Packages changed: busybox-links cppcheck (2.8.2 -> 2.9) dracut (057+suse.309.gb71946f6 -> 057+suse.315.gd210fc38) drbd-utils e2fsprogs jasper libvirt microos-tools (2.16 -> 2.17) openvpn python-importlib-resources (5.4.0 -> 5.9.0) python-sniffio (1.2.0 -> 1.3.0) python310 (3.10.6 -> 3.10.7) python310-core (3.10.6 -> 3.10.7) python310-pyparsing rubygem-ruby-libvirt (0.7.1 -> 0.8.0) yast2 (4.5.13 -> 4.5.14) yast2-http-server (4.5.0 -> 4.5.1) yast2-network (4.5.6 -> 4.5.7) === Details === ==== busybox-links ==== Subpackages: busybox-bzip2 busybox-coreutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-util-linux busybox-xz - Create sub-package "hexedit" [bsc#1203399] - Create sub-package "sha3sum" [bsc#1203397] ==== cppcheck ==== Version update (2.8.2 -> 2.9) - update to 2.9: * restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport) * replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport) * on Windows the callstack is now being written to the output specific via "--exception-handling" * make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH" * detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers * Add a match function to addon similiar to Token::Match used internally by cppcheck: * | for either-or tokens(ie struct|class to match either struct or class) * !! to negate a token * It supports the %any%, %assign%, %comp%, %name%, %op%, %or%, %oror%, and %var% keywords * It supports (*), {*}, [*], and <*> to match links * @ can be added to bind the token to a name * ** can be used to match until a token * Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow * Further improve lifetime analysis with this pointers * Propagate condition values from outer function calls * Add debug intrinsics debug_valueflow and debug_valuetype to show more detail including source backtraces ==== dracut ==== Version update (057+suse.309.gb71946f6 -> 057+suse.315.gd210fc38) Subpackages: dracut-mkinitrd-deprecated - Update to version 057+suse.315.gd210fc38: * chore(suse): update spec Fix "directories not owned by a package" caused by bash-completion directories not owned by dracut. Do not install modules incompatible with the system architecture. * chore(suse): change default persistent policy * ci(suse.conf.example): update SUSE-specific config * chore(suse): fix 99-debug.conf ==== drbd-utils ==== - restore drbd scripts back to /usr/lib/drbd from /lib/drbd (bsc#1203220) Update drbd-utils.spec - fix drbd-bash-completion Update rpmlint-build-error.patch ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2 - Refresh e2fsprogs.keyring based on currently provided keys. - Spec file cleanup: + Drop remainders regarding -mini packages, which was not a thing since Jan 2014. + Split build of fuse2fs out into a sep build (_multibuild enabled). - enabled fuse2fs build which enable to mount ext2/3/4 via FUSE ==== jasper ==== - security update: * CVE-2022-2963 [bsc#1202642] + jasper-CVE-2022-2963.patch ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== microos-tools ==== Version update (2.16 -> 2.17) - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] ==== openvpn ==== - build with enable-iproute2 again to have root-less mode working (bsc#1202792) ==== python-importlib-resources ==== Version update (5.4.0 -> 5.9.0) - Update to 5.9.0: - #228: as_file now also supports a Traversable representing a directory and (when needed) renders the full tree to a temporary directory. - #253: In MultiplexedPath, restore expectation that a compound path with a non-existent directory does not raise an exception. - #250: Now Traversable.joinpath provides a concrete implementation, replacing the implementation in .simple and converging with the behavior in MultiplexedPath. - #249: In simple.ResourceContainer.joinpath, honor names split by posixpath.sep. - #248: abc.Traversable.joinpath now allows for multiple arguments and specifies that posixpath.sep is allowed in any argument to accept multiple arguments, matching the behavior found in zipfile.Path and pathlib.Path simple.ResourceContainer now honors this behavior - #244: Add type declarations in ABCs Require Python 3.7 or later - #243: Fix error when no __pycache__ directories exist when testing update-zips. - Remove BR on python-zipp to break a dependency cycle; it is strictly not needed for build (although it is Requires), because ZipReader is not tested. ==== python-sniffio ==== Version update (1.2.0 -> 1.3.0) - update to 1.3.0: * requires python 3.7 ==== python310 ==== Version update (3.10.6 -> 3.10.7) Subpackages: python310-curses python310-dbm python310-tk - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ==== python310-core ==== Version update (3.10.6 -> 3.10.7) Subpackages: libpython3_10-1_0 python310-base - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ==== python310-pyparsing ==== - Fix incorrect usage of non-bundled pip revealed by python-rpm-macros update. ==== rubygem-ruby-libvirt ==== Version update (0.7.1 -> 0.8.0) - New upstream release 0.8.0 * Fix default values for node_cpu_stats and node_memory_stats * Fix cpumap allocation for virDomainGetVcpus * Enforce UTF8 for strings and exceptions * Drop local have_const * Use sensible default for libvirt_domain_qemu_agent_command - Drop 0001-Fix-include-of-st.h-to-ruby-st.h.patch, https://gitlab.com/libvirt/libvirt-ruby/-/merge_requests/7 was merged upstream ==== yast2 ==== Version update (4.5.13 -> 4.5.14) Subpackages: yast2-logs - bsc#1200016 - by_pattern moved into http_server moduleas it is the only user - 4.5.14 ==== yast2-http-server ==== Version update (4.5.0 -> 4.5.1) - bsc#1200016 - find out php version dynamically to avoid hardcoded version - 4.5.1 ==== yast2-network ==== Version update (4.5.6 -> 4.5.7) - Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746) - 4.5.7