Packages changed: firewalld (1.3.0 -> 1.3.1) glib2-branding-openSUSE gnome-settings-daemon (44.0 -> 44.1) grub2 gtk4 libXft (2.3.7 -> 2.3.8) libXpm (3.5.15 -> 3.5.16) libopenmpt (0.6.9 -> 0.6.10) libstorage-ng (4.5.95 -> 4.5.96) libyui (4.5.0 -> 4.5.1) libyui-ncurses (4.5.0 -> 4.5.1) libyui-ncurses-pkg (4.5.0 -> 4.5.1) libyui-qt (4.5.0 -> 4.5.1) libyui-qt-graph (4.5.0 -> 4.5.1) libyui-qt-pkg (4.5.0 -> 4.5.1) open-iscsi openexr (3.1.6 -> 3.1.7) podman (4.4.4 -> 4.5.0) powerdevil5 publicsuffix (20230226 -> 20230414) python-redis (4.3.3 -> 4.5.4) redis (7.0.8 -> 7.0.11) snapper === Details === ==== firewalld ==== Version update (1.3.0 -> 1.3.1) Subpackages: firewalld-bash-completion firewalld-lang python3-firewall - update to 1.3.1: * fix(fw_nm): use IP interface names for connection lookup (18c8b81) * fix(fw_policy): raise exceptions (5ae9322) * fix(service): include: when used with rich rule (986f0be) * fix(nftables): rich: log: limit was not taking effect (0dc0575) * fix(build): rpm must build all as prerequisite (6896748) * fix: use error codes for FirewallError instances (370e5f2) * fix(ipset): chunk entries when restoring set (8a88855) * fix(applet): allows using KDE network connection editor (29c8ef6) ==== glib2-branding-openSUSE ==== - prefer org.gnome.TextEditor.desktop instead of gedit. patterns-gnome was changed to install TextEditor (boo#1210648). ==== gnome-settings-daemon ==== Version update (44.0 -> 44.1) Subpackages: gnome-settings-daemon-lang - Update to version 44.1: + Build improvements + Power: - Connect to light sensor asynchronously - Initialize check for VM environment earlier + Rfkill: Monitor WwanEnabled property changes properly + Smartcards: Check for the addition of new smartcard readers + Xsettings: Do not force deprecated High Contrast icon theme + Updated translations. - Use autopatch. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix no prep partition error on non-PReP architectures by making the prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489) * 0004-Introduce-prep_load_env-command.patch - Fix the issue of freeing an uninitialized pointer * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Rediff * 0005-export-environment-at-start-up.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ==== gtk4 ==== Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Place English translations in the tools sub-package instead of lang. This should offer translations for the main English locales without the need to install any additional package by default. - Add "file-not-in-%lang" RPM Lint warning to rpmlintrc file for the reason above. - Drop "shlib-policy-name-error" unused filter from rpmlintrc. ==== libXft ==== Version update (2.3.7 -> 2.3.8) - Updat to version 2.3.8 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * add check for missing glyph in XftFontCheckGlyph() * issue 17: libxft-2.3.7: Bold fonts in urxvt missing leftmost pixels * issue 18: Problems with rotated text (monospace font only) ==== libXpm ==== Version update (3.5.15 -> 3.5.16) - update to 3.5.16: * test: skip compressed file tests when --disable-open-zfile is used * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile * configure: correct error message to suggest --disable-open-zfile * open-zfile: Make compress & uncompress commands optional * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * XpmCreateDataFromXpmImage: Fix misleading indentation * parse.c: Wrap FREE_CIDX definition in do { ... } while(0) * parse.c: remove unused function xstrlcpy() * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's * test: Add simple test cases for functions in src/rgb.c * xpmReadRgbNames: constify filename argument * Fix a memleak in ParsePixels error code path ==== libopenmpt ==== Version update (0.6.9 -> 0.6.10) - Update to 0.6.10 * [Bug] File probing and loading results could be inconsistent for SFX files, so that probing could claim that a file is definitely not playable even if it would be. * MOD: VBlank heuristics are now applied to MOD files with M!K! signature. Fixes mod.siedler ii. * NoiseTracker MODs are now always played with VBlank timing. * MED: Add support for default instrument pitch. * MED: Global play transpose value was not considered for MMD0 files. * 669: Reject files with lots of control characters in song message. * mpg123: Update to v1.31.3 (2023-03-19). ==== libstorage-ng ==== Version update (4.5.95 -> 4.5.96) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.96 ==== libyui ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== libyui-ncurses ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== libyui-ncurses-pkg ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== libyui-qt ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== libyui-qt-graph ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== libyui-qt-pkg ==== Version update (4.5.0 -> 4.5.1) - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Remove "--strip" in SPEC file for meson build, so that debuginfo is generated. (from mwilck) (bsc#1210536) ==== openexr ==== Version update (3.1.6 -> 3.1.7) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.7: * Patch release that fixes a build regression on ARMv7, and fixes a build issue with zlib. ==== podman ==== Version update (4.4.4 -> 4.5.0) Subpackages: podman-cni-config - Update to version 4.5.0: * Release v4.5.0 * [CI:DOCS] Final release notes for v4.5.0 * Quadlet - do not set log-driver by default * Return title fields as a list * Bump to v4.5.0-dev * Bump to v4.5.0-RC2 * Final release notes for v4.5.0-RC2 * test/e2e: remove unnecessary SkipIfNetavark() calls * test/e2e: deduplicated network test * docs: update podman-network-create.1 * network create: add --interface-name * test/system/252-quadlet.bats: fix flake * Read kube_generate_type from containers.conf * Debian setup: workaround for runc /dev/char/10:200 bug * pkg/rootless: use catatonit from /usr/libexec/podman * rootless: make sure we only use a single pause process * Use atomic config writing strategy for podman machine config files * Add remaining release notes for v4.5.0-RC2 * GHA: Use version instead of SHA for actions * chore(deps): update dependency containers/automation_images to v20230405 * build: pass env by reference * test: retrofit error message * test/system: expect 12 char for short id * vendor: bump containers/(storage, common, buildah, image) * [skip-ci] Update actions/upload-artifact action to v3 * [skip-ci] Update actions/stale action to v8 * [skip-ci] Update actions/setup-go action to v4 * [skip-ci] Update github/issue-labeler action to v2.6 * Fix up codespell errors * Capitalize all uid,gid and id words that are not options in docs * build(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 in /test/tools * Properly remove the service container during kube down * quadlet: add `UserNS` option key * [CI:DOCS] Release notes for 4.5.0 Part 1 * "podman pull by digest and list --all" test: untag instead of rmi * build(deps): bump golang.org/x/text from 0.8.0 to 0.9.0 * Add renovate.json configuration * CI: postbuild step: skip under nightly treadmill * The `--ulimit` option accepts the name with an `RLIMIT_` prefix both upper and lower case * test/e2e: use custom network config dir where needed * chore: replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml` * update completion scripts for cobra v1.7.0 * libpod.storageService.CreateContainerStorage(): retrieve ID maps * Fix invalid pod name and hostname during kube generate * e2e tests: fix racy flakes * Cirrus: Enable labeling of EC2 VMs * Cirrus: Fix aarch64 clone_script 404 errors * e2e: GinkgoParallelNode() -> ...Process() * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 * [CI:DOCS] --creds and registries * Copr: fix build deps for /usr/bin/envsubst * Don't error when removing non-existant env vars * e2e: healthcheck on stopped container: fix flake * test/apiv2/80-kube.at * test/apiv2/80-kube.at * system service: do not close Body * rm `hack/release.sh` * build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6 * add `quadlet -version` flag * add version/rawversion package * quadlet: use `Flag` suffix for variables * quadlet: implement `Tmpfs` option * Bump to v4.5.0-dev * Bump to 4.5.0-rc1 * Update release notes from 4.4 branch * rootless netns: recover from invalid netns * System tests: unverbosify a flake log * Add support for secret exists * Fix Win install task failures with large PR bodies * docs: add `starting` to `HealthCheckResults.Status` * Add support for cgroup_config from containers.conf * libpod: mount safely subpaths * Support Deployment generation with kube generate * Use secret.items to create volume mounts if present * [CI:DOCS] fix typo in --systemd option * rootless: drop preexec hook error message * Edit the docker wrapper to use the install prefix * Update podman-for-windows.md * Quadlet: RemapUsers documentation fixes * speed up image listing * vendor containers/common@e27c30ee9b1b * fix volume-plugin-test flake * Document building Podman remote on Windows hosts * test/e2e: gpg keep stdout/err attached * auto-update: stop+start instead of restart sytemd units * [CI:DOCS] Improve basic tutorial * Update docs/source/markdown/podman-network.1.md * Add debug to --wait test * fix slirp4netns resolv.conf ip with a userns * Quadlet: add support for keep-id with mapping values * Quadlet E2E test - run quadlet as user generator * sqlite: do not `Ping()` after connecting * Quadlet - treat paths starting with systemd specifiers as absolute * Update docs/source/markdown/podman-kube-play.1.md.in * system tests: use CONTAINERS_CONF_OVERRIDE * implement podman machine set for hyperv * [CI:DOCS] Add network subnets info to network man page ... changelog too long, skipping 332 lines ... - Don't build against EoL go versions, fixes bsc#1210299 ==== powerdevil5 ==== Subpackages: powerdevil5-lang - Cleanup build dependencies: * Remove unused KDELibs4Support and KF5Wayland * Explicitly add KF5Crash, KF5DocTools and KF5Notifications * Update required versions. ==== publicsuffix ==== Version update (20230226 -> 20230414) - Update to version 20230414: * util: gTLD data autopull updates for 2023-04-14T15:13:16 UTC (#1738) * Change - update comments/policy for the French ccTLDs (`.fr`, `.pm`, `.re`, `.tf`, `.wf`, `.yt`) by Administrator (#1732) * New policy for .museum, without all the SLD (Second-Level Domains) (#1729) * Add ladesk.com (#1538) * util: gTLD data autopull updates for 2023-03-18T15:13:12 UTC (#1723) * util: gTLD data autopull updates for 2023-03-08T15:15:40 UTC (#1714) * Additional ngrok domains - more `ngrok.io` from #48 + `ngrok.app` `ngrok-free.app` `ngrok.dev` `ngrok-free.dev` `ngrok.pizza` (#1653) * Add `ie.ua` (#1597) ==== python-redis ==== Version update (4.3.3 -> 4.5.4) - Update to 4.5.4: * Security + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) * New Features + Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588) + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + Made search document subscriptable (#2615) + Sped up the protocol parsing (#2596) + Use hiredis::pack_command to serialized the commands. (#2570) + Add support for unlink in cluster pipeline (#2562) * Bug Fixes + Fixing cancelled async futures (#2666) + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630) + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582) + Replace async_timeout by asyncio.timeout (#2602) + Update json().arrindex() default values (#2611) + Fix #2581 UnixDomainSocketConnection object has no attribute _command_packer (#2583) + Fix issue with pack_commands returning an empty byte sequence (#2416) + Async HiredisParser should finish parsing after a Connection.disconnect() (#2557) + Check for none, prior to raising exception (#2569) + Tuple function cannot be passed more than one argument (#2573) + Synchronise concurrent command calls to single-client to single-client mode (#2568) + Async: added 'blocking' argument to call lock method (#2454) + Added a replacement for the default cluster node in the event of failure. (#2463) + Fixed geosearch: Wrong number of arguments for geosearch command (#2464) - Clean up BuildRequires and Requires. - Disable broken test test_xautoclaim gh#redis/redis-py#2554 - udpate to 4.3.5: * Add support for TIMESERIES 1.8 (#2296) * Graph - add counters for removed labels and properties (#2292) * Add support for TDIGEST.QUANTILE extensions (#2317) * Add TDIGEST.TRIMMED_MEAN (#2300) * Add support for async GRAPH module (#2273) * Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE (#2319) * Adding reserve as an alias for create, so that we have BF.RESERVE and CF.RESERVE accuratenly supported (#2331) * Fix async connection.is_connected to return a boolean value (#2278) * Fix: workaround asyncio bug on connection reset by peer (#2259) * Fix crash: key expire while search (#2270) * Async cluster: fix concurrent pipeline (#2280) * Fix async SEARCH pipeline (#2316) * Fix KeyError in async cluster - initialize before execute multi key commands (#2439) * Supply chain risk reduction: remove dependency on library named deprecated (#2386) * Search test - Ignore order of the items in the response (#2322) * Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335) * Fix TimeSeries range aggregation (twa) tests (#2358) * Mark TOPK.COUNT as deprecated (#2363) - update to 4.3.4: * Fix backward compatibility from 4.3.2 in Lock.acquire() * Fix XAUTOCLAIM to return the full response, instead of only keys 2+ * Added dynamic_startup_nodes configuration to RedisCluster. * Fix retries in async mode * Async cluster: fix simultaneous initialize * Uppercased commands in CommandsParser.get_keys * Late eval of the skip condition in async tests * Reuse the old nodes' connections when a cluster topology refresh is being done * Docs: add pipeline examples * Correct retention_msecs value * Cluster: use pipeline to execute split commands * Docs: Add a note about client_setname and client_name difference ==== redis ==== Version update (7.0.8 -> 7.0.11) - redis 7.0.11 - (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access (boo#1210548) - Add a missing fsync of AOF file in rare cases - Disconnect pub-sub subscribers when revoking allchannels permission - Fix a compiler fortification induced crash when used with link time optimizations - Drop get-old-size-calculations.patch: replaced with proper fix - Added get-old-size-calculations.patch: my workaround for https://github.com/redis/redis/issues/11965 - redis 7.0.10 * CVE-2023-28425: Specially crafted MSETNX command can lead to assertion and denial-of-service (boo#1209528) * Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage * Fix CLIENT REPLY OFF|SKIP to not silence push notifications * Trim excessive memory usage in stream nodes when exceeding `stream-node-max-bytes` * Fix module RM_Call commands failing with OOM when maxmemory is changed to zero - redis 7.0.9 * CVE-2023-25155: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. Previously patched, drop Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch * CVE-2022-36021: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. Previously upatched, drop String-pattern-matching-had-exponential-time-complex.patch * Fix a crash when reaching the maximum invalidations limit of client-side tracking * Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit * Fix possible memory corruption in FLUSHALL when a client watches more than one key * Fix cluster inbound link keepalive time * Flush propagation list in active-expire of writable replicas to fix an assertion * Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC * Avoid realloc to reduce size of strings when it is unneeded * Improve CLUSTER SLOTS reply efficiency for non-continuous slots ==== snapper ==== Subpackages: snapper-zypp-plugin - allow to show read-only state in list output and allow to change read-only state (gh#openSUSE/snapper#804) - support read-only options for LVM - allow to set a snapshot as default (gh#openSUSE/snapper#803) - avoid stale btrfs qgroups on transactional systems (bsc#1210151)