Packages changed: audit-secondary bash (5.1.8 -> 5.1.12) busybox-links containers-systemd (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae) efibootmgr (14 -> 17) gnutls haproxy (2.4.8+git0.d1f8d41e0 -> 2.5.0+git0.f2e0833f1) libarchive libimagequant (2.15.1 -> 2.17.0) python-charset-normalizer (2.0.7 -> 2.0.8) python38 python38-core tpm2.0-abrmd xmlsec1 (1.2.32 -> 1.2.33) === Details === ==== audit-secondary ==== Subpackages: audit python3-audit system-group-audit - Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch ==== bash ==== Version update (5.1.8 -> 5.1.12) - Update bash 5.1 to patch level 12 * Add official patch bash51-009 The bash malloc implementation of malloc_usable_size() does not follow the specification. This can cause library functions that use it to overwrite memory bounds checking. * Add official patch bash51-010 If `wait -n' is interrupted by a trapped signal other than SIGINT, it does not completely clean up state, and that can prevent subsequent calls to `wait -n' from working correctly. * Add official patch bash51-011 When reading a compound assignment, and running it through the parser to split it into words, we need to save and restore any alias we're currently expanding. * Add official patch bash51-012 There is a possible race condition that arises when a child process receives a signal trapped by the parent before it can reset the signal dispositions. The child process is not supposed to trap the signal in this circumstance. - Using package bash-sh instead of the update-alternative mechanism. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - Removed libalternatives machanism. Using direct link from /usr/bin/busybox to /usr/bin/sh. The package is conflicting with the new packages bash-sh which has a link for /usr/bin/sh too. - Use libalternatives instead of update-alternatives. ==== containers-systemd ==== Version update (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae) - Update to version 0.0+git20211129.1b144ae: * Add roundcube files ==== efibootmgr ==== Version update (14 -> 17) - Update to v17: * use efivar's logging facility more (more info in -v2 , -v3, etc) * Various bug fixes * Better -e parsing * fix pkg-config invocation for ldflags * Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does * make --loader default build-time configurable * sanitize set_mirror()/get_mirror() * Add support for parsing loader options as UCS2 * GCC 7 fixes * Don't use -fshort-wchar since we don't run on EFI machines. - Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed) - Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch (upstreamed) - Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch (upstreamed) - Drop MARM-sanitize-set_mirror.diff (upstreamed) - Drop efibootmgr-derhat.diff (upstreamed) - Rebase efibootmgr-delete-multiple.diff ==== gnutls ==== - Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans). ==== haproxy ==== Version update (2.4.8+git0.d1f8d41e0 -> 2.5.0+git0.f2e0833f1) - Update to version 2.5.0+git0.f2e0833f1: https://www.mail-archive.com/haproxy@formilux.org/msg41508.html - refreshed patches to apply cleanly again haproxy-1.6.0-sec-options.patch haproxy-1.6.0_config_haproxy_user.patch lua54.patch ==== libarchive ==== - fix permission settings on following symlinks (fix-following-symlinks.patch) this fixes also wrong permissions of /var/tmp in factory systems ==== libimagequant ==== Version update (2.15.1 -> 2.17.0) - update to 2.17.0: * Do not build as unversioned DSO * use float as in SSE * Initialize rows using heap to handle large images * Free rows after remapping * Disable SSE on arm64 ==== python-charset-normalizer ==== Version update (2.0.7 -> 2.0.8) - update to 2.0.8: * Improvement over Vietnamese detection * MD improvement on trailing data and long foreign (non-pure latin) * Efficiency improvements in cd/alphabet_languages * call sum() without an intermediary list following PEP 289 recommendations * Code style as refactored by Sourcery-AI * Minor adjustment on the MD around european words * Remove and replace SRTs from assets / tests * Initialize the library logger with a `NullHandler` by default * Setting kwarg `explain` to True will add provisionally * Fix large (misleading) sequence giving UnicodeDecodeError * Avoid using too insignificant chunk * Add and expose function `set_logging_handler` to configure a specific StreamHandler - require lower-case name instead of breaking build - Use lower-case name of prettytable package ==== python38 ==== - Remove shebangs from from python-base libraries in _libdir (bsc#1193179). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Remove shebangs from from python-base libraries in _libdir (bsc#1193179). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ==== tpm2.0-abrmd ==== Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_tpm2-abrmd.service.patch ==== xmlsec1 ==== Version update (1.2.32 -> 1.2.33) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - update to 1.2.33: * Fix decrypting session key for two recipients * Added --privkey-openssl-engine option to enhance openssl engine support