Packages changed: busybox-links dracut (057+suse.309.gb71946f6 -> 057+suse.315.gd210fc38) e2fsprogs microos-tools (2.16 -> 2.17) openvpn python-oauthlib (3.2.0 -> 3.2.1) python-sniffio (1.2.0 -> 1.3.0) python310 (3.10.6 -> 3.10.7) python310-core (3.10.6 -> 3.10.7) python310-pyparsing yast2 (4.5.13 -> 4.5.14) yast2-network (4.5.6 -> 4.5.7) === Details === ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-sendmail busybox-xz - Create sub-package "hexedit" [bsc#1203399] - Create sub-package "sha3sum" [bsc#1203397] ==== dracut ==== Version update (057+suse.309.gb71946f6 -> 057+suse.315.gd210fc38) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 057+suse.315.gd210fc38: * chore(suse): update spec Fix "directories not owned by a package" caused by bash-completion directories not owned by dracut. Do not install modules incompatible with the system architecture. * chore(suse): change default persistent policy * ci(suse.conf.example): update SUSE-specific config * chore(suse): fix 99-debug.conf ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - Refresh e2fsprogs.keyring based on currently provided keys. - Spec file cleanup: + Drop remainders regarding -mini packages, which was not a thing since Jan 2014. + Split build of fuse2fs out into a sep build (_multibuild enabled). - enabled fuse2fs build which enable to mount ext2/3/4 via FUSE ==== microos-tools ==== Version update (2.16 -> 2.17) - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] ==== openvpn ==== - build with enable-iproute2 again to have root-less mode working (bsc#1202792) ==== python-oauthlib ==== Version update (3.2.0 -> 3.2.1) - specfile: * update requirements - update to version 3.2.1: * OAuth2.0 Provider: * #803: Metadata endpoint support of non-HTTPS * CVE-2022-36087, bugzilla # 1203333 * OAuth1.0: * #818: Allow IPv6 being parsed by signature * General: * Improved and fixed documentation warnings. * Cosmetic changes based on isort ==== python-sniffio ==== Version update (1.2.0 -> 1.3.0) - update to 1.3.0: * requires python 3.7 ==== python310 ==== Version update (3.10.6 -> 3.10.7) Subpackages: python310-curses python310-dbm - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ==== python310-core ==== Version update (3.10.6 -> 3.10.7) Subpackages: libpython3_10-1_0 python310-base - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ==== python310-pyparsing ==== - Fix incorrect usage of non-bundled pip revealed by python-rpm-macros update. ==== yast2 ==== Version update (4.5.13 -> 4.5.14) Subpackages: yast2-logs - bsc#1200016 - by_pattern moved into http_server moduleas it is the only user - 4.5.14 ==== yast2-network ==== Version update (4.5.6 -> 4.5.7) - Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746) - 4.5.7