Packages changed: CoreFreq (1.94.3_k6.1.7_1 -> 1.95.1_k6.1.7_1) binutils exiv2 (0.27.5 -> 0.27.6) fetchmail gnutls hidapi (0.13.0 -> 0.13.1) ibus-libzhuyin (1.10.1 -> 1.10.2) libgit2 (1.5.0 -> 1.5.1) liburing (2.2 -> 2.3) man-pages-ja (20221215 -> 20230115) miniupnpc (2.2.2 -> 2.2.4) postfix python-future (0.18.2 -> 0.18.3) python-pbr (5.11.0 -> 5.11.1) python-requests (2.28.1 -> 2.28.2) python-urllib3 (1.26.13 -> 1.26.14) rubygem-rack-2.2 (2.2.4 -> 2.2.6.2) rubygem-rack (3.0.2 -> 3.0.4.1) thunar xfce4-notifyd (0.7.1 -> 0.7.2) === Details === ==== CoreFreq ==== Version update (1.94.3_k6.1.7_1 -> 1.95.1_k6.1.7_1) - update to 1.95.1: * [Intel] RPL: voltage of Pcore, Ecore, System Agent * [Intel] RPL and ADL Chipset device IDs * [Intel] Decode the RPL IMC and improve DDR5 support * [Build] Raise `MAX_FREQ_HZ` up to 7125000000 Hertz * [Intel] Mobile {Coffee Lake, Kaby Lake} codenames * [Intel] Braswell codename detection * [AMD] SYSCFG Register * [AMD] EPYC 9654 * [AMD] Transparent SME * [AMD] DRAM Data Scrambling * [AMD] Adding "Barcelo R" and "Rembrandt R" ==== binutils ==== Subpackages: gprofng libctf-nobfd0 libctf0 - fix build on x86_64_vX platforms - Add binutils-maxpagesize.diff for a problem on old code streams, where we would generate too large binaries. - s390-pic-dso.diff: use %pB instead of %B - SLE toolchain update of binutils. Update to 2.39 from 2.37, which means obsoleting and hence removing these patches: binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff, binutils-add-z16-name.diff. Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033, jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031, jsc#SLE-25047] - This fixes these CVEs relative to 2.37: [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648 [bsc#1193929] aka PR28694 aka CVE-2021-45078 [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195 [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943 [bsc#1202966] aka PR29289 aka CVE-2022-38126 [bsc#1202967] aka PR29290 aka CVE-2022-38127 [bsc#1202969] aka CVE-2021-3826 - add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962) - Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533 [bsc#1202816] ==== exiv2 ==== Version update (0.27.5 -> 0.27.6) - update to 0.27.6: * Add Nikon3.WhiteBalanceBias2 * Add Nikon LensData v0802 * Add some F mount lenses * Initial support for OM System MakerNote * Add Sony ARW compression to dict * Exif start can be at any byte in payload, not word aligned * Fix exception type when writing BMFF file * Add more MIME type mappings for TIFF-based raws * Fix naming of canon EF 35-80mm * Replace assert with enforce * PNG: always strip the existing iCCP chunk * Account for header bytes for Exif and XMP boxes * Fix Integer overflow in Photoshop::setIptcIrb * Fix Integer-overflow in sumToLong * Fix out of bounds read in isValidBoxFileType() * Fix in Jp2 metadata writing & improvements in reading * Strip XMP raw packet before decoding * Add tiff tags * Add more DNG 1.6 tags * Fix bug in iterating over the elements of dateStrings * Use memmove in TiffEncoder::updateDirEntry * Treat Exif.Sony1.PreviewImage as undefined tag ==== fetchmail ==== Subpackages: fetchmailconf - disable opie support ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] * Add gnutls-FIPS-140-3-references.patch - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch ==== hidapi ==== Version update (0.13.0 -> 0.13.1) - update to 0.13.1: * hidraw: fix invalid read past the UDEV buffer ==== ibus-libzhuyin ==== Version update (1.10.1 -> 1.10.2) - update to 1.10.2: * bug fixes ==== libgit2 ==== Version update (1.5.0 -> 1.5.1) - update to 1.5.1: * This is a security release to address CVE-2023-22742: when compiled using the optional, included libssh2 backend, libgit2 fails to verify SSH keys by default. boo#1207364 * When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. ==== liburing ==== Version update (2.2 -> 2.3) - add 0001-test-helpers-fix-socket-length-type.patch fixes tests on big endian - update to 2.3: * Support non-libc build for aarch64. * Add io_uring_{enter,enter2,register,setup} syscall functions. * Add sync cancel interface, io_uring_register_sync_cancel(). * Fix return value of io_uring_submit_and_wait_timeout() to match the man page. * Improvements to the regression tests * Add support and test case for passthrough IO * Add recv and recvmsg multishot helpers and support * Add documentation and support for IORING_SETUP_DEFER_TASKRUN * Fix potential missing kernel entry with IORING_SETUP_IOPOLL * Add support and documentation for zero-copy network transmit * Various optimizations * Many cleanups * Many man page additions and updates - drop handle-eintr.patch, test-xattr-don-t-rely-on-NUL-termination.patch: upstream ==== man-pages-ja ==== Version update (20221215 -> 20230115) - update to version 20230115 * Improved and updated manual pages ==== miniupnpc ==== Version update (2.2.2 -> 2.2.4) - update to 2.2.4: * upnpc: use of @ to replace local lan address * python module : Allow to specify the root description url * Change directory structure : include/ and src/ directories. - drop makefile-deps-fix.patch (upstream) ==== postfix ==== - Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227). ==== python-future ==== Version update (0.18.2 -> 0.18.3) - update to 0.18.3: * Backport fix for bpo-38804 (c91d70b) * Fix bug in fix_print.py fixer (dffc579) * Fix bug in fix_raise.py fixer (3401099) * Fix newint bool in py3 (fe645ba) * Fix bug in super() with metaclasses (6e27aac) * docs: fix simple typo, reqest -> request (974eb1f) * Correct eq (c780bf5) * Pass if lint fails (2abe00d) * fix order (f96a219) * Add flake8 to image (046ff18) * Make lint.sh executable (58cc984) * Add docker push to optimize CI (01e8440) * Build System (42b3025) * Add docs build status badge to README.md (3f40bd7) * Use same docs requirements in tox (18ecc5a) * Add docs/requirements.txt (5f9893f) * Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247) * fix 2.6 test, better comment (ddedcb9) * fix 2.6 test (3f1ff7e) * remove nan test (4dbded1) * include list test values (e3f1a12) * fix other python2 test issues (c051026) * fix missing subTest (f006cad) * import from old imp library on older python versions (fc84fa8) * replace fstrings with format for python 3.4,3.5 (4a687ea) * minor style/spelling fixes (8302d8c) * improve cmp function, add unittest (0d95a40) * Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b) * Fix various py26 unit test failures (9ca5a14) * Add initial contributing guide with docs build instruction (e55f915) * Add docs building to tox.ini (3ee9e7f) * Support NumPy's specialized int types in builtins.round (b4b54f0) * Added r""" to the docstring to avoid warnings in python3 (5f94572) * Add subclasscheck for past.types.basestring (c9bc0ff) * Correct example in README (681e78c) * Add simple documentation (6c6e3ae) * Add pre-commit hooks (a9c6a37) * Handling of next and next by future.utils.get_next was reversed (52b0ff9) * Add a test for our fix (461d77e) * Compare headers to correct definition of str (3eaa8fd) * Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9) * Add tkFileDialog to future.movers.tkinter (f6a6549) * Sort before comparing dicts in TestChainMap (6126997) * Fix typo (4dfa099) * Fix formatting in "What's new" (1663dfa) * Fix typo (4236061) * Avoid DeprecationWarning caused by invalid escape (e4b7fa1) * Fixup broken link to external django documentation re: porting to Python 3 and unicode_literals (d87713e) * Fixed newdict checking version every time (99030ec) * Add count from 2.7 to 2.6 (1b8ef51) - drop CVE-2022-40899.patch (upstream) ==== python-pbr ==== Version update (5.11.0 -> 5.11.1) - update to 5.11.1: * Run PBR integration on Ubuntu Focal too * Remove numpy dependencies * Tie recursion calls to Dist object, not module * Update tox.ini to work with tox 4 ==== python-requests ==== Version update (2.28.1 -> 2.28.2) - update to 2.28.2: - Requests now supports charset\_normalizer 3.x. - Updated MissingSchema exception to suggest https scheme rather than http. - drop requests-allow-charset-normalizer-3.patch (upstream) ==== python-urllib3 ==== Version update (1.26.13 -> 1.26.14) - update to 1.26.14: * Fixed parsing of port 0 (zero) returning None, instead of 0. * Removed deprecated getheaders() calls in contrib module. ==== rubygem-rack-2.2 ==== Version update (2.2.4 -> 2.2.6.2) - updated to version 2.2.6.2 [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) See installed CHANGELOG.md for more changes ==== rubygem-rack ==== Version update (3.0.2 -> 3.0.4.1) updated to version 3.0.4.1 [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) For more detailed information see the installed CHANGELOG.md ==== thunar ==== Subpackages: libthunarx-3-0 thunar-lang - Add switch_pane_shortcut.patch Backport upstream fix for gxo#xfce/thunar#1005 - Add differentiate_zoom_levels_between_view_modes.patch Backport upstream fix for gxo#xfce/thunar#832 ==== xfce4-notifyd ==== Version update (0.7.1 -> 0.7.2) Subpackages: xfce4-notifyd-lang - Update to 0.7.2: * Fix sound proplist memleak when notification isn't shown * Improve sorting in known apps list of settings * Add extra margin in the known app settings * Fix word casing in known app settings * Add ability to exclude specific applications from log * Better, non-quadratic algo for xfce_notify_count_apps_in_log() * Plug memleak in notify_get_from_desktop_file() * Redesign the known apps panel a bit * Remove a few more GTK_CHECK_VERSION call sites * Avoid use-after-free when deleting known app * Improve algo for finding desktop file for known app name * Improve icon loading for known apps list * Don't set invalid icon name in known apps list * Translation Updates