soundtouch ====
Version update (2.3.2 -> 2.3.3)
- Update to 2.3.3:
* Fixing compiler warnings, maintenance fixes to make/build files
for various systems
- Refresh disable-ffast-math.patch
==== xwayland ====
Version update (23.2.6 -> 24.1.0)
- Update to feature release 24.1.0
* This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
+ xwayland: Send ei_device_frame on device_scroll_discrete
+ xwayland: Restore the ResizeWindow handler
+ xwayland: Handle rootful resize in ResizeWindow
+ xwayland: Move XRandR emulation to the ResizeWindow hook
+ xwayland: Use correct xwl_window lookup function in xwl_set_shape
- eglstreams has been dropped
- Update to bug fix relesae 23.2.7
* m4: drop autoconf leftovers
* xwayland: Send ei_device_frame on device_scroll_discrete
* xwayland: Call drmFreeDevice for dma-buf default feedback
* xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
* dri3: Free formats in cache_formats_and_modifiers
* xwayland/glamor: Handle depth 15 in gbm_format_for_depth
* Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows"
* xwayland: Check for outputs before lease devices
* xwayland: Do not remove output on withdraw if leased