Packages changed: bind (9.18.27 -> 9.20.0) emacs gnutls (3.8.5 -> 3.8.6) kdump (2.0.7 -> 2.0.9) lua54 (5.4.6 -> 5.4.7) ncurses (6.5.20240629 -> 6.5.20240713) openSUSE-release (20240725 -> 20240726) openssl-3 powerdevil6 python-pyOpenSSL (24.1.0 -> 24.2.1) qemu (9.0.1 -> 9.0.2) rsyslog (8.2306.0 -> 8.2406.0) salt xdg-utils xfce4-screenshooter (1.10.6 -> 1.11.0) yast2-kdump (5.0.0 -> 5.0.1) === Details === ==== bind ==== Version update (9.18.27 -> 9.20.0) Subpackages: bind-doc bind-utils - Update to new major version 9.20.0 For a complete list of all changes see: * https://bind9.readthedocs.io/en/v9.20.0/notes.html * The CHANGES file in the source RPM Some noteworthy changes: * Added new BuildRequires liburcu for lock free data structures. * A new DNSSEC tool dnssec-ksr has been added to create Key Signing Request (KSR) and Signed Key Response (SKR) files. * /etc/bind.keys and /var/lib/named/named.root.key have been removed as the correct defaults are pre-compiled and there is no need to configure bind.keys manually. * The functions that were in the libbind9 shared library have been moved to the libisc and libisccfg libraries. The now-empty libbind9 has been removed and is no longer installed. * The irs_resconf module has been moved to the libdns shared library. The now-empty libirs library has been removed and is no longer installed. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) [bsc#1228255] * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) [bsc#1228256] * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) [bsc#1228257] * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) [bsc#1228258] ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Use simple trusted members of the group games (boo#1228058) - Split off the emacs-games package for score handling (boo#1227737) - Implement setgid based score handling - The xauth patch should ignore any locking at read time as otherwise emacs server might hang - Provide support of ELPA systemwide installations to OBS ==== gnutls ==== Version update (3.8.5 -> 3.8.6) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Update to 3.8.6: * libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12 To be compliant with FIPS 140-3, PKCS#12 files with MAC based on PBKDF2 (PBMAC1) is now supported, according to the specification proposed in draft-ietf-lamps-pkcs12-pbmac1. * libgnutls: SHA3 extendable output functions (XOF) are now supported SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new public API gnutls_hash_squeeze. * API and ABI modifications: - gnutls_pkcs12_generate_mac3: New function - gnutls_pkcs12_flags_t: New enum - gnutls_hash_squeeze: New function * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-jitterentropy.patch ==== kdump ==== Version update (2.0.7 -> 2.0.9) - upgrade to version 2.0.9 * start kdump-early earlier using DefaultDependencies=no * fadump: avoid re-registration if kernel is hotplug ready * mkdumprd: use pbl to get default kernel version (boo#1226676) ==== lua54 ==== Version update (5.4.6 -> 5.4.7) - Update to version 5.4.7: * Fixed 11 bugs from 5.4.6 * Tests now run on shared libraries - Removed skip-tests_big-endian.patch: fixed upstream ==== ncurses ==== Version update (6.5.20240629 -> 6.5.20240713) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240713 + modify misc/ncurses-config.in, improved match with pkg-config output. - Add ncurses patch 20240706 + update configure script to use macro changes from dialog. + modify CF_NCURSES_PTHREADS to avoid equating package and library names. ==== openSUSE-release ==== Version update (20240725 -> 20240726) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Build with no-afalgeng [bsc#1226463] - Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Build with enabled sm2 and sm4 support [bsc#1222899] ==== powerdevil6 ==== Subpackages: powerdevil6-lang - Add patch to fix crash on display wake up (kde#490356, kde#490421): * 0001-daemon-Don-t-leave-dangling-Action-pointers-in-idle-.patch ==== python-pyOpenSSL ==== Version update (24.1.0 -> 24.2.1) - 24.2.1: * Deprecated OpenSSL.crypto.X509Req, OpenSSL.crypto.load_certificate_request, OpenSSL.crypto.dump_certificate_request. Instead, cryptography.x509.CertificateSigningRequest,s cryptography.x509.CertificateSigningRequestBuilder,s cryptography.x509.load_der_x509_csr,s or cryptography.x509.load_pem_x509_csr should be used. * Added type hints for the SSL module. #1308. * Changed OpenSSL.crypto.PKey.from_cryptography_key to accept public and private EC, ED25519, ED448 keys ==== qemu ==== Version update (9.0.1 -> 9.0.2) Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - roms: Build ipxe with NO_WERROR=1 (bsc#1227960) - Update to version 9.0.2: Full list of backports here: https://lore.kernel.org/qemu-devel/1718081053.366429.1238758.nullmailer@tls.msk.ru/ A selection of them is reported here too: hw/nvme: fix number of PIDs for FDP RUH update sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments char-stdio: Restore blocking mode of stdout on exit virtio: remove virtio_tswap16s() call in vring_packed_event_read() virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one() tcg/optimize: Fix TCG_COND_TST* simplification of setcond2 block: Parse filenames only when explicitly requested iotests/270: Don't store data-file with json: prefix in image iotests/244: Don't store data-file with protocol in image qcow2: Don't open data_file with BDRV_O_NO_IO tests: add testing of parameter=3D1 for SMP topology (bsc#1228169) hw/core: allow parameter=3D1 for SMP topology on any machine ... ==== rsyslog ==== Version update (8.2306.0 -> 8.2406.0) - Upgrade to rsyslog 8.2406.0 -patches replaced by upgrade (see details in upgrade logs below) 0001-use-logind-instead-of-utmp-for-wall-messages-with-sy.patch * 2023-11-29: Revert "Update omlibdbi.c" * 2023-11-21: imkmsg: add params "readMode" and "expectedBootCompleteSeconds" * 2023-11-10: testbench: fix "typo" in test case * 2023-11-08: omazureeventhubs: Corrected handling of transport closed failures * 2023-10-31: imkmsg: add module param parseKernelTimestamp * 2023-11-03: imfile: remove state file on file delete fix * 2023-10-30: imklog bugfix: keepKernelTimestamp=off config param did not work * 2023-10-30: Netstreamdriver: deallocate certificate related resources * 2023-10-20: TLS subsystem: add remote hostname to error reporting * 2023-10-21: Fix forking issue do to close_range call * 2023-10-23: replace debian sample systemd service file by readme * 2023-10-20: testbench: bump zookeeper version to match current offering * 2023-10-20: Update rsyslog.service sample unit to the latest version used in Debian Trixie * 2023-10-20: Only keep a single rsyslog.service for Debian * 2023-10-20: Remove no longer used --with-systemdsystemunitdir configure switch * 2023-10-18: use logind instead of utmp for wall messages with systemd - replaces 0001-use-logind-instead-of-utmp-for-wall-messages-with-sy.patch * 2023-10-11: Typo fixes * 2023-10-11: Drop CAP_IPC_LOCK capability * 2023-10-04: Add CAP_NET_RAW capability due to the omudpspoof module * 2023-10-03: Add new global config option "libcapng.enable" * 2023-10-02: tcp net subsystem: handle data race gracefully * 2023-08-31: Avoid crash on restart in imrelp SIGTTIN handler * 2023-09-26: fix startup issue on modern systemd systems * 2023-09-14: Fix misspeling in message. * 2023-09-13: tcpflood bugfix: plain tcp send error not properly reported * 2023-09-12: omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * 2023-08-02: testbench: cleanup and improve some more imfile tests * 2023-08-02: lookup tables: fix static analyzer issue * 2023-08-02: lookup tables bugfix: reload on HUP did not work when backgrounded * 2023-07-28: CI: fix and cleaup github workflow * 2023-03-07: imjournal: Support input module * 2023-07-28: testbench: make test more reliable * 2023-07-28: tcpflood: add -A option to NOT abort when sending fails * 2023-07-28: tcpflood: fix today's programming error * 2023-07-28: openssl: Replaced depreceated method SSLv23_method with TLS_method * 2023-07-27: testbench improvement: define state file directories for imfile tests * 2023-07-28: testbench: cleanup a test and some nitfixes to it * 2023-07-27: tcpflood bugfix: TCP sending was not implemented properly * 2023-07-26: testbench: make waiting for HUP processing more reliable * 2023-07-25: build system: make rsyslogd execute when --disable-inet is configured * 2023-07-25: CI: update zookeper download to newer version * 2023-07-10: ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * 2023-07-11: ossl: Fix CRL File Expire from 1 day to 100 years. * 2023-07-06: PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * 2022-05-13: omazureeventhubs: Initial implementation of new output module * 2023-07-03: TLS CRL Support Issue 5081 * 2023-06-29: action.resumeintervalmax: the parameter was not respected * 2023-06-28: IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * 2023-05-15: Add the 'batchsize' parameter to imhiredis * 2023-06-28: Clear undefined behavior in libgcry.c (GH #5167) * 2023-06-22: Do not try to drop capabilities when we don't have any * 2023-06-22: testbench: use newer zookeeper version in tests * 2023-06-22: build system: more precise error message on too-old lib * 2023-05-17: Fix quoting for omprog, improg, mmexternal ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Fix rich rule comparison in firewalld module (bsc#1222684) - Added: * firewalld-normalize-new-rich-rules-before-comparing-.patch ==== xdg-utils ==== - Separate xdg-screensaver into a subpackage to isolate Perl dependency (bsc#1216537). ==== xfce4-screenshooter ==== Version update (1.10.6 -> 1.11.0) Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin - Add BuildRequires to enable Wayland support. - Update to 1.11.0 * Drop built-in support for imgur * Drop jobs-related code * Drop libsoup dependency * Use XDG_DATA_HOME in imgur-upload.sh * Make sure screenshot is copied to clipboard before closing (!56) * Add more tests * build: clang: Silence -Wcast-align * Translation Updates ==== yast2-kdump ==== Version update (5.0.0 -> 5.0.1) - Do not suggest Kdump if Systemd-Boot is used. Kdump is not stable if Systemd-Bootloader is used. (bsc#1226676, bsc#1228242) - 5.0.1