Packages changed: cnf kded libbpf (1.2.2 -> 1.3.0) libqt5-qtwebengine (5.15.15 -> 5.15.16) libsolv (0.7.26 -> 0.7.27) python-jsonschema (4.19.2 -> 4.20.0) python-pexpect (4.8.0 -> 4.9.0) selinux-policy (20231030 -> 20231124) === Details === ==== cnf ==== Subpackages: cnf-bash cnf-locale - Enable build on 32-bit arm ==== kded ==== - Pull in kconf_update5 ==== libbpf ==== Version update (1.2.2 -> 1.3.0) - update to 1.3.0: * support for `netfilter` programs is added `SEC("netfilter")` is now available * API function `bpf_program__attach_netfilter()` is now available * support for `tcx` BPF programs is added: * the following new SEC definitions are now available: SEC("tc/egress"), SEC("tc/ingress"), SEC("tcx/egress"), SEC("tcx/ingress") * the following SEC definitions are now considered legacy: SEC("tc"), SEC("action"), SEC("classifier") * functions `bpf_prog_attach_opts()` and `bpf_prog_query_opts()` are extended to work with `tcx` programs, plus two new API functions are added: * the following new SEC definitions are now available: SEC("uprobe.multi"), SEC("uprobe.multi.s"), SEC("uretprobe.multi"), SEC("uretprobe.multi.s") * support for section `SEC("usdt.s")` is added for sleepable `usdt` programs; * support for Unix domain socket cgroup BPF programs is added the following new SEC definitions are now available: SEC("cgroup/connect_unix"),SEC("cgroup/sendmsg_unix"), SEC("cgroup/recvmsg_unix"), SEC("cgroup/getpeername_unix"), SEC("cgroup/getsockname_unix") * new `LIBBPF_OPTS_RESET()` utility macro; * new `bpf_object__unpin()` function to complement existing `bpf_object__pin()`; * new API functions for work with ring buffers * uprobe SEC matcher extended to allow golang symbols; * uprobe support for symbols versioning; * `bpf_map__set_value_size()` can now be used to resize memory mapped region for memory mapped maps; * `struct bpf_xdp_query_opts` extended with `xdp_zc_max_segs` output field; * basic BTF sanity check pass added to reject bogus BTF. * fix for btf_dump__dump_type_data() when type contains bitfields; * fix for correct work of offsetof() and container_of() macro with CO-RE; * no longer attempt to load modules BTF when resolving CO-RE relocations if CAP_SYS_ADMIN are absent; * regex based function search for "kprobe.multi/" programs no longer attempts to trace functions that cannot be traced; * bpf_program__set_type() no longer resets sec_def if it is set to a custom fallback SEC handler; * fix for memory leak possible after bpf_program__set_attach_target() call; ==== libqt5-qtwebengine ==== Version update (5.15.15 -> 5.15.16) - Update to version 5.15.16: * Bump version to 5.15.16 * Add check for system ffmpeg compatibility * Fix handling of external URLs in PDFs * Update Chromium: * [Backport] CVE-2023-5996: Use after free in WebAudio * [Backport] CVE-2023-5482 and CVE-2023-5849 * [Backport] CVE-2023-45853: Buffer overflow in MiniZip * [Backport] Security bug 1478470 * [Backport] Security bug 1472365 and 1472366 * [Backport] CVE-2023-5218: Use after free in Site Isolation * [Backport] Security bug 1486316 * FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64 * [Backport] Add Intel Meteorlake GPU series type * [Backport] Add Intel Raptorlake GPU series type * [Backport] Add a few missing IntelGpuSeriesTypes in gpu_util.cc * [Backport] Add Intel Alchemist GPU series type * [Backport] Add Alderlake to intel_gpu_series field in gpu control list. * [Backport] Add missing Intel GPU series types. * [Backport] Add Alderlake's GPU to list supporting two NV12 overlay planes. * [Backport] CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx * [Backport] Security bug 1479104 * [Backport] [PA] Support 16kb pagesize on Linux+ARM64 * [Backport] Replace uses of re2::StringPiece::set(). * Fix build with GCC 13 * Fix errors and warnings for perfetto * Remove nodiscard attribute from cpwl_combo_box.h * Bump V8_PATCH_LEVEL * [Backport] CVE-2023-4762: Type Confusion in V8 * [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL * [Backport] CVE-2023-4354: Heap buffer overflow in Skia * [Backport] CVE-2023-4351: Use after free in Network * Disable Windows IME for GPU thread * [Backport] CVE-2023-4863: Heap buffer overflow in WebP * [Backport] Security bug 1465224 * [Backport] Dependency for security bug 1465224 * [Backport] CVE-2023-4071: Heap buffer overflow in Visuals * [Backport] CVE-2023-4076: Use after free in WebRTC * [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling ==== libsolv ==== Version update (0.7.26 -> 0.7.27) Subpackages: libsolv-tools python3-solv ruby-solv - add zstd support for the installcheck tool - add putinowndirpool cache to make file list handling in repo_write much faster - bump version to 0.7.27 ==== python-jsonschema ==== Version update (4.19.2 -> 4.20.0) - update to 4.20.0: * Properly consider items (and properties) to be evaluated by unevaluatedItems (resp. unevaluatedProperties) when behind a $dynamicRef as specified by the 2020 and 2019 specifications. * jsonschema.exceptions.ErrorTree.__setitem__ is now deprecated. More broadly, in general users of jsonschema should never be mutating objects owned by the library. ==== python-pexpect ==== Version update (4.8.0 -> 4.9.0) - update to 4.9: * Add support for Python 3.12 #769. * Clean up temporary files after UnicodeTests #753. * Add Python 3.5, 3.6 and 3.12.0-rc.1 to test matrix #763. * Set prompt correctly for zsh #712. * Add zsh convenience function to replwrap module #751. * Rework async unittests to rely on unittest.IsolatedAsyncioTestCase #764. * Make test_expect.py work on POSIX systems that are not Linux based #698. * Add support for ``socket``, which allows sockets to be used crossplatform #745. * Update async to work on newer versions of python #732. * Remove deprecated RSAAuthentication option (SSHv1) #744. * Multiple CI fixes #743 #737 #742 #739 #722. * Use Github Actions for CI #734. * Remove pytest-capturelog from testing requirements #730. * Fix usage for Solaris #663 #604 #560. * Fix threading for new versions of python #684. * Fix documentation builds for use with Sphinx 3 #638. * Use ``sys.executable`` for tests and wrapper, allowing the calling python executable to be used instead #623. * Update documentation about Wexpect #623. * Added project urls to ``setup.py`` #620. * Provide examples for how to use Pexpect and Pyte #587. * Coerce compiled regex patterns type according to spawn encoding #560. * Several doc updates #626 #635 #643 #644 #728. drop 31fab7b0edbe9b3401507b5dfa4db6aaf3fabca5.patch, 684.patch, 715.patch, 742.patch, dae602d37493bae239e0e8db5b3dabafebfd59db.patch, fix-fail-no-alias.patch, no-python-binary.patch: upstream ==== selinux-policy ==== Version update (20231030 -> 20231124) Subpackages: selinux-policy-targeted - Update to version 20231124: * Allow virtnetworkd_t to execute bin_t (bsc#1216903)