Packages changed: augeas (1.12.0 -> 1.13.0) firewalld (1.2.0 -> 1.2.1) python-cryptography (38.0.1 -> 38.0.3) python310 python310-core sg3_utils (1.47+5.d13bc56 -> 1.48~20221101.6d3bd26) sudo suse-module-tools (16.0.23 -> 16.0.26) === Details === ==== augeas ==== Version update (1.12.0 -> 1.13.0) Subpackages: augeas-lenses libaugeas0 libfa1 - Update to 1.13.0 * Fixes bsc#1204554 * Added augeas-1.13.0-replace_security_context_t-patch to fix a syntax error. * Rebased gcc9-disable-broken-test.patch * Dropped the following patches since they are now upstreamed: - augeas-new_options_for_chrony.patch - augeas-allow_printable_ASCII.patch - remove-unportable-tests.patch * General changes/additions - Add Dockerfile (Nicolas Gif) (Issue #650) - augtool: Improved readline integration to handle quoting issues (Pino Toscano) - typechecker: Allow including '/' in keys and labels. Thanks to felixdoerre for pointing out that this restriction was unnecessary. See issue #668 for the discussion. - Add function modified() to select nodes which are marked as dirty (George Hansper) (Issue #691) - Add CLI command 'preview' and API 'aug_preview' to preview file contents (George Hansper) (#690) - Add "else" operator to augeas path-filter expressions (priority selector) (George Hansper) (#692) - Add new axis 'seq' to allow /path/seq::*[expr] to match and create numeric nodes, as idempotent alternative to /path/*[expr] (George Hansper) (#706) * Lens changes/additions - Authinfo2: new lens to parse Authinfo2 format (Nicolas Gif) (Issue #649) - Chrony: add new options (Miroslav Lichvar) (Issue #698) - Cmdline: New lens to parse /proc/cmdline (Thomas Weißschuh) - Crypttab: support UUID in device and / in opt (Raphaël Pinson) (#713) - Fail2ban: new lens to parse Fail2ban format (Nicolas Gif) (Issue #651) - Grub: support '+' in kernel command line option names (Pino Toscano) (Issue #647) - Krb5: handle [plugins] subsection (Pino Toscano) (Issue #663) - Limits: support colons in the domain pattern of the limits lens (Xavier Mol) (Issue #645) - Logrotate: add hourly schedule (Jason A. Smith) (Issue #655) - Mke2fs: parse more common entries between [defaults] and the tags in [fs_types], fix the type of few entries, handle the [options] stanza (Pino Toscano) (Issue #642) - support quoted values (Pino Toscano) (Issue #661) - NetworkManager: allow # in values (mfilka) (#723) - Opendkim: update to match current conffile format (Issue #644) - Postfix_Master: Allow unix-dgram as type (Issue #635) - Postfix_transport: Allow underscore (Anton Baranov) (Issue #678) - Postgresql: Allow hyphen '-' in values that don't require quotes (Marcin Barczyński) (Issues #700 #701) - Properties: Allow "/" in property names (felixdoerre) (Issue #680) - Redis: add incl path /etc/redis.conf (Raphaël Pinson) (#726) - support "replicaof" (Raphaël Pinson) (#727) - fix support for "sentinel" (Raphaël Pinson) (#728) - Resolv: Support new options (Trevor Vaughan) (Issues #707 #708) - Rsyslog: support multiple actions in filters and selectors (Issue [#653]) - Shellvars: exclude more tcsh profile scripts (Pino Toscano) (Issue [#627]) - Simplevars: add ocsinventory-agent.cfg (Pat Riehecky) (Issue #637) - Sudoers: support new @include/@includedir directives (Pino Toscano) (Issue #693) - Sudoers: Allow AD groups (luchihoratiu) (Issue #696) - Support negative integers (Ando David Roots) (#724) - Ssh: add Match keyword support (granquet) (Issue #695) - Sshd: support quotes in Match conditions (Issue #739) - Systemd: fix parsing of envvars with spaces (Pino Toscano) (#659) - Add incl paths according to 'systemd.network(5)' (chruetli) (#683) - Tinc: new lens for Tinc VPN configuration files (Thomas Weißschuh) (#718) - Toml: support arrays (norec) in inline tables (Raphaël Pinson) (#703) - Tmpfiles: improvements to the types specification (Pino Toscano) (Issue #694) ==== firewalld ==== Version update (1.2.0 -> 1.2.1) Subpackages: firewalld-bash-completion firewalld-lang python3-firewall - Update to 1.2.1: * fix(modules): don't error if /proc/modules is missing (a1f091d) * fix(readme): format optional (03e61f2) * docs: add protocols to rich and zones (191cea4) * docs(policy): add priority attribute to rule (616ed7c) * fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b) * fix(failsafe): log exception on fatal failure (af1b8f0) * fix(ipset): defer native ipset creation if nftables (ae0ded4) * fix(nftables): drop invalid packets before zone dispatch (dc972ae) * fix(iptables): drop invalid packets before zone dispatch (83a4608) * fix(policies): Splitting interfaces with wildcards (3806e79) * fix(ipset): exception on overlap checking empty set (bfe827f) * fix(bash): fix ipset commands autocompletion (742669b) * docs(README): fix typo (e40b100) * fix(treewide): misc typos (d121f0c) * fix: firewalld.conf: trim trailing whitespace (21809ed) ==== python-cryptography ==== Version update (38.0.1 -> 38.0.3) - update to 38.0.3: - Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. ==== python310 ==== Subpackages: python310-curses python310-dbm - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ==== python310-core ==== Subpackages: libpython3_10-1_0 python310-base - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ==== sg3_utils ==== Version update (1.47+5.d13bc56 -> 1.48~20221101.6d3bd26) - Update to new upstream version 1.48~20221101.6d3bd26: (pre-release sg3_utils-1.48 [20221101] [svn: r978]) * sg_read_block_limits: fix granularity value, add --mloi option; sg_lib: add sg_ll_read_block_limits_v2(); sg_logs: json work * sg_stream_ctl: --get fix better; sg_rem_rest_elem: cleanup * sg_stream_ctl: fix --get indexing; fix some './configure --enable-debug' issues * sg_inq+sg_vpd: JSON updates * rescan-scsi-bus: speed large multipath scans * rescan-scsi-bus.sh speed testonline() * rescan-scsi-bus.sh: add option --no-lip-scan * rescan-scsi-bus: sgdevice26: do not traverse sg class if scsi_device isnot added * rescan-scsi-bus.sh: fix handling of '-I ' option * Prepare for removing /proc/scsi from the Linux kernel * sg_inq+sg_vpd: merge VPD page processing * sg_get_elem_status: change '--maxlen=' option default to 1056 (was 32), other cleanups * sg_rep_zones: add experimental --json[=JO] option and generation * sg_logs: add --exclude and --undefined options * zoned disk man page improvements * sg_rep_zones: add --statistics option * sg_read_buffer: add --eh_code= and --no_output options * sg_format: allow disk formats on ZBC (zoned) disks * sg_rep_zones: add --brief option and --find ZT option * sg_rep_density: new utility for decoding the response of Report density support command [ssc (tape)] * Zoned block device characteristics VPD page support ==== sudo ==== Subpackages: sudo-plugin-python - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. ==== suse-module-tools ==== Version update (16.0.23 -> 16.0.26) * Revert "Split kernel scriptlets into separate sub-package" (that change broke some package builds on OBS) - Update to version 16.0.25: * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) - Update to version 16.0.24: * Split kernel scriptlets into separate sub-package "suse-module-tools-scriptlets" on Tumbleweed (gh#openSUSE/suse-module-tools#64)