Packages changed: apparmor autoyast2 (4.4.25 -> 4.4.26) cifs-utils (6.13 -> 6.14) expat (2.4.2 -> 2.4.3) fcitx gstreamer-editing-services gstreamer-plugins-bad ldb libapparmor nvme-cli (1.16 -> 2.0~0) psmisc (23.3 -> 23.4) python-ipython (7.30.1 -> 8.0.1) rpm-config-SUSE (0.g89 -> 0.g93) spamassassin sssd systemd-rpm-macros (14 -> 15) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb; (bsc#1192684). ==== autoyast2 ==== Version update (4.4.25 -> 4.4.26) Subpackages: autoyast2-installation - Fix handling of add-on signature settings, introduced when fixing bsc#1192437 (bsc#1194881). - 4.4.26 ==== cifs-utils ==== Version update (6.13 -> 6.14) - Update cifs-utils.spec: * Remove unused !BuildIgnore: samba-client BuildRequires: libwbclient-devel - Update to cifs-utils 6.14 * smbinfo is enhanced with capability to display alternate data streams * setcifsacl is improved to optionally reorder ACEs in preferred order * cifs.upcall regression in kerberos mount is fixed * remove cifs-utils-6.13.tar.bz2 * remove cifs-utils-6.13.tar.bz2.asc * add cifs-utils-6.14.tar.bz2 * add cifs-utils-6.14.tar.bz2.asc - Drop upstream fixed patches: * 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch ==== expat ==== Version update (2.4.2 -> 2.4.3) Subpackages: libexpat-devel libexpat1 libexpat1-32bit - update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480): * CVE-2021-45960 -- Fix issues with left shifts by >=29 places resulting in a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior depending on architecture and precise value for XML documents with >=2^27+1 prefixed attributes on a single XML tag a la "" where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows near memory allocation at multiple places. Mitre assigned a dedicated CVE for each involved internal C function: - CVE-2022-22822 for function addBinding - CVE-2022-22823 for function build_model - CVE-2022-22824 for function defineAttribute - CVE-2022-22825 for function lookup - CVE-2022-22826 for function nextScaffoldPart - CVE-2022-22827 for function storeAtts Impact is denial of service or more. ==== fcitx ==== Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-table fcitx-table-cn-wubi fcitx-table-cn-wubi-pinyin libfcitx-4_2_9 - Fix xim.d script for KDE Plasma (boo#1194916); $WINDOWMANAGER check needs to be adjusted ==== gstreamer-editing-services ==== Subpackages: libges-1_0-0 typelib-1_0-GES-1_0 - Fix parameters passed to meson: gtk_doc should be doc. Meson 0.60 became strict and no longer accepts invalid parameters. - Drop hotdoc BuildRequires: as we pass -Ddoc=disabled to meson, this dependency is not needed. ==== gstreamer-plugins-bad ==== Subpackages: gstreamer-plugins-bad-lang gstreamer-transcoder libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 typelib-1_0-GstTranscoder-1_0 - Drop conditionals for fdk_aac, explicitly add fdk-aac-free-devel BuildRequires, and build it for the main package. ==== ldb ==== Subpackages: libldb2 libldb2-32bit python3-ldb - Modify packaging to allow parallel installation with libldb1 (bsc#1192684): + Private libraries are installed in %{_libdir}/ldb2/ + Modules are installed in %{_libdir}/ldb2/modules ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb; (bsc#1192684). ==== nvme-cli ==== Version update (1.16 -> 2.0~0) Subpackages: nvme-cli-bash-completion - Fix zsh completion package depenedencies. - Use osc_scm to manage upstream input source. - Fix version string. - Update Source URL and introduce a variable for the release canditate version string. - Update to v2.0-rc0 * Depends on libnvme * rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch * drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch ==== psmisc ==== Version update (23.3 -> 23.4) Subpackages: psmisc-lang - Update to 23.4: * killall: Dynamically link to selinux and use security attributes * pstree: Do not crash on missing processes !21 * pstree: fix layout when using -C !24 * pstree: add time namespace !25 * pstree: Dynamically link to selinux and use attr * fuser: Get less confused about duplicate dev_id !10 * fuser: Only check pathname on non-block devices !31 - Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch - Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch - Port psmisc-22.21-pstree.patch - Delete psmisc-v23.3-selinux.patch as not needed anymore - Rename psmisc-v23.3.dif which is now psmisc-v23.4.dif with correct offsets ==== python-ipython ==== Version update (7.30.1 -> 8.0.1) - Update to 8.0.1 * Security fix CVE-2022-21699: change some default values in order to prevent potential Execution with Unnecessary Privileges. * Almost all version of IPython looks for configuration and profiles in current working directory. Since IPython was developed before pip and environments existed it was used a convenient way to load code/packages in a project dependant way. * In 2022, it is not necessary anymore, and can lead to confusing behavior where for example cloning a repository and starting IPython or loading a notebook from any Jupyter-Compatible interface that has ipython set as a kernel can lead to code execution. * The current working directory is not searched anymore for profiles or configurations files. * Added a __patched_cves__ attribute (set of strings) to IPython module that contain the list of fixed CVE. This is informational only. - Fixes boo#1194936, CVE-2022-21699 - Update requirements. - Requires the full stdlib including sqlite3 - Revert some spec-cleaner edits - Update to 8.0.0: - Minimum supported traitlets version if now 5+ - we now require stack_data - Minimal Python is now 3.8 - pytest replaces nose. - iptest/iptest3 cli entrypoints do not exists anymore. - minimum officially support numpy version has been bumped, but this should not have much effect on packaging. - Backport some fixes for Python 3.10 (PR #13412) - use full-alpha transparency on dvipng rendered LaTeX (PR #13372) - Traceback improvements - Autosuggestons - Show pinfo information in ipdb using ??? and ???? - Autoreload 3 feature - Auto formatting with black in the CLI - History Range Glob feature - Don?t start a multi line cell with sunken parenthesis - IPython shell for ipdb interact - Automatic Vi prompt stripping - Empty History Ranges - Windows time-implementation: Switch to process_time - Re-added support for XDG config directories - Add skip-network-test.patch to skip (gh#ipython/ipython#13468). ==== rpm-config-SUSE ==== Version update (0.g89 -> 0.g93) - Update to version 0.g93: * locale.attr: Match all files inside LC_MESSAGES (boo#1194865) * remove leap_version as it's obsolete ==== spamassassin ==== Subpackages: perl-Mail-SpamAssassin spamassassin-spamc - Drop ProtectHome from spamd.service and spampd.service. Unfortunately spamassing writes there, so ProtectHome=read-only doesn't work. Whitelisting a specific part has a too high chance of breaking for this package (bsc#1193248) ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Upgrade LDB_DIR shell variable to %ldbdir macro. ==== systemd-rpm-macros ==== Version update (14 -> 15) - Bump to version 15 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too