Packages changed: audit (3.0.6 -> 3.0.9) audit-secondary (3.0.6 -> 3.0.9) elfutils elfutils-debuginfod fuse3 (3.13.1 -> 3.14.0) permissions (1599_20221220 -> 1599_20230217) psmisc python-zope.event (4.5.0 -> 4.6) shadow tree (2.0.4 -> 2.1.0) vim xen === Details === ==== audit ==== Version update (3.0.6 -> 3.0.9) Subpackages: libaudit1 libauparse0 - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ==== audit-secondary ==== Version update (3.0.6 -> 3.0.9) Subpackages: audit python3-audit system-group-audit - Replace transitional %usrmerged macro with regular version check (boo#1206798) - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ==== elfutils ==== Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Fix build with libcurl version 7.88.0 for various deprecated constants. Add patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch - Add support-DW_TAG_unspecified_type.patch that fixes PR30047. ==== elfutils-debuginfod ==== Subpackages: debuginfod-profile libdebuginfod1 - Fix build with libcurl version 7.88.0 for various deprecated constants. Add patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch - Add support-DW_TAG_unspecified_type.patch that fixes PR30047. ==== fuse3 ==== Version update (3.13.1 -> 3.14.0) Subpackages: libfuse3-3 - Update to release 3.14 * Split config.h into private and public config - Delete 0001-Split-config.h-into-private-and-public-config.patch (merged). ==== permissions ==== Version update (1599_20221220 -> 1599_20230217) Subpackages: chkstat permissions-config - Update to version 20230217: * shadow: newgidmap,newuidmap: use capabilities (bsc#1208309) * profiles: whitelist kismet capabilities (bsc#1200954) (#171) ==== psmisc ==== Subpackages: psmisc-lang - allow to switch off Apparmor support via bcond ==== python-zope.event ==== Version update (4.5.0 -> 4.6) - update to 4.6: * Port documentation to Python 3. * Add support for Python 3.10, 3.11. ==== shadow ==== Subpackages: libsubid4 login_defs - Update shadow-fix-print-login-timeout.patch - Reorder source files and patches - Remove scripts that claim to be config but are in /usr (boo#1191578) * userdel-script.patch * useradd-script.patch * useradd.local * userdel-post.local * userdel-pre.local ==== tree ==== Version update (2.0.4 -> 2.1.0) - tree 2.1.0: * Add support for --info and --gitignore for the --fromfile option. (Suggested by Piotr Andruszkow) * Add options --infofile and --gitfile to load .info and .gitignore files explicitly. Each implies --info or --gitignore respectively. * Add NULL guard for json_printinfo() and xml_printinfo() (and fix ftype printing for XML) (Kenta Arai) * Fix getcharset() to not return a getenv() pointer (fix for ENV34-C issue.) (Kenta Arai) * Another attempt at fixing extraneous /'s in HTML URLs/output. (Sebastian Rose) * Fixed XML output (Dave Rice) * Remove the (very outdated) French version of the manpage. Look to localization projects such as Debian's 'manpages-l10n' for localized translations. (hmartink) * Add support for the NO_COLOR environment variable (https://no-color.org/). Equivalent to the -n option (can be still be overridden with -C). (Timm Fitschen) * Removed many C99isms to enable compiling on C90 compilers with fewer warnings. (Sith Wijesinghe and Matthew Sessions) It should not be necessary to avoid using a standard that is old enough to drink, furthermore it is all but impossible to remove the remaining warnings and have modern features like compound literals. In the meantime I've added - std=c11 to the default CFLAGS for Linux and will likely not worry about C90 compatibility going forward unless there is some other reason for it. * Added a helper function for long command line arguments to clean up option processing (and fixes the processing for a few of the options such as - -timefmt= (наб?).) * Added --hintro and --houtro options to select files to use as the HTML intro and outro. Use /dev/null or an empty file to eliminate them entirely. This should make it much easier to create your own custom CSS or embed one or more trees into a web page. * Defer printing the version until the character set is known so we can use the linedraw copyright symbol. * Revert change to the error code to not return an error (code 2) when attempting to list a non-directory that actually exists. Tree will still return an error when attempting to list a non-existing directory/file. * Added option --fflinks which will process symbolic link information from a file generated with 'tree -if --noreport' when using --fromfile. (Suggested by Chentao Credungtao) * Updated the totals reporting code to also include in the total the file or directory that is being listed. This should make a correct report when doing something like 'tree *'. ==== vim ==== Subpackages: vim-data vim-data-common vim-small - Add patch vim-fix-sh-syntax.patch which fixes broken sh syntax. ==== xen ==== - bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return Address Predictions (XSA-426) 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch