Packages changed: cifs-utils (6.15 -> 7.0) exim libXmu (1.1.3 -> 1.1.4) libpciaccess (0.16 -> 0.17) libxkbfile (1.1.0 -> 1.1.1) libxslt (1.1.34 -> 1.1.37) mozilla-nspr (4.34.1 -> 4.35) mozilla-nss (3.82 -> 3.83) python-gevent (21.12.0 -> 22.10.1) vacation virt-viewer === Details === ==== cifs-utils ==== Version update (6.15 -> 7.0) - Update cifs-utils to 7.0 * cifs-utils: don't return uninitialized value in cifs_gss_get_req * cifs-utils: make GSSAPI usage compatible with Heimdal * cifs-utils: work around missing krb5_free_string in Heimdal * fix warnings for -Waddress-of-packed-member * setcifsacl: fix memory allocation for struct cifs_ace * setcifsacl: fix comparison of actions reported by covscan * cifs.upcall: remove unused variable and fix syslog message * cifs.upcall: Switch to RFC principal type naming * man-pages: Update cifs.upcall to mention GSS_USE_PROXY * cifs.upcall: fix compiler warning * cifs.upcall: add gssproxy support * remove cifs-utils-6.15.tar.bz2 * remove cifs-utils-6.15.tar.bz2.asc * add cifs-utils-7.0.tar.bz2 * add cifs-utils-7.0.tar.bz2.asc ==== exim ==== - add patch-cve-2022-3559 (fixes CVE-2022-3559, bsc#1204427, Bug 2915) ==== libXmu ==== Version update (1.1.3 -> 1.1.4) Subpackages: libXmu6 libXmuu1 - Update to version 1.1.4 This release includes two notable changes to XmuConvertStandardSelection(): 1) It no longer supports XA_IP_ADDRESS, which only supported IPv4 addresses and simply provided the output of gethostbyname() on the local hostname. 2) XA_OWNER_OS no longer reports "BSD" for any Unix-like OS (including Linux) that it hadn't been coded to handle, instead relying on uname() where available to provide the OS name. The lack of bug reports about the previously misleading output for these suggests they're not widely used, with codesearch.debian.net only finding matches in libXmu and the rust bindings to libXmu, and not any consumers of these interfaces. ==== libpciaccess ==== Version update (0.16 -> 0.17) - Update to version 0.17 * Fix spelling/wording issues * meson: install man page in mandir/man1/, not mandir/1/ * gitlab CI: add a basic build test for both autotools and meson * gitlab CI: stop requiring Signed-off-by in commits * configure.ac: Use pkg-config to find zlib dependency info * Obtain correct value of is_64 and is_prefetchable PCI device fields * hurd_pci: Use __pci_conf_ variants of pci_conf_ * x86: Use gnumach device instead of /dev/mem on GNU systems && factorise ifdefs * x86: Remove mapping of regions during probe - otherwise remapping later fails * x86: Remove probe during create, other backends don't do this * hurd: device_open(pci), /servers/bus/pci fallback * x86: Sort devices by B/D/F due to recursive scan * hurd: Don't necessarily look up _SERVERS_BUS_PCI * Add a meson build system * autoconf: Add meson files to dist tarball * pciaccess.pc.in: add Libs.Private * Hurd: avoid using the deprecated RPC pci_get_ndevs() * hurd: Implement device memory mapping * Hurd: Fix initialization order * Add pci_device_disable() function * missed library installation in meson * hurd: Add missing round up size in map_dev_mem * hurd: Fix letting map_dev_mem map anywhere * hurd: Fix map_dev_mem from non-zero address * hurd: Restore initialization order * hurd: Fix pci_device_hurd_map_legacy * Add support for building on macOS w/o X11, using endian code from "portable_endian.h"... * Add parentheses to the macro definition * pci_sys set NULL after free * Add header protection macro in linux_devmem.h * Delete redundant symbols ';' - switched to meson build system ==== libxkbfile ==== Version update (1.1.0 -> 1.1.1) - Update to version 1.1.1 * Use strndup if available to avoid -Wstringop-overflow warning from gcc 9 * Convert check for strcasecmp to normal autoconf style * Fix spelling/wording issues * gitlab CI: add a basic build test * fix an off-by-one error in copying the name of a virtual modifier * Escape non-printable characters correctly * unifdef NOTYET * Fix check for appending '|' character when applying rules ==== libxslt ==== Version update (1.1.34 -> 1.1.37) Subpackages: libexslt0 libxslt-tools libxslt1 - Update to version 1.1.37: * Improvements: + Don't use deprecated libxml2 macros + Don't mess with xmlDefaultSAXHandler * Build system: + Require automake-1.16.3 or later + Remove generated files from distribution + Add missing compile definition for static builds to Autotools - Update to 1.1.36: * Removals and deprecations + Remove SVN keyword anchors + Remove CVS and SVN-related code + Remove README.cvs-commits + Remove ChangeLog + Remove xsltwin32config.h * Improvements + Simplify xsltexports.h and exsltexports.h + Don't overlink executables with gcrypt + Fix quadratic behavior with variables and parameters + Remove case labels with XPointer location types + Add configure~ to .gitignore + Stop calling deprecated libxml2 functions * Portability + Use portable python shebangs (David Seifert) + Remove useless __CYGWIN__ checks + Remove cruft from win32config.h + crypto.c: Silence a compiler warning on Windows (Chun-wei Fan) * Build system + Add missing compile definition for static builds to CMake + Avoid obsolescent `test -a` constructs (David Seifert) + Only link libxml2 statically in purely static build + Set AC_CONFIG_MACRO_DIR + Allow AM_MAINTAINER_MODE to be disabled + Streamline and fix documentation installation + Don't try to recreate COPYING symlink + Remove special configuration for certain maintainers + configure.ac: produce tar.xz only (GNOME policy) (David Seifert) + Detect libm using libtool's macros (David Seifert) + configure.ac: disable static libraries by default (David Seifert) + python/Makefile.am: nest python docs in $(docdir) (David Seifert) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) + configure.ac: remove useless AC_SUBST (David Seifert) + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) + Change libxml2 Python config + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove --with-html-dir option + Also check for glibtoolize in autogen.sh + Rework documentation build system + Remove old website + CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan) + Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin) + Remove special configuration for old maintainers * Test suite, CI + Remove test involving XPointer range-to function + Test recursion in EXSLT dynamic functions + Add CI job for static build * Documentation + Move tutorial images - Update to version 1.1.35: * Security fixes: + [CVE-2021-30560] Use-after-free in xsltApplyTemplates; + A couple of memory leak and a double-free fixes. * A couple of regression fixes. * Many bug fixes. * New xsltproc --huge option, provided by libxml XML_PARSE_HUGE. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxslt 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.\ news - Switch libxml2-devel package with its pkgconfig module counterpart (libxml-2.0) to align with CONFIGURE script's checks. - Add fdupes build requirement/macro to hard-link duplicate files in the DATADIR inside the buildroot. - Add explicit 'gcc' build requirement to align with CONFIGURE checks. - Update http://xmlsoft.org URL tag to Libxslt's new web home: https://gitlab.gnome.org/GNOME/libxslt. - Update ftp://xmlsoft.org Source tag to Libxslt's new download host: https://download.gnome.org. - Drop no longer needed/used libgpg-error-devel. Note that despite 'lgpg-error' being linked against some libraries, there's no automatic generation of run-time requirements on libgpg-error* symbols our build system. And there's no mention of gpg-error in the whole source tarball at all. - Drop no longer needed explicit libtool build requirement and `autoreconf` call in build section since we don't touch the build system scripts nor use checked out git trees anymore. - Drop libxslt.keyring source file as the new download host doesn't offer GPG signatures. - Drop fixed upstream patches: libxslt-config-fixes.patch (glgo#GNOME/libxslt!3); libxslt-Stop-using-maxParserDepth-XPath-limit.patch; libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch; and Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch. - Use ldconfig_scriptlets macro for post(un) handling of ldconfig calls. ==== mozilla-nspr ==== Version update (4.34.1 -> 4.35) - update to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture ==== mozilla-nss ==== Version update (3.82 -> 3.83) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.83 * bmo#1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * bmo#1563221 - remove older oses that are unused part3/ BeOS * bmo#1563221 - remove older unix support in NSS part 3 Irix * bmo#1563221 - remove support for older unix in NSS part 2 DGUX * bmo#1563221 - remove support for older unix in NSS part 1 OSF * bmo#1778413 - Set nssckbi version number to 2.58 * bmp#1785297 - Add two SECOM root certificates to NSS * bmo#1787075 - Add two DigitalSign root certificates to NSS * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS * bmo#1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * bmo#1779361 - Removed skipping of ECH on equality of private and public server name * bmo#1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test * bmo#1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * bmo#1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * bmo# 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * bmo#1771100 - Update BoGo tests to recent BoringSSL version * bmo#1785846 - Bump minimum NSPR version to 4.34.1 ==== python-gevent ==== Version update (21.12.0 -> 22.10.1) - update to 22.10.0: * Update bundled libuv to 1.44.2. See :issue:`1913`. * Upgrade embedded c-ares to 1.18.1. * Upgrade bundled libuv to 1.42.0 from 1.40.0. * Added preliminary support for Python 3.11 (rc2 and later). Some platforms may or may not have binary wheels at this time. .. important:: Support for legacy versions of Python, including 2.7 and 3.6, will be ending soon. The maintenance burden has become too great and the maintainer's time is too limited. Ideally, there will be a release of gevent compatible with a final release of greenlet 2.0 that still supports those legacy versions, but that may not be possible; this may be the final release to support them. :class:`gevent.threadpool.ThreadPool` can now optionally expire idle threads. This is used by default in the implicit thread pool used for DNS requests and other user-submitted tasks; other uses of a thread-pool need to opt-in to this. See :issue:`1867`. * Truly disable the effects of compiling with ``-ffast-math``. ==== vacation ==== - Add vacation-1.2.7.1-nogecos.patch to strip GECOS field of most info ==== virt-viewer ==== - bsc#203689 - [tw 20220921] remote-viewer fails to start: libsoup3 symbols detected. virt-viewer.spec