Packages changed: apparmor (3.0.1 -> 3.0.3) c-ares (1.17.1 -> 1.17.2) cloud-init container-selinux (2.160.1 -> 2.164.2) cri-tools (1.21.0 -> 1.22.0) dhcp dracut (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b) etcd glib2 ipset (7.14 -> 7.15) irqbalance (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148) libapparmor (3.0.1 -> 3.0.3) libesmtp lvm2 lvm2-device-mapper mozjs78 (78.11.0 -> 78.13.0) nfs-utils patterns-microos python-distro (1.5.0 -> 1.6.0) python-networkx (2.5.1 -> 2.6.1) python-pyzmq (22.1.0 -> 22.2.1) qemu rpcbind vim (8.2.3204 -> 8.2.3318) === Details === ==== apparmor ==== Version update (3.0.1 -> 3.0.3) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ==== c-ares ==== Version update (1.17.1 -> 1.17.2) - update to 1.17.2: Security: * When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator * If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash * Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing follow-up (bsc#1188881, CVE-2021-3672) * Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves Changes: * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases Bug fixes: * Building tests should not force building of static libraries except on Windows * Relative headers must use double quotes to prevent pulling in a system library for details see, https://c-ares.haxx.se/changelog.html#1_17_2 ==== cloud-init ==== - Add cloud-init-update-test-characters-in-substitution-unit-test.patch to fix unit test fail in TestGetPackageMirrorInfo::test_substitution. ==== container-selinux ==== Version update (2.160.1 -> 2.164.2) - Update to version 2.164.2 * Don't setup users for writing to pid_sockets * Allow container engines to be started from the staff user. * Allow spc_t domains to set bpf rules on any domain * Add support for k3s ==== cri-tools ==== Version update (1.21.0 -> 1.22.0) - Update to version 1.22.0: * Bump Kubernetes to v1.22.0 * Bump k8s.io/api from 0.21.3 to 0.22.0 * Bump k8s.io/cri-api from 0.21.3 to 0.22.0 * Bump k8s.io/kubectl from 0.21.3 to 0.22.0 * Bump k8s.io/apimachinery from 0.21.3 to 0.22.0 * Bump github.com/docker/docker * Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 - Update to version 1.21.0: * Bump README versions to v1.21.0 * Update dependencies * Add dependabot config file * Simplify test image build process for user images * Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools * Fix UID/GID and username values for test images * Bump gcb-docker-gcloud image to v20210331-c732583 * Fix CRI-O master installation in GitHub actions ==== dhcp ==== Subpackages: dhcp-client - bsc#1186249: Remove remaining references to /etc/init.d from dhclient-script and if-up.d.dhcpd-restart-hook . - Use , instead of - or / as a separator in sed when dealing with path names. ==== dracut ==== Version update (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.115.gf65e559b: * fix(suse-initrd): find links of usrmerged kernels (boo#1184804) * fix(tpm2-tss): typo in depends() * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470) - use manual mode in _service file ==== etcd ==== - Don't require systemd (works without, too) - Change to sysuser-tools to create system user ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters for close_range (boo#1189088). - Drop patches fixed upstream on SLE and Leap 15.4: + glib2-add-support-for-slim-timezone-format.patch + glib2-fix-6-days-until-the-end-of-the-month.patch + glib2-CVE-2021-27218.patch + glib2-CVE-2021-27219-add-g_memdup2.patch ==== ipset ==== Version update (7.14 -> 7.15) Subpackages: libipset13 - Update to release 7.15 * netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() ==== irqbalance ==== Version update (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148) - Update to version 1.8.0.14.ga7f8148: * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled - Use %{?systemd_ordering} instead of %{?systemd_requires} ==== libapparmor ==== Version update (3.0.1 -> 3.0.3) - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ==== libesmtp ==== - Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097). ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package (bsc#1179047). ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package (bsc#1179047). ==== mozjs78 ==== Version update (78.11.0 -> 78.13.0) - Update to version 78.13.0esr. MFSA 2021-34 (bsc#1188891) * CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Remove dependency on fedfs-utils-devel. fedfs-utils was only ever a "technology preview" and is now considered "end of life". nfs-utils is not even built to use it as --enable-junction isn't being passed to confgure and fedfs-utils doesn't build wth glibc 2.34. So remove the unnecessary dependency on fedfs-utils. (bsc#1189085) - Update to version 2.5.4 https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Changelog Notable changes: * Handle failures in gssd better * handle 'sloppy' option to mount better * minor documentation improvements - Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch, nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Switch from PulseAudio to PipeWire ==== python-distro ==== Version update (1.5.0 -> 1.6.0) - Update to version 1.6.0 * Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296] * Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+ * Added type hints to distro module [#269] * Added __version__ for checking distro version [#292] * Added support for arbitrary rootfs via the root_dir parameter [#247] * Added the --root-dir option to CLI [#161] * Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262] * Fixed subprocess.CalledProcessError when running lsb_release [#261] * Ignore /etc/iredmail-release file while parsing distribution [#268] * Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271] ==== python-networkx ==== Version update (2.5.1 -> 2.6.1) - require pandas - update to 2.6.2: * This release is the result of 11 months of work with over 363 pull requests by 91 contributors. Highlights include: * Dropped support for Python 3.6. * NumPy, SciPy, Matplotlib, and pandas are now default requirements. * NetworkX no longer depends on the library "decorator". * Improved example gallery * Removed code for supporting Jython/IronPython * The __str__ method for graph objects is more informative and concise. * Improved import time * Improved test coverage * New documentation theme * Add functionality for drawing self-loop edges * Add approximation algorithms for Traveling Salesman Problem - drop 0001-Replace-hash-function-for-test-of-weighted-astar.patch, yaml-loader.patch (merged upstream) ==== python-pyzmq ==== Version update (22.1.0 -> 22.2.1) - Update to 22.2.1 * Nicer reprs of contexts and sockets * Memory allocated by recv(copy=False) is no longer read-only * asyncio: Always reference current loop instead of attaching to the current loop at instantiation time. This fixes e.g. contexts and/or sockets instantiated prior to a call to asyncio.run. ==== qemu ==== - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch - Add stable patches from upstream: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-pci-host-q35-Ignore-write-of-reserved.patch ==== rpcbind ==== - Add now working CONFIG parameter to sysusers generator - UsrMerge changes ==== vim ==== Version update (8.2.3204 -> 8.2.3318) Subpackages: vim-data-common vim-small - Update apparmor.vim (taken from AppArmor 3.0.3) * Add syntax highlighting for abi rules - Updated to version 8.2.3318, fixes the following problems * Vim9: exists() does not handle much at compile time. * Lua: can only execute one Vim command at a time. Not easy to get the Vim version. * Memory allocation functions don't have their own place. * Some structures could be smaller. * Popup window title with wide characters is truncated. * Vim9: :finally in skipped block not handled correctly. * Unexpected "No matching autocommands". * Vim9: :echoconsole cannot access local variables. * Vim9: no runtime check for argument type if a function only has varargs. * Vim9: divide by zero causes a crash. * Vim9: unpack assignment does not mention source of type error. * Vim9: check for DO_NOT_FREE_CNT is very slow. * Vim9: after "if false" line breaks in expression not skipped. * Unused code in win_exchange() and frame_remove(). * Behavior of exists() in a :def function is unpredictable. * Cannot use single quote in a float number for readability. * Float test fails. * Vim9: No error for missing white space before return type. * Vim9: cannot ignore quotes in number at the command line. - Updated to version 8.2.3299, fixes the following problems * Vim9: TODO items in tests can be taken care of. * Vim9: error about using -complete without -nargs is confusing. * Julia filetype is not recognized * No error for insert() or remove() changing a locked blob. * Scdoc filetype is not recognized. * win_enter_ext() has too many boolean arguments. * Channel events not handled in BufEnter autocommand. * Cannot easily access namespace dictionaries from Lua. * Compiler warning for unused variable with small features. * Vim9: compiling dict may use pointer after free and leak memory on failure. * Coverity warns for not checking return value. * Underscore in very magic pattern causes a hang. Pattern with \V are case sensitive. (Yutao Yuan) * Finding completions may cause an endless loop. * Lua: memory leak when adding dict item fails. * 'cursorline' should not apply to 'breakindent'. * Vim9: cannot add a number to a float. * Cannot use all commands inside a {} block after :command and :autocmd. * Build failure with small features. * Vim9: exists() does not handle much at compile time. - Updated to version 8.2.3281, fixes the following problems * Display garbled when 'cursorline' is set and lines wrap. (Gabriel Dupras) * Coverity reports a null pointer dereference. * Vim9: argument types are not checked at compile time. * Vim9: crash when compiling string fails. (Yegappan Lakshmanan) * Dynamic library load error does not mention why it failed. * Vim9: lambda doesn't find block-local variable. * Vim9: searchpair() sixth argument is compiled. (Yegappan Lakshmanan) * Vim9: argument types are not checked at compile time. * Vim9: execution speed can be improved. * NOCOMPOUNDSUGS entry in spell file not tested. * Vim9: argument types are not checked at compile time. * Vim9: crash when using variable in a loop at script level. * When using xchaha20 crypt undo file is not removed. * :find searches non-existing directories. * Test_term_setansicolors() fails in some configurations. * Vim9: argument types are not checked at compile time. * Vim9: cannot used loop variable later as lambda argument. * Vim: using {} block in autoloade omnifunc fails. * Cannot call script-local function after :vim9cmd. (Christian J. Robinson) * Incsearch highlighting is attempted halfway a mapping. * New digraph functions use old naming scheme. * 'virtualedit' can only be set globally. * Cannot use a simple block for the :command argument. (Maarten Tournoij) * Vim9: runtime and compile time type checks are not the same. * Vim9: type error when function return type is not known yet. * Build failure with small features. * system() does not work without a second argument. * prop_list() and prop_find() do not indicate the buffer for the used type. * Crash when printing long string with Lua. * Cannot use lambda in {} block in user command. (Martin Tournoij) * mode() does not indicate using CTRL-O in Select mode. * When a builtin function gives an error processing continues. * Vim9: error message does not indicate the location. * Vim9: no error using heredoc for a number variable. * Lua print() does not work properly. * Vim9: memory leak when function reports an error. * Vim9: valgrind reports leaks in builtin function test. * Lua 5.3 print() with a long string crashes. * The crypt key may appear in a swap partition. * Memory use after free. * Using uninitialized memory when checking for crypt method. * Vim9: error message for wrong input uses wrong line number. * Vim9: error for re-imported function with default argument. * Listing builtin_gui as an available terminal is confusing. * Duplicated code for adding buffer lines. * Channel test fails randomly. * win_gettype() does not recognize a quickfix window. * ci" finds following string but ci< and others don't. * Executable test may fail on new Ubuntu system. * Calling prop_find() with -1 for ID gives errornous error. (Naohiro Ono) * Error messages have the wrong text. * When 'indentexpr' causes an error the did_throw flag may remain set. * Build failure with small features. * Vim9: when compiling repeat(123, N) return type is number. * Build failure when ABORT_ON_INTERNAL_ERROR is defined. * Vim9: "..=" does not accept same types as the ".." operator. * Vim9: assign test fails. * Smartcase does not work correctly in very magic pattern. * Vim9: assignment with two indexes may check next line. * Vim9: crash when disassembling a function that uses a deleted script variable. * Cannot use a block with :autocmd like with :command. * Vim9: wrong argument check for partial. (Naohiro Ono) * prop_find() finds property with ID -2. * Vim9: cannot use :command or :au with a block in a :def function. * Cannot use id zero with prop_find(). (Naohiro Ono) * Autocmd test fails. * Macro for printf format check can be simplified. * Optimizer can use hints about ga_grow() normally succeeding. * Vim9: exists() can only be evaluated at runtime. * Vim9: compiled has() does not work properly. * Vim9: error when adding 1 to float. * Vim9: cannot use block in cmdline window. * 'virtualedit' local to buffer is not the best solution. * Vim9: TODO items in tests can be taken care of.