Packages changed: breeze cryptsetup (2.4.3 -> 2.5.0) gnome-bluetooth (42.2 -> 42.3) libcdio libqt5-qtquickcontrols2 (5.15.5+kde5 -> 5.15.5+kde6) libtasn1 (4.18.0 -> 4.19.0) multipath-tools (0.9.0+39+suse.51a2ab1 -> 0.9.0+55+suse.33d8854) psutils sudo (1.9.10 -> 1.9.11p3) tar === Details === ==== breeze ==== Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers libbreezecommon5-5 - Add patch to fix progress bars in some applications: * 0001-Look-at-QStyleOptionProgressBar-orientation-again.patch ==== cryptsetup ==== Version update (2.4.3 -> 2.5.0) Subpackages: cryptsetup-lang libcryptsetup12 - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. * Fix activation of LUKS2 device with integrity and detached header. * Add ZEROOUT IOCTL support for crypt_wipe API call. * VERITY: set loopback sector size according to dm-verity block sizes. * veritysetup: dump device sizes. * LUKS2 token: prefer token PIN query before passphrase in some cases. When a user provides --token-type or specific --token-id, a token PIN query is preferred to a passphrase query. * LUKS2 token: allow tokens to be replaced with --token-replace option for cryptsetup token command. * LUKS2 token: do not continue operation when interrupted in PIN prompt. * Add --progress-json parameter to utilities. * Add support for --key-slot option in luksResume action. - move man pages to separate subpackage - drop backports handling ==== gnome-bluetooth ==== Version update (42.2 -> 42.3) Subpackages: gnome-bluetooth-lang libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 42.3: + This version adds a new API for more precise adapter power state, and fixes a number of small UI problems in bluetooth-sendto. ==== libcdio ==== - Add fix-undefined-behavior-in-readlink.patch that fixes boo#1202214. ==== libqt5-qtquickcontrols2 ==== Version update (5.15.5+kde5 -> 5.15.5+kde6) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.5+kde6: * Fix scroll bars not showing up when binding to standalone contentItem ==== libtasn1 ==== Version update (4.18.0 -> 4.19.0) - libtasn1 4.19.0: * Clarify libtasn1.map license * Fix ETYPE_OK out of bounds read * Update gnulib files and various maintenance fixes ==== multipath-tools ==== Version update (0.9.0+39+suse.51a2ab1 -> 0.9.0+55+suse.33d8854) Subpackages: kpartx libmpath0 - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ==== psutils ==== - Require new package libpaper-tools (boo#1202402) instead of old package paper ==== sudo ==== Version update (1.9.10 -> 1.9.11p3) Subpackages: sudo-plugin-python - Update to 1.9.11p3: * Changes in Sudo 1.9.11 * Fixed a crash in the Python module with Python 3.9.10 on some systems. Additionally, make check now passes for Python 3.9.10. * Error messages sent via email now include more details, including the file name and the line number and column of the error. Multiple errors are sent in a single message. Previously, only the first error was included. * Fixed logging of parse errors in JSON format. Previously, the JSON logger would not write entries unless the command and runuser were set. These may not be known at the time a parse error is encountered. * Fixed a potential crash parsing sudoers lines larger than twice the value of LINE_MAX on systems that lack the getdelim() function. * The tests run by make check now unset the LANGUAGE environment variable. Otherwise, localization strings will not match if LANGUAGE is set to a non-English locale. Bug #1025. * The “starttime” test now passed when run under Debian faketime. Bug #1026. * The Kerberos authentication module now honors the custom password prompt if one has been specified. * The embedded copy of zlib has been updated to version 1.2.12. * Updated the version of libtool used by sudo to version 2.4.7. * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the header files (currently only GNU libc). This is required to allow the use of 64-bit time values on some 32-bit systems. * Sudo’s intercept and log_subcmds options no longer force the command to run in its own pseudo-terminal. It is now also possible to intercept the system(3) function. * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit point messages sent by the server were incorrect if the command was suspended or received a window size change event. * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration setting was used. * The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. This has the advantage of working for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode. The following architectures are currently supported: i386, x86_64, aarch64, arm, mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use ptrace(2) where possible; the new intercept_type sudoers setting can be used to explicitly set the type. * New Georgian translation from translationproject.org. * Fixed creating packages on CentOS Stream. * Fixed a bug in the intercept and log_subcmds support where the execve(2) wrapper was using the current environment instead of the passed environment pointer. Bug #1030. * Added AppArmor integration for Linux. A sudoers rule can now specify an APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were being treated as paths and an actual path was treated as an error. * Changes in Sudo 1.9.11p1: * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on some systems when piping a large amount of data through sudo, such as via rsync. Bug #963. * Changes to avoid implementation or unspecified behavior when bit shifting signed values in the protobuf library. * Fixed a compilation error on Linux/aarch64. * Fixed the configure check for seccomp(2) support on Linux. * Corrected the EBNF specification for tags in the sudoers manual page. GitHub issue #153. * Changes in Sudo 1.9.11p2: * Fixed a compilation error on Linux/x86_64 with the x32 ABI. * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to sudo_logsrvd if the command returned no output. * Changes in Sudo 1.9.11p3: * Fixed “connection reset” errors on AIX when running shell scripts with the intercept or log_subcmds sudoers options enabled. Bug #1034. * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers options are set on systems that enable Nagle’s algorithm on the loopback device, such as AIX. Bug #1034. * Modified sudo-sudoers.patch - Added sudo-1.9.10-update_sudouser_to_utf8.patch * [bsc#1197998] * Enable sudouser LDAP schema to use UTF-8 encodings. * Sourced from https://github.com/sudo-project/sudo/pull/163 * Credit to William Brown, william.brown@suse.com ==== tar ==== Subpackages: tar-lang tar-rmt - drop tar-recursive--files-from.patch (causes bsc#918487) - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch