Packages changed: apparmor libHX (4.4 -> 4.5) libapparmor ndctl (71.1 -> 73) postfix (3.6.2 -> 3.6.5) python-tqdm (4.63.1 -> 4.64.0) rubygem-ruby-dbus (0.18.0.beta2 -> 0.18.0.beta3) wondershaper (1.1a -> 1.4.1+git.20211015) yast2-drbd (4.4.2 -> 4.5.0) yast2-instserver (4.4.0 -> 4.5.0) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ==== libHX ==== Version update (4.4 -> 4.5) Subpackages: libHX32 libHX32-32bit - Update to release 4.5 * Resolve a few warnings reported by cov-scan. ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ==== ndctl ==== Version update (71.1 -> 73) - Provide compatibility symlink for libdaxctl.h in the old location - Update to version 73: * Many CXL fixes * Fix shipped monitor.conf (bsc#1194696 https://github.com/pmem/ndctl/pull/189) * inject-smart: Add support for papr * Switch to meson build system + ndctl-build-Fix-systemd-unit-directory-detection.patch + ndctl-meson-make-modprobedatadir-an-option.patch - Add monitor.conf migration as upstream has (bsc#1194696) - Use %%config(noreplace) for files in /etc as upstream does. - Update to version 72.1 * Add support for CXL interface * Configuration file rework * Add service for automatic reconfiguration * Drop upstreamed patches - ndctl-namespace-skip-zero-namespaces-when-processing.patch - ndctl-namespace-Suppress-ENXIO-when-processing-all-n.patch - 0001-ndctl-namespace-Fix-disable-namespace-accounting-rel.patch - 0002-Expose-ndctl_bus_nfit_translate_spa-as-a-public-func.patch - 0003-libndctl-Unify-adding-dimms-for-papr-and-nfit-famili.patch - 0004-daxctl-fail-reconfigure-device-based-on-kernel-onlin.patch - 0005-libdaxctl-add-an-API-to-check-if-a-device-is-active.patch - 0006-libndctl-check-for-active-system-ram-before-disablin.patch - 0007-daxctl-emit-counts-of-total-and-online-memblocks.patch - 0008-ndctl-Update-nvdimm-mailing-list-address.patch - 0009-libndctl-papr-Fix-probe-for-papr-scm-compatible-nvdi.patch - 0010-ndctl-scrub-Stop-translating-return-values.patch - 0011-ndctl-scrub-Reread-scrub-engine-status-at-start.patch - 0012-ndctl-dimm-Fix-label-index-block-calculations.patch - 0013-daxctl-Add-Soft-Reservation-theory-of-operation.patch - 0014-Documentation-ndctl-fix-self-reference-of-ndctl-disa.patch - 0015-ndctl-docs-Clarify-update-firwmware-activation-overf.patch - 0016-libndctl-papr-Add-support-for-reporting-shutdown-cou.patch - Add rpmlinrc filter for libcxl and libdaxctl (boo#1191773). - Fix asciidoctor conditional ==== postfix ==== Version update (3.6.2 -> 3.6.5) - config.postfix fails to set smtp_tls_security_level (bsc#1192314) - Refreshed spec-file via spec-cleaner and manual optimizated. * Added -p flag to all install commands. * Removed -f flag from all ln commands. - Changed file harden_postfix.service.patch (boo#1191988). - update to 3.6.5 * Glibc 2.34 implements closefrom(). This was causing a conflict with Postfix's implementation for systems that have no closefrom() implementation. * Support for Berkeley DB version 18. - removed obsolete postfix-3.6.2-glibc-234-build-fix.patch - Postfix on start don't run postalias /etc/postfix/aliases (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) Apply proposed patch - config.postfix can't handle symlink'd /etc/resolv.cof (bsc#1195019) Adapt proposed change: using "cp -afL" by copying. - Update to 3.6.4 * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient entries in postconf output. This was caused by an incomplete fix to send SMTP session transcripts to $bounce_notice_recipient. * Bug introduced in Postfix 3.0: the proxymap daemon did not automatically authorize proxied maps inside pipemap (example: pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. * Bug introduced in Postfix 2.5: off-by-one error while writing a string terminator. This code passed all memory corruption tests, presumably because it wrote over an alignment padding byte, or over an adjacent character byte that was never read. * The proxymap daemon did not automatically authorize map features added after Postfix 3.3, caused by missing *_maps parameter names in the proxy_read_maps default value. Found during code maintenance. - Update to 3.6.3 * (problem introduced in Postfix 2.4, released in 2007): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). * (problem introduced in Postfix 2.10, released in 2012): The postconf "-x" option could produce incorrect output, because multiple functions were implicitly sharing a buffer for intermediate results. Problem report by raf, root cause analysis by Viktor Dukhovni. * (problem introduced in Postfix 2.11, released in 2013): The check_ccert_access feature worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. * Fix for a compiler warning due to a missing 'const' qualifier when compiling Postfix with OpenSSL 3. Depending on compiler settings this could cause the build to fail. * The known_tcp_ports settings had no effect. It also wasn't fully implemented. Problem report by Peter. * Fix for missing space between a hostname and warning text. - Ensure postfix can write to home directory or server side filtering wont work (sieve) - Ensure service can write to /etc/postfix - Added hardening to systemd service (bsc#1181400). Added harden_postfix.service.patch ==== python-tqdm ==== Version update (4.63.1 -> 4.64.0) Subpackages: python-tqdm-bash-completion python38-tqdm - update to version 4.64.0: * add contrib.slack (#1313) - changes from version 4.63.2: * rich: expose options kwargs (#1282) * autonotebook: re-enable VSCode (#1309) * misc docs typos (#1301, #1299) * update dev dependencies (#1311) ==== rubygem-ruby-dbus ==== Version update (0.18.0.beta2 -> 0.18.0.beta3) - 0.18.0.beta3 Bug fixes: * Service-side properties: Fix Properties.Get, Properties.GetAll for Array, Dict, and Variant types (gh#mvidner/ruby-dbus#105). ==== wondershaper ==== Version update (1.1a -> 1.4.1+git.20211015) - Update to 1.4.1+git.20211015 - use Debian systemd paths - add high priority host support - Changes since version 1.4 - download limiting has been added from (removed in 1.3), it had to be reworked the script now directs ingress to ifb virtual interface where it is properly limited. Source for this work are: - https://gist.github.com/ole1986/d9d6be5218affd41796610a35e3b069c - https://wiki.archlinux.org/index.php/advanced_traffic_control - make upload or download limiting optional - Changes since version 1.3 - move from CBQ to HTB queuing. CBQ didn't cope well on a ~100Mbps link : individual downloads were ceiling at 3Mbit/s. Moving to HTB allows to really use all the available bandwidth, event with a single TCP connection, and without any caveats on SIP telephony or link reactivity. - Changes since version 1.2 - added command-line interface (through options and flags) that didn't seem to be working before as the options were hardcoded in the script. - Run spec-cleaner - Update project URL - Drop rcwondershaper, wondershaper.service, wondershaper-1.1a.diff - Drop sysconfig.wondershaper, wondershaper comes now itself with a .conf file for configuration - Add wondershaper-fix-conf-path.patch: using /etc/wondershaper instead /etc/systemd - Add _service files - Add wondershaper-systemd-hardening.patch: bsc#1181400 ==== yast2-drbd ==== Version update (4.4.2 -> 4.5.0) - Bump version to 4.5.0 (bsc#1198109) ==== yast2-instserver ==== Version update (4.4.0 -> 4.5.0) - Bump version to 4.5.0 (bsc#1198109)