Packages changed: elfutils (0.184 -> 0.185) expat (2.3.0 -> 2.4.1) gcc11 glibc k9s (0.24.9 -> 0.24.10) kubernetes1.21 libnftnl (1.1.9 -> 1.2.0) libseccomp (2.5.0 -> 2.5.1) lvm2 lvm2-device-mapper ncurses (6.2.20210501 -> 6.2.20210515) === Details === ==== elfutils ==== Version update (0.184 -> 0.185) Subpackages: libasm1 libdw1 libelf1 - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ==== expat ==== Version update (2.3.0 -> 2.4.1) - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. * Bug fixes: - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. - Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 * Other changes: - xmlwf: Improve help output and the xmlwf man page - xmlwf: Improve maintainability through some refactoring - xmlwf: Fix man page DocBook validity - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR - CMake: Add support for standard variable BUILD_SHARED_LIBS - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters - Resolve macro HAVE_EXPAT_CONFIG_H - Delete unused legacy helper file "conftools/PrintPath" - doc/reference.html: Fix XHTML validity - doc/reference.html: Replace the 90s look by OK.css - Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump.de/ for what these numbers do ==== gcc11 ==== Subpackages: libgcc_s1 libgomp1 libstdc++6 - Fix value of %slibdir64 for usrmerge ==== glibc ==== Subpackages: glibc-locale-base - tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX check - rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr ==== k9s ==== Version update (0.24.9 -> 0.24.10) - Update to version 0.24.10: * Bug fixes - Update Makefile.patch to version 0.24.10 ==== kubernetes1.21 ==== Subpackages: kubernetes1.21-client kubernetes1.21-client-common kubernetes1.21-kubeadm kubernetes1.21-kubelet kubernetes1.21-kubelet-common - Toggle ip4/ipv6 forwarding sysctls to ensure all devices are refreshed [boo#1186125] ==== libnftnl ==== Version update (1.1.9 -> 1.2.0) - Update to release 1.2.0 * table: add table owner support * expr: socket: add cgroups v2 support ==== libseccomp ==== Version update (2.5.0 -> 2.5.1) - update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys - remove testsuite-riscv64-missing-syscalls.patch ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== ncurses ==== Version update (6.2.20210501 -> 6.2.20210515) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210515 + improve manual pages for wgetnstr, newwin (prompted by report/testcase by Bill Gray). - Add ncurses patch 20210508 + modify tputs' error check to allow it to be used without first calling tgetent or setupterm, noting that terminfo initialization is requires for supporting the terminfo delay feature (report by Sebastiano Vigna). + fix several warnings from clang --analyze + add null-pointer check in comp_parse.c, when a "use=" clause refers to a nonexisting terminal description (report/patch by Miroslav Lichvar, cf: 20210227).