Packages changed:
GraphicsMagick
Mesa (23.1.6 -> 23.1.7)
Mesa-drivers (23.1.6 -> 23.1.7)
aaa_base (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44)
btrfsprogs (6.3 -> 6.5)
busybox-links
coreutils (9.3 -> 9.4)
dracut (059+suse.491.g87f19c22 -> 059+suse.497.ga7feaf12)
gcab (1.5 -> 1.6)
javapackages-tools
kdump
kexec-tools (2.0.26.0 -> 2.0.27)
lastlog2 (1.1.0 -> 1.2.0)
libportal (0.6 -> 0.7)
libstorage-ng (4.5.139 -> 4.5.141)
libvirt (9.6.0 -> 9.7.0)
luajit (2.1.0~beta3+git.1669107176.46aa45d -> 5.1.2.1.0+git.1693350652.41fb94d)
nodejs20
open-vm-tools (12.2.0 -> 12.3.0)
pam-config (2.5 -> 2.8)
perl-Bootloader (1.6 -> 1.8)
python-click (8.1.6 -> 8.1.7)
python-libvirt-python (9.6.0 -> 9.7.0)
python-psutil
python-zope.event (4.6 -> 5.0)
python311 (3.11.4 -> 3.11.5)
python311-core (3.11.4 -> 3.11.5)
sssd (2.9.1 -> 2.9.2)
=== Details ===
==== GraphicsMagick ====
Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config
- revert to 1.3.40 [bsc#1214831]
https://sourceforge.net/p/graphicsmagick/news/2023/08/because-1341-is-discarded-i-has-been-published-2-builds-for-win32-architecture/
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
- deleted patches
- GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch (not needed)
- GraphicsMagick-name-key-return-input-file-base-name.patch (not needed)
- fix regression in 1.3.41
https://sourceforge.net/p/graphicsmagick/bugs/722/
- added patches
fix 17179:91afa18a6161
+ GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch
fix 17180:bb42cd90ce6f
+ GraphicsMagick-name-key-return-input-file-base-name.patch
- version update to 1.3.41
Bug fixes:
* Blob: Immediately reject attempts to write blobs to formats which
can not support blobs.
* TranslateTextEx(): An empty string argument should return an empty
string rather than a NULL string.
* SetImageAttribute(): Fix bounds issue when concatenating string.
* JPEG: Do not set image resolution if the values provided are outside
of the valid range.
* Fixes for NaN when reading formats based on floating point.
* HEIF: Fix reading images with rotation/transformation.
* BMP: Do not decode primaries or gamma unless colorspace is
LCS_CALIBRATED_RGB. Add/correct bmp_info.size "biSize" logic which
decides if header chunks are present (or invalid).
* MNG: Fixes for resizing using X_method 5.
* GM command (convert, montage, mogrify): Many command-line parser
fixes/checks for invalid command line syntax which causes unexpected
behavior, or core dumps.
* TopoL: Given that a writer is now provided, issues found in the
reader (and writer) due to continual fuzz-testing have been fixed,
as encountered.
* GetImageClippingPathAttribute(): Check for and use clipping path
name (ID=2999) to get the real attribute name.
* ReadIPTCProfile(): Fix malformed IPTC data parsing.
New Features:
* TopoL: Now provides a writer.
* WPG: Now provides a writer.
* gm batch: Implement simple Test Anything Protocol (TAP) test
counting and "ok N"/"not ok N" messaging.
* TIFF: Support '-define tiff:photometric=minisblack' and '-define
tiff:photometric=miniswhite' to be able to adjust the sense used
when writing bilevel TIFF images.
* TIFF: Require that TIFFTAG_EXTRASAMPLES be used appropriately to
indicate the intention of extra channels.
* utilities/tests/gen-tiff-images/genimages: Script for writing (and
then reading) thousands (5568 permutations) of TIFF format variants.
* EXIF and PNG: Retrieve image orientation from EXIF (if present) and
store in image.
* HEIF: Retrieve image orientation from EXIF and store in image.
Behavior Changes:
* The ability to extend existing image attribute text by calling
SetImageAttribute() multiple times with the same key is now
deprecated, and will soon be removed. In the mean time, the
annoying message "SetImageAttribute: Extending attribute value text
is deprecated!" is printed to the standard error output to help
expose code which is using this feature.
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
- deleted patches
- strlcpy-wrong-sizing.patch (upstreamed)
==== Mesa ====
Version update (23.1.6 -> 23.1.7)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1
- Update to bugfix release 23.1.7:
- -> https://docs.mesa3d.org/relnotes/23.1.7.html
- mini-cleanup for python package BuildRequires in specfile
- added python3-dataclasses package for sle15/Leap15 to finally fix
build for these build targets; dataclasses module is in standard
library of python >= 3.7 ...
==== Mesa-drivers ====
Version update (23.1.6 -> 23.1.7)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.1.7:
- -> https://docs.mesa3d.org/relnotes/23.1.7.html
- mini-cleanup for python package BuildRequires in specfile
- added python3-dataclasses package for sle15/Leap15 to finally fix
build for these build targets; dataclasses module is in standard
library of python >= 3.7 ...
==== aaa_base ====
Version update (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44)
Subpackages: aaa_base-extras
- Update to version 84.87+git20230815.cab7b44:
* Remove broken autocompletion overrides and restore default bash behavior
* Add foot to DIR_COLORS
* files/u/s/sysconf_addword: avoid bashism, fix shellcheck warnings
* files/u/s/smart_agetty: replace shebang with /bin/sh
* files/u/s/service: avoid bashism, fix shellcheck warnings
* files/u/s/refresh_initrd: make POSIX compliant
* files/u/b/safe-rm: make POSIX compliant
* aaa_base.post: replace shebang with /usr/sh
* files/u/b/old: make POSIX compliant
==== btrfsprogs ====
Version update (6.3 -> 6.5)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- update to 6.5:
* crc32c implementation speedup (3x)
* btrfstune:
* be more strict about option combinations and refuse changing
features from incompatible groups
* metadata_uuid changes fixes
* libbtrfs: fix ABI breakage introduced in 6.3.1, revert struct subvol_info
and subvol_uuid_search changes (bsc#1212217)
* CI updates
* pull request build tests enabled
* published static binaries built with backward compatibility (-march=x86-64)
* other
* documentation updates
* new and updated tests
* experimental feature updates (json, list-chunks, checksum switch)
* code refactoring
* remove btrfs-fragments
- update to 6.3.3:
* add btrfs-find-root to btrfs.box
* replace: properly enqueue if there's another replace running
* other:
* CI updates, more tests enabled, code coverage, badges
* documentation updates
* build warning fixes
- Let btrfsprogs-bash-completion conflict with btrfsprogs <= 6.2.1
as there is a file conflict with the bash completion scripts
still being bundled with btrfsprogs in these versions.
- update to 6.3.2:
* fix mkfs and others on big endian hosts
* mkfs: don't print changed defaults notice with --quiet
* scrub: fix wrong stats of processed bytes in background and foreground mode
* convert: actually create free-space-tree instead of v1 space cache
* print-tree: recognize and print CHANGING_FSID_V2 flag (for the
metadata_uuid change in progress)
* other: documentation updates
- update to 6.3.1:
* convert: fix checksum of a block relocated from 0-1M range
* qgroup show: fix formatting of limit values in json output
* receive: report paret subovl UUID on errors
* btrfsune: new option --convert-to-free-space-tree to convert from
block-group-tree back to extent tree for block group tracking
* mkfs: make option --rootdir more verbose and report start when filling
from the given directory starts
* experimental:
* btrfstune: checksum switch logic reimplemented, conversion of all
metadata and data now works, resume from various states also supported
* other:
* test updates and fixes
* CI cleanups and old files removed
* integration with Github actions
- Remove patch: btrfs-progs-qgroup-show-fix-formatting-of-limit-valu.patch (upstreamed)
==== busybox-links ====
Subpackages: busybox-bzip2 busybox-coreutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-misc busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-which busybox-xz
- Add conflict for coreutils-systemd, package got splitted
==== coreutils ====
Version update (9.3 -> 9.4)
- Update to 9.4:
Bug fixes:
* b2sum --check will no longer read unallocated memory when
presented with malformed checksum lines.
[bug introduced in coreutils-9.2]
* cp --parents again succeeds when preserving mode for absolute directories.
Previously it would have failed with a "No such file or directory" error.
[bug introduced in coreutils-9.1]
* cp --sparse=never will avoid copy-on-write (reflinking) and copy offloading,
to ensure no holes present in the destination copy.
[bug introduced in coreutils-9.0]
* cksum again diagnoses read errors in its default CRC32 mode.
[bug introduced in coreutils-9.0]
* cksum --check now ensures filenames with a leading backslash character
are escaped appropriately in the status output.
This also applies to the standalone checksumming utilities.
[bug introduced in coreutils-8.25]
* dd again supports more than two multipliers for numbers.
Previously numbers of the form '1024x1024x32' gave "invalid number" errors.
[bug introduced in coreutils-9.1]
* factor, numfmt, and tsort now diagnose read errors on the input.
[This bug was present in "the beginning".]
* install --strip now supports installing to files with a leading hyphen.
Previously such file names would have caused the strip process to fail.
[This bug was present in "the beginning".]
* ls now shows symlinks specified on the command line that can't be traversed.
Previously a "Too many levels of symbolic links" diagnostic was given.
[This bug was present in "the beginning".]
* pr --length=1 --double-space no longer enters an infinite loop.
[This bug was present in "the beginning".]
* tac now handles short reads on its input. Previously it may have exited
erroneously, especially with large input files with no separators.
[This bug was present in "the beginning".]
* uptime no longer incorrectly prints "0 users" on OpenBSD,
and is being built again on FreeBSD and Haiku.
[bugs introduced in coreutils-9.2]
* wc -l and cksum no longer crash with an "Illegal instruction" error
on x86 Linux kernels that disable XSAVE YMM. This was seen on Xen VMs.
[bug introduced in coreutils-9.0]
Changes in behavior:
* cp -v and mv -v will no longer output a message for each file skipped
due to -i, or -u. Instead they only output this information with --debug.
I.e., 'cp -u -v' etc. will have the same verbosity as before coreutils-9.3.
* cksum -b no longer prints base64-encoded checksums. Rather that
short option is reserved to better support emulation of the standalone
checksum utilities with cksum.
* mv dir x now complains differently if x/dir is a nonempty directory.
Previously it said "mv: cannot move 'dir' to 'x/dir': Directory not empty",
where it was unclear whether 'dir' or 'x/dir' was the problem.
Now it says "mv: cannot overwrite 'x/dir': Directory not empty".
Similarly for other renames where the destination must be the problem.
[problem introduced in coreutils-6.0]
- Enable systemd-logind support
- Add gnulib-readutmp.patch: Fix seg.fault of who, pinky, uptime [dgo#65617]
- Create -systemd flavor with binaries linked against libsystemd
- Drop coreutils-invalid-ids.patch to get consistent behavior, most tools
where already removed from that patch.
- coreutils-misc.patch: adjust paths
- coreutils-skip-some-sort-tests-on-ppc.patch: adjust paths
- coreutils-test_without_valgrind.patch: adjust paths
- coreutils-i18n.patch: update from Fedora
==== dracut ====
Version update (059+suse.491.g87f19c22 -> 059+suse.497.ga7feaf12)
- Update to version 059+suse.497.ga7feaf12:
* chore(suse): disable fips and ima subpackages for i?86
* fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL]
* chore(suse): update SUSE maintainers doc
==== gcab ====
Version update (1.5 -> 1.6)
Subpackages: libgcab-1_0-0
- Update to version 1.6:
+ New Features: Allow specifying the allowed compression formats
at runtime. This would allow us, for example, to disable the
slightly scary LZX compression format when parsing unknown
files.
+ Bugfixes: Do not require git when building from a tarball.
==== javapackages-tools ====
Subpackages: javapackages-filesystem
- Modified patch:
* 0001-Make-the-alias-generation-reproducible.patch ->
0001-Make-maven_depmap-order-of-aliases-reproducible.patch
+ replace by the version of patch integrated by upstream
- Added patch:
* 0002-Do-not-bomb-on-relativePath-construct.patch
+ integrated patch fixing parent recursion with empty
<relativePath/> element
==== kdump ====
- update calibrate values, newly added SLE15-SP6 values
==== kexec-tools ====
Version update (2.0.26.0 -> 2.0.27)
- update to 2.0.27:
* ppc64: add --reuse-cmdline parameter support
* kexec: make -a the default
* x86: add devicetree support
* ppc64: document elf-ppc64 options and --dt-no-old-root
* LoongArch: kdump: set up kernel image segment
* arm64: zboot support
- Disable Xen support in ALP
==== lastlog2 ====
Version update (1.1.0 -> 1.2.0)
Subpackages: liblastlog2-1
- Version 1.2.0
- show_lastlogin: Don't read if no database
- Fix -flto for clang
- Documentation fixes
==== libportal ====
Version update (0.6 -> 0.7)
Subpackages: libportal-1 libportal-gtk3-1 libportal-gtk4-1
- Update to version 0.7:
+ Add support for the new SetStatus() method of the Background
portal.
+ Add support for the new ConnectToEIS() method of the Remote
Desktop portal.
+ Improve unit and integration tests.
+ Documentation improvements.
+ CI improvements.
==== libstorage-ng ====
Version update (4.5.139 -> 4.5.141)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Swedish) (bsc#1149754)
- 4.5.141
- merge gh#openSUSE/libstorage-ng#947
- handle json output of btrfs version 6.5
- 4.5.140
==== libvirt ====
Version update (9.6.0 -> 9.7.0)
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-libs
- Update to libvirt 9.7.0 (jsc#PED-3279)
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v9-7-0-2023-09-01
- spec: Unconditionally enable modular daemons (jsc#PED-6303)
- spec: ESX hypervisor driver in ALP-based products
- spec: Disable glusterfs storage backend in ALP-based products
==== luajit ====
Version update (2.1.0~beta3+git.1669107176.46aa45d -> 5.1.2.1.0+git.1693350652.41fb94d)
- Update to version 5.1.2.1.0+git.1693350652.41fb94d:
* Add randomized register allocation for fuzz testing.
* ARM64: Improve register allocation for integer IR_MUL/IR_MULOV.
* ARM64: Fix register allocation for IR_*LOAD.
* Update external MSDN URL in code.
* FFI/ARM64/OSX: Handle non-standard OSX C calling conventions.
* FFI: Unify stack setup for C calls in interpreter.
* ARM64: Prevent STP fusion for conditional code emitted by TBAR.
* ARM64: Fix LDP/STP fusing for unaligned accesses.
* Handle table unsinking in the presence of IRFL_TAB_NOMM.
* Use fallback name for install files without valid .git or .relver.
* Handle non-.git checkout with .relver in .bat-file builds.
* Fix external C call stack check when using LUAJIT_MODE_WRAPCFUNC.
* Fix predict_next() in parser (again).
- Update luajit-lua-versioned.patch to work with the git checkout
created tarball. The point of the patch is to extend the
version number so that it is always bigger than 2.2.0 version
of moonjit, which is Obsoleted by this package.
- Update to version 2.1.0~beta3+git.1692716794.03c3112:
* Fix typo.
* Handle the case when .git is not a directory.
* Add .gitattributes to dynamically resolve .relver.
* Add .gitattributes to dynamically resolve .relver.
* Fix for last commit: also remove symlink on uninstall.
* Switch to rolling releases: mark v2.1 as production.
* Fix Windows build scripts for rolling releases.
* Switch MSVC and console build scripts to rolling releases.
* Switch build system to rolling releases.
* Update documentation for switch to rolling releases.
* Bump copyright date.
* Remove work-in-progress notice in string buffer docs.
* MIPS: Fix "bad FP FLOAD" assertion.
* Ensure forward progress on trace exit to BC_ITERN.
* ARM64: Add support for ARM64e pointer authentication codes (PAC).
* DynASM/ARM64: Add instructions for ARM64e PAC.
* Fix maxslots when recording BC_VARG, part 3.
* Fix predict_next() in parser.
* MIPS32: Declare that the assembler part uses the FR=0 model.
* ARM64: Fix assembly of HREFK (again).
* Fix frame for more types of on-trace error messages.
* Add workaround for bytecode dump of builtins.
* DynASM: Fix regression due to warning fix.
* Fix base register coalescing in side trace.
* ARM64: Fix assembly of HREFK.
* Fix maxslots when recording BC_VARG, part 2.
* Fix maxslots when recording BC_TSETM.
* Fix maxslots when recording BC_VARG.
* Fix register mask for stack check in head of side trace.
* FFI: Fix ffi.metatype() for non-raw types.
* ARM64: Fix LDP code generation.
* MIPSr6: Add missing files to Makefile install target.
* DynASM: Fix warnings.
* Fix frame for on-trace out-of-memory error.
* Fix handling of instable types in TNEW/TDUP load forwarding.
* Fix compiler warning.
* Fix last commit.
* Print errors from __gc finalizers instead of rethrowing them.
* Fix TDUP load forwarding after table rehash.
* Fix canonicalization of +-0.0 keys for IR_NEWREF.
* Improve error reporting on stack overflow.
* Allow building sources with mixed LF/CRLF line-endings.
* Fix compiler warning.
* Don't fail for Clang builds, which pretend to be an ancient GCC.
* Avoid negation of signed integers in C that may hold INT*_MIN.
* Correct fix for stack check when recording BC_VARG.
* Disable FMA by default. Use -Ofma or jit.opt.start("+fma") to enable.
* FFI: Fix dangling reference to CType. Improve checks.
* ARM64: Fix code generation for IR_SLOAD with typecheck + conversion.
* PS4/PS5: Fix build scripts.
* Avoid assertion in case of stack overflow from stitched trace.
==== nodejs20 ====
Subpackages: npm20
- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with
Angular and other software that tries to load ECM modules in
somewhat circular fashion ending up with multiple executions.
==== open-vm-tools ====
Version update (12.2.0 -> 12.3.0)
Subpackages: libvmtools0 open-vm-tools-desktop
- Update to 12.3.0 (build 22234872) (boo#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
"xml-security-c" and "xerces-c" is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
- Drop patch now contained in 12.3.0:
+ 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
+ 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
+ 2023-20867-Remove-some-dead-code.patch
+ CVE-20230-20900.patch
==== pam-config ====
Version update (2.5 -> 2.8)
- Update to version 2.8
- Replace aad module with himmelblau
- Update to version 2.7
- Add support for aad module
- Update to version 2.6
- Remove pam_cracklib from config even if no successor is installed
- Run update in %posttrans after all other PAM modules got
installed/removed
- Both are required for [bsc#1214885]
==== perl-Bootloader ====
Version update (1.6 -> 1.8)
- merge gh#openSUSE/perl-bootloader#158
- skip warning about unsupported options when in compat mode
- 1.8
- merge gh#openSUSE/perl-bootloader#156
- bootloader_entry script can have an optional 'force-default'
argument (bsc#1215064)
- 1.7
==== python-click ====
Version update (8.1.6 -> 8.1.7)
- update to 8.1.7:
* Fix issue with regex flags in shell completion.
* Bash version detection issues a warning instead of an
error.
* Fix issue with completion script for Fish shell.
==== python-libvirt-python ====
Version update (9.6.0 -> 9.7.0)
- Update to 9.7.0
- Add all new APIs and constants in libvirt 9.7.0
- jsc#PED-3279
==== python-psutil ====
- BuildRequire /usr/bin/who: called by the test suite. With
coreutils 9.4 'who' is no longer part of the main package but is
shipped as part of coreutils-systemd.
==== python-zope.event ====
Version update (4.6 -> 5.0)
- update to 5.0:
* Drop support for Python 2.7, 3.5, 3.6.
==== python311 ====
Version update (3.11.4 -> 3.11.5)
Subpackages: python311-curses python311-dbm
- Update to 3.11.5 (bsc#1214692):
- Security
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- Core and Builtins
- gh-104432: Fix potential unaligned memory access on C APIs
involving returned sequences of char * pointers within the grp
and socket modules. These were revealed using a
- fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- gh-77377: Ensure that multiprocessing synchronization objects
created in a fork context are not sent to a different process
created in a spawn context. This changes a segfault into an
actionable RuntimeError in the parent process.
- gh-106092: Fix a segmentation fault caused by a use-after-free
bug in frame_dealloc when the trashcan delays the deallocation
of a PyFrameObject.
- gh-106719: No longer suppress arbitrary errors in the
__annotations__ getter and setter in the type and module types.
- gh-106723: Propagate frozen_modules to multiprocessing spawned
process interpreters.
- gh-105979: Fix crash in _imp.get_frozen_object() due to improper
exception handling.
- gh-105840: Fix possible crashes when specializing function calls
with too many __defaults__.
- gh-105588: Fix an issue that could result in crashes when
compiling malformed ast nodes.
- gh-105375: Fix bugs in the builtins module where exceptions
could end up being overwritten.
- gh-105375: Fix bug in the compiler where an exception could end
up being overwritten.
- gh-105375: Improve error handling in
PyUnicode_BuildEncodingMap() where an exception could end up
being overwritten.
- gh-105235: Prevent out-of-bounds memory access during
mmap.find() calls.
- gh-101006: Improve error handling when read marshal data.
- Library
- gh-105736: Harmonized the pure Python version of OrderedDict
with the C version. Now, both versions set up their internal
state in __new__. Formerly, the pure Python version did the set
up in __init__.
- gh-107963: Fix multiprocessing.set_forkserver_preload() to check
the given list of modules names. Patch by Dong-hee Na.
- gh-106242: Fixes os.path.normpath() to handle embedded null
characters without truncating the path.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will
no longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107715: Fix doctest.DocTestFinder.find() in presence of class
names with special characters. Patch by Gertjan van Zwieten.
- gh-100814: Passing a callable object as an option value to a
Tkinter image now raises the expected TclError instead of an
AttributeError.
- gh-106684: Close asyncio.StreamWriter when it is not closed by
application leading to memory leaks. Patch by Kumar Aditya.
- gh-107077: Seems that in some conditions, OpenSSL will return
SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
verification has failed, but the error parameters will still
contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
now detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- gh-107396: tarfiles; Fixed use before assignment of
self.exception for gzip decompression
- gh-62519: Make gettext.pgettext() search plural definitions when
translation is not found.
- gh-83006: Document behavior of shutil.disk_usage() for
non-mounted filesystems on Unix.
- gh-106186: Do not report MultipartInvariantViolationDefect
defect when the email.parser.Parser class is used to parse
emails with headersonly=True.
- gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION
result in _ssl.c.
- gh-106774: Update the bundled copy of pip to version 23.2.1.
- gh-106752: Fixed several bug in zipfile.Path in
name/suffix/suffixes/stem operations when no filename is present
and the Path is not at the root of the zipfile.
- gh-106602: Add __copy__ and __deepcopy__ in enum
- gh-106530: Revert a change to colorsys.rgb_to_hls() that caused
division by zero for certain almost-white inputs. Patch by Terry
Jan Reedy.
- gh-106052: re module: fix the matching of possessive quantifiers
in the case of a subpattern containing backtracking.
- gh-106510: Improve debug output for atomic groups in regular
expressions.
- gh-105497: Fix flag mask inversion when unnamed flags exist.
- gh-90876: Prevent multiprocessing.spawn from failing to import
in environments where sys.executable is None. This regressed in
3.11 with the addition of support for path-like objects in
multiprocessing.
- gh-106350: Detect possible memory allocation failure in the
libtommath function mp_init() used by the _tkinter module.
- gh-102541: Make pydoc.doc catch bad module ImportError when
output stream is not None.
... changelog too long, skipping 124 lines ...
data: *consumed was not set.
==== python311-core ====
Version update (3.11.4 -> 3.11.5)
Subpackages: libpython3_11-1_0 python311-base
- Update to 3.11.5 (bsc#1214692):
- Security
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- Core and Builtins
- gh-104432: Fix potential unaligned memory access on C APIs
involving returned sequences of char * pointers within the grp
and socket modules. These were revealed using a
- fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- gh-77377: Ensure that multiprocessing synchronization objects
created in a fork context are not sent to a different process
created in a spawn context. This changes a segfault into an
actionable RuntimeError in the parent process.
- gh-106092: Fix a segmentation fault caused by a use-after-free
bug in frame_dealloc when the trashcan delays the deallocation
of a PyFrameObject.
- gh-106719: No longer suppress arbitrary errors in the
__annotations__ getter and setter in the type and module types.
- gh-106723: Propagate frozen_modules to multiprocessing spawned
process interpreters.
- gh-105979: Fix crash in _imp.get_frozen_object() due to improper
exception handling.
- gh-105840: Fix possible crashes when specializing function calls
with too many __defaults__.
- gh-105588: Fix an issue that could result in crashes when
compiling malformed ast nodes.
- gh-105375: Fix bugs in the builtins module where exceptions
could end up being overwritten.
- gh-105375: Fix bug in the compiler where an exception could end
up being overwritten.
- gh-105375: Improve error handling in
PyUnicode_BuildEncodingMap() where an exception could end up
being overwritten.
- gh-105235: Prevent out-of-bounds memory access during
mmap.find() calls.
- gh-101006: Improve error handling when read marshal data.
- Library
- gh-105736: Harmonized the pure Python version of OrderedDict
with the C version. Now, both versions set up their internal
state in __new__. Formerly, the pure Python version did the set
up in __init__.
- gh-107963: Fix multiprocessing.set_forkserver_preload() to check
the given list of modules names. Patch by Dong-hee Na.
- gh-106242: Fixes os.path.normpath() to handle embedded null
characters without truncating the path.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will
no longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107715: Fix doctest.DocTestFinder.find() in presence of class
names with special characters. Patch by Gertjan van Zwieten.
- gh-100814: Passing a callable object as an option value to a
Tkinter image now raises the expected TclError instead of an
AttributeError.
- gh-106684: Close asyncio.StreamWriter when it is not closed by
application leading to memory leaks. Patch by Kumar Aditya.
- gh-107077: Seems that in some conditions, OpenSSL will return
SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
verification has failed, but the error parameters will still
contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
now detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- gh-107396: tarfiles; Fixed use before assignment of
self.exception for gzip decompression
- gh-62519: Make gettext.pgettext() search plural definitions when
translation is not found.
- gh-83006: Document behavior of shutil.disk_usage() for
non-mounted filesystems on Unix.
- gh-106186: Do not report MultipartInvariantViolationDefect
defect when the email.parser.Parser class is used to parse
emails with headersonly=True.
- gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION
result in _ssl.c.
- gh-106774: Update the bundled copy of pip to version 23.2.1.
- gh-106752: Fixed several bug in zipfile.Path in
name/suffix/suffixes/stem operations when no filename is present
and the Path is not at the root of the zipfile.
- gh-106602: Add __copy__ and __deepcopy__ in enum
- gh-106530: Revert a change to colorsys.rgb_to_hls() that caused
division by zero for certain almost-white inputs. Patch by Terry
Jan Reedy.
- gh-106052: re module: fix the matching of possessive quantifiers
in the case of a subpattern containing backtracking.
- gh-106510: Improve debug output for atomic groups in regular
expressions.
- gh-105497: Fix flag mask inversion when unnamed flags exist.
- gh-90876: Prevent multiprocessing.spawn from failing to import
in environments where sys.executable is None. This regressed in
3.11 with the addition of support for path-like objects in
multiprocessing.
- gh-106350: Detect possible memory allocation failure in the
libtommath function mp_init() used by the _tkinter module.
- gh-102541: Make pydoc.doc catch bad module ImportError when
output stream is not None.
... changelog too long, skipping 124 lines ...
data: *consumed was not set.
==== sssd ====
Version update (2.9.1 -> 2.9.2)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update to release 2.9.2
* sssctl cert-show and cert-show cert-eval-rule can now be run as
non-root user.
* New option local_auth_policy is added to control which offline
authentication methods will be enabled by SSSD.