openSUSE-2024-81 low openSUSE Backports SLE-15-SP6 Update This update for hello ships a testupdate to 15 sp6 backports. hello-2.12.1-bp156.2.2.1.src.rpm hello-2.12.1-bp156.2.2.1.x86_64.rpm hello-debuginfo-2.12.1-bp156.2.2.1.x86_64.rpm hello-debugsource-2.12.1-bp156.2.2.1.x86_64.rpm hello-lang-2.12.1-bp156.2.2.1.noarch.rpm hello-2.12.1-bp156.2.2.1.i586.rpm hello-debuginfo-2.12.1-bp156.2.2.1.i586.rpm hello-debugsource-2.12.1-bp156.2.2.1.i586.rpm hello-2.12.1-bp156.2.2.1.aarch64.rpm hello-debuginfo-2.12.1-bp156.2.2.1.aarch64.rpm hello-debugsource-2.12.1-bp156.2.2.1.aarch64.rpm hello-2.12.1-bp156.2.2.1.ppc64le.rpm hello-debuginfo-2.12.1-bp156.2.2.1.ppc64le.rpm hello-debugsource-2.12.1-bp156.2.2.1.ppc64le.rpm hello-2.12.1-bp156.2.2.1.s390x.rpm hello-debuginfo-2.12.1-bp156.2.2.1.s390x.rpm hello-debugsource-2.12.1-bp156.2.2.1.s390x.rpm openSUSE-2024-155 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API chromedriver-125.0.6422.141-bp156.2.3.1.x86_64.rpm chromium-125.0.6422.141-bp156.2.3.1.src.rpm chromium-125.0.6422.141-bp156.2.3.1.x86_64.rpm chromedriver-125.0.6422.141-bp156.2.3.1.aarch64.rpm chromium-125.0.6422.141-bp156.2.3.1.aarch64.rpm openSUSE-2024-150 moderate openSUSE Backports SLE-15-SP6 Update This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service (boo#1220403) libhtp-0.5.42-bp156.3.3.1.src.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.x86_64.rpm libhtp-devel-0.5.42-bp156.3.3.1.x86_64.rpm libhtp2-0.5.42-bp156.3.3.1.x86_64.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.x86_64.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.i586.rpm libhtp-devel-0.5.42-bp156.3.3.1.i586.rpm libhtp2-0.5.42-bp156.3.3.1.i586.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.i586.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.aarch64.rpm libhtp-devel-0.5.42-bp156.3.3.1.aarch64.rpm libhtp2-0.5.42-bp156.3.3.1.aarch64.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.aarch64.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp-devel-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp2-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.s390x.rpm libhtp-devel-0.5.42-bp156.3.3.1.s390x.rpm libhtp2-0.5.42-bp156.3.3.1.s390x.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.s390x.rpm openSUSE-2024-157 important openSUSE Backports SLE-15-SP6 Update This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) nano-7.2-bp156.3.3.1.src.rpm nano-7.2-bp156.3.3.1.x86_64.rpm nano-debuginfo-7.2-bp156.3.3.1.x86_64.rpm nano-debugsource-7.2-bp156.3.3.1.x86_64.rpm nano-lang-7.2-bp156.3.3.1.noarch.rpm nano-7.2-bp156.3.3.1.i586.rpm nano-debuginfo-7.2-bp156.3.3.1.i586.rpm nano-debugsource-7.2-bp156.3.3.1.i586.rpm nano-7.2-bp156.3.3.1.aarch64.rpm nano-debuginfo-7.2-bp156.3.3.1.aarch64.rpm nano-debugsource-7.2-bp156.3.3.1.aarch64.rpm nano-7.2-bp156.3.3.1.ppc64le.rpm nano-debuginfo-7.2-bp156.3.3.1.ppc64le.rpm nano-debugsource-7.2-bp156.3.3.1.ppc64le.rpm nano-7.2-bp156.3.3.1.s390x.rpm nano-debuginfo-7.2-bp156.3.3.1.s390x.rpm nano-debugsource-7.2-bp156.3.3.1.s390x.rpm openSUSE-2024-163 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Fix virtiofsd search path virtme-1.25-bp156.2.3.1.noarch.rpm virtme-1.25-bp156.2.3.1.src.rpm openSUSE-2024-164 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.2.0 * Add config option to reverse option order - Version 5.1.0 * Increase prio from 90 to 70 for packman/openh264 repos - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [boo#1212476] - Version 5.2.0 * Add config option to reverse option order - Version 5.1.0 * Increase prio from 90 to 70 for packman/openh264 repos opi-5.2.0-bp156.2.3.1.noarch.rpm opi-5.2.0-bp156.2.3.1.src.rpm openSUSE-2024-161 moderate openSUSE Backports SLE-15-SP6 Update plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): gmenudbusmenuproxy-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-session-5.27.11-bp156.3.3.1.noarch.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-5.27.11-bp156.3.3.1.src.rpm plasma5-workspace-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-lang-5.27.11-bp156.3.3.1.noarch.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.x86_64.rpm xembedsniproxy-5.27.11-bp156.3.3.1.x86_64.rpm gmenudbusmenuproxy-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.aarch64.rpm xembedsniproxy-5.27.11-bp156.3.3.1.aarch64.rpm gmenudbusmenuproxy-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.ppc64le.rpm xembedsniproxy-5.27.11-bp156.3.3.1.ppc64le.rpm openSUSE-2024-159 moderate openSUSE Backports SLE-15-SP6 Update This update for gajim, python-css-parser fixes the following issues: gajim changes: Express python dependencies directly. (boo#1225938) python-css-parser changes: update to 1.0.10 (boo#1225938): * Fix selector specificity calculation for pseudo-classes update to 1.0.9: * replace deprecated use of cgi.parse_header * drop python 3.6 support update to 1.0.8: * Replace removed assertEquals with assertEqual * Upgrade other unittest asserts for clearer error messages * tests: adjust exception string checks for python 3.11 * tests: fix warning about \( and \o being invalid sequences * Fix serialization of unknown rules containing comments - drop relax_error_msg_check.patch (upstream) gajim-1.8.4-bp156.2.3.1.noarch.rpm gajim-1.8.4-bp156.2.3.1.src.rpm gajim-lang-1.8.4-bp156.2.3.1.noarch.rpm python-css-parser-1.0.10-bp156.4.3.1.src.rpm python311-css-parser-1.0.10-bp156.4.3.1.noarch.rpm openSUSE-2024-261 moderate openSUSE Backports SLE-15-SP6 Update This update for vlc fixes the following issues: Update to version 3.0.21: + Decoders: * Improve Opus ambisonic support * Fix some ASS subtitle rendering issues * Fix Opus in MP4 behaviour * Fix VAAPI hw decoding with some drivers + Input: * Add support for HTTP content range handling according to RFC 9110 * Fix some HLS Adaptive Streaming not working in audio-only mode + Video Output: * Super Resolution scaling with AMD GPUs * The D3D11 HDR option can also turn on/off HDR for all sources regardless of the display * Improve subtitles rendering on Apple platforms of notably Asian languages by correcting font fallback lookups + Video Filter: * New AMD VQ Enhancer filter * Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources + Audio Output: * Fix regression on macOS causing crashes when using audio devices with more than 9 channels + Services Discovery: * Fix exposed UPnP directory URL schemes to be compliant with RFC 3986 + libVLC: * the HWND passed to libvlc_media_player_set_hwnd must have the WS_CLIPCHILDREN style set. * Fix crashes when using caopengllayer + Misc: * Fix various warnings, leaks and potential crashes * Fix security integer overflow in MMS module libvlc5-3.0.21-bp156.2.3.1.x86_64.rpm libvlccore9-3.0.21-bp156.2.3.1.x86_64.rpm vlc-3.0.21-bp156.2.3.1.src.rpm vlc-3.0.21-bp156.2.3.1.x86_64.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.x86_64.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.x86_64.rpm vlc-devel-3.0.21-bp156.2.3.1.x86_64.rpm vlc-jack-3.0.21-bp156.2.3.1.x86_64.rpm vlc-lang-3.0.21-bp156.2.3.1.noarch.rpm vlc-noX-3.0.21-bp156.2.3.1.x86_64.rpm vlc-opencv-3.0.21-bp156.2.3.1.x86_64.rpm vlc-qt-3.0.21-bp156.2.3.1.x86_64.rpm vlc-vdpau-3.0.21-bp156.2.3.1.x86_64.rpm libvlc5-3.0.21-bp156.2.3.1.aarch64.rpm libvlccore9-3.0.21-bp156.2.3.1.aarch64.rpm vlc-3.0.21-bp156.2.3.1.aarch64.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.aarch64.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.aarch64.rpm vlc-devel-3.0.21-bp156.2.3.1.aarch64.rpm vlc-jack-3.0.21-bp156.2.3.1.aarch64.rpm vlc-noX-3.0.21-bp156.2.3.1.aarch64.rpm vlc-opencv-3.0.21-bp156.2.3.1.aarch64.rpm vlc-qt-3.0.21-bp156.2.3.1.aarch64.rpm vlc-vdpau-3.0.21-bp156.2.3.1.aarch64.rpm libvlc5-3.0.21-bp156.2.3.1.ppc64le.rpm libvlccore9-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-devel-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-jack-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-noX-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-opencv-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-qt-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-vdpau-3.0.21-bp156.2.3.1.ppc64le.rpm openSUSE-2024-171 moderate openSUSE Backports SLE-15-SP6 Update This update for python-python-sql fixes the following issues: - update to 1.5.1: * Use parameter for start and end of WINDOW FRAME * Use parameter for limit and offset - version 1.5.0: * naming scheme broken upstream * Add MERGE query * Support “UPSERT” with ON CONFLICT clause on INSERT query * Remove default escape char on LIKE and ILIKE * Add GROUPING SETS, CUBE, and ROLLUP clauses for GROUP BY. python-python-sql-1.5.1-bp156.2.3.1.src.rpm python311-python-sql-1.5.1-bp156.2.3.1.noarch.rpm openSUSE-2024-168 important openSUSE Backports SLE-15-SP6 Update This update for gdcm fixes the following issues: - CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398). gdcm-3.0.24-bp156.2.4.1.src.rpm gdcm-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-applications-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-devel-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-examples-3.0.24-bp156.2.4.1.x86_64.rpm libgdcm3_0-3.0.24-bp156.2.4.1.x86_64.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.x86_64.rpm python3-gdcm-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-applications-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-devel-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-examples-3.0.24-bp156.2.4.1.aarch64.rpm libgdcm3_0-3.0.24-bp156.2.4.1.aarch64.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.aarch64.rpm python3-gdcm-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-applications-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-devel-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-examples-3.0.24-bp156.2.4.1.ppc64le.rpm libgdcm3_0-3.0.24-bp156.2.4.1.ppc64le.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.ppc64le.rpm python3-gdcm-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-3.0.24-bp156.2.4.1.s390x.rpm gdcm-applications-3.0.24-bp156.2.4.1.s390x.rpm gdcm-devel-3.0.24-bp156.2.4.1.s390x.rpm gdcm-examples-3.0.24-bp156.2.4.1.s390x.rpm libgdcm3_0-3.0.24-bp156.2.4.1.s390x.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.s390x.rpm python3-gdcm-3.0.24-bp156.2.4.1.s390x.rpm openSUSE-2024-173 moderate openSUSE Backports SLE-15-SP6 Update This update for shadowsocks-v2ray-plugin fixes the following issues: Update version to 5.15.1 * Fixed crash (boo#1226385) golang-github-teddysun-v2ray-plugin-5.15.1-bp156.2.3.1.noarch.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.src.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.x86_64.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.i586.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.aarch64.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.ppc64le.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.s390x.rpm openSUSE-2024-166 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.51.0: * Gracefully degrade when fetching annotations fails due to 403 (#9113) * replaced deprecated --json-result flag with --format=json in the gh at docstring. * Specify rpm repository to avoid conflicts with community repositories * Add `signer-repo` and `signer-workflow` flags to `gh attestation verify` (#9137) * Ensure signed RPMs have attestations Update to version 2.50.0: * Build completions during release on macos * Add build provenance for gh CLI releases (#9087) * Add integration tests for `gh attestation verify` shared workflow use case (#9107) * Update readme about MacOS pkg * Remove `v` prefix when `pkgmacos` is called * Integrate argument array to remove duplicate code * Added native min os version blocking * Fix distribution.xml + min macos version requirements * Fix directory already exists * Add a `gh variable get FOO` command (#9106) * Add comment to pr diff regex * Update regex in changedFilesNames to handle quoted paths * fix: rename the `Attempts` field to `Attempt`; expose in `gh run view` and `gh run ls` (#8905) * Change minimum build script macOS version * Cleanup pkgmacos build script * Removed redundant specifications * feat: add support for stateReason in `gh pr view` (#9080) * Update choice title * Update pkg title * update generated content for man pages and website * williammartin simplifications * remove no-op if clause that returns 'No Aliases' * Conditionalize references, remove redundant alias * list the various alias permutations for the command and subcommands * Remove TODO and add comment on LoginFlow tests * Comment the purpose of the helper config contract * Test git credentials are configured in LoginFlow * Add HelperConfig contract test and FakeHelperConfig * Inject GitCredentialFlow to LoginFlow as test seam * Removed unused param flagDryRun from upgradeFunc * Added summary TTY message to tests * Added TTY message to summarize checking extension upgrades * Add Helper test for Windows * Add tests for gitcredentials Updater * Fix mistaken git installation error check * Move gitcredentials HelperConfig and add tests * Comment the new gitcredentials package * Comment the git credential flow * Remove unnecessary credential setup private method * Use tighter interface in setup-git * Rename gitcredentials Configure to ConfigureOurs * Make gitcredential helper smarter * Move fetching configured helper into gitcredentials * Extract units for configuring and updating git credential helpers * Implement ExportData to filter json fields * fix: rename fields list * feat: add json output for PR checks * Fix doc bug for gh run watch gh-2.51.0-bp156.2.3.1.src.rpm gh-2.51.0-bp156.2.3.1.x86_64.rpm gh-bash-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-fish-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-zsh-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-2.51.0-bp156.2.3.1.i586.rpm gh-2.51.0-bp156.2.3.1.aarch64.rpm gh-2.51.0-bp156.2.3.1.ppc64le.rpm gh-2.51.0-bp156.2.3.1.s390x.rpm openSUSE-2024-170 moderate openSUSE Backports SLE-15-SP6 Update This update for rubygem-bcrypt_pbkdf fixes the following issues: Updated to version 1.1.1 - see installed CHANGELOG.md ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.x86_64.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.x86_64.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.x86_64.rpm rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.src.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.s390x.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.s390x.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.s390x.rpm openSUSE-2024-174 moderate openSUSE Backports SLE-15-SP6 Update This update for sngrep fixes the following issues: - CVE-2024-35434: heap buffer overflow in rtp_check_packet sngrep-1.8.1-bp156.2.3.1.src.rpm sngrep-1.8.1-bp156.2.3.1.x86_64.rpm sngrep-1.8.1-bp156.2.3.1.i586.rpm sngrep-1.8.1-bp156.2.3.1.aarch64.rpm sngrep-1.8.1-bp156.2.3.1.ppc64le.rpm sngrep-1.8.1-bp156.2.3.1.s390x.rpm openSUSE-2024-193 moderate openSUSE Backports SLE-15-SP6 Update This update for keepassxc fixes the following issues: Update to 2.7.9: - Changes: - Passkeys: Ability to easily remove a passkey from an entry [#10777] - Snap: Use new desktop portal for native messaging integration [#10906] - Fixes: - Improve entry placeholder/reference feature [#10846] - Improve CSV importing when title field isn't specified [#10843] - Improve encrypted Bitwarden importing [#10800] - Improve database settings UX [#10821] - Improve handling of clipboard actions from entry preview [#10810] - Improve group/entry view resize behavior and set sensible defaults [#10641] - Passkeys: Fix incorrect username fill [#10874] - Passkeys: Return additional data to the extension [#10857] - Fix password clear timer inconsistency on unlock view [#10708] - Fix portability check [#10760] - Fix page overflow on HTML exports [#10735] - Fix broken builds when using system provided zxcvbn [#10717] - Fix copy password button when text is selected [#10853] - Fix tab ordering on application settings pages [#10907] - SSH Agent: Fix broken decrypt button [#10638] - Flatpak: Fix configuration settings off-by-one error [#10688] keepassxc-2.7.9-bp156.2.3.1.src.rpm keepassxc-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-lang-2.7.9-bp156.2.3.1.noarch.rpm keepassxc-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-2.7.9-bp156.2.3.1.s390x.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.s390x.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.s390x.rpm openSUSE-2024-194 moderate openSUSE Backports SLE-15-SP6 Update This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. kbfs-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-git-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-tool-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm keybase-client-6.2.8-bp156.2.3.1.src.rpm keybase-client-6.2.8-bp156.2.3.1.x86_64.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-6.2.8-bp156.2.3.1.i586.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-git-6.2.8-bp156.2.3.1.i586.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-tool-6.2.8-bp156.2.3.1.i586.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.i586.rpm keybase-client-6.2.8-bp156.2.3.1.i586.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-git-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-tool-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm keybase-client-6.2.8-bp156.2.3.1.aarch64.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-git-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-tool-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm keybase-client-6.2.8-bp156.2.3.1.ppc64le.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-6.2.8-bp156.2.3.1.s390x.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm kbfs-git-6.2.8-bp156.2.3.1.s390x.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm kbfs-tool-6.2.8-bp156.2.3.1.s390x.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm keybase-client-6.2.8-bp156.2.3.1.s390x.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm openSUSE-2024-180 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Test-MockModule fixes the following issues: Update to version 0.178.0: - 6724a30 - Simplify CI workflow - Nicolas R - 1801372 - Multiple improvements - Nicolas R - e97e316 - Add protection to _replace_sub - Nicolas R perl-Test-MockModule-0.178.0-bp156.2.3.1.noarch.rpm perl-Test-MockModule-0.178.0-bp156.2.3.1.src.rpm openSUSE-2024-181 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Minion fixes the following issues: - updated to 10.29 see /usr/share/doc/packages/perl-Minion/Changes - updated to 10.28 see /usr/share/doc/packages/perl-Minion/Changes 10.28 2023-11-217 - Improved repair and history performance in most cases. 10.27 2023-11-20 - Improved repair performance in cases where there are a lot of finished jobs with dependencies. - updated to 10.26 see /usr/share/doc/packages/perl-Minion/Changes 10.26 2023-11-10 - Added type information to worker status. - Improved workers by calling srand() after starting a new job process. perl-Minion-10.290.0-bp156.3.3.1.noarch.rpm perl-Minion-10.290.0-bp156.3.3.1.src.rpm openSUSE-2024-182 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Perl-Tidy fixes the following issues: - updated to 20240511 ## 2024 05 11 - The option --valign-signed-numbers, or -vsn is now the default. It was introduced in the previous release has been found to significantly improve the overall appearance of columns of signed and unsigned numbers. See the previous Change Log entry for an example. This will change the formatting in scripts with columns of vertically aligned signed and unsigned numbers. Use -nvsn to turn this option off and avoid this change. - Previously, a line break was made before a short concatenated terminal quoted string, such as "\n", if the previous line had a greater starting indentation. The break is now placed after the short quote. This keeps code a little more compact. For example: # old rule: break before "\n" here because '$name' has more indentation: my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; # new rule: break after a short terminal quote like "\n" for compactness; my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; - The option --delete-repeated-commas is now the default. It makes the following checks and changes: - Repeated commas like ',,' are removed with a warning - Repeated fat commas like '=> =>' are removed with a warning - The combination '=>,' produces a warning but is not changed These warnings are only output if --warning-output, or -w, is set. Use --nodelete-repeated-commas, or -ndrc, to retain repeated commas. - The operator ``**=`` now has spaces on both sides by default. Previously, there was no space on the left. This change makes its spacing the same as all other assignment operators. The previous behavior can be obtained with the parameter setting -nwls='**='. - The option --file-size-order, or -fso is now the default. When perltidy is given a list of multiple filenames to process, they are sorted by size and processed in order of increasing size. This can significantly reduce memory usage by Perl. This option has always been used in testing, where typically several jobs each operating on thousands of filenames are running at the same time and competing for system resources. If this option is not wanted for some reason, it can be deactivated with -nfso. - In the option --dump-block-summary, the number of sub arguments indicated for each sub now includes any leading object variable passed with an arrow-operator call. Previously the count would have been decreased by one in this case. This change is needed for compatibility with future updates. - Fix issue git #138 involving -xlp (--extended-line-up-parentheses). When multiple-line quotes and regexes have long secondary lines, these line lengths could influencing some spacing and indentation, but they should not have since perltidy has no control over their indentation. This has been fixed. This will mainly influence code which uses -xlp and has long multi-line quotes. - Add option --minimize-continuation-indentation, -mci (see git #137). This flag allows perltidy to remove continuation indentation in some special cases where it is not really unnecessary. For a simple example, the default formatting for the following snippet is: # perltidy -nmci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); The second and third lines are one level deep in a container, and are also statement continuations, so they get indented by the sum of the -i value and the -ci value. If this flag is set, the indentation is reduced by -ci spaces, giving # perltidy -mci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); This situation is relatively rare except in code which has long quoted strings and the -nolq flag is also set. This flag is currently off by default, but it could become the default in a future version. - Add options --dump-mismatched-args (or -dma) and --warn-mismatched-arg (or -wma). These options look for and report instances where the number of args expected by a sub appear to differ from the number passed to the sub. The -dump version writes the results for a single file to standard output and exits: perltidy -dma somefile.pl >results.txt The -warn version formats as normal but reports any issues as warnings in the error file: perltidy -wma somefile.pl The -warn version may be customized with the following additional parameters if necessary to avoid needless warnings: --warn-mismatched-arg-types=s (or -wmat=s), --warn-mismatched-arg-exclusion-list=s (or -wmaxl=s), and --warn-mismatched-arg-undercount-cutoff=n (or -wmauc=n). --warn-mismatched-arg-overcount-cutoff=n (or -wmaoc=n). These are explained in the manual. - Add option --valign-wide-equals, or -vwe, for issue git #135. Setting this parameter causes the following assignment operators = **= += *= &= <<= &&= -= /= |= >>= ||= //= .= %= ^= x= to be aligned vertically with the ending = all aligned. For example, here is the default formatting of a snippet of code: $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; And here is the same code formatted with -vwe: # perltidy -vwe $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; This option currently is off by default to avoid changing existing formatting. - Added control --delete-interbracket-arrows, or -dia, to delete optional hash ref and array ref arrows between brackets as in the following expression (see git #131) return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; # perltidy -dia gives: return $self->{'commandline'}{'arg_list'}[0][0]{'hostgroups'}; Added the opposite control --aia-interbracket-arrows, or -aia, to add arrows. So applied to the previous line the arrows are restored: # perltidy -aia return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; The manual describes additional controls for adding and deleting just selected interbracket arrows. - updated to 20240202 see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2024 02 02 - Added --valign-signed-numbers, or -vsn. This improves the appearance of columns of numbers by aligning leading algebraic signs. For example: # perltidy -vsn my $xyz_shield = [ [ -0.060, -0.060, 0. ], [ 0.060, -0.060, 0. ], [ 0.060, 0.060, 0. ], [ -0.060, 0.060, 0. ], [ -0.0925, -0.0925, 0.092 ], [ 0.0925, -0.0925, 0.092 ], [ 0.0925, 0.0925, 0.092 ], [ -0.0925, 0.0925, 0.092 ], ]; # perltidy -nvsn (current DEFAULT) my $xyz_shield = [ [ -0.060, -0.060, 0. ], [ 0.060, -0.060, 0. ], [ 0.060, 0.060, 0. ], [ -0.060, 0.060, 0. ], [ -0.0925, -0.0925, 0.092 ], [ 0.0925, -0.0925, 0.092 ], [ 0.0925, 0.0925, 0.092 ], [ -0.0925, 0.0925, 0.092 ], ]; This new option works well but is currently OFF to allow more testing and fine-tuning. It is expected to be activated in a future release. - Added --dump-mixed-call-parens (-dmcp ) which will dump a list of operators which are sometimes followed by parens and sometimes not. This can be useful for developing a uniform style for selected operators. Issue git #128. For example perltidy -dmcp somefile.pl >out.txt produces lines like this, where the first number is the count of uses with parens, and the second number is the count without parens. k:caller:2:1 k:chomp:3:4 k:close:7:4 - Added --want-call-parens=s (-wcp=s) and --nowant-call-parens=s (-nwcp=s) options which will warn of paren uses which do not match a selected style. The manual has details. But for example, perltidy -wcp='&' somefile.pl will format as normal but warn if any user subs are called without parens. - Added --dump-unusual-variables (-duv) option to dump a list of variables with certain properties of interest. For example perltidy -duv somefile.pl >vars.txt produces a file with lines which look something like 1778:u: my $input_file 6089:r: my $j: reused - see line 6076 The values on the line which are separated by colons are: line number - the number of the line of the input file issue - a single letter indicating the issue, see below variable name - the name of the variable, preceded by a keyword note - an optional note referring to another line The issue is indicated by a letter which may be one of: r: reused variable name s: sigil change but reused bareword p: lexical variable with scope in multiple packages u: unused variable This is very useful for locating problem areas and bugs in code. - Added a related flag --warn-variable-types=string (-wvt=string) option to warn if certain types of variables are found in a script. The types are a space-separated string which may include 'r', 's', and 'p' but not 'u'. For example perltidy -wvt='r s' somefile.pl will check for and warn if any variabls of type 'r', or 's' are seen, but not 'p'. All possible checks may be indicated with a '*' or '1': perltidy -wvt='*' somefile.pl The manual has further details. - All parameters taking integer values are now checked for out-of-range values before processing starts. When a maximum or maximum range is exceeded, the new default behavior is to write a warning message, reset the value to its default setting, and continue. This default behavior can be changed with the new parameter --integer-range-check=n, or -irc=n, as follows: n=0 skip check completely (for stress-testing perltidy only) n=1 reset bad values to defaults but do not issue a warning n=2 reset bad values to defaults and issue a warning [DEFAULT] n=3 stop immediately if any values are out of bounds The settings n=0 and n=1 are mainly useful for testing purposes. - The --dump-block-summary (-dbs) option now includes the number of sub args in the 'type' column. For example, 'sub(9)' indicates a sub with 9 args. Subs whose arg count cannot easily be determined are indicated as 'sub(*)'. The count does not include a leading '$self' or '$class' arg. - Added flag --space-signature-paren=n, or -ssp=n (issue git #125). This flag works the same as the existing flag --space-prototype-paren=n except that it applies to the space before the opening paren of a sub signature instead of a sub prototype. Previously, there was no control over this (a space always occurred). For example, given the following line: sub circle( $xc, $yc, $rad ); The following results can now be obtained, according to the value of n: sub circle( $xc, $yc, $rad ); # n=0 [no space] sub circle( $xc, $yc, $rad ); # n=1 [default; same as input] sub circle ( $xc, $yc, $rad ); # n=2 [space] The spacing in previous versions of perltidy corresponded to n=2 (always a space). The new default value, n=1, will produce a space if and only if there was a space in the input text. - The --dump-block-summary option can report an if-elsif-elsif-.. chain as a single line item with the notation -dbt='elsif3', for example, where the '3' is an integer which specifies the minimum number of elsif blocks required for a chain to be reported. The manual has details. - Fix problem c269, in which the new -ame parameter could incorrectly emit an else block when two elsif blocks were separated by a hanging side comment (a very rare situation). - When braces are detected to be unbalanced, an attempt is made to localize the error by comparing the indentation at closing braces with their actual nesting levels. This can be useful for files which have previously been formatted by perltidy. To illustrate, a test was made in which the closing brace at line 30644 was commented out in a file with a total of over 62000 lines. The new error message is Final nesting depth of '{'s is 1 The most recent un-matched '{' is on line 6858 ... Table of nesting level differences at closing braces. This might help localize brace errors if the file was previously formatted. line: (brace level) - (level expected from old indentation) 30643: 0 30645: 1 Previously, the error file only indicated that the error in this case was somewhere after line 6858, so the new table is very helpful. Closing brace indentation is checked because it is unambiguous and can be done very efficiently. - The -DEBUG option no longer automatically also writes a .LOG file. Use --show-options if the .LOG file is needed. - The run time of this version with all new options in use is no greater than that of the previous version thanks to optimization work. perl-Perl-Tidy-20240511.0.0-bp156.2.3.1.noarch.rpm perl-Perl-Tidy-20240511.0.0-bp156.2.3.1.src.rpm openSUSE-2024-175 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit fixes the following issues: - disable selinux on leap versions without selinux - set libexec dir to %_libexecdir (boo#1223533) - new version 316: * cockpit.js API: Fix format_bytes() units - new version 315: * Networking: Show additional ports for each firewall zone * Networking: List Firewall active zones when unprivileged * Inline documentation * Support for transient virtual machines * UEFI for virtual machines * Unattended virtual machines installation * Localize times * Better support for various TLS certificate formats * Overview: Add CPU utilization to usage card * Dashboard: Support SSH identity unlocking when adding new machines * SElinux: Introduce an Ansible automation script * Machines: Support 'bridge' type network interfaces * Machines: Support 'bus' type disk configuration cockpit-316-bp156.2.3.1.src.rpm cockpit-316-bp156.2.3.1.x86_64.rpm cockpit-bridge-316-bp156.2.3.1.x86_64.rpm cockpit-devel-316-bp156.2.3.1.x86_64.rpm cockpit-doc-316-bp156.2.3.1.noarch.rpm cockpit-kdump-316-bp156.2.3.1.noarch.rpm cockpit-networkmanager-316-bp156.2.3.1.noarch.rpm cockpit-packagekit-316-bp156.2.3.1.noarch.rpm cockpit-pcp-316-bp156.2.3.1.x86_64.rpm cockpit-selinux-316-bp156.2.3.1.noarch.rpm cockpit-storaged-316-bp156.2.3.1.noarch.rpm cockpit-system-316-bp156.2.3.1.noarch.rpm cockpit-ws-316-bp156.2.3.1.x86_64.rpm cockpit-316-bp156.2.3.1.aarch64.rpm cockpit-bridge-316-bp156.2.3.1.aarch64.rpm cockpit-devel-316-bp156.2.3.1.aarch64.rpm cockpit-pcp-316-bp156.2.3.1.aarch64.rpm cockpit-ws-316-bp156.2.3.1.aarch64.rpm cockpit-316-bp156.2.3.1.ppc64le.rpm cockpit-bridge-316-bp156.2.3.1.ppc64le.rpm cockpit-devel-316-bp156.2.3.1.ppc64le.rpm cockpit-pcp-316-bp156.2.3.1.ppc64le.rpm cockpit-ws-316-bp156.2.3.1.ppc64le.rpm cockpit-316-bp156.2.3.1.s390x.rpm cockpit-bridge-316-bp156.2.3.1.s390x.rpm cockpit-devel-316-bp156.2.3.1.s390x.rpm cockpit-pcp-316-bp156.2.3.1.s390x.rpm cockpit-ws-316-bp156.2.3.1.s390x.rpm openSUSE-2024-176 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.2.1 * Update freeoffice.py opi-5.2.1-bp156.2.6.1.noarch.rpm opi-5.2.1-bp156.2.6.1.src.rpm openSUSE-2024-177 moderate openSUSE Backports SLE-15-SP6 Update This update for mygnuhealth fixes the following issues: - version 2.2.0 * Support for Kivy 2.3.0 * Localization. MyGNUHealth now has support for different languages. English, Spanish and Chinese are available to use, and French, German, Italian are ready to be translated. There will be a translation component for MyGNUHealth at Codeberg's Weblate instance. * Bluetooth functionality: Starting with MyGH series 2.2 we provide bluetooth integration for open compatible devices and health trackers. We include the link with the Pinetime Smartwatch (experimental) and the possibility to link to any open hardware device (glucometer, scales, blood pressure monitors, .. ). We need to get a list of available medical devices that respect our privacy and freedom, so let us know of any! * Charts now allow to select date ranges with calendar widgets The Book of Life have a revised format for the pages. The charts have been improved in the format and include x axis labels. mygnuhealth-2.2.0-bp156.2.3.1.src.rpm mygnuhealth-2.2.0-bp156.2.3.1.x86_64.rpm mygnuhealth-2.2.0-bp156.2.3.1.aarch64.rpm mygnuhealth-2.2.0-bp156.2.3.1.ppc64le.rpm mygnuhealth-2.2.0-bp156.2.3.1.s390x.rpm openSUSE-2024-178 moderate openSUSE Backports SLE-15-SP6 Update This update for python-Routes fixes the following issues: - update to 2.5.1: * Add compatibility for Python 3.7+. * Add graceful fallback for invalid character encoding from request object. * Enhanced performance for matching routes that share the same static prefix. * Fixed issue with child routes not passing route conditions to the Mapper.connect call. * Fixed documentation to reflect default value for minimization. * Allow backslash to escape special characters in route paths. * Resolve invalid escape sequences. * Remove support for Python 2.6, 3.3, and 3.4. * Remove obsolete Python 2.3 compat code. - update to 2.4.1: * Release as a universal wheel. PR #75. * Convert readthedocs links for their .org -> .io migration for hosted projects. - update to 2.3.1: * Backwards compatability fix - connect should work with mandatory routename and optional path. Patch by Davanum Srinivas (PR #65). * Fix sub_domain equivalence check. Patch by Nikita Uvarov * Add support for protocol-relative URLs generation (i.e. starting with double slash ``//``). PR #60. Patch by Sviatoslav Sydorenko. * Add support for the ``middleware`` extra requirement, making possible to depend on ``webob`` optionally. PR #59. Patch by Sviatoslav Sydorenko. * Fix matching of an empty string route, which led to exception in earlier versions. PR #58. Patch by Sviatoslav Sydorenko. * Add support for the ``requirements`` option when using mapper.resource to create routes. PR #57. Patch by Sean Dague. * Concatenation fix when using submappers with path prefixes. Multiple submappers combined the path prefix inside the controller argument in non-obvious ways. The controller argument will now be properly carried through when using submappers. PR #28. - update to 2.2: * Fix Python 3 support. Patch by Victor Stinner. - update to 2.1: * Fix 3 other route matching groups in route.py to use anonymous groups for optional sections to avoid exceeding regex limits. Fixes #15. * Printing a mapper now includes the Controller/action parameters from the route. Fixes #11. * Fix regression that didn't allow passing in params 'host', 'protocol', or 'anchor'. They can now be passed in with a trailing '_' as was possible before commit d1d1742903fa5ca24ef848a6ae895303f2661b2a. Fixes #7. * URL generation with/without SCRIPT_NAME was resulting in the URL cache failing to return the appropriate cached URL generation. The URL cache should always include the SCRIPT_NAME, even if its empty, in the cache to avoid this, and now does. Fixes #6. * Extract Route creation into separate method in Mapper. Subclasses of Route can be created by Mappers now. * Use the first X_FORWARDED_FOR value if there are multiple proxies in the path. Fixes #5. * Python 3.2/3.3 Support. Fixes Issue #2. Thanks to Alejandro Sánchez for the pull request! - Update to version 1.13: * Fix bug with dots forcing extension by default. The portion with the dot can now be recognized. Patch by Michael Basnight. python-Routes-2.5.1-bp156.2.1.src.rpm python3-Routes-2.5.1-bp156.2.1.noarch.rpm openSUSE-2024-184 moderate openSUSE Backports SLE-15-SP6 Update This update for python-guessit, python-rebulk fixes the following issues: python-guessit: - Raise version requirement for python-rebulk (fixes boo#1226826) python-rebulk: - Update to version 3.2.0 Features: * dependencies: Add python 3.11 support and drop python 3.6 support. Fixes: * Remove pytest-runner from setup_requires. python-guessit-3.8.0-bp156.2.3.1.src.rpm python3-guessit-3.8.0-bp156.2.3.1.noarch.rpm python-rebulk-3.2.0-bp156.4.3.1.src.rpm python3-rebulk-3.2.0-bp156.4.3.1.noarch.rpm openSUSE-2024-191 moderate openSUSE Backports SLE-15-SP6 Update This update for wg-info fixes the following issues: * Fix regex escaping wg-info-20240702.9b5c479-bp156.2.3.1.noarch.rpm wg-info-20240702.9b5c479-bp156.2.3.1.src.rpm openSUSE-2024-188 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account, trytond_account_invoice, trytond_currency, trytond_purchase fixes the following issues: Changes in trytond_purchase: - Version 6.0.16 - Bugfix Release Changes in trytond_currency: - Version 6.0.6 - Bugfix Release Changes in trytond_account_invoice: - Version 6.0.18 - Bugfix Release Changes in trytond_account: - Version 6.0.26 - Bugfix Release Changes in trytond: - Version 6.0.48 - Bugfix Release Changes in tryton: - Version 6.0.40 - Bugfix Release tryton-6.0.40-bp156.2.3.1.noarch.rpm tryton-6.0.40-bp156.2.3.1.src.rpm trytond-6.0.48-bp156.2.3.1.noarch.rpm trytond-6.0.48-bp156.2.3.1.src.rpm trytond_account-6.0.26-bp156.2.3.1.noarch.rpm trytond_account-6.0.26-bp156.2.3.1.src.rpm trytond_account_invoice-6.0.18-bp156.2.3.1.noarch.rpm trytond_account_invoice-6.0.18-bp156.2.3.1.src.rpm trytond_currency-6.0.6-bp156.4.3.1.noarch.rpm trytond_currency-6.0.6-bp156.4.3.1.src.rpm trytond_purchase-6.0.16-bp156.2.3.1.noarch.rpm trytond_purchase-6.0.16-bp156.2.3.1.src.rpm openSUSE-2024-189 moderate openSUSE Backports SLE-15-SP6 Update This update for mtail fixes the following issues: - Adjust system call filter for Leap 15.6 mtail-3.0.0rc51-bp156.4.3.1.src.rpm mtail-3.0.0rc51-bp156.4.3.1.x86_64.rpm mtail-3.0.0rc51-bp156.4.3.1.i586.rpm mtail-3.0.0rc51-bp156.4.3.1.aarch64.rpm mtail-3.0.0rc51-bp156.4.3.1.ppc64le.rpm mtail-3.0.0rc51-bp156.4.3.1.s390x.rpm openSUSE-2024-195 moderate openSUSE Backports SLE-15-SP6 Update This update for afl fixes the following issues: Updated to 4.21c: * afl-fuzz - fixed a regression in afl-fuzz that resulted in a 5-10% performace loss do a switch from gettimeofday() to clock_gettime() which should be rather three times faster. The reason for this is unknown. - new queue selection algorithm based on 2 core years of queue data analysis. gives a noticable improvement on coverage although the results seem counterintuitive :-) - added AFL_DISABLE_REDUNDANT for huge queues - added `AFL_NO_SYNC` environment variable that does what you think it does - fix AFL_PERSISTENT_RECORD - run custom_post_process after standard trimming - prevent filenames in the queue that have spaces - minor fix for FAST schedules - more frequent stats update when syncing (todo: check performance impact) - now timing of calibration, trimming and syncing is measured seperately, thanks to @eqv! - -V timing is now accurately the fuzz time (without syncing), before long calibration times and syncing could result in now fuzzing being made when the time was already run out until then, thanks to @eqv! - fix -n uninstrumented mode when ending fuzzing - enhanced the ASAN configuration - make afl-fuzz use less memory with cmplog and fix a memleak * afl-cc: - re-enable i386 support that was accidently disabled - fixes for LTO and outdated afl-gcc mode for i386 - fix COMPCOV split compare for old LLVMs - disable xml/curl/g_ string transform functions because we do not check for null pointers ... TODO - ensure shared memory variables are visible in weird build setups - compatability to new LLVM 19 changes * afl-cmin - work with input files that have a space * afl-showmap - fix memory leak on shmem testcase usage (thanks to @ndrewh) - minor fix to collect coverage -C (thanks to @bet4it) * Fixed a shmem mmap bug (that rarely came up on MacOS) * libtokencap: script generate_libtoken_dict.sh added by @a-shvedov Updated to 4.20c: + A new forkserver communication model is now introduced. afl-fuzz is backward compatible to old compiled targets if they are not built for CMPLOG/Redqueen, but new compiled targets will not work with old afl-fuzz versions! + Recompile all targets that are instrumented for CMPLOG/Redqueen! - AFL++ now supports up to 4 billion coverage edges, up from 6 million. - New compile option: `make PERFORMANCE=1` - this will enable special CPU dependent optimizations that make everything more performant - but the binaries will likely won't work on different platforms. Also enables a faster hasher if the CPU requirements are met. - The persistent record feature (see config.h) was expanded to also support replay, thanks to @quarta-qti ! - afl-fuzz: - the new deterministic fuzzing feature is now activated by default, deactivate with -z. Parameters -d and -D are ignored. - small improvements to CMPLOG/redqueen - workround for a bug with MOpt -L when used with -M - in the future we will either remove or rewrite MOpt. - fix for `-t xxx+` feature - -e extension option now saves the queue items, crashes, etc. with the extension too - fixes for trimmming, correct -V time and reading stats on resume by eqv thanks a lot! - afl-cc: - added collision free caller instrumentation to LTO mode. activate with `AFL_LLVM_LTO_CALLER=1`. You can set a max depth to go through single block functions with `AFL_LLVM_LTO_CALLER_DEPTH` (default 0) - fixes for COMPCOV/LAF and most other modules - fix for GCC_PLUGIN cmplog that broke on std::strings - afl-whatsup: - now also displays current average speed - small bugfixes - Fixes for aflpp custom mutator and standalone tool - Minor edits to afl-persistent-config - Prevent temporary files being left behind on aborted afl-whatsup - More CPU benchmarks added to benchmark/ Updated to 4.10c: - afl-fuzz: - default power schedule is now EXPLORE, due a fix in fast schedules explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! - better deterministic fuzzing is now available, benchmarks have shown to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR! - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ - workaround for ASAN with gcc_plugin mode - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) fuzzing feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should - dynamic instrumentation filtering for LLVM NATIVE, thanks @Mozilla! see utils/dynamic_covfilter/README.md - qemu_mode: - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! - updated Nyx checkout (fixes a bug) and some QOL - updated the custom grammar mutator - document afl-cmin does not work on macOS (but afl-cmin.bash does) afl-4.21c-bp156.2.3.1.src.rpm afl-4.21c-bp156.2.3.1.x86_64.rpm afl-4.21c-bp156.2.3.1.i586.rpm afl-4.21c-bp156.2.3.1.aarch64.rpm afl-4.21c-bp156.2.3.1.ppc64le.rpm afl-4.21c-bp156.2.3.1.s390x.rpm openSUSE-2024-196 moderate openSUSE Backports SLE-15-SP6 Update This update for tpm-fido fixes the following issues: - Require system-user-tss for tss group - Ensure uhid module is loaded on boot so udev will set permissions tpm-fido-20230621.5f8828b-bp156.2.3.1.src.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.x86_64.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.i586.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.aarch64.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.ppc64le.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.s390x.rpm openSUSE-2024-206 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit fixes the following issues: - new version 320: * pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126) - changes in older versions: * Storage: Btrfs snapshots * Podman: Add image pull action * Files: Bookmark support * webserver: System user changes * Metrics: Grafana setup now prefers Valkey - Invalid json against the storaged manifest boo#1227299 cockpit-320-bp156.2.6.3.src.rpm cockpit-320-bp156.2.6.3.x86_64.rpm cockpit-bridge-320-bp156.2.6.3.x86_64.rpm cockpit-devel-320-bp156.2.6.3.x86_64.rpm cockpit-doc-320-bp156.2.6.3.noarch.rpm cockpit-kdump-320-bp156.2.6.3.noarch.rpm cockpit-networkmanager-320-bp156.2.6.3.noarch.rpm cockpit-packagekit-320-bp156.2.6.3.noarch.rpm cockpit-pcp-320-bp156.2.6.3.x86_64.rpm cockpit-selinux-320-bp156.2.6.3.noarch.rpm cockpit-storaged-320-bp156.2.6.3.noarch.rpm cockpit-system-320-bp156.2.6.3.noarch.rpm cockpit-ws-320-bp156.2.6.3.x86_64.rpm cockpit-320-bp156.2.6.3.aarch64.rpm cockpit-bridge-320-bp156.2.6.3.aarch64.rpm cockpit-devel-320-bp156.2.6.3.aarch64.rpm cockpit-pcp-320-bp156.2.6.3.aarch64.rpm cockpit-ws-320-bp156.2.6.3.aarch64.rpm cockpit-320-bp156.2.6.3.ppc64le.rpm cockpit-bridge-320-bp156.2.6.3.ppc64le.rpm cockpit-devel-320-bp156.2.6.3.ppc64le.rpm cockpit-pcp-320-bp156.2.6.3.ppc64le.rpm cockpit-ws-320-bp156.2.6.3.ppc64le.rpm cockpit-320-bp156.2.6.3.s390x.rpm cockpit-bridge-320-bp156.2.6.3.s390x.rpm cockpit-devel-320-bp156.2.6.3.s390x.rpm cockpit-pcp-320-bp156.2.6.3.s390x.rpm cockpit-ws-320-bp156.2.6.3.s390x.rpm openSUSE-2024-200 moderate openSUSE Backports SLE-15-SP6 Update This update for obs-service-download_url fixes the following issues: Update to version 0.2.1: * CVE-2024-22033: fixed argument parsing option injection (boo#1227203) obs-service-download_url-0.2.1-bp156.2.3.1.noarch.rpm obs-service-download_url-0.2.1-bp156.2.3.1.src.rpm openSUSE-2024-270 moderate openSUSE Backports SLE-15-SP6 Update This update for AusweisApp fixes the following issues: Version 2.1.1 - Visual adjustments and optimization of the graphical user interface. - Fixed rarely occurring problems in connection with the browser used. - Textual adjustments. - Fixed READER messages in the SDK when using unknown cards or when the connection to the card is unstable. Version 2.1.0 - Visual adjustments and optimization of the graphical user interface. - Improved detection of system language on macOS. - Removed the five minutes time limit for password entry when the ID card is placed on the reader. - Fixed display of changed device names when using "Smartphone as card reader". - Add an option to disable animations. - Fixed the behavior of "Smartphone as card reader" with activated password entry when using a PUK. - Fixed of the connection test with a password-protected proxy in the diagnostics on desktop systems. - Drop support for macOS 11 Big Sur. - Fixed processing of certificates with CAv3 extension. - Unified documentation for installation and integration. - Update of OpenSSL to version 3.1.5. Version 2.0.3 - Fixed crash on macOS 11. - Fixed missing German translation. - Fixed display of release notes. Version 2.0.2 - Avoid showing hints to the PIN reset service. Version 2.0.1 - Fixed an issue where settings were not saved on iOS and macOS. - Fixed entitlements on macOS. Version 2.0.0 - Renamed AusweisApp2 to AusweisApp. - Completely revised graphical user interface. - Dark mode is now supported on all platforms. - The display in landscape mode has been optimized and is now set automatically. - System font and size are now honored by the app. - Optimized usability of the title bar. - Online help is no longer available. - The provider list is no longer integrated in AusweisApp but can now be accessed via the AusweisApp website. - History of authentication processes has been removed. - The PDF export function for personal data has been removed. AusweisApp-2.1.1-bp156.2.1.src.rpm AusweisApp-2.1.1-bp156.2.1.x86_64.rpm AusweisApp-2.1.1-bp156.2.1.aarch64.rpm AusweisApp-2.1.1-bp156.2.1.ppc64le.rpm AusweisApp-2.1.1-bp156.2.1.s390x.rpm openSUSE-2024-202 moderate openSUSE Backports SLE-15-SP6 Update This update for Botan fixes the following issues: Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - boo#1227238 * CVE-2024-34703 - boo#1227607 * CVE-2024-39312 - boo#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14 Botan-2.19.5-bp156.3.3.1.src.rpm Botan-2.19.5-bp156.3.3.1.x86_64.rpm Botan-doc-2.19.5-bp156.3.3.1.noarch.rpm libbotan-2-19-2.19.5-bp156.3.3.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.3.1.x86_64.rpm python3-botan-2.19.5-bp156.3.3.1.x86_64.rpm Botan-2.19.5-bp156.3.3.1.i586.rpm libbotan-2-19-2.19.5-bp156.3.3.1.i586.rpm libbotan-2-19-32bit-2.19.5-bp156.3.3.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.3.1.i586.rpm libbotan-devel-32bit-2.19.5-bp156.3.3.1.x86_64.rpm python3-botan-2.19.5-bp156.3.3.1.i586.rpm Botan-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-2-19-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-2-19-64bit-2.19.5-bp156.3.3.1.aarch64_ilp32.rpm libbotan-devel-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-devel-64bit-2.19.5-bp156.3.3.1.aarch64_ilp32.rpm python3-botan-2.19.5-bp156.3.3.1.aarch64.rpm Botan-2.19.5-bp156.3.3.1.ppc64le.rpm libbotan-2-19-2.19.5-bp156.3.3.1.ppc64le.rpm libbotan-devel-2.19.5-bp156.3.3.1.ppc64le.rpm python3-botan-2.19.5-bp156.3.3.1.ppc64le.rpm Botan-2.19.5-bp156.3.3.1.s390x.rpm libbotan-2-19-2.19.5-bp156.3.3.1.s390x.rpm libbotan-devel-2.19.5-bp156.3.3.1.s390x.rpm python3-botan-2.19.5-bp156.3.3.1.s390x.rpm openSUSE-2024-207 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-ohif fixes the following issues: Version 1.3: * Updated OHIF to 3.8.3 * Enabled support for segmentation and microscopy modes Note that the microscopy mode is not stable yet in OHIF! * Fixed wrong MIME type for app-config.js that prevents the OHIF viewer from loading with Orthanc 1.12.2 orthanc-ohif-1.3-bp156.2.3.1.src.rpm orthanc-ohif-1.3-bp156.2.3.1.x86_64.rpm orthanc-ohif-1.3-bp156.2.3.1.aarch64.rpm orthanc-ohif-1.3-bp156.2.3.1.ppc64le.rpm orthanc-ohif-1.3-bp156.2.3.1.s390x.rpm openSUSE-2024-375 moderate openSUSE Backports SLE-15-SP6 Update This update for pagure fixes the following issues: - repair service startup on Leap 15.6 and Tumbleweed - Backport patches to fix issues after 5.14.1 release (https://pagure.io/pagure/pull-request/5486) * fix(5.14.x): Use '==' instead of 'is' in template if condition because to work with old Jinja2 versions * fix(oidc): Edge case, avoid 'KeyError' after pagure update if a cached session is used Update to 5.14.1 * no upstream changelog pagure-5.14.1-bp156.3.5.1.noarch.rpm pagure-5.14.1-bp156.3.5.1.src.rpm pagure-ci-5.14.1-bp156.3.5.1.noarch.rpm pagure-ev-5.14.1-bp156.3.5.1.noarch.rpm pagure-loadjson-5.14.1-bp156.3.5.1.noarch.rpm pagure-logcom-5.14.1-bp156.3.5.1.noarch.rpm pagure-milters-5.14.1-bp156.3.5.1.noarch.rpm pagure-mirror-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-chameleon-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-default-openSUSE-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-default-upstream-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-pagureio-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-srcfpo-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-upstream-5.14.1-bp156.3.5.1.noarch.rpm pagure-web-apache-httpd-5.14.1-bp156.3.5.1.noarch.rpm pagure-web-nginx-5.14.1-bp156.3.5.1.noarch.rpm pagure-webhook-5.14.1-bp156.3.5.1.noarch.rpm openSUSE-2024-204 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933) * CVE-2024-6290: Use after free in Dawn * CVE-2024-6291: Use after free in Swiftshader * CVE-2024-6292: Use after free in Dawn * CVE-2024-6293: Use after free in Dawn * CVE-2024-6100: Type Confusion in V8 * CVE-2024-6101: Inappropriate implementation in WebAssembly * CVE-2024-6102: Out of bounds memory access in Dawn * CVE-2024-6103: Use after free in Dawn * CVE-2024-5830: Type Confusion in V8 * CVE-2024-5831: Use after free in Dawn * CVE-2024-5832: Use after free in Dawn * CVE-2024-5833: Type Confusion in V8 * CVE-2024-5834: Inappropriate implementation in Dawn * CVE-2024-5835: Heap buffer overflow in Tab Groups * CVE-2024-5836: Inappropriate Implementation in DevTools * CVE-2024-5837: Type Confusion in V8 * CVE-2024-5838: Type Confusion in V8 * CVE-2024-5839: Inappropriate Implementation in Memory Allocator * CVE-2024-5840: Policy Bypass in CORS * CVE-2024-5841: Use after free in V8 * CVE-2024-5842: Use after free in Browser UI * CVE-2024-5843: Inappropriate implementation in Downloads * CVE-2024-5844: Heap buffer overflow in Tab Strip * CVE-2024-5845: Use after free in Audio * CVE-2024-5846: Use after free in PDFium * CVE-2024-5847: Use after free in PDFium - Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (boo#1226170) chromedriver-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromedriver-debuginfo-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromium-126.0.6478.126-bp156.2.6.1.src.rpm chromium-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromium-debuginfo-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromedriver-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromedriver-debuginfo-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromium-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromium-debuginfo-126.0.6478.126-bp156.2.6.1.aarch64.rpm openSUSE-2024-203 critical openSUSE Backports SLE-15-SP6 Update This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. znc-1.9.1-bp156.2.3.1.src.rpm znc-1.9.1-bp156.2.3.1.x86_64.rpm znc-devel-1.9.1-bp156.2.3.1.x86_64.rpm znc-lang-1.9.1-bp156.2.3.1.noarch.rpm znc-perl-1.9.1-bp156.2.3.1.x86_64.rpm znc-python3-1.9.1-bp156.2.3.1.x86_64.rpm znc-tcl-1.9.1-bp156.2.3.1.x86_64.rpm znc-1.9.1-bp156.2.3.1.i586.rpm znc-devel-1.9.1-bp156.2.3.1.i586.rpm znc-perl-1.9.1-bp156.2.3.1.i586.rpm znc-python3-1.9.1-bp156.2.3.1.i586.rpm znc-tcl-1.9.1-bp156.2.3.1.i586.rpm znc-1.9.1-bp156.2.3.1.aarch64.rpm znc-devel-1.9.1-bp156.2.3.1.aarch64.rpm znc-perl-1.9.1-bp156.2.3.1.aarch64.rpm znc-python3-1.9.1-bp156.2.3.1.aarch64.rpm znc-tcl-1.9.1-bp156.2.3.1.aarch64.rpm znc-1.9.1-bp156.2.3.1.ppc64le.rpm znc-devel-1.9.1-bp156.2.3.1.ppc64le.rpm znc-perl-1.9.1-bp156.2.3.1.ppc64le.rpm znc-python3-1.9.1-bp156.2.3.1.ppc64le.rpm znc-tcl-1.9.1-bp156.2.3.1.ppc64le.rpm znc-1.9.1-bp156.2.3.1.s390x.rpm znc-devel-1.9.1-bp156.2.3.1.s390x.rpm znc-perl-1.9.1-bp156.2.3.1.s390x.rpm znc-python3-1.9.1-bp156.2.3.1.s390x.rpm znc-tcl-1.9.1-bp156.2.3.1.s390x.rpm openSUSE-2024-212 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 126.0.6478.182 (boo#1227979): - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use after free in Audio - CVE-2024-6777: Use after free in Navigation - CVE-2024-6778: Race in DevTools - CVE-2024-6779: Out of bounds memory access in V8 chromedriver-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromium-126.0.6478.182-bp156.2.11.1.src.rpm chromium-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromium-debuginfo-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromedriver-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromium-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromium-debuginfo-126.0.6478.182-bp156.2.11.1.aarch64.rpm openSUSE-2024-209 moderate openSUSE Backports SLE-15-SP6 Update This update for cobbler fixes the following issues: - Update to 3.3.6 * Upstream all openSUSE specific patches that were maintained in Git * Fix rename of items that had uppercase letters * Skip inconsistent collections instead of crashing the daemon - Update to 3.3.5 * Added collection indicies for UUID's, MAC's, IP addresses and hostnames (boo#1219933) * Re-added to_dict() caching * Added lazy loading for the daemon (off by default) - Update to 3.3.4 * Added cobbler-tests-containers subpackage * Updated the distro_signatures.json database * The default name for grub2-efi changed to grubx64.efi to match the DHCP template cobbler-3.3.6-bp156.2.3.1.noarch.rpm cobbler-3.3.6-bp156.2.3.1.src.rpm cobbler-tests-3.3.6-bp156.2.3.1.noarch.rpm cobbler-tests-containers-3.3.6-bp156.2.3.1.noarch.rpm openSUSE-2024-210 important openSUSE Backports SLE-15-SP6 Update This update for global fixes the following issues: - CVE-2024-38448: htags may allow code execution via untrusted dbpath (boo#1226420) global-6.6.9-bp156.3.3.1.src.rpm global-6.6.9-bp156.3.3.1.x86_64.rpm global-debuginfo-6.6.9-bp156.3.3.1.x86_64.rpm global-debugsource-6.6.9-bp156.3.3.1.x86_64.rpm global-6.6.9-bp156.3.3.1.i586.rpm global-debuginfo-6.6.9-bp156.3.3.1.i586.rpm global-debugsource-6.6.9-bp156.3.3.1.i586.rpm global-6.6.9-bp156.3.3.1.aarch64.rpm global-debuginfo-6.6.9-bp156.3.3.1.aarch64.rpm global-debugsource-6.6.9-bp156.3.3.1.aarch64.rpm global-6.6.9-bp156.3.3.1.ppc64le.rpm global-debuginfo-6.6.9-bp156.3.3.1.ppc64le.rpm global-debugsource-6.6.9-bp156.3.3.1.ppc64le.rpm global-6.6.9-bp156.3.3.1.s390x.rpm global-debuginfo-6.6.9-bp156.3.3.1.s390x.rpm global-debugsource-6.6.9-bp156.3.3.1.s390x.rpm openSUSE-2024-213 moderate openSUSE Backports SLE-15-SP6 Update This update for robin-map fixes the following issues: Update to version 1.3.0: * Add erase_fast(iterator pos) method which in contrast to erase(iterator pos) doesn't return an iterator, avoiding the cost of looking for the next element after erasure of the element at iterator pos. Changes of version 1.2.2: * Specify library version & versioning rules in headers * Mark error_message in numeric_cast as unused to avoid compiler warning in some cases * Remove support for CMake < 3.3 robin-map-1.3.0-bp156.2.3.1.src.rpm robin-map-devel-1.3.0-bp156.2.3.1.noarch.rpm openSUSE-2024-215 moderate openSUSE Backports SLE-15-SP6 Update This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. (bsc#1228128) python-sentry-sdk-0.14.4-bp156.4.3.1.src.rpm python3-sentry-sdk-0.14.4-bp156.4.3.1.noarch.rpm openSUSE-2024-216 moderate openSUSE Backports SLE-15-SP6 Update This update for deepin-branding-openSUSE fixes the following issues: - Update default wallpaper (boo#1228113) deepin-branding-openSUSE-15.4-bp156.5.3.1.src.rpm deepin-desktop-schemas-branding-openSUSE-15.4-bp156.5.3.1.noarch.rpm deepin-launcher-branding-openSUSE-15.4-bp156.5.3.1.noarch.rpm openSUSE-2024-225 moderate openSUSE Backports SLE-15-SP6 Update This update for assimp fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class (boo#1228142), assimp-5.3.1-bp156.3.3.1.src.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm assimp-debugsource-5.3.1-bp156.3.3.1.x86_64.rpm assimp-devel-5.3.1-bp156.3.3.1.x86_64.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm libassimp5-5.3.1-bp156.3.3.1.x86_64.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm assimp-debugsource-5.3.1-bp156.3.3.1.aarch64.rpm assimp-devel-5.3.1-bp156.3.3.1.aarch64.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm libassimp5-5.3.1-bp156.3.3.1.aarch64.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-debugsource-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-devel-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm libassimp5-5.3.1-bp156.3.3.1.ppc64le.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm assimp-debugsource-5.3.1-bp156.3.3.1.s390x.rpm assimp-devel-5.3.1-bp156.3.3.1.s390x.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm libassimp5-5.3.1-bp156.3.3.1.s390x.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm openSUSE-2024-226 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Update create.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` gh-2.53.0-bp156.2.6.1.src.rpm gh-2.53.0-bp156.2.6.1.x86_64.rpm gh-bash-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-fish-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-zsh-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-2.53.0-bp156.2.6.1.i586.rpm gh-2.53.0-bp156.2.6.1.aarch64.rpm gh-2.53.0-bp156.2.6.1.ppc64le.rpm gh-2.53.0-bp156.2.6.1.s390x.rpm openSUSE-2024-220 moderate openSUSE Backports SLE-15-SP6 Update This update for caddy fixes the following issues: - Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) - Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) - Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) * Second half of 6dce493 * caddyhttp: Alter log message when request is unhandled (close #5182) * chore: Bump Go version in CI (#6310) * go.mod: go 1.22.3 * Fix typos (#6311) * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set "Vary: Accept-Encoding" header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` (#6270) * caddytls: Option to configure certificate lifetime (#6253) * replacer: Implement `file.*` global replacements (#5463) * caddyhttp: Address some Go 1.20 features (#6252) * Quell linter (false positive) * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) * caddytls: Add Caddyfile support for on-demand permission module (close #6260) * reverseproxy: Remove long-deprecated buffering properties * reverseproxy: Reuse buffered request body even if partially drained * reverseproxy: Accept EOF when buffering * logging: Fix default access logger (#6251) * fileserver: Improve Vary handling (#5849) * cmd: Only validate config is proper JSON if config slice has data (#6250) * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) * encode: Slight fix for the previous commit * encode: Improve Etag handling (fix #5849) * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) * caddyfile: Populate regexp matcher names by default (#6145) * caddyhttp: record num. bytes read when response writer is hijacked (#6173) * caddyhttp: Support multiple logger names per host (#6088) * chore: fix some typos in comments (#6243) * encode: Configurable compression level for zstd (#6140) * caddytls: Remove shim code supporting deprecated lego-dns (#6231) * connection policy: add `local_ip` matcher (#6074) * reverseproxy: Wait for both ends of websocket to close (#6175) * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * caddytls: Still provision permission module if ask is specified * fileserver: read etags from precomputed files (#6222) * fileserver: Escape # and ? in img src (fix #6237) * reverseproxy: Implement modular CA provider for TLS transport (#6065) * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) * cmd: Fix panic related to config filename (fix #5919) * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) * admin: Make `Etag` a header, not a trailer (#6208) * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) * gitignore: Add rule for caddyfile.go (#6225) * chore: Fix broken links in README.md (#6223) * chore: Upgrade some dependencies (#6221) * caddyhttp: Add plaintext response to `file_server browse` (#6093) * admin: Use xxhash for etag (#6207) * modules: fix some typo in conments (#6206) * caddyhttp: Replace sensitive headers with REDACTED (close #5669) * caddyhttp: close quic connections when server closes (#6202) * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) * chore: upgrade deps (#6198) * chore: remove repetitive word (#6193) * Added a null check to avoid segfault on rewrite query ops (#6191) * rewrite: `uri query` replace operation (#6165) * logging: support `ms` duration format and add docs (#6187) * replacer: use RWMutex to protect static provider (#6184) * caddyhttp: Allow `header` replacement with empty string (#6163) * vars: Make nil values act as empty string instead of `"<nil>"` (#6174) * chore: Update quic-go to v0.42.0 (#6176) * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) * reverseproxy: configurable active health_passes and health_fails (#6154) * reverseproxy: Configurable forward proxy URL (#6114) * caddyhttp: upgrade to cel v0.20.0 (#6161) * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) * caddyhttp: suppress flushing if the response is being buffered (#6150) * chore: encode: use FlushError instead of Flush (#6168) * encode: write status immediately when status code is informational (#6164) * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) * rewrite: Implement `uri query` operations (#6120) * fix struct names (#6151) * fileserver: Preserve query during canonicalization redirect (#6109) * logging: Implement `log_append` handler (#6066) * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) * logging: Implement `append` encoder, allow flatter filters config (#6069) * ci: fix the integration test `TestLeafCertLoaders` (#6149) * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) * cmd: Adjust config load logs/errors (#6032) * reverseproxy: SRV dynamic upstream failover (#5832) * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) * core: OnExit hooks (#6128) * cmd: fix the output of the `Usage` section (#6138) * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) * acmeserver: add policy field to define allow/deny rules (#5796) * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) * caddyfile: Assert having a space after heredoc marker to simply check (#6117) * chore: Update Chroma to get the new Caddyfile lexer (#6118) * reverseproxy: use context.WithoutCancel (#6116) * caddyfile: Reject directives in the place of site addresses (#6104) * caddyhttp: Register post-shutdown callbacks (#5948) * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) * caddyauth: Drop support for `scrypt` (#6091) * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) * caddyauth: Rename `basicauth` to `basic_auth` (#6092) * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) * caddyfile: Reject long heredoc markers (#6098) * chore: Rename CI jobs, run on M1 mac (#6089) * update comment * improved list * fix: add back text/* * fix: add more media types to the compressed by default list * acmeserver: support specifying the allowed challenge types (#5794) * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) * caddyhttp: Test cases for `%2F` and `%252F` (#6084) * bump to golang 1.22 (#6083) * fileserver: Browse can show symlink target if enabled (#5973) * core: Support NO_COLOR env var to disable log coloring (#6078) * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) * Update comment in setcap helper script * caddytls: Make on-demand 'ask' permission modular (#6055) * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) * chore: enabling a few more linters (#5961) * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) * caddyfile: Switch to slices.Equal for better performance (#6061) * tls: modularize trusted CA providers (#5784) * logging: Automatic `wrap` default for `filter` encoder (#5980) * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) * caddyfile: Normalize & flatten all unmarshalers (#6037) * cmd: reverseproxy: log: use caddy logger (#6042) * matchers: `query` now ANDs multiple keys (#6054) * caddyfile: Add heredoc support to `fmt` command (#6056) * refactor: move automaxprocs init in caddycmd.Main() * caddyfile: Allow heredoc blank lines (#6051) * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) * fileserver: Implement caddyfile.Unmarshaler interface (#5850) * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) * caddyhttp: Security enhancements for client IP parsing (#5805) * replacer: Fix escaped closing braces (#5995) * filesystem: Globally declared filesystems, `fs` directive (#5833) * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) * httpcaddyfile: Fix redir <to> html (#6001) * httpcaddyfile: Support client auth verifiers (#6022) * tls: add reuse_private_keys (#6025) * reverseproxy: Only change Content-Length when full request is buffered (#5830) * Switch Solaris-derivatives away from listen_unix (#6021) * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) * build(deps): bump actions/setup-go from 4 to 5 (#6012) * chore: check against errors of `io/fs` instead of `os` (#6011) * caddyhttp: support unix sockets in `caddy respond` command (#6010) * fileserver: Add total file size to directory listing (#6003) * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) * cmd: use automaxprocs for better perf in containers (#5711) * logging: Add `zap.Option` support (#5944) * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) * metrics: Record request metrics on HTTP errors (#5979) * go.mod: Updated quic-go to v0.40.1 (#5983) * fileserver: Enable compression for command by default (#5855) * fileserver: New --precompressed flag (#5880) * caddyhttp: Add `uuid` to access logs when used (#5859) * proxyprotocol: use github.com/pires/go-proxyproto (#5915) * cmd: Preserve LastModified date when exporting storage (#5968) * core: Always make AppDataDir for InstanceID (#5976) * chore: cross-build for AIX (#5971) * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - CVEs: * CVE-2024-22189 (boo#1222468) * CVE-2023-45142 - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) caddy-2.8.4-bp156.3.3.1.src.rpm caddy-2.8.4-bp156.3.3.1.x86_64.rpm caddy-bash-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-fish-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-zsh-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-2.8.4-bp156.3.3.1.i586.rpm caddy-2.8.4-bp156.3.3.1.aarch64.rpm caddy-2.8.4-bp156.3.3.1.ppc64le.rpm caddy-2.8.4-bp156.3.3.1.s390x.rpm openSUSE-2024-229 moderate openSUSE Backports SLE-15-SP6 Update This update for python-csvkit fixes the following issues: - Add missing Requires. (boo#1227705) python-csvkit-1.0.5-bp156.4.3.1.src.rpm python3-csvkit-1.0.5-bp156.4.3.1.noarch.rpm openSUSE-2024-224 moderate openSUSE Backports SLE-15-SP6 Update This update for keybase-client fixes the following issues: - Update the Image dependency to address CVE-2024-24792 (boo#1227167). kbfs-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-git-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-tool-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm keybase-client-6.2.8-bp156.2.6.1.src.rpm keybase-client-6.2.8-bp156.2.6.1.x86_64.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-6.2.8-bp156.2.6.1.i586.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-git-6.2.8-bp156.2.6.1.i586.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-tool-6.2.8-bp156.2.6.1.i586.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.i586.rpm keybase-client-6.2.8-bp156.2.6.1.i586.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-git-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-tool-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm keybase-client-6.2.8-bp156.2.6.1.aarch64.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-git-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-tool-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm keybase-client-6.2.8-bp156.2.6.1.ppc64le.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-6.2.8-bp156.2.6.1.s390x.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm kbfs-git-6.2.8-bp156.2.6.1.s390x.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm kbfs-tool-6.2.8-bp156.2.6.1.s390x.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm keybase-client-6.2.8-bp156.2.6.1.s390x.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm openSUSE-2024-221 important openSUSE Backports SLE-15-SP6 Update This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). python-nltk-3.7-bp156.4.3.1.src.rpm python3-nltk-3.7-bp156.4.3.1.noarch.rpm openSUSE-2024-233 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: Update to 1.26: * Proper integration with Arch * Inclusion of a vng manpage * The host's /tmp is now also visible from the guest * A new --configitem option that allows to quickly change specific kernel config options (with --build) * Bug fixes virtme-1.26-bp156.2.6.1.noarch.rpm virtme-1.26-bp156.2.6.1.src.rpm openSUSE-2024-235 moderate openSUSE Backports SLE-15-SP6 Update This update for mpv fixes the following issues: Update to version 0.38.0+git20240618.bc5ab97d: - Fixed jerky playing, including desync (boo#1228348) libmpv2-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.src.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-bash-completion-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.noarch.rpm mpv-devel-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-zsh-completion-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.noarch.rpm libmpv2-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm mpv-devel-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm openSUSE-2024-231 moderate openSUSE Backports SLE-15-SP6 Update This update for python-notebook fixes the following issues: - Update to 5.7.11 * sanitizer fix CVE-2021-32798 (boo#1227583) - Update to 5.7.10 * no upstream changelog - Update to 5.7.9 * Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358) * Update from preact to React jupyter-notebook-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch.rpm python-notebook-5.7.11-bp156.4.3.1.src.rpm python3-notebook-5.7.11-bp156.4.3.1.noarch.rpm python3-notebook-lang-5.7.11-bp156.4.3.1.noarch.rpm openSUSE-2024-237 moderate openSUSE Backports SLE-15-SP6 Update This update for gnuhealth fixes the following issues: - version 4.4.1 * Issue #15: readfp on setup.py no longer supported since python 3.12 * Issue #33: health orthanc: Errors on imaging request when worklist template set on imaging test type gnuhealth-4.4.1-bp156.2.3.1.noarch.rpm gnuhealth-4.4.1-bp156.2.3.1.src.rpm gnuhealth-orthanc-4.4.1-bp156.2.3.1.noarch.rpm openSUSE-2024-236 moderate openSUSE Backports SLE-15-SP6 Update This update for python-schema fixes the following issues: - build for both Python 3.6 and 3.11 (boo#1228797) python-schema-0.6.7-bp156.4.3.1.src.rpm python3-schema-0.6.7-bp156.4.3.1.noarch.rpm python311-schema-0.6.7-bp156.4.3.1.noarch.rpm openSUSE-2024-238 moderate openSUSE Backports SLE-15-SP6 Update This update for yt-dlp fixes the following issues: - Update to release 2024.08.01 * youtube: * Change default player clients to ios,tv * Fix n function name extraction for player 20dfca59 * Fix age-verification workaround - Update to release 2024.07.25 * youtube: Fix n function name extraction for player 3400486c - Update to release 2024.07.16 * Support auto-tty and no_color-tty for --color * youtube: Avoid poToken experiment player responses - Update to release 2024.07.09 * youtube: Remove broken n function extraction fallback - Update to release 2024.07.01: * Properly sanitize file-extension to prevent file system modification and RCE. Unsafe extensions are now blocked from being downloaded. [CVE-2024-38519 boo#1227305] python311-yt-dlp-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-2024.08.01-bp156.2.3.1.src.rpm yt-dlp-bash-completion-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-fish-completion-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-zsh-completion-2024.08.01-bp156.2.3.1.noarch.rpm openSUSE-2024-239 moderate openSUSE Backports SLE-15-SP6 Update This update for ksh fixes the following issues: - fix segfault in variable substitution [boo#1129288] - fix untrusted environment execution [boo#1160796] [CVE-2019-14868] ksh-93vu-bp156.6.3.1.src.rpm ksh-93vu-bp156.6.3.1.x86_64.rpm ksh-devel-93vu-bp156.6.3.1.x86_64.rpm ksh-93vu-bp156.6.3.1.i586.rpm ksh-devel-93vu-bp156.6.3.1.i586.rpm ksh-93vu-bp156.6.3.1.aarch64.rpm ksh-devel-93vu-bp156.6.3.1.aarch64.rpm ksh-93vu-bp156.6.3.1.ppc64le.rpm ksh-devel-93vu-bp156.6.3.1.ppc64le.rpm ksh-93vu-bp156.6.3.1.s390x.rpm ksh-devel-93vu-bp156.6.3.1.s390x.rpm openSUSE-2024-240 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account_invoice, trytond_purchase fixes the following issues: Changes in tryton: - Version 6.0.41 - Bugfix Release Changes in trytond: - Version 6.0.50 - Bugfix Release Changes in trytond_purchase: - Version 6.0.17 - Bugfix Release Changes in trytond_account_invoice: - Version 6.0.19 - Bugfix Release tryton-6.0.41-bp156.2.6.1.noarch.rpm tryton-6.0.41-bp156.2.6.1.src.rpm trytond-6.0.50-bp156.2.6.1.noarch.rpm trytond-6.0.50-bp156.2.6.1.src.rpm trytond_account_invoice-6.0.19-bp156.2.6.1.noarch.rpm trytond_account_invoice-6.0.19-bp156.2.6.1.src.rpm trytond_purchase-6.0.17-bp156.2.6.1.noarch.rpm trytond_purchase-6.0.17-bp156.2.6.1.src.rpm openSUSE-2024-241 moderate openSUSE Backports SLE-15-SP6 Update This update for mygnuhealth, python-bleak fixes the following issues: Changes in mygnuhealth: - version 2.2.1 * Fix issue #34 - MyGH crashes when clicking 'Network' * translation update - added dependency on bleak Changes in python-bleak: - Introduce version 0.22.2: mygnuhealth-2.2.1-bp156.2.6.1.src.rpm mygnuhealth-2.2.1-bp156.2.6.1.x86_64.rpm python-bleak-0.22.2-bp156.2.1.src.rpm python311-bleak-0.22.2-bp156.2.1.noarch.rpm python-bleak-test-0.22.2-bp156.2.1.src.rpm python-dbus_fast-2.22.1-bp156.2.1.src.rpm python311-dbus_fast-2.22.1-bp156.2.1.x86_64.rpm python-dbus_fast-test-2.22.1-bp156.2.1.src.rpm python311-dbus_fast-2.22.1-bp156.2.1.i586.rpm mygnuhealth-2.2.1-bp156.2.6.1.aarch64.rpm python311-dbus_fast-2.22.1-bp156.2.1.aarch64.rpm mygnuhealth-2.2.1-bp156.2.6.1.ppc64le.rpm python311-dbus_fast-2.22.1-bp156.2.1.ppc64le.rpm mygnuhealth-2.2.1-bp156.2.6.1.s390x.rpm python311-dbus_fast-2.22.1-bp156.2.1.s390x.rpm openSUSE-2024-246 moderate openSUSE Backports SLE-15-SP6 Update This update for thunar fixes the following issues: - Update to 4.18.11: * Use parent windows for undo/redo dialog (#1393) * Fix for misc_open_new_windows_in_split_view (#889) * Dont add directories to recent:/// (#1372) * build: clang: Fix -Wmissing-noreturn * build: clang: Fix -Wsingle-bit-bitfield-constant-conversion * Focus split view pane on DnD events (#1243) * Dont reload folder when "draw_frames" is set (#1337) * Allow submenu UCAs in toolbar (#780) * Fix shortcuts for ucas in subfolders (#1043) * Dont show 'open location' on recent icon(#1297) * Fix for image preview visibility (#1285) * Prevent focus stealing of file transfer dialog (#643) * Dont update "last-view" when searching (#1278) * Translation Updates - Update to 4.18.10: * Prevent infinite reload loop for symlinks (#1270) - Update to 4.18.9: * g_file_get_basename over realpath (#1030) * Fix and simplify symlink resolver (#1260) * Fix thumbnailer symlink support (#1260) * Prevent GLib GIO CRITICAL (#1204) * Translation Updates libthunarx-3-0-4.18.11-bp156.2.3.1.x86_64.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.x86_64.rpm thunar-4.18.11-bp156.2.3.1.src.rpm thunar-4.18.11-bp156.2.3.1.x86_64.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.x86_64.rpm thunar-debugsource-4.18.11-bp156.2.3.1.x86_64.rpm thunar-devel-4.18.11-bp156.2.3.1.x86_64.rpm thunar-lang-4.18.11-bp156.2.3.1.noarch.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.x86_64.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.aarch64.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.aarch64.rpm thunar-4.18.11-bp156.2.3.1.aarch64.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.aarch64.rpm thunar-debugsource-4.18.11-bp156.2.3.1.aarch64.rpm thunar-devel-4.18.11-bp156.2.3.1.aarch64.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.aarch64.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.ppc64le.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-debugsource-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-devel-4.18.11-bp156.2.3.1.ppc64le.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.ppc64le.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.s390x.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.s390x.rpm thunar-4.18.11-bp156.2.3.1.s390x.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.s390x.rpm thunar-debugsource-4.18.11-bp156.2.3.1.s390x.rpm thunar-devel-4.18.11-bp156.2.3.1.s390x.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.s390x.rpm openSUSE-2024-248 moderate openSUSE Backports SLE-15-SP6 Update This update for iodine fixes the following issues: - Comment out PrivateDevices in hardening, (boo#1216238 and boo#1228788). Modified: * iodine.service. * iodined.service. - Comment out ProtectClock in hardening, (boo#1206835). Modified: * iodine.service. * iodined.service. iodine-0.7.0-bp156.6.3.1.src.rpm iodine-0.7.0-bp156.6.3.1.x86_64.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.x86_64.rpm iodine-debugsource-0.7.0-bp156.6.3.1.x86_64.rpm iodine-0.7.0-bp156.6.3.1.i586.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.i586.rpm iodine-debugsource-0.7.0-bp156.6.3.1.i586.rpm iodine-0.7.0-bp156.6.3.1.aarch64.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.aarch64.rpm iodine-debugsource-0.7.0-bp156.6.3.1.aarch64.rpm iodine-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-debugsource-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-0.7.0-bp156.6.3.1.s390x.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.s390x.rpm iodine-debugsource-0.7.0-bp156.6.3.1.s390x.rpm openSUSE-2024-249 low openSUSE Backports SLE-15-SP6 Update This update for debhelper fixes the following issues: - fix perl compatibility for Leap (boo#1228955) debhelper-13.11.5-bp156.2.3.1.noarch.rpm debhelper-13.11.5-bp156.2.3.1.src.rpm openSUSE-2024-287 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit, cockpit-machines fixes the following issues: Changes in cockpit: - Fix libexecdir for leap and sle (boo#1223533) - Fix systemd units folder for leap and sle (boo#1226541) - Recommend cockpit-packagekit if zypper is installed - new version 321: * Bug fixes and performance improvements - update_version.sh: use instead of `osc service mr` to do version updates. updated README.packaging Changes in cockpit-machines: - Add initial package of version 316 cockpit-machines-316-bp156.2.2.noarch.rpm cockpit-machines-316-bp156.2.2.src.rpm cockpit-321-bp156.2.9.1.src.rpm cockpit-321-bp156.2.9.1.x86_64.rpm cockpit-bridge-321-bp156.2.9.1.x86_64.rpm cockpit-devel-321-bp156.2.9.1.x86_64.rpm cockpit-doc-321-bp156.2.9.1.noarch.rpm cockpit-kdump-321-bp156.2.9.1.noarch.rpm cockpit-networkmanager-321-bp156.2.9.1.noarch.rpm cockpit-packagekit-321-bp156.2.9.1.noarch.rpm cockpit-pcp-321-bp156.2.9.1.x86_64.rpm cockpit-selinux-321-bp156.2.9.1.noarch.rpm cockpit-storaged-321-bp156.2.9.1.noarch.rpm cockpit-system-321-bp156.2.9.1.noarch.rpm cockpit-ws-321-bp156.2.9.1.x86_64.rpm cockpit-321-bp156.2.9.1.aarch64.rpm cockpit-bridge-321-bp156.2.9.1.aarch64.rpm cockpit-devel-321-bp156.2.9.1.aarch64.rpm cockpit-pcp-321-bp156.2.9.1.aarch64.rpm cockpit-ws-321-bp156.2.9.1.aarch64.rpm cockpit-321-bp156.2.9.1.ppc64le.rpm cockpit-bridge-321-bp156.2.9.1.ppc64le.rpm cockpit-devel-321-bp156.2.9.1.ppc64le.rpm cockpit-pcp-321-bp156.2.9.1.ppc64le.rpm cockpit-ws-321-bp156.2.9.1.ppc64le.rpm cockpit-321-bp156.2.9.1.s390x.rpm cockpit-bridge-321-bp156.2.9.1.s390x.rpm cockpit-devel-321-bp156.2.9.1.s390x.rpm cockpit-pcp-321-bp156.2.9.1.s390x.rpm cockpit-ws-321-bp156.2.9.1.s390x.rpm openSUSE-2024-294 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - kanidm version 1.3.3~git0.f075d13: * Release 1.3.3 * Mail substr index (#2981) kanidm-1.3.3~git0.f075d13-bp156.4.1.src.rpm kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm openSUSE-2024-254 important openSUSE Backports SLE-15-SP6 Update This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert "Teach gn to handle systems with > 64 processors" * [apple] Rename the code-signing properties of create_bundle * Fix a typo in "gn help refs" output * Revert "[bundle] Use "phony" builtin tool for create_bundle targets" * [bundle] Use "phony" builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of "source_set" stamp file * [swift] Update `gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of "stamp" tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by "gn analyze" * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 chromedriver-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromium-127.0.6533.119-bp156.2.14.1.src.rpm chromium-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromium-debuginfo-127.0.6533.119-bp156.2.14.1.x86_64.rpm gn-0.20240730-bp156.2.3.1.src.rpm gn-0.20240730-bp156.2.3.1.x86_64.rpm gn-debuginfo-0.20240730-bp156.2.3.1.x86_64.rpm gn-debugsource-0.20240730-bp156.2.3.1.x86_64.rpm rust-bindgen-0.69.1-bp156.2.1.src.rpm rust-bindgen-0.69.1-bp156.2.1.x86_64.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.x86_64.rpm gn-0.20240730-bp156.2.3.1.i586.rpm gn-debuginfo-0.20240730-bp156.2.3.1.i586.rpm gn-debugsource-0.20240730-bp156.2.3.1.i586.rpm rust-bindgen-0.69.1-bp156.2.1.i586.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.i586.rpm chromedriver-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromium-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromium-debuginfo-127.0.6533.119-bp156.2.14.1.aarch64.rpm gn-0.20240730-bp156.2.3.1.aarch64.rpm gn-debuginfo-0.20240730-bp156.2.3.1.aarch64.rpm gn-debugsource-0.20240730-bp156.2.3.1.aarch64.rpm rust-bindgen-0.69.1-bp156.2.1.aarch64.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.aarch64.rpm gn-0.20240730-bp156.2.3.1.ppc64le.rpm gn-debuginfo-0.20240730-bp156.2.3.1.ppc64le.rpm gn-debugsource-0.20240730-bp156.2.3.1.ppc64le.rpm rust-bindgen-0.69.1-bp156.2.1.ppc64le.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.ppc64le.rpm gn-0.20240730-bp156.2.3.1.s390x.rpm gn-debuginfo-0.20240730-bp156.2.3.1.s390x.rpm gn-debugsource-0.20240730-bp156.2.3.1.s390x.rpm rust-bindgen-0.69.1-bp156.2.1.s390x.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.s390x.rpm openSUSE-2024-328 moderate openSUSE Backports SLE-15-SP6 Update This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] CHANGELOG * Managesieve: Protect special scripts in managesieve_kolab_master mode * Fix newmail_notifier notification focus in Chrome (#9467) * Fix fatal error when parsing some TNEF attachments (#9462) * Fix double scrollbar when composing a mail with many plain text lines (#7760) * Fix decoding mail parts with multiple base64-encoded text blocks (#9290) * Fix bug where some messages could get malformed in an import from a MBOX file (#9510) * Fix invalid line break characters in multi-line text in Sieve scripts (#9543) * Fix bug where "with attachment" filter could fail on some fts engines (#9514) * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) * Fix bug where a long subject title could not be displayed in some cases (#9416) * Fix infinite loop when parsing malformed Sieve script (#9562) * Fix bug where imap_conn_option's 'socket' was ignored (#9566) * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] roundcubemail-1.6.8-bp156.2.3.1.noarch.rpm roundcubemail-1.6.8-bp156.2.3.1.src.rpm openSUSE-2024-258 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives chromedriver-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromium-128.0.6613.84-bp156.2.17.1.src.rpm chromium-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromium-debuginfo-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromedriver-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromium-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromium-debuginfo-128.0.6613.84-bp156.2.17.1.aarch64.rpm openSUSE-2024-300 moderate openSUSE Backports SLE-15-SP6 Update This update for ntpd-rs fixes the following issues: - Introducing ntpd-rs version 1.2.3 ntpd-rs-1.2.3-bp156.2.1.src.rpm ntpd-rs-1.2.3-bp156.2.1.x86_64.rpm ntpd-rs-common-1.2.3-bp156.2.1.noarch.rpm ntpd-rs-1.2.3-bp156.2.1.i586.rpm ntpd-rs-1.2.3-bp156.2.1.aarch64.rpm ntpd-rs-1.2.3-bp156.2.1.ppc64le.rpm ntpd-rs-1.2.3-bp156.2.1.s390x.rpm openSUSE-2024-264 moderate openSUSE Backports SLE-15-SP6 Update This update for retry fixes the following issues: - Update to version 1723625520.fd868ce: * Add an option for infinite retries retry-1723625520.fd868ce-bp156.2.3.1.noarch.rpm retry-1723625520.fd868ce-bp156.2.3.1.src.rpm openSUSE-2024-266 moderate openSUSE Backports SLE-15-SP6 Update This update for xfwm4 fixes the following issues: - Fix user-after-free in tabwinRemoveClient with (boo#1228524) xfwm4-4.18.0-bp156.3.3.1.src.rpm xfwm4-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-branding-upstream-4.18.0-bp156.3.3.1.noarch.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-lang-4.18.0-bp156.3.3.1.noarch.rpm xfwm4-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-4.18.0-bp156.3.3.1.s390x.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.s390x.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.s390x.rpm openSUSE-2024-273 moderate openSUSE Backports SLE-15-SP6 Update rust-bindgen was updated to fix the following issues: Update to version 0.70.1: * Revert "Only trigger the publish workflow manually" * Fix `collapsible_match` clippy warning * Add `#[clippy::allow]` attribute to `const` layout tests * Fix creduce example * Fix creduce install link * Fix create-tag.yml Update to version 0.70.0: * Fix generation of extern "C" blocks with llvm 18 * Update shlex dependency (RUSTSEC-2024-0006, boo#1229375) * Try to avoid repr(packed) for explicitly aligned types when not needed * Support Float16 * Fix alignment contribution from bitfields * Replace peeking_take_while by itertools * Add blocklist_var * Stabilize thiscall_abi * Allow older itertools * Add target mappings for riscv64imac and riscv32imafc. * Add a complex macro fallback API * Add option to use DST structs for flexible arrays * Add option to dynamically load variables * Add option in CLI to use rustified non-exhaustive enums * Remove which and lazy-static dependencies * Generate compile-time layout tests * Print bindgen-cli errors to stderr instead of stdout * Fix --formatter=prettyplease not working in bindgen-cli by adding prettyplease feature and enabling it by default for bindgen-cli * Fix --allowlist-item so anonymous enums are no longer ignored * Use clang_getFileLocation instead of clang_getSpellingLocation to fix clang-trun * Fix generated constants: f64::INFINITY, f64::NEG_ INFINITY,f64::NAN * Update tempfile and rustix due to GHSA-c827-hfw6-qwvm (boo#1229376) rust-bindgen-0.70.1-bp156.5.1.src.rpm rust-bindgen-0.70.1-bp156.5.1.x86_64.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.x86_64.rpm rust-bindgen-0.70.1-bp156.5.1.i586.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.i586.rpm rust-bindgen-0.70.1-bp156.5.1.aarch64.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.aarch64.rpm rust-bindgen-0.70.1-bp156.5.1.ppc64le.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.ppc64le.rpm rust-bindgen-0.70.1-bp156.5.1.s390x.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.s390x.rpm openSUSE-2024-267 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia chromedriver-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromium-128.0.6613.113-bp156.2.20.1.src.rpm chromium-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromium-debuginfo-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromedriver-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromium-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromium-debuginfo-128.0.6613.113-bp156.2.20.1.aarch64.rpm openSUSE-2024-269 moderate openSUSE Backports SLE-15-SP6 Update trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * release: v0.54.0 [main] (#7075) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * release: v0.53.0 [main] (#6855) * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * release: v0.52.1 [release/v0.52] (#6877) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * release: v0.52.0 [main] (#6809) * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) trivy-0.54.1-bp156.2.3.1.src.rpm trivy-0.54.1-bp156.2.3.1.x86_64.rpm trivy-0.54.1-bp156.2.3.1.i586.rpm trivy-0.54.1-bp156.2.3.1.aarch64.rpm trivy-0.54.1-bp156.2.3.1.ppc64le.rpm trivy-0.54.1-bp156.2.3.1.s390x.rpm openSUSE-2024-292 moderate openSUSE Backports SLE-15-SP6 Update This update for adios fixes the following issues: - Require python3-PyYAML instead of non-existent python-PyYAML (boo#1228146) adios-gnu-mpich-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-1.13.1-bp156.4.3.1.src.rpm adios-openmpi2-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-1.13.1-bp156.4.3.1.src.rpm adios-openmpi3-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-1.13.1-bp156.4.3.1.src.rpm adios-openmpi4-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm openSUSE-2024-277 moderate openSUSE Backports SLE-15-SP6 Update This update for abcde fixes the following issues: - Fix arithmetic on non-octal track numbers (boo#1219527) abcde-2.9.3-bp156.5.3.1.noarch.rpm abcde-2.9.3-bp156.5.3.1.src.rpm openSUSE-2024-276 important openSUSE Backports SLE-15-SP6 Update This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240) * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229) * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238) * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239) * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231) * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241) * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236) * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235) * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237) * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230) * Improve PHP 8.3 support * When importing packages via command line, data source profile could not be selected * When changing password, returning to previous page does not always work * When using LDAP authentication the first time, warnings may appear in logs * When editing/viewing devices, add IPv6 info to hostname tooltip * Improve speed of polling when Boost is enabled * Improve support for Half-Hour time zones * When user session not found, device lists can be incorrectly returned * On import, legacy templates may generate warnings * Improve support for alternate locations of Ping * Improve PHP 8.1 support for Installer * Fix issues with number formatting * Improve PHP 8.1 support when SpikeKill is run first time * Improve PHP 8.1 support for SpikeKill * When using Chinese to search for graphics, garbled characters appear. * When importing templates, preview mode will not always load * When remote poller is installed, MySQL TimeZone DB checks are not performed * When Remote Poller installation completes, no finish button is shown * Unauthorized agents should be recorded into logs * Poller cache may not always update if hostname changes * When using CMD poller, Failure and Recovery dates may have incorrect values * Saving a Tree can cause the tree to become unpublished * Web Basic Authentication does not record user logins * When using Accent-based languages, translations may not work properly * Fix automation expressions for device rules * Improve PHP 8.1 Support during fresh install with boost * Add a device "enabled/disabled" indicator next to the graphs * Notify the admin periodically when a remote data collector goes into heartbeat status * Add template for Aruba Clearpass * Add fliter/sort of Device Templates by Graph Templates - cacti-spine 1.2.27: * Restore AES Support cacti-spine-1.2.27-bp156.2.3.1.src.rpm cacti-spine-1.2.27-bp156.2.3.1.x86_64.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.x86_64.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.x86_64.rpm cacti-1.2.27-bp156.2.3.1.noarch.rpm cacti-1.2.27-bp156.2.3.1.src.rpm cacti-spine-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-1.2.27-bp156.2.3.1.s390x.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.s390x.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.s390x.rpm openSUSE-2024-290 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.55.0: * Add flox to linux installation instructions * Update pkg/cmd/issue/develop/develop.go * Update api/queries_branch_issue_reference.go * add testing * fix behavior for `issue develop -b non-exist-branch` * Describe bucket and state JSON fields in pr checks command * Fix pr checks exit code (#9452) * Add a note about external contributors to `working-with-us.md` * Update attestation TUF root * include required permissions to generate attestations * build(deps): bump github.com/creack/pty from 1.1.21 to 1.1.23 (#9459) * Do not generate build attestations for otherBinWorkflow.yml * Use latest checkout version, generate attestations, and specify go version file input. * Update `gh search issues --project` flag doc to specify `owner/number` syntax * Update `gh search prs --project` flag doc to specify `owner/number` syntax * build(deps): bump actions/attest-build-provenance from 1.4.0 to 1.4.1 * Minor grammatical fix * Add test cases for PGP, SSH and X.509 signatures * Explain why not looking for signature begin marker * Wrap flags with backticks, continued * Replace `--project.*` flags' `name` with `title` in docs (#9443) * Change to requiring bundle v0.2 * Fix tests * Require Sigstore Bundle v0.3 when verifying with `gh attestation` * Change `gh repo set-default --view` to print to `stderr` when no default exists (#9431) * Document that `gh run download` downloads the latest artifact by default * Deduplicate the initialization of editor mode * Update docs/triage.md * Add Acceptance Criteria requirement to triage.md for accepted issues * Add `pr create --editor` * build(deps): bump github.com/google/go-containerregistry * Fix host handling in variable and secret delete * Unify use of tab indent in non-test source files * Update `gh variable get` to use repo host * build(deps): bump actions/attest-build-provenance from 1.3.3 to 1.4.0 * Add Flox as an installation option * Update tests with changes to `gitTagInfo` function * Add example for `--notes-from-tag` * Add test for `gitTagInfo` * Use signature-stripped tag annotation content Update to version 2.54.0: * update test and remove logic to check SourceRepositoryOwnerURI is empty string * update test * minor fix * update test * added * handle attest case insensitivity * Fix missing variable * Use closure-scoped variable to catch `--remove-milestone` option * Use closure-scoped variable to catch `--remove-milestone` option * build(deps): bump github.com/google/go-containerregistry * Verify `--milestone` and `--remove-milestone` are not assignable at the same time * Assert correct parsing of `--remove-milestone` option * Verify `--body` and `--body-file` are not assignable at the same time * Add `--remove-milestone` option * Improve `--remove-milestone` option description * Point to `Editable.MilestoneId` method * build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 * Update sigstore-go in gh CLI to v0.5.1 (#9366) * Handle `--bare` clone targets (#9271) * Slightly clarify when CLI will exit with 4 * Export databaseId for releases * Alphabetise release json fields * Add test for release view json export fields * Expose fullDatabaseId for PR json export * Add examples for template usage in PR and issue creation * document exit code behavior * Update documentation for gh api PATCH * Exit with 1 on authentication failure * Verify `--milestone` and `--remove-milestone` are not assignable at the same time * Assert correct parsing of `--remove-milestone` option * Add `--remove-milestone` option * Remove unused expected `output` from test case (with `wantsErr: true`) * Verify `--body` and `--body-file` are not assignable at the same time * Remove attestation test that requires being online (#9340) * Remove redundant whitespace gh-2.55.0-bp156.2.9.1.src.rpm gh-2.55.0-bp156.2.9.1.x86_64.rpm gh-bash-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-fish-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-zsh-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-2.55.0-bp156.2.9.1.i586.rpm gh-2.55.0-bp156.2.9.1.aarch64.rpm gh-2.55.0-bp156.2.9.1.ppc64le.rpm gh-2.55.0-bp156.2.9.1.s390x.rpm openSUSE-2024-279 moderate openSUSE Backports SLE-15-SP6 Update This update for python-Paste fixes the following issues: Update to 3.10.1: * Correct packaging and testing when not in a clean virtualenv version 3.10.0: * Move development to https://github.com/pasteorg/paste * Vendor cgi.FieldStorage and cgitb.Hook * More cleaning of Python 2 style code. update to 3.9.0: * misc bugs + please pyflakes * Remove unused format_environ method in watchthreads APP update to 3.8.0: * remove most python2 compatibility update to 3.7.1: * The main change for 3.7.0 and beyond is dropping support for Python 2. In the past it was possible to get Paste to work in Python 2 with some effort. That's now no longer possible. If Python 2 is required for some reason, use an older version of Paste. update to 3.6.1: * Turn on github action for tests on pull requests * Add a Makefile for simple automation Update to 3.5.3: * Use importlib instead of imp with Python 3. update to 3.5.2: * Fix py3 compatibility in paste.wsgilib.catch_errors (#70) * A Python 3 application might only define `__next__`, not `next`. Use `six.next` instead. * This is very similar to https://github.com/cdent/paste/pull/53, and was apparently missed there. update to 3.5.1: * Replace deprecated threading.currentThread, getName and setDaemon with threading.current_thread, name and daemon. update to 3.5.0: * Python 3 fixes to auth and wsgi.errors handling; notably making wsgi.errors text. Update to 3.4.6: * Explicit pkg_resource dependency to easy packaging. * Remove deprecated dependencies paste/fixture.py. * Update setup.py to work with setuptools 50.1.0+ update to 3.4.3: * Patch auth ticket to be python3 compatible. update to 3.4.2: * Correct sorting of items() in EvalHTMLFormatter. * Fix next in iterators in wsgilib.py. update to 3.4.0 * Python 3 updates for use of StringIO and auth_tkt.py. * Use six.BytesIO when reading wsgi.input. * Allow binding IPv6 address when starting a server. update to 3.2.6 * Correctly handle HEAD requests (to send empty body) when gzip encoding requested. * Use is_alive instead of isAlive for Python 3.9 compatibility. * Use encodebytes instead of deprecated encodestring. * Fix Python 2 and 3 compatibility for base64. update to 3.2.3: * Correct ``100 Continue`` in Python 3 * Avoid some reference cycles through tracebacks in httpserver.py Update to 3.2.0: * Ensure unicode URLs work in TestApp. * Make LimitedLengthFile file return empty bytes. * Protect against accidental close in FieldStorage. version update to 3.1.0 * Allow anything that can read() for a file-like response, not just a ``file`` instance. Update to v3.0.8: * Fix quoting of bytestrings Update to 3.0.7: * Write bytestrings when calling wsgi_write_chunk * Revert "Remove use of OpenSSL.tsafe, which links to OpenSSL.SSL update to 3.0.5: * Use correct variable when building message for exception * Remove use of OpenSSL.tsafe, which links to OpenSSL.SSL anyways. (#16) * Fix error on httpserver shutdown * Add support for limited testing with travis-ci * Merged in hroncok/paste/py37 (pull request #41) * Don't raise StopIteration from generator, return instead * Fix up testing after switch to pytest * Make iterators Python3-compatible * Don't raise StopIteration inside a generator * add link to read the docs to README * Prepare docs for publishing to RTFD * py3 fixes for form handling in paste.fixture (#8) * paste.fixture: fix form offset handling (#12) * Don't delete dict item while iterating over same dict (#14) * Enable coverage reporting via codecov (#10) - update to 2.0.3: * Add tests/test_httpserver.py * Fix improper commas in request headers in wsgi_environ * tests/test_httpserver.py: Use `email` module instead of `mimetools` * tests/test_httpserver.py: Add test_environ_with_multiple_values * Make get all values of a header work on both Python 2 and 3 * Make get_headers default to Python 3; fallback to Python 2 * Make utility function private: _get_headers * Fix Python 3 issue in paste/fixture.py * test_wsgirequest_charset: Use UTF-8 instead of iso-8859-1 * Replace cgi.parse_qsl w/ six.moves.urllib.parse.parse_sql * replace ``has_key`` method to ``in`` operator #9 * Don't display invalid error message when socket in use * Update docs/news.txt for 2.0.2 * Added tag 2.0.2 for changeset 53f5c2cd7f50 * Python 3: App must always return binary type. * Python 3: Always encode params if passed as text types * Python 3: Don't mangle strangely encoded input * Python 3: Use the same python interpreter for CGI scripts. * Python 3: add workarounds for cgi.FieldStorage * Python 3: avoid spurious warnings * Python 3: dict.items() doesn't return a list anymore * Python 3: ignore exception details in doctests * Python 3: let html_quote() and url() always return the same type * Python 3: use compatible print syntax in example text * Change six requirement to >=1.4.0 * tox.ini: Add py35 to envlist * Enable testing with pypy * tox.ini: Measure test coverage * paste.wsgilib.add_close: Add __next__ method * Add tests for `add_close` class * Uncomment/cleanup paste.wsgilib.app_close.__next__ * Check paste.wsgilib.add_close._closed * Make add_close.next() leverage add_close.__next__() update to version 2.0.1: * Fix setup.py for six dependency: move the six dependency from extras_require to install_requires * Port paste.proxy to Python 3 * Fix paste.exceptions.serial_number_generator.hash_identifier() on Python 3 * Fix paste.util.threadedprint.uninstall() * Add README.rst file - additional changes from version 2.0: * Experimental Python 3 support * paste now requires the six module * Drop support of Python 2.5 and older * Fixed egg:Paste#cgi * In paste.httpserver: give a 100 Continue response even when the server has been configured as an HTTP/1.0 server * Fixed parsing of paths beginning with multiple forward slashes * Add tox.ini to run tests with tox on Python 2.6, 2.7 and 3.4 - Initial version, obsoletes 'python-paste' python-Paste-3.10.1-bp156.2.1.src.rpm python311-Paste-3.10.1-bp156.2.1.noarch.rpm openSUSE-2024-278 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108) * CVE-2024-8362: Use after free in WebAudio * CVE-2024-7970: Out of bounds write in V8 chromedriver-128.0.6613.119-bp156.2.23.1.x86_64.rpm chromium-128.0.6613.119-bp156.2.23.1.src.rpm chromium-128.0.6613.119-bp156.2.23.1.x86_64.rpm chromedriver-128.0.6613.119-bp156.2.23.1.aarch64.rpm chromium-128.0.6613.119-bp156.2.23.1.aarch64.rpm openSUSE-2024-285 moderate openSUSE Backports SLE-15-SP6 Update This update for python-PasteDeploy fixes the following issues: Ship python-PasteDeploy version 2.1.1+git.1652668078.0f0697d. python-PasteDeploy-2.1.1+git.1652668078.0f0697d-bp156.2.1.src.rpm python311-PasteDeploy-2.1.1+git.1652668078.0f0697d-bp156.2.1.noarch.rpm openSUSE-2024-289 moderate openSUSE Backports SLE-15-SP6 Update This update for python-WebTest, python-WSGIProxy2 fixes the following issues: - python-WebTest ships in version 3.0.0. - python-WSGIProxy2 is shipped in version 0.5.1. python-WSGIProxy2-0.5.1-bp156.2.1.src.rpm python311-WSGIProxy2-0.5.1-bp156.2.1.noarch.rpm python-WSGIProxy2-test-0.5.1-bp156.2.1.src.rpm python-WebTest-3.0.0-bp156.2.1.src.rpm python-WebTest-doc-3.0.0-bp156.2.1.noarch.rpm python311-WebTest-3.0.0-bp156.2.1.noarch.rpm openSUSE-2024-286 moderate openSUSE Backports SLE-15-SP6 Update This update for python-ldap fixes the following issues: python-ldap is shipped in version 3.4.4. python-ldap-3.4.4-bp156.2.1.src.rpm python3-ldap-3.4.4-bp156.2.1.i586.rpm openSUSE-2024-284 moderate openSUSE Backports SLE-15-SP6 Update This update for python-maxminddb delivers the 2.2.0 version. python-maxminddb-2.2.0-bp156.2.1.src.rpm python3-maxminddb-2.2.0-bp156.2.1.x86_64.rpm python3-maxminddb-2.2.0-bp156.2.1.i586.rpm python3-maxminddb-2.2.0-bp156.2.1.aarch64.rpm python3-maxminddb-2.2.0-bp156.2.1.ppc64le.rpm python3-maxminddb-2.2.0-bp156.2.1.s390x.rpm openSUSE-2024-313 low openSUSE Backports SLE-15-SP6 Update This update of python-django-auth-ldap is delivered in version in version 4.0.0. python-django-auth-ldap-4.0.0-bp156.2.1.src.rpm python311-django-auth-ldap-4.0.0-bp156.2.1.noarch.rpm openSUSE-2024-315 low openSUSE Backports SLE-15-SP6 Update python3-Django is needed in Backports:SLE-15-SP6 after all (jsc#PED-8919) python-Django-2.2.28-bp156.3.1.src.rpm python3-Django-2.2.28-bp156.3.1.noarch.rpm openSUSE-2024-288 moderate openSUSE Backports SLE-15-SP6 Update This update ships python-geoip. python-geoip2-2.9.0-bp156.2.1.src.rpm python3-geoip2-2.9.0-bp156.2.1.noarch.rpm openSUSE-2024-295 moderate openSUSE Backports SLE-15-SP6 Update python-django-webtest is shipped in version 1.9.12. python-django-webtest-1.9.12-bp156.2.1.src.rpm python311-django-webtest-1.9.12-bp156.2.1.x86_64.rpm python311-django-webtest-1.9.12-bp156.2.1.aarch64.rpm python311-django-webtest-1.9.12-bp156.2.1.ppc64le.rpm python311-django-webtest-1.9.12-bp156.2.1.s390x.rpm openSUSE-2024-293 low openSUSE Backports SLE-15-SP6 Update This update for python-yq fixes the following issue: - Build with python 3.11 (bsc#1229853). python-yq-3.2.2-bp156.2.3.1.src.rpm python311-yq-3.2.2-bp156.2.3.1.noarch.rpm openSUSE-2024-296 moderate openSUSE Backports SLE-15-SP6 Update This update ships python3-Pillow 8.4.0. python3-Pillow-8.4.0-bp156.2.1.src.rpm python3-Pillow-8.4.0-bp156.2.1.x86_64.rpm python3-Pillow-tk-8.4.0-bp156.2.1.x86_64.rpm python3-Pillow-8.4.0-bp156.2.1.i586.rpm python3-Pillow-tk-8.4.0-bp156.2.1.i586.rpm python3-Pillow-8.4.0-bp156.2.1.aarch64.rpm python3-Pillow-tk-8.4.0-bp156.2.1.aarch64.rpm python3-Pillow-8.4.0-bp156.2.1.ppc64le.rpm python3-Pillow-tk-8.4.0-bp156.2.1.ppc64le.rpm python3-Pillow-8.4.0-bp156.2.1.s390x.rpm python3-Pillow-tk-8.4.0-bp156.2.1.s390x.rpm openSUSE-2024-297 moderate openSUSE Backports SLE-15-SP6 Update This update for lsyncd fixes the following issues: update to version 2.3.1 (2022-11-17): * multiple bugfixes, style fixes * add nix flake support * add support for tunnel commands * add support for batchSizeLimit * add -onepass option * add crontab support * support relative executable paths lsyncd-2.3.1-bp156.4.3.1.src.rpm lsyncd-2.3.1-bp156.4.3.1.x86_64.rpm lsyncd-2.3.1-bp156.4.3.1.i586.rpm lsyncd-2.3.1-bp156.4.3.1.aarch64.rpm lsyncd-2.3.1-bp156.4.3.1.ppc64le.rpm lsyncd-2.3.1-bp156.4.3.1.s390x.rpm openSUSE-2024-299 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Update to 1.28: * setup.py: include dependencies parsing requirements.txt * virtme-ng: fix typo in command help * virtme-configkernel: disable nvram support * configkernel: config comment cosmetics * configkernel: act more like kernel's make O=outdir * vng-run: get kdir from O=outdir * vng: propagate --verbose to configkernel * vng: alias --custom to --config * run.py: add a --qemu-opts='...' option bundling hint to help * init: Always create /run/tmp folder * Don't require ".git" to be a directory * Specify "refs/heads/__virtme__" in git push - Update to 1.27: * Introduce VNG_PACKAGE to force a proper packaging version virtme-ng v1.27 virtme-1.28-bp156.2.9.1.noarch.rpm virtme-1.28-bp156.2.9.1.src.rpm openSUSE-2024-301 moderate openSUSE Backports SLE-15-SP6 Update This update for timescaledb and orafce rebuilds them against the current releases of postgresql. postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm openSUSE-2024-302 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391) * CVE-2024-8636: Heap buffer overflow in Skia * CVE-2024-8637: Use after free in Media Router * CVE-2024-8638: Type Confusion in V8 * CVE-2024-8639: Use after free in Autofill chromedriver-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromium-128.0.6613.137-bp156.2.26.1.src.rpm chromium-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromium-debuginfo-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromedriver-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromium-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromium-debuginfo-128.0.6613.137-bp156.2.26.1.aarch64.rpm openSUSE-2024-303 moderate openSUSE Backports SLE-15-SP6 Update This update for htmldoc fixes the following issues: - CVE-2024-45508: Fixed an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node [boo#1230022]. htmldoc-1.9.16-bp156.3.3.1.src.rpm htmldoc-1.9.16-bp156.3.3.1.x86_64.rpm htmldoc-1.9.16-bp156.3.3.1.i586.rpm htmldoc-1.9.16-bp156.3.3.1.aarch64.rpm htmldoc-1.9.16-bp156.3.3.1.ppc64le.rpm htmldoc-1.9.16-bp156.3.3.1.s390x.rpm openSUSE-2024-309 moderate openSUSE Backports SLE-15-SP6 Update This update for emptyepsilon fixes the following issues: Version 2024.08.09: * Add a quick&dirty way to get callback errors * Clamp the warp and jump commands * fix voice path scenario 51 * fix voice path scenario 48 * Fix the wiggle console with just 1 text line emptyepsilon-2024.08.09-bp156.3.3.1.src.rpm emptyepsilon-2024.08.09-bp156.3.3.1.x86_64.rpm emptyepsilon-2024.08.09-bp156.3.3.1.aarch64.rpm emptyepsilon-2024.08.09-bp156.3.3.1.s390x.rpm openSUSE-2024-330 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account, trytond_stock, trytond_stock_supply fixes the following issues: Changes in tryton: - Version 6.0.43 - Bugfix Release Changes in trytond: - Version 6.0.52 - Bugfix Release Changes in trytond_stock_supply: - Version 6.0.9 - Bugfix Release Changes in trytond_stock: - Version 6.0.28 - Bugfix Release Changes in trytond_account: - Version 6.0.27 - Bugfix Release tryton-6.0.43-bp156.2.9.1.noarch.rpm tryton-6.0.43-bp156.2.9.1.src.rpm trytond-6.0.52-bp156.2.9.1.noarch.rpm trytond-6.0.52-bp156.2.9.1.src.rpm trytond_account-6.0.27-bp156.2.6.1.noarch.rpm trytond_account-6.0.27-bp156.2.6.1.src.rpm trytond_stock-6.0.28-bp156.2.3.1.noarch.rpm trytond_stock-6.0.28-bp156.2.3.1.src.rpm trytond_stock_supply-6.0.9-bp156.2.3.1.noarch.rpm trytond_stock_supply-6.0.9-bp156.2.3.1.src.rpm openSUSE-2024-308 moderate openSUSE Backports SLE-15-SP6 Update This update for python-ldap fixes the following issues: - Enable sle15_python_module_pythons (boo#1229549) python-ldap-3.4.4-bp156.5.1.src.rpm python311-ldap-3.4.4-bp156.5.1.x86_64.rpm python311-ldap-3.4.4-bp156.5.1.i586.rpm python311-ldap-3.4.4-bp156.5.1.aarch64.rpm python311-ldap-3.4.4-bp156.5.1.ppc64le.rpm python311-ldap-3.4.4-bp156.5.1.s390x.rpm openSUSE-2024-339 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Update to 1.31: * Fix a packaging issue, after an attempt to modernize the build system we realized that we were not installing the bash completion file anymore, so we have temporarily reverted the change to cut this new release. See gh/arighi/virtme-ng#181 * Initial support to run virtme-ng on macOS - Update to 1.30: * Initial support for NVIDIA GPUs passthrough * Possibility to use pre-compiled -rc kernels from Ubuntu mainline builds * Possibility to use virtiofs natively on arm64 * Some improvements to run virtme-ng cross-architecture and cross-distro * Bug fixes - Workaround python packaging deficiency - Update to 1.29: * Minor packaging fix, addressing an issue where the requirements.txt file was missing from the source tarball published on PyPI. This won't affect anyone, unless you're trying to build virtme-ng directly from the tarball available on PyPI virtme-1.31-bp156.2.14.1.noarch.rpm virtme-1.31-bp156.2.14.1.src.rpm openSUSE-2024-319 moderate openSUSE Backports SLE-15-SP6 Update This update for coredns fixes the following issues: Update to version 1.11.3: * optimize the performance for high qps (#6767) * bump deps * Fix zone parser error handling (#6680) * Add alternate option to forward plugin (#6681) * fix: plugin/file: return error when parsing the file fails (#6699) * [fix:documentation] Clarify autopath README (#6750) * Fix outdated test (#6747) * Bump go version from 1.21.8 to 1.21.11 (#6755) * Generate zplugin.go correctly with third-party plugins (#6692) * dnstap: uses pointer receiver for small response writer (#6644) * chore: fix function name in comment (#6608) * [plugin/forward] Strip local zone from IPV6 nameservers (#6635) - fixes CVE-2023-30464 - fixes CVE-2023-28452 Update to upstream head (git commit #5a52707): * bump deps to address security issue CVE-2024-22189 * Return RcodeServerFailure when DNS64 has no next plugin (#6590) * add plusserver to adopters (#6565) * Change the log flags to be a variable that can be set prior to calling Run (#6546) * Enable Prometheus native histograms (#6524) * forward: respect context (#6483) * add client labels to k8s plugin metadata (#6475) * fix broken link in webpage (#6488) * Repo controlled Go version (#6526) * removed the mutex locks with atomic bool (#6525) Update to version 1.11.2: * rewrite: fix multi request concurrency issue in cname rewrite (#6407) * plugin/tls: respect the path specified by root plugin (#6138) * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333) * fix: make the codeowners link relative (#6397) * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351) * plugin/cache: key cache on Checking Disabled (CD) bit (#6354) * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395) * Add PITS Global Data Recovery Services as an adopter (#6304) * Handle UDP responses that overflow with TC bit with test case (#6277) * plugin/rewrite: add rcode as a rewrite option (#6204) - CVE-2024-0874: coredns: CD bit response is cached and served later - Update to version 1.11.1: * Revert “plugin/forward: Continue waiting after receiving malformed responses * plugin/dnstap: add support for “extra” field in payload * plugin/cache: fix keepttl parsing - Update to version 1.11.0: * Adds support for accepting DNS connections over QUIC (doq). * Adds CNAME target rewrites to the rewrite plugin. * Plus many bug fixes, and some security improvements. * This release introduces the following backward incompatible changes: + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice. + The bufsize plugin changed its default size limit value to 1232 + Some changes to forward plugin metrics. - Update to version 1.10.1: * Corrected architecture labels in multi-arch image manifest * A new plugin timeouts that allows configuration of server listener timeout durations * acl can drop queries as an action * template supports creating responses with extended DNS errors * New weighted policy in loadbalance * Option to serve original record TTLs from cache - Update to version 1.10.0: * core: add log listeners for k8s_event plugin (#5451) * core: log DoH HTTP server error logs in CoreDNS format (#5457) * core: warn when domain names are not in RFC1035 preferred syntax (#5414) * plugin/acl: add support for extended DNS errors (#5532) * plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602) * plugin/cache: add cache disable option (#5540) * plugin/cache: add metadata for wildcard record responses (#5308) * plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320) * plugin/cache: correct responses to Authenticated Data requests (#5191) * plugin/dnstap: add identity and version support for the dnstap plugin (#5555) * plugin/file: add metadata for wildcard record responses (#5308) * plugin/forward: enable multiple forward declarations (#5127) * plugin/forward: health_check needs to normalize a specified domain name (#5543) * plugin/forward: remove unused coredns_forward_sockets_open metric (#5431) * plugin/header: add support for query modification (#5556) * plugin/health: bypass proxy in self health check (#5401) * plugin/health: don't go lameduck when reloading (#5472) * plugin/k8s_external: add support for PTR requests (#5435) * plugin/k8s_external: resolve headless services (#5505) * plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461) * plugin/ready: reset list of readiness plugins on startup (#5492) * plugin/rewrite: add PTR records to supported types (#5565) * plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459) * plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462) * plugin/rewrite: support min and max TTL values (#5508) * plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460) * plugin/trace: read trace context info from headers for DOH (#5439) * plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957) * core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 * core: update golang.org/x/crypto to fix CVE-2022-27191 * plugin/acl: adding a check to parse out zone info * plugin/dnstap: support FQDN TCP endpoint * plugin/errors: add stacktrace option to log a stacktrace during panic recovery * plugin/template: return SERVFAIL for zone-match regex-no-match case coredns-1.11.3-bp156.4.3.1.src.rpm coredns-1.11.3-bp156.4.3.1.x86_64.rpm coredns-extras-1.11.3-bp156.4.3.1.noarch.rpm coredns-1.11.3-bp156.4.3.1.i586.rpm coredns-1.11.3-bp156.4.3.1.aarch64.rpm openSUSE-2024-311 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.58 (stable released 2024-09-17) (boo#1230678) * CVE-2024-8904: Type Confusion in V8 * CVE-2024-8905: Inappropriate implementation in V8 * CVE-2024-8906: Incorrect security UI in Downloads * CVE-2024-8907: Insufficient data validation in Omnibox * CVE-2024-8908: Inappropriate implementation in Autofill * CVE-2024-8909: Inappropriate implementation in UI chromedriver-129.0.6668.58-bp156.2.29.2.x86_64.rpm chromium-129.0.6668.58-bp156.2.29.2.src.rpm chromium-129.0.6668.58-bp156.2.29.2.x86_64.rpm chromedriver-129.0.6668.58-bp156.2.29.2.aarch64.rpm chromium-129.0.6668.58-bp156.2.29.2.aarch64.rpm openSUSE-2024-316 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: gh was updated to version 2.57.0: * Update go-gh to use api subdomains * Use api subdomains for commands using ghinstance package * Add test for extension install fallback to amd64 on darwin * suppress att verify output when no tty * add att verify test for custom OIDC issuer * build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 * Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available * This commit introduces tenancy aware attestation policy building. * use sigstore-go v0.6.2 * check specific err * check err in GetLocalAttestations * check for sigstore-go validation errs * get latest sigstore-go commit * handle os.PathError in GetLocalAttestations * Move non-integration test to different test file * print verify err * check for os.PathError * dont print err content * update bundle file parsing err messages * Expand active test cases * Added `--active` flag to the `gh auth status` command Update to version 2.56.0: * Check for nil values to prevent nil dereference panic * build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 * Update linux install to point to GPG troubleshoot * Revert "Remove note explaining 2 year old GPG ID change" * Remove note explaining 2 year old GPG ID change * Rename ProtobufBundle to Bundle * Upgrade to sigstore-go v0.6.1 * `gh attestation verify` handles empty JSONL files (#9541) * verify 2nd artifact without swapping order (#9532) * Improve the help message for -F (#9525) * build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 (#9518) * "offline" verification using the bundle of attestations without any additional handling of the file (#9523) * Drop surplus trailing space char in flag names in web * Remove `Internal` from `gh repo create` prompt when owner is not an org (#9465) * Fix doc typo for `repo sync` * Quote repo names consistently in `gh repo sync` stdout (#9491) * update error message * rename flag to bundle-from-oci * fix the trimming of log filenames for `gh run view` * Check http scheme as well * Always print URL scheme to stdout gh-2.57.0-bp156.2.12.1.src.rpm gh-2.57.0-bp156.2.12.1.x86_64.rpm gh-bash-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-debuginfo-2.57.0-bp156.2.12.1.x86_64.rpm gh-fish-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-zsh-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-2.57.0-bp156.2.12.1.i586.rpm gh-debuginfo-2.57.0-bp156.2.12.1.i586.rpm gh-2.57.0-bp156.2.12.1.aarch64.rpm gh-debuginfo-2.57.0-bp156.2.12.1.aarch64.rpm gh-2.57.0-bp156.2.12.1.ppc64le.rpm gh-debuginfo-2.57.0-bp156.2.12.1.ppc64le.rpm gh-2.57.0-bp156.2.12.1.s390x.rpm gh-debuginfo-2.57.0-bp156.2.12.1.s390x.rpm openSUSE-2024-314 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964) * CVE-2024-9120: Use after free in Dawn * CVE-2024-9121: Inappropriate implementation in V8 * CVE-2024-9122: Type Confusion in V8 * CVE-2024-9123: Integer overflow in Skia - bump BR for nodejs to minimal 20.0 chromedriver-129.0.6668.70-bp156.2.32.1.x86_64.rpm chromium-129.0.6668.70-bp156.2.32.1.src.rpm chromium-129.0.6668.70-bp156.2.32.1.x86_64.rpm chromedriver-129.0.6668.70-bp156.2.32.1.aarch64.rpm chromium-129.0.6668.70-bp156.2.32.1.aarch64.rpm openSUSE-2024-321 moderate openSUSE Backports SLE-15-SP6 Update This update for read-edid fixes the following issues: - Drop libx86 support, it's no longer maintained in Factory. - Add wrapper for get-edid (boo#1219395) * default to not calling VBE BIOS which may crash * print a warning message when i2c-dev driver is not loaded read-edid-3.0.2-bp156.5.3.1.src.rpm read-edid-3.0.2-bp156.5.3.1.x86_64.rpm read-edid-3.0.2-bp156.5.3.1.i586.rpm openSUSE-2024-323 moderate openSUSE Backports SLE-15-SP6 Update This update for xfce4-dict fixes the following issues: Update to version 0.8.7 * panel-plugin: Drop submenu (#2) * panel-plugin: Add submenus to toggle search mode (#2) * panel-plugin: Reduce default text size * panel-plugin: Restore function of the button in text entry * Change log level (#17) * prefs: Add radio buttons to correct group * scan-build: Fix deadcode.DeadStores * scan-build: Add false positive file * I18n: Update po/LINGUAS list * build: Use XDT_VERSION_INIT and get rid of configure.ac.in * build: Switch from intltool to gettext * Translation Updates Update to version 0.8.6 * Use getaddrinfo(3) to support IPv6 DICT servers * Add icons at missing sizes, clean up SVG metadata xfce4-dict-0.8.7-bp156.2.3.1.src.rpm xfce4-dict-0.8.7-bp156.2.3.1.x86_64.rpm xfce4-dict-lang-0.8.7-bp156.2.3.1.noarch.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.x86_64.rpm xfce4-dict-0.8.7-bp156.2.3.1.aarch64.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.aarch64.rpm xfce4-dict-0.8.7-bp156.2.3.1.ppc64le.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.ppc64le.rpm xfce4-dict-0.8.7-bp156.2.3.1.s390x.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.s390x.rpm openSUSE-2024-329 important openSUSE Backports SLE-15-SP6 Update This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.19: * Cancel button in SeaMonkey bookmarking star ui not working bug 1872623. * Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the one in toolkit bug 1896292. * Remove obsolete registerFactoryLocation calls from cZ bug 1870930. * Remove needless implements='nsIDOMEventListener' and QI bug 1611010. * Replace use of nsIStandardURL::Init bug 1864355. * Switch SeaMonkey website from hg.mozilla.org to heptapod. bug 1870934. * Allow view-image to open a data: URI by setting a flag on the loadinfo bug 1877001. * Save-link-as feature should use the loading principal and context menu using nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD bug 1879726. * Use punycode in SeaMonkey JS bug 1864287. * Font lists in preferences are no longer grouped by font type, port asynchronous handling like Bug 1399206 bug 1437393. * SeaMonkey broken tab after undo closed tab with invalid protocol bug 1885748. * SeaMonkey session restore is missing the checkboxes in the Classic theme bug 1896174. * Implement about:credits on seamonkey-project.org website bug 1898467. * Fix for the 0.0.0.0 day vulnerability oligo summary. * Link in update notification does not open Browser bug 1888364. * Update ReadExtensionPrefs in Preferences.cpp bug 1890196. * Add about:seamonkey page to SeaMonkey bug 1897801. * SeaMonkey 2.53.19 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.19 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.14 and Thunderbird 115.14 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. seamonkey-2.53.19-bp156.2.3.1.src.rpm seamonkey-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-dom-inspector-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-irc-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-2.53.19-bp156.2.3.1.i586.rpm seamonkey-dom-inspector-2.53.19-bp156.2.3.1.i586.rpm seamonkey-irc-2.53.19-bp156.2.3.1.i586.rpm openSUSE-2024-325 moderate openSUSE Backports SLE-15-SP6 Update This update for toolbox fixes the following issues: - Revert last change and update SLE/Leap Micro images to 5.5 (boo#1227328) - Update SLE/Leap Micro images from 5.4 to 6.0 (boo#1227328) - Update to version 2.3+git20240704.84ec25e: * toolbox: use correct container state tense in msg - Update to version 2.3+git20231030.3a6ef35: * Mount /dev/pts as mount type=devpts instead of --volume * fix typo creat -> create * Remove trailing whitespace * Fix bash error when container cannot be pulled toolbox-2.3+git20240704.84ec25e-bp156.4.3.1.noarch.rpm toolbox-2.3+git20240704.84ec25e-bp156.4.3.1.src.rpm openSUSE-2024-327 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.89 (stable released 2024-09-24) (boo#1231232) * CVE-2024-7025: Integer overflow in Layout * CVE-2024-9369: Insufficient data validation in Mojo * CVE-2024-9370: Inappropriate implementation in V8 chromedriver-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromedriver-debuginfo-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromium-129.0.6668.89-bp156.2.35.1.src.rpm chromium-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromium-debuginfo-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromedriver-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromedriver-debuginfo-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromium-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromium-debuginfo-129.0.6668.89-bp156.2.35.1.aarch64.rpm openSUSE-2024-352 moderate openSUSE Backports SLE-15-SP6 Update This update for python-jupyterlab fixes the following issues: - Build the full pacakge with the javascript dependencies as a new source in vendor.tar.gz. - CVE-2024-43805: Fixed data access via malicious Markdown due to HTML injection leading to DOM clobbering (boo#1229914) jupyter-jupyterlab-2.2.10-bp156.3.3.1.noarch.rpm python-jupyterlab-2.2.10-bp156.3.3.1.src.rpm python3-jupyterlab-2.2.10-bp156.3.3.1.noarch.rpm openSUSE-2024-332 moderate openSUSE Backports SLE-15-SP6 Update This update for qbittorrent fixes the following issues: Update to version 5.0.0 (fixes boo#1231149) * New features: * Support creating .torrent with larger piece size * Improve tracker entries handling * Add separate filter item for tracker errors * Allow to remove tracker from tracker filter widget menu * Implement "Reannounce In" column * Expose "DHT bootstrap nodes" setting * Add support for Mark-of-the-Web (https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/) * Allow to keep unwanted files in separate folder * Add "Copy Comment" to the torrent list's context menu * Allow relative profile paths * Enable Ctrl+F hotkey for more inputs * Add seeding limits to RSS and Watched folders options UI * Subcategories implicitly follow the parent category options * Add option to name each qbittorrent instance * Add button for sending test email * Allow torrents to override default share limit action * Use Start/Stop instead of Resume/Pause * Add the Popularity metric * Focus on Download button if torrent link retrieved from the clipboard * Add ability to pause/resume entire BitTorrent session * Add an option to set BitTorrent session shutdown timeout * Apply "Excluded file names" to folder names as well * Allow to use regular expression to filter torrent content * Allow to move content files to Trash instead of deleting them * Add ability to display torrent "privateness" in UI * Add a flag in "Peers" tab denoting a connection using NAT hole punching * Bug fixes: * Display error message when unrecoverable error occurred * Update size of selected files when selection is changed * Normalize tags by trimming leading/trailing whitespace * Correctly handle share limits in torrent options dialog * Adjust tracker tier when adding additional trackers * Fix inconsistent naming between "Done/Progress" column * Sanitize peer client names * Apply share limits immediately when torrent downloading is finished * Show download progress for folders with zero byte size as 100 instead of 0 * Fix highlighted piece color * Apply "merge trackers" logic regardless of way the torrent is added * Web UI: * Improve WebUI responsiveness * Do not exit the app when WebUI has failed to start * Add "Moving" filter to side panel * Add dark theme * Allow to remember torrent content files deletion * Leave the fields empty when value is invalid * Use natural sorting * Improve WebUI login behavior * Conditionally show filters sidebar * Add support for running concurrent searches * Improve accuracy of trackers list * Fix error when category doesn't exist * Improve table scrolling and selection on mobile * Restore search tabs on load * Restore previously used tab on load * Increase default height of "Share ratio limit" dialog * Use enabled search plugins by default * Add columns "Incomplete Save Path", "Info Hash v1", "Info Hash v2" * Always create generic filter items * Provide "Use Category paths in Manual Mode" option * Provide "Merge trackers to existing torrent" option * Web API: * Fix wrong timestamp values * Send binary data with filename and mime type specified * Expose API for the torrent creator * Add support for SSL torrents * Provide endpoint for listing directory content * Provide "private" flag via "torrents/info" endpoint * Add a way to download .torrent file using search plugin * Add "private" filter for "torrents/info" endpoint * Add root_path to "torrents/info" result * RSS: * Show RSS feed title in HTML browser * Allow to set delay between requests to the same host * Search: * Allow users to specify Python executable path * Lazy load search plugins * Add date column to the built-in search engine * Allow to rearrange search tabs * Other changes: * Add support for systemd power management * Add support for localized man pages * Specify a locale if none is set * Drop support for Qt5, qmake, autotools * Minimum supported versions: Qt: 6.5, Boost: 1.76, OpenSSL: 3.0.2 * Switch to C++20 Update to version 4.6.7 * Bug fixes: * The updater will launch the link to the build variant you're currently using * Web UI: * RSS: The list of feeds wouldn't load for Apply Rule * Focus on Download button if torrent link retrieved from the clipboard Update to version 4.6.6 * Bug fixes: * Fix handling of tags containing '&' character * Show scroll bar in Torrent Tags dialog * Apply bulk changes to correct content widget items * Hide zero status filters when torrents are removed * Fix `Incomplete Save Path` cannot be changed for torrents without metadata * Web UI: * Correctly apply changed "save path" of RSS rules * Clear tracker list on full update * Other changes: * Update User-Agent string for internal downloader and search engines Update to version 4.6.5 * Bug fixes: * Prevent app from being closed when disabling system tray icon * Fix <kbd>Enter</kbd> key behavior in Add new torrent dialog * Prevent invalid status filter index from being used * Add extra offset for dialog frame * Don't overwrite stored layout of main window with incorrect one * Don't forget to resume "missing files" torrent when rechecking * Web UI: * Restore ability to use server-side translation by custom WebUI * Fix wrong peer number * Other: * Improve AppStream metadata qbittorrent-5.0.0-bp156.3.3.1.src.rpm qbittorrent-5.0.0-bp156.3.3.1.x86_64.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.x86_64.rpm qbittorrent-5.0.0-bp156.3.3.1.aarch64.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.aarch64.rpm qbittorrent-5.0.0-bp156.3.3.1.ppc64le.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.ppc64le.rpm qbittorrent-5.0.0-bp156.3.3.1.s390x.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.s390x.rpm openSUSE-2024-336 moderate openSUSE Backports SLE-15-SP6 Update This update rebuilds libzypp-testsuite-tools against current libzypp. libzypp-testsuite-tools-5.0.5-bp156.3.2.1.src.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.x86_64.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.i586.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.aarch64.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.ppc64le.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.s390x.rpm openSUSE-2024-333 low openSUSE Backports SLE-15-SP6 Update Fix scanner search crash on startup ksanecore-23.08.5-bp156.2.3.1.src.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-devel-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-lang-23.08.5-bp156.2.3.1.noarch.rpm libKSaneCore1-23.08.5-bp156.2.3.1.x86_64.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.i586.rpm ksanecore-devel-23.08.5-bp156.2.3.1.i586.rpm libKSaneCore1-23.08.5-bp156.2.3.1.i586.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.i586.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.aarch64.rpm ksanecore-devel-23.08.5-bp156.2.3.1.aarch64.rpm libKSaneCore1-23.08.5-bp156.2.3.1.aarch64.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.aarch64.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.ppc64le.rpm ksanecore-devel-23.08.5-bp156.2.3.1.ppc64le.rpm libKSaneCore1-23.08.5-bp156.2.3.1.ppc64le.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.ppc64le.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.s390x.rpm ksanecore-devel-23.08.5-bp156.2.3.1.s390x.rpm libKSaneCore1-23.08.5-bp156.2.3.1.s390x.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.s390x.rpm openSUSE-2024-335 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 129.0.6668.100 (boo#1231420) * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V8 chromedriver-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromedriver-debuginfo-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromium-129.0.6668.100-bp156.2.38.1.src.rpm chromium-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromium-debuginfo-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromedriver-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromedriver-debuginfo-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromium-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromium-debuginfo-129.0.6668.100-bp156.2.38.1.aarch64.rpm openSUSE-2024-337 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.58 (boo#1231694) * CVE-2024-9954: Use after free in AI * CVE-2024-9955: Use after free in Web Authentication * CVE-2024-9956: Inappropriate implementation in Web Authentication * CVE-2024-9957: Use after free in UI * CVE-2024-9958: Inappropriate implementation in PictureInPicture * CVE-2024-9959: Use after free in DevTools * CVE-2024-9960: Use after free in Dawn * CVE-2024-9961: Use after free in Parcel Tracking * CVE-2024-9962: Inappropriate implementation in Permissions * CVE-2024-9963: Insufficient data validation in Downloads * CVE-2024-9964: Inappropriate implementation in Payments * CVE-2024-9965: Insufficient data validation in DevTools * CVE-2024-9966: Inappropriate implementation in Navigations chromedriver-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromedriver-debuginfo-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromium-130.0.6723.58-bp156.2.41.1.src.rpm chromium-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromium-debuginfo-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromedriver-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromedriver-debuginfo-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromium-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromium-debuginfo-130.0.6723.58-bp156.2.41.1.aarch64.rpm openSUSE-2024-338 moderate openSUSE Backports SLE-15-SP6 Update This update for hostapd fixes the following issues: hostapd was updated to 2024-07-20 / v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions hostapd-2.11-bp156.2.3.1.src.rpm hostapd-2.11-bp156.2.3.1.x86_64.rpm hostapd-2.11-bp156.2.3.1.i586.rpm hostapd-2.11-bp156.2.3.1.aarch64.rpm hostapd-2.11-bp156.2.3.1.ppc64le.rpm hostapd-2.11-bp156.2.3.1.s390x.rpm openSUSE-2024-342 moderate openSUSE Backports SLE-15-SP6 Update This update for lxc fixes the following issues: lxc was updated to 6.0.2: The LXC team is pleased to announce the release of LXC 6.0.2! This is the second bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Some of the highlights for this release are: - Reduced log level on some common messages - Fix compilation error on aarch64 * Detailed changelog - Remove unused function - idmap: Lower logging level of newXidmap tools to INFO - Exit 0 when there's no error - doc: Fix definitions of get_config_path and set_config_path - README: Update security contact - fix possible clang compile error in AARCH Update to 6.0.1: The LXC team is pleased to announce the release of LXC 6.0.1! This is the first bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Highlights - Fixed some build tooling issues - Fixed startup failures on system without IPv6 support - Updated AppArmor rules to avoid potential warnings Update to 6.0.0: The LXC team is pleased to announce the release of LXC 6.0 LTS! This is the result of two years of work since the LXC 5.0 release and is the sixth LTS release for the LXC project. This release will be supported until June 2029. * New multi-call binary¶ A new tools-multicall=true configuration option can be used to produce a single lxc binary which can then have all other lxc-XYZ commands be symlinked to. This allows for a massive disk space reduction, particularly useful for embedded platforms. * Add a set_timeout function to the library A new set_timeout function is available on the main lxc_container struct and allow for setting a global timeout for interactions with the LXC monitor. Prior to this, there was no timeout, leading to potential deadlocks as there's also no way to cancel an monitor request. As a result of adding this new symbol to the library, we have bumped the liblxc symbol version to 1.8.0. * LXC bridge now has IPV6 enabled The default lxcbr0 bridge now comes with IPv6 enabled by default, using an IPv6 ULA subnet. Support for uid/gid selection in lxc-usernsexec The lxc-usernsexec tool now has both -u and -g options to control what resulting UID and GID (respectively) the user wishes to use (defaulting to 0/0). * Improvements to lxc-checkconfig lxc-checkconfig now only shows the version if lxc-start is present (rather than failing). Additionally, it's seen a number of other cosmetic improvements as well as now listing the maximum number of allowed namespaces for every namespace type. * Support for squashfs OCI images The built-in oci container template can now handle squashfs compressed OCI images through the use of atomfs. * Switched from systemd's dbus to dbus-1 LXC now uses libdbus-1 for DBus interactions with systemd rather than using libsystemd. The reason for this change is that libdbus-1 is readily available for static builds. * Removed Upstart support Support for the Upstart init system has finally been removed from LXC. This shouldn't really affect anyone at this stage and allowed for cleaning up some logic and config files from our repository. liblxc-devel-6.0.2-bp156.2.3.1.x86_64.rpm liblxc1-6.0.2-bp156.2.3.1.x86_64.rpm lxc-6.0.2-bp156.2.3.1.src.rpm lxc-6.0.2-bp156.2.3.1.x86_64.rpm lxc-bash-completion-6.0.2-bp156.2.3.1.noarch.rpm lxc-ja-doc-6.0.2-bp156.2.3.1.noarch.rpm lxc-ko-doc-6.0.2-bp156.2.3.1.noarch.rpm pam_cgfs-6.0.2-bp156.2.3.1.x86_64.rpm liblxc-devel-6.0.2-bp156.2.3.1.i586.rpm liblxc1-6.0.2-bp156.2.3.1.i586.rpm lxc-6.0.2-bp156.2.3.1.i586.rpm pam_cgfs-6.0.2-bp156.2.3.1.i586.rpm liblxc-devel-6.0.2-bp156.2.3.1.aarch64.rpm liblxc1-6.0.2-bp156.2.3.1.aarch64.rpm lxc-6.0.2-bp156.2.3.1.aarch64.rpm pam_cgfs-6.0.2-bp156.2.3.1.aarch64.rpm liblxc-devel-6.0.2-bp156.2.3.1.ppc64le.rpm liblxc1-6.0.2-bp156.2.3.1.ppc64le.rpm lxc-6.0.2-bp156.2.3.1.ppc64le.rpm pam_cgfs-6.0.2-bp156.2.3.1.ppc64le.rpm liblxc-devel-6.0.2-bp156.2.3.1.s390x.rpm liblxc1-6.0.2-bp156.2.3.1.s390x.rpm lxc-6.0.2-bp156.2.3.1.s390x.rpm pam_cgfs-6.0.2-bp156.2.3.1.s390x.rpm openSUSE-2024-343 moderate openSUSE Backports SLE-15-SP6 Update This update for Botan fixes the following issues: - Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan. Botan-2.19.5-bp156.3.6.1.src.rpm Botan-2.19.5-bp156.3.6.1.x86_64.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm Botan-debugsource-2.19.5-bp156.3.6.1.x86_64.rpm Botan-doc-2.19.5-bp156.3.6.1.noarch.rpm libbotan-2-19-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.6.1.x86_64.rpm python3-botan-2.19.5-bp156.3.6.1.x86_64.rpm Botan-2.19.5-bp156.3.6.1.i586.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.i586.rpm Botan-debugsource-2.19.5-bp156.3.6.1.i586.rpm libbotan-2-19-2.19.5-bp156.3.6.1.i586.rpm libbotan-2-19-32bit-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-32bit-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.i586.rpm libbotan-devel-2.19.5-bp156.3.6.1.i586.rpm libbotan-devel-32bit-2.19.5-bp156.3.6.1.x86_64.rpm python3-botan-2.19.5-bp156.3.6.1.i586.rpm Botan-2.19.5-bp156.3.6.1.aarch64.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.aarch64.rpm Botan-debugsource-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-2-19-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-2-19-64bit-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm libbotan-2-19-64bit-debuginfo-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-devel-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-devel-64bit-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm python3-botan-2.19.5-bp156.3.6.1.aarch64.rpm Botan-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-debugsource-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-2-19-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-devel-2.19.5-bp156.3.6.1.ppc64le.rpm python3-botan-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-2.19.5-bp156.3.6.1.s390x.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.s390x.rpm Botan-debugsource-2.19.5-bp156.3.6.1.s390x.rpm libbotan-2-19-2.19.5-bp156.3.6.1.s390x.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.s390x.rpm libbotan-devel-2.19.5-bp156.3.6.1.s390x.rpm python3-botan-2.19.5-bp156.3.6.1.s390x.rpm openSUSE-2024-341 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.69 (boo#1232060) * CVE-2024-10229: Inappropriate implementation in Extensions * CVE-2024-10230: Type Confusion in V8 * CVE-2024-10231: Type Confusion in V8 chromedriver-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromedriver-debuginfo-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromium-130.0.6723.69-bp156.2.44.1.src.rpm chromium-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromium-debuginfo-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromedriver-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromedriver-debuginfo-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromium-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromium-debuginfo-130.0.6723.69-bp156.2.44.1.aarch64.rpm openSUSE-2024-353 moderate openSUSE Backports SLE-15-SP6 Update This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882) kmail-account-wizard-23.08.5-bp156.2.3.1.src.rpm kmail-account-wizard-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-debuginfo-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-debugsource-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-lang-23.08.5-bp156.2.3.1.noarch.rpm kmail-account-wizard-23.08.5-bp156.2.3.1.aarch64.rpm kmail-account-wizard-debuginfo-23.08.5-bp156.2.3.1.aarch64.rpm kmail-account-wizard-debugsource-23.08.5-bp156.2.3.1.aarch64.rpm openSUSE-2024-345 moderate openSUSE Backports SLE-15-SP6 Update This update for xsd fixes the following issues: - CVE-2024-50602: Fixed libexpat DoS via XML_ResumeParser in xsd (boo#1232580) xsd-4.1.0-bp156.5.3.1.src.rpm xsd-4.1.0-bp156.5.3.1.x86_64.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.x86_64.rpm xsd-debugsource-4.1.0-bp156.5.3.1.x86_64.rpm xsd-doc-4.1.0-bp156.5.3.1.noarch.rpm xsd-4.1.0-bp156.5.3.1.i586.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.i586.rpm xsd-debugsource-4.1.0-bp156.5.3.1.i586.rpm xsd-4.1.0-bp156.5.3.1.aarch64.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.aarch64.rpm xsd-debugsource-4.1.0-bp156.5.3.1.aarch64.rpm xsd-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-debugsource-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-4.1.0-bp156.5.3.1.s390x.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.s390x.rpm xsd-debugsource-4.1.0-bp156.5.3.1.s390x.rpm openSUSE-2024-354 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-wsi fixes the following issues: Version 2.1 * Support of sparse encoding of tiles in OpenSlide (notably for MIRAX format) * OrthancWSIDicomizer supports plain TIFF, besides hierarchical TIFF * New option: "--force-openslide" to force the use of OpenSlide on TIFF-like files * New option: "--padding" to control deep zoom of plain PNG/JPEG/TIFF images over IIIF * Added support for DICOM tag "Recommended Absent Pixel CIELab" (0048,0015) * Force version of Mirador to 3.3.0 * In the IIIF manifest, reverse the order of the "sizes" field, which seems to fix compatibility with Mirador v4.0.0-alpha orthanc-wsi-2.1-bp156.2.3.1.src.rpm orthanc-wsi-2.1-bp156.2.3.1.x86_64.rpm orthanc-wsi-2.1-bp156.2.3.1.aarch64.rpm orthanc-wsi-2.1-bp156.2.3.1.ppc64le.rpm orthanc-wsi-2.1-bp156.2.3.1.s390x.rpm openSUSE-2024-346 important openSUSE Backports SLE-15-SP6 Update This update for mosquitto fixes the following issues: - Update to latest release to address the following security issues: * CVE-2024-3935 (boo#1232635) * CVE-2024-10525 (boo#1232636) Update to version 2.0.20 Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Update to version 2.0.19 Security: * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Broker: * Fix assert failure when loading a persistence file that contains subscriptions with no client id. * Fix local bridges being incorrectly expired when persistent_client_expiration is in use. * Fix use of CLOCK_BOOTTIME for getting time. * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Client library: * Fix some error codes being converted to string as "unknown". * Clear SSL error state to avoid spurious error reporting. * Fix "payload format invalid" not being allowed as a PUBREC reason code. * Don't allow SUBACK with missing reason codes. Update to 2.0.18 (boo#1214918, CVE-2023-28366, boo#1215865, CVE-2023-0809, boo#1215864, CVE-2023-3592): * Fix crash on subscribe under certain unlikely conditions. * Fix mosquitto_rr not honouring `-R`. Closes #2893. * Fix `max_queued_messages 0` stopping clients from receiving messages. * Fix `max_inflight_messages` not being set correctly. * Fix `mosquitto_passwd -U` backup file creation. * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Broker will now reject Will messages that attempt to publish to $CONTROL/. * Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8. * Fix potential crash when loading invalid persistence file. * Library will no longer allow single level wildcard certificates, e.g. *.com * Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing. * Fix some retained topic memory not being cleared immediately after used. * Fix error handling related to the `bind_interface` option. * Fix std* files not being redirected when daemonising, when built with assertions removed. * Fix default settings incorrectly allowing TLS v1.1. * Use line buffered mode for stdout. * Fix bridges with non-matching cleansession/local_cleansession being expired on start after restoring from persistence * Fix connections being limited to 2048 on Windows. The limit is now 8192, where supported. * Broker will log warnings if sensitive files are world readable/writable, or if the owner/group is not the same as the user/group the broker is running as. In future versions the broker will refuse to open these files. * mosquitto_memcmp_const is now more constant time. * Only register with DLT if DLT logging is enabled. * Fix any possible case where a json string might be incorrectly loaded. This could have caused a crash if a textname or textdescription field of a role was not a string, when loading the dynsec config from file only. * Dynsec plugin will not allow duplicate clients/groups/roles when loading config from file, which matches the behaviour for when creating them. * Fix heap overflow when reading corrupt config with "log_dest file". * Use CLOCK_BOOTTIME when available, to keep track of time. This solves the problem of the client OS sleeping and the client hence not being able to calculate the actual time for keepalive purposes. * Fix default settings incorrectly allowing TLS v1.1. Closes * Fix high CPU use on slow TLS connect. * Fix incorrect topic-alias property value in mosquitto_sub json output. * Fix confusing message on TLS certificate verification. * mosquitto_passwd uses mkstemp() for backup files. * `mosquitto_ctrl dynsec init` will refuse to overwrite an existing file, without a race-condition. Update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify the client/group if a new group/client being added is not valid. * Dynamic security: Fix the plugin being able to be loaded twice. Currently only a single plugin can interact with a unique $CONTROL topic. Using multiple instances of the plugin would produce duplicate entries in the config file. Closes #2601. Closes #2470. * Fix case where expired messages were causing queued messages not to be delivered. Closes #2609. * Fix websockets not passing on the X-Forwarded-For header. * Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl ctx not being initialised until starting to connect. Closes #2537. * Fix incorrect use of SSL_connect. Closes #2594. * Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564. * Add documentation of struct mosquitto_message to header. Closes #2561. * Fix documentation omission around mosquitto_reinitialise. Closes #2489. * Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463. * Fix failure to close thread in some situations. Closes #2545. * Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. * Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation. Update to version 2.0.14: Broker: * Fix bridge not respecting receive-maximum when reconnecting with MQTT v5. Client library: * Fix mosquitto_topic_matches_sub2() not using the length parameters. * Fix incorrect subscribe_callback in mosquittopp.h. Update to version 2.0.13: Broker: * Fix `max_keepalive` option not being able to be set to 0. * Fix LWT messages not being delivered if `per_listener_settings` was set to true. * Various fixes around inflight quota management. * Fix problem parsing config files with Windows line endings. * Don't send retained messages when a shared subscription is made * Fix client id not showing in log on failed connections, where possible. * Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. * Fix mosquitto_plugin.h not including mosquitto_broker.h. Client library: * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid closing invalid sockets in `mosquitto_destroy()` on error. Clients: - Fix date format in mosquitto_sub output. - Update to version 2.0.12 * Includes security fixes for CVE-2021-34434 (boo#1190048) and CVE-2020-13849 (boo#1190101) Security : * An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed. * Using certain listener related configuration options e.g. `cafile`, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes #2283. * CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access,the client would keep its existing subscription. This has been fixed. * Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed. Broker: * Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. * Fix `max_connections` option not being correctly counted. * Fix TLS certificates and TLS-PSK not being able to be configured at the same time. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. * Fix broker not quiting if e.g. the `password_file` is specified as a directory. Closes #2241. * Fix listener mount_point not being removed on outgoing messages. * Strict protocol compliance fixes, plus test suite. * Fix $share subscriptions not being recovered for durable clients that reconnect. * Update plugin configuration documentation. Closes #2286. Client library: * If a client uses TLS-PSK then force the default cipher list to use "PSK" ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without# verifying certificates, because they were not configured. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Apps: * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working. Clients: * Document TLS certificate behaviour when using `-p 8883`. Build: * Fix installation using WITH_TLS=no. Closes #2281. * Fix builds with libressl 3.4.0. Closes #2198. * Remove some unnecessary code guards related to libressl. * Fix printf format build warning on MIPS. Closes #2271. Update to version 2.0.11: Security: * If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. This has been fixed. Broker: * Fix possible crash having just upgraded from 1.6 if `per_listener_settings true` is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. * Fix bridge not reconnectng if the first reconnection attempt fails. * Improve QoS 0 outgoing packet queueing. * Fix QoS 0 messages not being queued when `queue_qos0_messages` was enabled. Clients: * If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. * Fix `mosquitto_pub -l` quitting if a message publication is attempted when the broker is temporarily unavailable. libmosquitto1-2.0.20-bp156.2.3.1.x86_64.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm libmosquittopp1-2.0.20-bp156.2.3.1.x86_64.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-2.0.20-bp156.2.3.1.src.rpm mosquitto-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-clients-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-devel-2.0.20-bp156.2.3.1.x86_64.rpm libmosquitto1-2.0.20-bp156.2.3.1.aarch64.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm libmosquittopp1-2.0.20-bp156.2.3.1.aarch64.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-clients-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-devel-2.0.20-bp156.2.3.1.aarch64.rpm libmosquitto1-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquittopp1-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-clients-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-devel-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquitto1-2.0.20-bp156.2.3.1.s390x.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm libmosquittopp1-2.0.20-bp156.2.3.1.s390x.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-clients-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-devel-2.0.20-bp156.2.3.1.s390x.rpm openSUSE-2024-358 moderate openSUSE Backports SLE-15-SP6 Update This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add "Simple pread/pwrite" disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable "Move to trash" option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle "torrent finished after move" event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream qbittorrent-5.0.1-bp156.3.6.1.src.rpm qbittorrent-5.0.1-bp156.3.6.1.x86_64.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.x86_64.rpm qbittorrent-5.0.1-bp156.3.6.1.aarch64.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.aarch64.rpm qbittorrent-5.0.1-bp156.3.6.1.ppc64le.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.ppc64le.rpm qbittorrent-5.0.1-bp156.3.6.1.s390x.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.s390x.rpm openSUSE-2024-347 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Update to version 130.0.6723.91 (boo#1232566): - CVE-2024-10487: Out of bounds write in Dawn - CVE-2024-10488: Use after free in WebRTC chromedriver-130.0.6723.91-bp156.2.47.1.x86_64.rpm chromium-130.0.6723.91-bp156.2.47.1.src.rpm chromium-130.0.6723.91-bp156.2.47.1.x86_64.rpm chromedriver-130.0.6723.91-bp156.2.47.1.aarch64.rpm chromium-130.0.6723.91-bp156.2.47.1.aarch64.rpm openSUSE-2024-365 moderate openSUSE Backports SLE-15-SP6 Update This update for python3-djangorestframework, python3-djangorestframework-simplejwt, python3-pytest-django fixes the following issues: This update ships: - python3-pytest-django: in version 3.9.0 - python3-djangorestframework: in version 3.11.2. - python3-djangorestframework-simplejwt: in version 4.6.0 python3-djangorestframework-simplejwt-4.6.0-bp156.4.1.noarch.rpm python3-djangorestframework-simplejwt-4.6.0-bp156.4.1.src.rpm python3-djangorestframework-3.11.2-bp156.5.1.noarch.rpm python3-djangorestframework-3.11.2-bp156.5.1.src.rpm python3-pytest-django-3.9.0-bp156.4.1.noarch.rpm python3-pytest-django-3.9.0-bp156.4.1.src.rpm openSUSE-2024-360 moderate openSUSE Backports SLE-15-SP6 Update This update for AusweisApp fixes the following issues: - Enforce use of legacy OpenSSL API to be able to use smartcards. - New upstream release + Version 2.2.2 - Visual adjustments and optimization of the graphical user interface. - Optimization of accessibility and keyboard operability. - Addition of the Android ABIs armeabi-v7a and x86_64 in addition to arm64-v8a in the SDK. - New upstream release + Version 2.2.1 - Visual adjustments and optimization of the graphical user interface. - Optimization of accessibility and keyboard usability. - Prevention of the display of external content in the graphical user interface. - Support for smartphones with Android 15 where optimized memory management has been activated. - Support for 16 KB page sizes on Android. - Stabilization of the iOS SDK during fast restarts. - Correction of the behavior when using Qt 6.6.3. - Avoidance of a log file within the container in the container SDK. - Update of the Android NDK to r27b (27.1.12297006). - Update of the Android SDK Platform to Android 15 (API level 35). - Update of OpenSSL to version 3.3.2. - Add missing libQt6Svg6 runtime dependency to Requires - New upstream release + Version 2.2.0 - Visual adjustments and optimization of the graphical user interface. - Display of the old and new device name when using "Smartphone as card reader" if the name of a device has changed. - An information page has been added at the end of an authentication before forwarding to the service provider. - Increased the time allowed to respond to card commands on Android to support badges that have switched to a safe slow mode after too many incorrect CAN entries. - Improved accessibility options. - Support for Android 8 has been discontinued. - The "Smartphone as card reader" function now requires at least version 2.1.0. - Support for ChromeOS has been added. - Support for key lengths smaller than 3000 bits has been discontinued. - Changelog added to the documentation for the SDK. - Functional extension of the SDK (see changelog). - Update of Qt to version 6.7.2. - Update of OpenSSL to version 3.3.1. AusweisApp-2.2.2-bp156.5.1.src.rpm AusweisApp-2.2.2-bp156.5.1.x86_64.rpm AusweisApp-2.2.2-bp156.5.1.aarch64.rpm AusweisApp-2.2.2-bp156.5.1.ppc64le.rpm AusweisApp-2.2.2-bp156.5.1.s390x.rpm openSUSE-2024-364 important openSUSE Backports SLE-15-SP6 Update This update for virtualbox fixes the following issues: Update to release 7.1.4: * NAT: Fixed DHCP problems with certain guests when domain is empty * VMSVGA: Improved flickering, black screen and other screen update issues with recent Linux kernels * Linux Guest Additions: Introduce initial support for kernel 6.12 * EFI: Added missing LsiLogic MPT SCSI driver again to fix booting from devices attached to this device if the EFI firmware is used (7.1.0 regression) * EFI: Restored broken network boot support (7.1.0 regression) * Adressed CVE-2024-21248 [boo#1231735], CVE-2024-21273 [boo#1231736], CVE-2024-21259 [boo#1231737], CVE-2024-21263 [boo#1231738] - Make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225] Update to release 7.1: * The GUI now offers a selection between Basic and Experienced user level with reduced or full UI functionality. * VRDE: If user does not set up TLS with custom certificates, enable it with self-signed certificate, including issuing a new one before the old one expires * NAT: New engine with IPv6 support. * Linux host and guest: Added Wayland support for Clipboard sharing. - Changed license from Gpl-2.0 to Gpl-3.0 Version bump to VirtualBox 7.0.20 (released July 16 2024 by Oracle)) This is a maintenance release. The following items were fixed and/or added: - TPM: Fixed errors appearing the event viewer with Windows guests - macOS Hosts: Fixed passing USB devices to the VM (bug #21218) - Audio: Fixed recording with HDA emulation after newer Windows 10 / 11 guests got rebooted - USB: Fixed a deadlock in OHCI triggered when saving the current state of a VM or taking a snapshot (bug #22059) - Linux Guest and Host: Introduced initial support for OpenSuse 15.6 kernel - Linux Guest and Host: Introduced initial support for RHEL 9.5 kernel (bug #22099) - Guest Additions: Shared Clipboard: Fixed issue when extra new lines were pasted when copying text between Win and X11 (bug #21716) - UEFI Secure Boot: Add new Microsoft certificates to list for new VMs kbuild-0.1.9998+svn3613-bp156.2.3.1.src.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm openSUSE-2024-359 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.4.0 * Show key ID when importing or deleting package signing keys * Add option to install google-chrome-canary - Version 5.3.0 * Fix tests for new zypper version * fix doblue slash in packman repo url * Add Plugin to install Libation opi-5.4.0-bp156.2.9.1.noarch.rpm opi-5.4.0-bp156.2.9.1.src.rpm openSUSE-2024-361 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - Update to version 1.4.0~git2.770efa8: * Resolve incorrect handling of rhost in pam (#3171) - Update to version 1.4.0~git1.c297c3f: * Docker makefile latest * Release 1.4.0 * chore: Made oauth2 scopes required in CLI (#3165) * More "choosing a domain" revision (#3161) * Update missing inputmode numeric when adding a new TOTP. (#3160) * Improve OAuth2 authorisation ux (#3158) * Fix attribute scim sync attribute naming (#3159) * Change to text input and use numeric mode for TOTP prompts. (#3154) * Fix release note date and typos (#3153) * Release 1.4.0-pre * Release Notes (#3149) * Remove WASM (#3148) * Rewrite "choosing a domain", add other considerations (#3147) * Harmonize UI and remove unused css (#3033) * ripping out some extra packages (#3146) * OAuth2 Device flow foundations (#3098) * htmx by default (#3145) * Support reloading via systemd (#3144) * Chore: Refactor Groups to be more generic (#3136) * 20241024 1271 cert reload on SIGHUP (#3140) * Update docs, improve locking (#3141) * 2856 - use tags for containers on build (#3139) * Fix image when too smol (#3138) * yale's rabbit-hole-chasing-htmx-fixing-megapatch (#3135) * ipinfo should be single value (#3137) * Tidy the reauth ui (#3130) * Add missing schemas to get OpenAPI validation to pass. (#3129) * Change some OperationError into HTTP Bad Request (400). (#3125) * Bump the all group with 11 updates (#3127) * Bump the all group in /pykanidm with 5 updates (#3128) * Fill in some Swagger API docs for a few v1 endpoints. (#3126) * Diagram Improvements in Book (#3124) * Fix passkey auth flow redirects (#3123) * Improve handling of inaccesible shadow file (#3122) * Log HTTP Not Found (404) as info log level. (#3119) * more errors for the people (#3121) * 20241017 unixd home (#3113) * 20241017 3107 token ttl (#3114) * docs: Update kanidm_ppa instructions for new repo logic (#3117) * fix(lint) minor lint fix for unnecessary match use (#3118) * Totp input changes (#3115) * Add the strict flag on client creates for developers (#3111) * Working scim entry get for person (#3088) * Add nss testframework and fallback when daemon offline (#3093) * Improve deb packaging, add aarch64 (#3083) * Cache buster buster (#3091) * fix(http): status content type should be JSON (#3096) * Bump the all group across 1 directory with 7 updates (#3106) * Bump the all group across 1 directory with 10 updates (#3103) * 20241012 attr name SCIM fix (#3102) * Scim add EntryReference (#3079) * Bump the all group across 1 directory with 3 updates (#3094) * Fix Increment Replication Post Upgrade (#3089) * Remove white background from square logo (#3087) * Add support for group extension (#3081) * 20240921 ssh keys and unix password in credential update session (#3056) * Fix landing and redirect URLs for GitLab, add some useful links (#3055) * [htmx] Make it harder to miss the save button on the cred update page (#3013) * Add example Outline config (#3076) * 20240925 cleanups (#3060) * Add instructions for unlinking Homebrew Rust on macOS (#3085) * Don't reprompt for login when no session exists in cli (#3082) * Make good on some TechDebt (#3084) * Feat: Adding POSIX Password fallback (#3067) * Bump the all group across 1 directory with 13 updates (#3080) * Complete the implementation of the posix account cache (#3041) * 20240926 tech debt (#3066) * Fix migration of last mod cid (#3065) * Increase totp secret size (#3061) * Bump mozilla-actions/sccache-action from 0.0.5 to 0.0.6 in the all group (#3075) * Improve pipe handling on linux (#3069) * reformat oauth2 URL list, highlight legacy bits (#3062) * scim_proto: fix incorrect language tag (#3064) * Add ownCloud example config (#3059) * Add example config for JetBrains Hub / YouTrack (#3058) * Bump the all group with 8 updates (#3053) * Bump the all group in /pykanidm with 3 updates (#3054) * Document basic authenticating GitLab to Kanidm (#3050) * fix(doc): updating docker container ref (#3049) * Resolve incorrect SCIM Sync serialisation (#3047) * CLI image error nicening (#3037) * Add rfc7009 and rfc7662 metadata to oidc discovery (#3046) * More openapi tweaks (#3038) * Bump the all group with 6 updates (#3044) * Bump the all group in /pykanidm with 3 updates (#3043) * fix(docs): make it clearer that bearer auth is a thing (#3031) * implements additional traits for filter types (#3036) * 20240810 SCIM entry basic (#3032) * CreatedAt/ModifiedAt fix (#3034) * Pykanidm fixes (#3030) * 20240906 Attribute as an Enum Type (#3025) * Bump the all group with 9 updates (#3029) * Bump the all group in /pykanidm with 4 updates (#3028) * Credentials page/Self cred update flow UI improvements (#3012) * 20240828 Support Larger Images, Allow Custom Domain Icons (#3016) * MemberOf in search implies DirectMemberOf (#3024) * fix(kanidm): don't allow empty string fields on CLI (#3018) * Bump cryptography from 42.0.4 to 43.0.1 in /pykanidm in the pip group (#3023) * generate completions for elvish and fish (#3015) * Bump the all group with 4 updates (#3021) * Bump the all group in /pykanidm with 3 updates (#3022) * 20240820 SCIM value (#2992) * fix(daemon): handling IPv6 addresses in healthcheck (#3004) * fix(webui): Javascript errors after server-side update blocking login. Fixed after cache invalidating (#3011) * OAuth2 Token Type (#3008) * Bump the all group in /pykanidm with 4 updates (#3007) * Bump the all group with 8 updates (#3006) * Spattering of oauth2 stuff (#3000) * Doc multi instance (#2997) * Expose group rename (#2999) * feat: self cred update flow (#2995) * Better Error Message (#2998) * Add missing group for application admin (#2991) * enforcen den clippen (#2990) * 20240817 group mail acp (#2982) * 20240810 application passwords (#2968) * Bump the all group with 17 updates (#2986) * Bump the all group in /pykanidm with 3 updates (#2985) * Mail substr index (#2981) * Doc format, add api-token section (#2975) * [HTMX] small profile improvements (#2974) * Foundations of pam/nss multi resolver * TLS, no seriously. (#2963) * Update suse.md to avoid Authentication token manipulation error (#2973) * Add Alpine Linux installation instructions (#2871) * Bump the all group across 1 directory with 10 updates (#2966) * [HTMX] User settings (#2929) * Bump the all group in /pykanidm with 2 updates (#2965) * Docs updates (#2961) * Bump aiohttp from 3.10.0 to 3.10.2 in /pykanidm in the pip group (#2962) * Prevent bug in pam (#2960) * Improve migration error message (#2959) * Fix incorrect logic in cred update flow (#2956) * Docker-and-docs-fixes (#2954) * Bump the all group in /pykanidm with 5 updates (#2952) * Bump the all group with 10 updates (#2953) * Added orca flag to extend privileged authentication expiry (#2949) * In honour of SebaT, error on db lock acq timeout (#2947) * Add measurement of lock acquisition (#2946) * [htmx] Credential Update page (#2897) * Update to 1.4.0-dev (#2943) kanidm-1.4.0~git2.770efa8-bp156.7.1.src.rpm kanidm-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-clients-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-docs-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-server-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-unixd-clients-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-clients-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-docs-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-server-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-unixd-clients-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm openSUSE-2024-355 important openSUSE Backports SLE-15-SP6 Update This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 (boo#1231740, CVE-2024-21272) - WL#16452: Bundle all installable authentication plugins when building the C-extension - WL#16444: Drop build support for DEB packages - WL#16442: Upgrade gssapi version to 1.8.3 - WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors - WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support - WL#16307: Remove Python 3.8 support - WL#16306: Add support for Python 3.13 - BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers - BUG#37013057: mysql-connector-python Parameterized query SQL injection - BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host - BUG#36577957: Update charset/collation description indicate this is 16 bits - 9.0.0: - WL#16350: Update dnspython version - WL#16318: Deprecate Cursors Prepared Raw and Named Tuple - WL#16284: Update the Python Protobuf version - WL#16283: Remove OpenTelemetry Bundled Installation - BUG#36664998: Packets out of order error is raised while changing user in aio - BUG#36611371: Update dnspython required versions to allow latest 2.6.1 - BUG#36570707: Collation set on connect using C-Extension is ignored - BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES - BUG#36289767: MySQLCursorBufferedRaw does not skip conversion - 8.4.0 - WL#16203: GPL License Exception Update - WL#16173: Update allowed cipher and cipher-suite lists - WL#16164: Implement support for new vector data type - WL#16127: Remove the FIDO authentication mechanism - WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension - BUG#36227964: Improve OpenTelemetry span coverage - BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection - 8.3.0 - WL#16015: Remove use of removed COM_ commands - WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python - WL#15983: Stop using mysql_ssl_set api - WL#15982: Remove use of mysql_shutdown - WL#15950: Support query parameters for prepared statements - WL#15942: Improve type hints and standardize byte type handling - WL#15836: Split mysql and mysqlx into different packages - WL#15523: Support Python DB API asynchronous execution - BUG#35912790: Binary strings are converted when using prepared statements - BUG#35832148: Fix Django timezone.utc deprecation warning - BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments - BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS python-mysql-connector-python-9.1.0-bp156.4.3.1.src.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.x86_64.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.i586.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.aarch64.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.ppc64le.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.s390x.rpm openSUSE-2024-362 moderate openSUSE Backports SLE-15-SP6 Update This update for stressapptest fixes the following issues: - Configure with --enable-default-optimizations to get the tool compiled with correct definitions (boo#1227462). - Update to v1.0.11 * Bugfixes and compiler compatibility updates. * LoongArch, MIPS support * aarch64 vector instruction support stressapptest-1.0.11-bp156.5.3.1.src.rpm stressapptest-1.0.11-bp156.5.3.1.x86_64.rpm stressapptest-1.0.11-bp156.5.3.1.i586.rpm stressapptest-1.0.11-bp156.5.3.1.aarch64.rpm stressapptest-1.0.11-bp156.5.3.1.ppc64le.rpm stressapptest-1.0.11-bp156.5.3.1.s390x.rpm openSUSE-2024-357 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.116 (boo#1232843) - CVE-2024-10826: Use after free in Family Experiences - CVE-2024-10827: Use after free in Serial chromedriver-130.0.6723.116-bp156.2.50.1.x86_64.rpm chromium-130.0.6723.116-bp156.2.50.1.src.rpm chromium-130.0.6723.116-bp156.2.50.1.x86_64.rpm chromedriver-130.0.6723.116-bp156.2.50.1.aarch64.rpm chromium-130.0.6723.116-bp156.2.50.1.aarch64.rpm openSUSE-2024-366 moderate openSUSE Backports SLE-15-SP6 Update This update for python-PyPDF2 fixes the following issues: - CVE-2022-24859: Fixed infinite loop vulnerability (boo#1198588) python-PyPDF2-1.26.0-bp156.4.3.1.src.rpm python3-PyPDF2-1.26.0-bp156.4.3.1.noarch.rpm openSUSE-2024-368 low openSUSE Backports SLE-15-SP6 Update This update for keepassxc fixes the following issues: - drop runtime dependency on update-desktop-files keepassxc-2.7.9-bp156.2.6.1.src.rpm keepassxc-2.7.9-bp156.2.6.1.x86_64.rpm keepassxc-lang-2.7.9-bp156.2.6.1.noarch.rpm keepassxc-2.7.9-bp156.2.6.1.i586.rpm keepassxc-2.7.9-bp156.2.6.1.aarch64.rpm keepassxc-2.7.9-bp156.2.6.1.ppc64le.rpm keepassxc-2.7.9-bp156.2.6.1.s390x.rpm openSUSE-2024-372 important openSUSE Backports SLE-15-SP6 Update This update for icinga2 fixes the following issues: Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass (bsc#1233310). icinga2-2.13.10-bp156.4.3.1.src.rpm icinga2-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-bin-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-common-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-doc-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.x86_64.rpm nano-icinga2-2.13.10-bp156.4.3.1.x86_64.rpm vim-icinga2-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-2.13.10-bp156.4.3.1.i586.rpm icinga2-bin-2.13.10-bp156.4.3.1.i586.rpm icinga2-common-2.13.10-bp156.4.3.1.i586.rpm icinga2-doc-2.13.10-bp156.4.3.1.i586.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.i586.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.i586.rpm nano-icinga2-2.13.10-bp156.4.3.1.i586.rpm vim-icinga2-2.13.10-bp156.4.3.1.i586.rpm icinga2-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-bin-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-common-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-doc-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.aarch64.rpm nano-icinga2-2.13.10-bp156.4.3.1.aarch64.rpm vim-icinga2-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-bin-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-common-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-doc-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.ppc64le.rpm nano-icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm vim-icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm openSUSE-2024-374 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311) * CVE-2024-11110: Inappropriate implementation in Blink. * CVE-2024-11111: Inappropriate implementation in Autofill. * CVE-2024-11112: Use after free in Media. * CVE-2024-11113: Use after free in Accessibility. * CVE-2024-11114: Inappropriate implementation in Views. * CVE-2024-11115: Insufficient policy enforcement in Navigation. * CVE-2024-11116: Inappropriate implementation in Paint. * CVE-2024-11117: Inappropriate implementation in FileSystem. chromedriver-131.0.6778.69-bp156.2.53.1.x86_64.rpm chromium-131.0.6778.69-bp156.2.53.1.src.rpm chromium-131.0.6778.69-bp156.2.53.1.x86_64.rpm chromedriver-131.0.6778.69-bp156.2.53.1.aarch64.rpm chromium-131.0.6778.69-bp156.2.53.1.aarch64.rpm openSUSE-2024-370 critical openSUSE Backports SLE-15-SP6 Update This update for cobbler fixes the following issues: Update to 3.3.7 * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited cobbler-3.3.7-bp156.2.6.1.noarch.rpm cobbler-3.3.7-bp156.2.6.1.src.rpm cobbler-tests-3.3.7-bp156.2.6.1.noarch.rpm cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch.rpm openSUSE-2024-376 moderate openSUSE Backports SLE-15-SP6 Update This update for OpenBoard fixes the following issues: - update to release version 1.7.2 - switch from Qt5 to Qt6 - compatibility with ffmpeg-7 - compatibility with poppler OpenBoard-1.7.2-bp156.2.3.1.src.rpm OpenBoard-1.7.2-bp156.2.3.1.x86_64.rpm OpenBoard-1.7.2-bp156.2.3.1.aarch64.rpm openSUSE-2024-378 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 131.0.6778.85 (stable released 2024-11-19) (boo#1233534) * CVE-2024-11395: Type Confusion in V8 chromedriver-131.0.6778.85-bp156.2.56.1.x86_64.rpm chromium-131.0.6778.85-bp156.2.56.1.src.rpm chromium-131.0.6778.85-bp156.2.56.1.x86_64.rpm chromedriver-131.0.6778.85-bp156.2.56.1.aarch64.rpm chromium-131.0.6778.85-bp156.2.56.1.aarch64.rpm openSUSE-2024-379 moderate openSUSE Backports SLE-15-SP6 Update This update for iptraf-ng fixes the following issues: - Update to release 1.2.2 * serv.c: validate loading/saving/entry of port ranges * limit interface name lengths to IFNAMSIZ [CVE-2024-52949] iptraf-ng-1.2.2-bp156.4.3.1.src.rpm iptraf-ng-1.2.2-bp156.4.3.1.x86_64.rpm iptraf-ng-1.2.2-bp156.4.3.1.i586.rpm iptraf-ng-1.2.2-bp156.4.3.1.aarch64.rpm iptraf-ng-1.2.2-bp156.4.3.1.ppc64le.rpm iptraf-ng-1.2.2-bp156.4.3.1.s390x.rpm openSUSE-2024-383 moderate openSUSE Backports SLE-15-SP6 Update This update for tesseract-ocr fixes the following issues: Update to 5.5.0 - Fix TARGET_PDB_FILE error for static linking. in #4271 - Make regular usage of CMAKE_INSTALL_LIBDIR and GNUInstallDirs in #4272 - Ignore illegal TESSDATA_PREFIX (not existing filesystem entry, issue #4277) in #4278 - Fix confidence output for the PAGE XML renderer in #4283 - Set hOCR capabilities ocrp_dir and ocrp_lang unconditionally in #4301 - Reduce clock syscalls in #4303 - Calculate row bounding box in single-word mode per #4304 in #4305 - Replace access/_access by std::filesystem::exists in #4307 - Modernize code for list of available models in #4308 - Fix performance and other issues reported by Codacy in #4309 - Remove unnecessary assignment and assertions in #4313 - Update code for tprintf in #4306 - Add C++ stream for log messages and use it in two debug messages in #4314 - cmake: Correctly set the soversion based on SemVer properties in #4319 - Replace deprecated runner macos-12 by macos-latest in GitHub actions in #4326 - Modernize code for renderers and remove filename conversion for Windows in #4330 - Fix some typos and grammer issues in #4337 - Add GitHub action and Makefile target for Windows installer in #4341 - Support symbolic values for --oem and --psm options in #4344 - Replace some tprintf by tesserr stream (fixes Windows compiler warnings) in #4345 - Add RISC-V V support #4346 - Fix and improve Windows installer in #4348 - Remove Tensorflow support in #4350 - Update submodule googletest to release v1.15.2 in #4352 - Update to version 5.4.1: - Avoid FP overflow in NormEvidenceOf (fixes issue #4257) in #4259 - Update deprecated Node.js 16 GitHub actions in #4262 - Fix code style issues which were reported in #4263 - Fix some issues which were reported in #4266 - Fix more Codacy issues in #4267 - Several build fixes - Update to version 5.4.0: * Build fixes, code refactoring and other smaller changes. * Fix grey result of indexed PNG in pdfrenderer. * Rename frk -> deu_latf (ISO 639-3, ISO 15924). * Remove broken Dockerfile. * Fixes for several issues reported by Coverity Scan. * Remove unsupported OpenCL code and related API functions (#4220). * Facilitate vectorization for generic build (#4223). * Add PAGE XML renderer / export (#4214). * Support training without lstmf files. * Improve CCUtil::main_setup (fixes issue #4230 related to Coda). * Allow for text angle/gradient to be retrieved (#4070). * Fix setup of datadir on installations with Conda (issue #4230) (#4240) * Fix FP exception in Wordrec::angle_change (issue #4242) (#4243) * Small build fixes and code improvements - Disable opencl support due to boo#1213370 libtesseract5-5.5.0-bp156.2.3.1.x86_64.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-5.5.0-bp156.2.3.1.src.rpm tesseract-ocr-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.x86_64.rpm libtesseract5-5.5.0-bp156.2.3.1.aarch64.rpm libtesseract5-64bit-5.5.0-bp156.2.3.1.aarch64_ilp32.rpm libtesseract5-64bit-debuginfo-5.5.0-bp156.2.3.1.aarch64_ilp32.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.aarch64.rpm libtesseract5-5.5.0-bp156.2.3.1.ppc64le.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.ppc64le.rpm libtesseract5-5.5.0-bp156.2.3.1.s390x.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.s390x.rpm openSUSE-2024-384 moderate openSUSE Backports SLE-15-SP6 Update This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templates + ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates + ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server + ZBXNEXT-8657 Updated Zabbix health templates with new visualization Templates + ZBXNEXT-9143 Added index on auditlog recordsetid Server + ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type support to Zabbix agent 2 Smart plugin Agent + ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux and Windows templates, removed fuzzytime triggers from active agent templates Templates + ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server + ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server + ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server + ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets Templates - Bug Fixes + BX-24947 Fixed PHP runtime errors while processing frontend notifications Frontend + ZBX-24824 Improved loadable plugin connection broker Agent + ZBX-24583 Fixed inability to export/import web scenario with digest authentication API + ZBX-23905 Fixed double scroll in script dialogs Frontend + ZBX-18767 Fixed word breaks in flexible text input fields and trigger expressions Frontend + ZBX-24909 Fixed resolving of macro functions in the "Item value" widget Frontend + ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates + ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates + ZBX-24524 Fixed "New values per second" statistic to include dependent items in calculation Proxy Server + ZBX-24821 Made 'execute_on' value being recorded in audit only for shell scripts Server + ZBX-23312 Fixed discovery edit form being saved incorrectly after dcheck update Frontend + ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by HTTP template Templates + ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping when database is read-only Proxy Server + ZBX-23936 Fixed state and styling of readonly fields Frontend + ZBX-24520 Fixed an issue with incorrect translations used in several frontend places Frontend + ZBX-21815 Fixed issue with undefined offset for media type when it was deleted before saving the user Frontend + ZBX-24108 Fixed error in dashboard if Map widget contains map element that user doesn't have access to Frontend + ZBX-24569 Fixed old and added new items to Azure Virtual Machine template Templates + ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend + ZBX-24167 Fixed template linkage when item prototype collision is found Server + ZBX-23770 Improved monitoring user permissions documentation for Zabbix agent 2 Oracle plugin and Oracle by ODBC template Documentation + ZBX-24565 Removed redundant kernel header include, fixed musl compatibility issues (thanks to Alpine Linux maintainers for spotting this) + ZBX-24610 Fixed interface field appearance for discovered items without interface set Frontend + ZBX-24562 Fixed incorrect problem order in Problems by severity widget's hintbox Frontend + ZBX-23751 Fixed inability to pass an action filter condition without an "operator" property, implying a default value of "Equal" API + ZBX-21429 Prevented ability to disable all UI element access via role.update API API + ZBX-19271 Fixed inconsistent tag row rendering in different edit forms Frontend + ZBX-24539 Fixed incorrect threshold in trigger expression of Check Point Next Generation Firewall by SNMP template Templates + ZBX-24667 Fixed vm.memory.size[pused] item on Solaris Agent + ZBX-23781 Added storage volumes check in HPE iLO by HTTP template Templates + ZBX-24391 Fixed Zabbix agent to return net.tcp.socket.count result without error if IPv6 is disabled Agent + ZBX-24235 Fixed value misalignment in Item value widget Frontend + ZBX-24352 Fixed custom severity name usage in Geomap widget Frontend + ZBX-24665 Fixed potential problem with deprecated GCE Integrity feature Templates + ZBX-20993 Fixed Zabbix agent 2 MQTT plugin clientID to be generated by strict requirements Agent + ZBX-23426 Added dependent item with JavaScript preprocessing for edges SD-WAN in VMWare SD-WAN VeloCloud by HTTP template Templates + ZBX-24566 Fixed crash when expression macro is used in unsupported location Server + ZBX-24450 Fixed issue where graph could differ for data gathered from PostgreSQL and other databases Frontend + ZBX-24513 Fixed real-time export of rarely updated trends Server + ZBX-24163 Fixed submap addition in Map navigation tree widget to not append same submaps repeatedly Frontend + ZBX-23398 Fixed trigger expression constructor incorrectly showing '<' and '>' operators Frontend + ZBX-23584 Fixed error message being displayed when updating host after changing item status Frontend + ZBX-24635 Fixed datastore triggers in VMware templates Templates Update to 6.0.31: - New Features and Improvements + ZBXNEXT-9140 Added support for custom compartments in Oracle Cloud by HTTP templates Templates + ZBXNEXT-9034 Added Jira Data Center by JMX template Templates + ZBXNEXT-8682 Introduced a length limit of 512KB for item test values that server returns to Zabbix frontend Frontend Server + ZBXNEXT-8248 Added database filter macros to MySQL templates Templates + ZBXNEXT-6698 Removed absolute threshold and timeleft from OS template triggers of filesystem space Templates + ZBXNEXT-7930 Added user macro support for username and password fields in email media type Server + ZBXCTR-22 Refactored JavaScript filter functions for Kubernetes templates Templates + ZBXNEXT-9098 Added AWS ELB Network Load Balancer by HTTP template Templates + ZBXNEXT-6864 Replaced {HOST.CONN} with user macros in templates Templates + ZBXNEXT-9117 Updated max supported MariaDB version to 11.3 Proxy Server + ZBXNEXT-9026 Added Go compiler version to Zabbix agent 2 version output Agent + ZBXNEXT-8786 Changed 'odbc.discovery' keys to 'odbc.get' in MySQL by ODBC and Oracle by ODBC templates Templates + ZBXNEXT-8536 Added cbdhsvc service to macros in Windows agent templates Templates + ZBXNEXT-8861 Made changes and added more metrics to the FortiGate by SNMP template Templates + ZBXNEXT-8240 Added a new set of templates for integration with Oracle Cloud Infrastructure Templates - Bug Fixes + ZBX-24483 Improved memory usage in Zabbix server/proxy trappers and in proxy pollers when sending large configuration Proxy Server + ZBX-23073 Fixed URL widget resizing and dragging Frontend + ZBX-24574 Fixed HA node flipping between standby and active states Server + ZBX-24119 Fixed possible blocking of alert manager when it periodically pings database Server + ZBX-7998 Added VMware service username, password and URL check for empty values Proxy Server + ZBX-24402 Reduced main process connections to database during startup Proxy Server + ZBX-24369 Fixed filter behavior in monitoring pages after deleting filter parameters Frontend + ZBX-24484 Fixed Geomap widget console error when dragging map in widget edit mode Frontend + ZBX-23337 Improved supported version documentation for Oracle Database plugin and both templates Documentation + ZBX-24180 Fixed inability to import existing host or template when its dependent item prototype, which is used in trigger prototypes or graph prototypes, would have a different master item API + ZBX-20871 Fixed inability to use LLD macro functions in Prometheus pattern and labels used in item prototype preprocessing API + ZBX-24527 Fixed unnecessary loading text being displayed in hintbox preloader Frontend + ZBX-24362 Fixed wrong Zabbix agent 2 loadable plugin process handling catching all child process exits Agent + ZBX-24470 Fixed scale of VMware vmware.vm.memory.size.compressed key Proxy Server + ZBX-24415 Added triggers for datastores in VMware templates Templates + ZBX-18094 Fixed multiple pie graph issues related to calculation of item angles Frontend + ZBX-20766 Fixed confusing port binding error message Agent Proxy Server + ZBX-24481 Fixed inability to unset value map from existing item or item prototype by passing a version without valuemap parameter into configuration.import API + ZBX-24531 Fixed compile time data not being set for agent2 Agent + ZBX-24453 Implemented socket file cleanup when shutting down, added blocking of signals during important stages of startup Proxy Server + ZBX-24152 Fixed host form submission with Enter button if the form is opened in a popup and focus is in a flexible text area field Frontend + ZBX-23788 Added SNMP OID ifAlias in Network interfaces discovery Templates + ZBX-24482 Fixed the presence of the http_proxy field in the initial data Installation + ZBX-24210 Improved Zabbix agent 2 loadable plugin capacity code style Agent + ZBX-23951 Fixed issue of incorrect template matching when no UUID exists in export file API + ZBX-23953 Fixed CIDR network mask of VMware HV network interface Proxy Server + ZBX-24195 Fixed host IPMI username and password field max length Frontend + ZBX-24451 Added tags and changed a item in Proxmox template Templates + ZBX-23386 Fixed hintbox sizing to fit screen Frontend + ZBX-24024 Fixed OIDs for external sensors in APC UPC by SNMP templates Templates + ZBX-21751 Fixed node's loadavg item in Proxmox template Templates + ZBX-24315 Fixed linking template to host when some LLD macro paths already exist Server + ZBX-24172 Fixed Zabbix server issue with scheduled intervals on Feb 29th of leap year Server + ZBX-23407 Improved performance of retrieving last history values when primary keys are available API + ZBX-24246 Updated descriptions for family of MySQL and Oracle templates, changed macro in the trigger 'Tablespace utilization is too high' for family of Oracle templates Templates + ZBX-23988 Renamed Agent2 Go module + ZBX-24222 Fixed incorrect item OIDs in the FortiGate by SNMP template Templates + ZBX-24393 Updated README in Redis by Zabbix agent 2 template Templates + ZBX-24298 Allowed any JNDI service providers back in JMX monitoring Java gateway + ZBX-19990 Separated LLD filter macros in Apache Tomcat by JMX template Templates + ZBX-24364 Added preprocessing steps for LLD rules in RabbitMQ templates Templates + ZBX-24368 Improved PostgreSQL autovacuum's count query Templates + ZBX-24282 Fixed Zabbix proxy to report error for not supported items Proxy Server + ZBX-19507 Fixed vmware.eventlog item to recover after event keys are reset Server + ZBX-24241 Fixed Zabbix server issue with random order of host groups for a host during real-time export Server + ZBX-24275 Fixed item prototype JSONPath preprocessing, added missing volume health metric and triggers in HPE MSA templates Templates + ZBX-24316 Fixed username macro in GridGain by JMX template Templates + ZBX-23719 Updated plugin-support to add duplicate flag handling Agent + ZBX-22429 Fixed typo in Zabbix proxy automake file Installation + ZBX-24264 Fixed value cache being filled with values of newly added items with triggers Server + ZBX-24088 Fixed problem filtering in maps with nested maps Frontend + ZBX-24206 Fixed line breaks in JavaScript in Cloudflare template Templates + ZBX-24236 Fixed nested transaction error in LLD when connection is terminated Server + ZBX-24134 Added sensor discovery in VMware Hypervisor template Templates + ZBX-23918 Fixed item pattern select popup to display all available items Frontend + ZBX-24190 Fixed items being updated incorrectly when configuring graph Frontend + ZBX-24289 Fixed issue with interface assignment for items copied from host to host Frontend + ZBX-23032 Added triggers for cluster status in VMware templates Templates + ZBX-23948 Added support for TabularData data when parsing an MBean attribute Java gateway + ZBX-23742 Fixed tag filtering logic for tags with one name and different types of operators API + ZBX-24271 Added delay in JavaScript execution for Azure Cost Management by HTTP template Templates + ZBX-24208 Fixed Oracle, MySQL plugin connection cache blocking Agent + ZBX-24202 Fixed JavaScript in AWS S3 bucket by HTTP template Templates + ZBX-23478 Fixed issue when missing locale error would not be displayed for user under certain conditions Frontend + ZBX-24166 Fixed Zabbix not being able to restart due to RTC and sockets not being closed before stopping Agent Proxy Server + ZBX-23853 Fixed duplicate agent check timestamps when time shifts back due to system clock synchronization Agent system-user-zabbix-6.0.33-bp156.2.3.1.noarch.rpm zabbix-6.0.33-bp156.2.3.1.src.rpm zabbix-agent-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-java-gateway-6.0.33-bp156.2.3.1.noarch.rpm zabbix-proxy-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-ui-6.0.33-bp156.2.3.1.noarch.rpm zabbix-agent-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.i586.rpm zabbix-agent-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-agent-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-agent-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.s390x.rpm openSUSE-2024-389 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - Update to version 1.4.3~git1.078625c: * Update to latest fido-mds-tool (#3230) - Update to version 1.4.3~git0.fb00176: * Release 1.4.3 * Warn when v2 options are used in v1 unixd config (#3228) * Resolve UI Auth Loop with OAuth2 (#3226) * Harden transport in pam unixd (#3227) * Improve warning around invalid JWT deserialisation (#3224) * Update and fix server config files in examples. (#3225) * Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212) * Add docs on customising Kanidm. (#3209) * Correct spelling of occurred (#3222) * UI/Feature polish (#3191) * Prevent Invalid MFA Reg States (#3194) * Change CSS for applications so SVG scales nicely in Firefox. (#3200) * 20241109 3185 max age (#3196) * Hoist max_age to prevent incorrect deserialisation (#3190) * Release 1.4.2 * Re-migrate all acps to force updating (#3184) * security - low - fault in migrations (#3182) - Update to version 1.4.1~git0.ad93202: * Release 1.4.1 * Correct missing CSP header (#3177) * Resolve pam services not always having a tty (#3176) kanidm-1.4.3~git1.078625c-bp156.10.1.src.rpm kanidm-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-clients-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-docs-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-server-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-unixd-clients-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-clients-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-docs-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-server-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-unixd-clients-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm openSUSE-2024-385 moderate openSUSE Backports SLE-15-SP6 Update This update for lxd fixes the following issues: - Change license to AGPL-3.0-only AND Apache-2.0: + All Canonical contributions have been relicensed and are now under AGPLv3. Community contributions remain under Apache 2.0. - update to 5.21.1: + Restricted metrics client certificate security regression fix + New image server remote for non-Ubuntu images + List all storage volumes API and CLI support Highlights 5.21.0: + Change of version numbering scheme + Fine grained authorization for OIDC users + Optimized block volume refresh for Ceph RBD + Device config override when importing instance backups Highlights 5.20.0: + LXD change to AGPLv3 + Create metadata and data OSD pools as part of creating a cephfs storage pool + Debug mode for EDK2 UEFI firmware + Authorization restructure + Shiftfs support has been removed - add attr as dependency for setfattr (boo#1190416) - update to 5.19: Highlights: + Add support for per-NIC device limits.priority option + Instance volume configuration through disk device - update to 5.18: Highlights 5.18: + Receive OVN logs into LXD and Loki Highlights 5.17: + ZFS 2.2 delegation support + Add remote copy support for custom volume snapshots + Allow recovery of empty storage pools lxd-5.21.1-bp156.3.3.1.src.rpm lxd-5.21.1-bp156.3.3.1.x86_64.rpm lxd-bash-completion-5.21.1-bp156.3.3.1.noarch.rpm lxd-5.21.1-bp156.3.3.1.i586.rpm lxd-5.21.1-bp156.3.3.1.aarch64.rpm lxd-5.21.1-bp156.3.3.1.ppc64le.rpm lxd-5.21.1-bp156.3.3.1.s390x.rpm openSUSE-2024-386 moderate openSUSE Backports SLE-15-SP6 Update This update for fwts fixes the following issues: - Update to version 24.11.00: * lib: fwts_version.h - update to V24.11.00 * hdaaudio: fix the the build errors under plucky amd64 * auto-packager: mkpackage.sh: add plucky * dmicheck: add more types for version length test. * dmicheck: update for supporting DMI version to 3.8.0 * acpi: iort: memory access flag update. * src/acpi: Fix a few spelling mistakes * acpi/wmi: Warn if WMI GUIDs from the Windows driver samples are found * lib: fwts_acpi_object_eval: Do not return FWTS_OK if method lookup fails * script: fix bash-completion-with-hashbang lintian warning * dmicheck: update for supporting DMI version to 3.7.1 * tpmevlog: Ensure the event log matches the actual TPM PCRs - Update to version 24.09.00: * lib: fwts_version.h - update to V24.09.00 * klog.json: Add the missing processor error message to klog database * klog.json: Add the missing exreqion error message to klog database * klog.json: Add the missing exserial error message to klog database * klog.json: Add the missing exoparg2 error message to klog database * klog.json: Add the missing dswload2 error message to klog database * klog.json: Add the missing nsinit error message to klog database * klog.json: Add the missing exstore error message to klog database * klog.json: Add more nsxfeval error messages to klog database * klog.json: Add more utobject error messages to klog database * klog.json: Add more uttrack error messages to klog database * klog.json: Add the missing srat error message to klog database * klog.json: Add more error messages for battery to klog database * klog.json: Add the missing scan error messages to klog database * klog.json: Add the missing prmt error messages to klog database * klog.json: Add the missing viot error messages to klog database * klog.json: Add the missing ipmi error messages to klog database * klog.json: Add the missing fan_core error message to klog database * klog.json: Add more missing acpi pcc kernel messages to klog database * klog.json: Add more missing osl kernel messages to klog database * fwts-test: slic: sync test results with fixes to ACPICA SLIC dumping * ACPICA: Update to version 20240827 * lib: modprobe: add checking the compressed zst module format * klog.json: Add more missing iort kernel messages to klog database * klog.json: Add some missing gtdt kernel messages to klog database * klog.json: Add some missing ghes kernel messages to klog database * klog.json: Add some missing agdi kernel messages to klog database * klog: fix the pattern errors for einj trigger table entry - Update to version 24.07.00: * acpi: acpipld: downgrade the severity for PLD on the not connected port * configure.ac: fix the autoreconf AC_PROG_LEX warning * configure.ac: fix the autoreconf AC_PROG_LIBTOOL warning * lib: fwts_version.h - update to V24.07.00 * auto-packager: mkpackage.sh: remove mantic * acpi: acpipld: modify the test description to aviod misunderstanding * fwts-test: add regression tests for S3PT * acpi: s3pt: add tests for ACPI S3PT table * aspm: Only require ASPM for devices with an actual link * fwts-test: cedt: sync up with adding raw data dump * fwts-test: cedt: fix the wrong value of ENIW * acpi: cedt: add raw data dump for interleave target list * libfwtsiasl: fix parallel build with GNU Make >= 4.4 * tpmevlog: Ensure EV_SEPARATOR recorded for PCRs 0-7 * efi_runtime: don't build dkms module for those kernels with efi_test * auto-packer: mkpackage.sh: add oracular * lib: fwts_log_html: fix the invalid printf format string * autopackager: mkpackage.sh: remove lunar - Update to version 24.03.00: * lib: fwts_version.h - update to V24.03.00 * lib: fwts_acpi_tables: fix the build fail on armhf * ACPICA: Update to version 20240322 - Update to version 24.01.00: * acpi: acpipld: add tests to check _PLD methods only on the connectable ports * opal: fix the resource leak for cpus * opal: fix the resource leak for process_dimm and process_mba * acpi: srat: fix the untrusted loop bound warning - Update to version 24.01.00: * opal: fix the resource leak for get_linux_mem_devices * dmicheck: Don't check firmware version on anything but NVDIMM devices - Update to version 24.11.00: * lib: fwts_version.h - update to V24.11.00 * hdaaudio: fix the the build errors under plucky amd64 * auto-packager: mkpackage.sh: add plucky * dmicheck: add more types for version length test. * dmicheck: update for supporting DMI version to 3.8.0 * acpi: iort: memory access flag update. * src/acpi: Fix a few spelling mistakes * acpi/wmi: Warn if WMI GUIDs from the Windows driver samples are found * lib: fwts_acpi_object_eval: Do not return FWTS_OK if method lookup fails * script: fix bash-completion-with-hashbang lintian warning * dmicheck: update for supporting DMI version to 3.7.1 * tpmevlog: Ensure the event log matches the actual TPM PCRs - Update to version 24.09.00: * lib: fwts_version.h - update to V24.09.00 * debian: update changelog * klog.json: Add the missing processor error message to klog database * klog.json: Add the missing exreqion error message to klog database * klog.json: Add the missing exserial error message to klog database * klog.json: Add the missing exoparg2 error message to klog database * klog.json: Add the missing dswload2 error message to klog database * klog.json: Add the missing nsinit error message to klog database * klog.json: Add the missing exstore error message to klog database * klog.json: Add more nsxfeval error messages to klog database * klog.json: Add more utobject error messages to klog database * klog.json: Add more uttrack error messages to klog database * klog.json: Add the missing srat error message to klog database * klog.json: Add more error messages for battery to klog database * klog.json: Add the missing scan error messages to klog database * klog.json: Add the missing prmt error messages to klog database * klog.json: Add the missing viot error messages to klog database * klog.json: Add the missing ipmi error messages to klog database * klog.json: Add the missing fan_core error message to klog database * klog.json: Add more missing acpi pcc kernel messages to klog database * klog.json: Add more missing osl kernel messages to klog database * fwts-test: slic: sync test results with fixes to ACPICA SLIC dumping * ACPICA: Update to version 20240827 * lib: modprobe: add checking the compressed zst module format * klog.json: Add more missing iort kernel messages to klog database * klog.json: Add some missing gtdt kernel messages to klog database * klog.json: Add some missing ghes kernel messages to klog database * klog.json: Add some missing agdi kernel messages to klog database * klog: fix the pattern errors for einj trigger table entry - Update to version 24.07.00: * acpi: acpipld: downgrade the severity for PLD on the not connected port * configure.ac: fix the autoreconf AC_PROG_LEX warning * configure.ac: fix the autoreconf AC_PROG_LIBTOOL warning * lib: fwts_version.h - update to V24.07.00 * debian: update changelog * auto-packager: mkpackage.sh: remove mantic * acpi: acpipld: modify the test description to aviod misunderstanding * fwts-test: add regression tests for S3PT * acpi: s3pt: add tests for ACPI S3PT table * aspm: Only require ASPM for devices with an actual link * fwts-test: cedt: sync up with adding raw data dump * fwts-test: cedt: fix the wrong value of ENIW * acpi: cedt: add raw data dump for interleave target list * libfwtsiasl: fix parallel build with GNU Make >= 4.4 * tpmevlog: Ensure EV_SEPARATOR recorded for PCRs 0-7 * efi_runtime: don't build dkms module for those kernels with efi_test * auto-packer: mkpackage.sh: add oracular * lib: fwts_log_html: fix the invalid printf format string * autopackager: mkpackage.sh: remove lunar - Update to version 24.03.00: * lib: fwts_version.h - update to V24.03.00 * debian: update changelog * lib: fwts_acpi_tables: fix the build fail on armhf * ACPICA: Update to version 20240322 - Update to version 24.01.00: * acpi: acpipld: add tests to check _PLD methods only on the connectable ports * opal: fix the resource leak for cpus * opal: fix the resource leak for process_dimm and process_mba * acpi: srat: fix the untrusted loop bound warning - Update to version 24.01.00: * opal: fix the resource leak for get_linux_mem_devices * dmicheck: Don't check firmware version on anything but NVDIMM devices fwts-24.11.00-bp156.2.3.1.src.rpm fwts-24.11.00-bp156.2.3.1.x86_64.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.x86_64.rpm fwts-debugsource-24.11.00-bp156.2.3.1.x86_64.rpm fwts-24.11.00-bp156.2.3.1.i586.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.i586.rpm fwts-debugsource-24.11.00-bp156.2.3.1.i586.rpm fwts-24.11.00-bp156.2.3.1.aarch64.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.aarch64.rpm fwts-debugsource-24.11.00-bp156.2.3.1.aarch64.rpm openSUSE-2024-388 moderate openSUSE Backports SLE-15-SP6 Update This update for incus fixes the following issues: - Remove the incus.sysctl drop-in file. This setting file overlaps with lxd's sysctl settings, and setting these sysctls on boot even if you aren't running containers is suboptimal. We could come up with a complicated scheme for loading the rules once Incus starts, as suggested in boo#1233410, but ultimately these settings are only really useful for production servers with >100 containers, at which point admins are expected to tune their servers anyway. So we can just remove it. - Backport patches to fix encrypted ZFS datasets having their keys be unloaded on Incus daemon restarts. - Fix secureboot VMs by switching to passing the correct environment variable (INCUS_EDK2_PATH) and updating the ovmf symlinks to point to the correct blobs. There is an upstream bug here, so we will need to fix this again later. - Update to version 6.7: * fix live update VM's limits.memory configuration when use a percentage value #1287 * fix: fix slice init length #1285 * incusd/instance/lxc: Remove restrictions on /run #1288 * Correct macvlan mode names #1284 * Translations update from Hosted Weblate #1290 * Translations update from Hosted Weblate #1295 * Translations update from Hosted Weblate #1304 * incus-simplestreams: Fix list -f json #1310 * Profile performance improvements #1314 * incus-agent: Add timeout for DNS query #1313 * incusd/instance/qemu: Don't fail on console retrival issue #1316 * Allow changing the parent value on physical networks #1317 * incus: Fix display of current project in projects list #1318 * Add --format to incus admin sql #1319 * incusd/internal/server/instance/drivers: support for Chimera Linux (qemu/edk2) pkg layout #1298 * incusd/instance/common: Cleanup volatile on device add failure #1323 * incusd/network/bgp: Only advertise networks with BGP configuration #1325 * Make revert library shared #1326 * Fix to the cluster resources caching mechanism #1324 * Fix idmap issues #1327 * Make ask library shared #1329 * doc/network/resolved: Add disabling DNSSEC and DNSOverTLS #1328 * Add some application container documentation #1331 * incusd/device/nic/bridged: Handle invalid configuration #1330 * Fix handling of custom volume snapshot patterns #1333 * Add OCI DHCP renewal #1334 * doc/installing: Update for Chimera Linux #1335 * shared/cgo: Don't use strlcpy #1337 * Implement incus webui #1338 * incusd/scriptlet: Make set_target fail with invalid members #1339 * Export QMP functions #1340 * incusd/network/ovn: Add support to ipv4.dhcp.ranges #1341 * internal/server: Log QMP interaction to a file #1345 * incusd/instance/qemu: Log QEMU command line #1346 * Improve cluster instance placement #1344 * incusd/instance_logs: Update log file list #1347 * Add infrastructure for OVN events #1349 * Fix QEMU feature checks during startup #1350 * incusd/instance/lxc: Fix LXCFS per-instance path #1352 * doc/idmap: Clarify subuid/subgid configuration #1353 * incusd/instance/qmp: Fix logging with no log file #1355 * Add a GetOIDCTokens() method #1357 * Add get-current to show current project #1356 * incus/file/create: Use SFTP client instead of file API #1354 * internal/instance: Allow 0 as value to limits.cpu.nodes #1358 * Translations update from Hosted Weblate #1361 * Translations update from Hosted Weblate #1362 * Translations update from Hosted Weblate #1368 * Improve agent interface listing performance #1367 * Make incus top output configurable through options #1370 * Automatic live-migration to balance load on cluster #1369 * gomod: Update dependencies #1372 * Add refresh-exclude-older flag to only transfer new snapshots during instance/volume refresh #1365 * incusd/instances/publish: Fix base metadata #1374 * Fix TPM with long instance names #1377 * Don't BGP advertise OVN load-balancers when all backends are offline #1376 * incusd/instance/qemu: Don't take over operations on console retrieval #1379 * Tweak to cluster internal relocation #1378 - Package Incus 6.6, based on the LXD 5.21 package. The primary differences are that we no longer need to do ELF patching to work around having a custom sqlite fork (instead we can use libcowsql, which is packaged for openSUSE already). incus-6.7-bp156.2.1.src.rpm incus-6.7-bp156.2.1.x86_64.rpm incus-bash-completion-6.7-bp156.2.1.noarch.rpm incus-fish-completion-6.7-bp156.2.1.noarch.rpm incus-tools-6.7-bp156.2.1.x86_64.rpm incus-zsh-completion-6.7-bp156.2.1.noarch.rpm incus-6.7-bp156.2.1.aarch64.rpm incus-tools-6.7-bp156.2.1.aarch64.rpm incus-6.7-bp156.2.1.ppc64le.rpm incus-tools-6.7-bp156.2.1.ppc64le.rpm incus-6.7-bp156.2.1.s390x.rpm incus-tools-6.7-bp156.2.1.s390x.rpm openSUSE-2024-391 moderate openSUSE Backports SLE-15-SP6 Update This update for sops fixes the following issues: - fix broken sops executable sops-3.8.0-bp156.2.3.1.src.rpm sops-3.8.0-bp156.2.3.1.x86_64.rpm sops-3.8.0-bp156.2.3.1.i586.rpm sops-3.8.0-bp156.2.3.1.aarch64.rpm sops-3.8.0-bp156.2.3.1.ppc64le.rpm sops-3.8.0-bp156.2.3.1.s390x.rpm openSUSE-2024-392 moderate openSUSE Backports SLE-15-SP6 Update This update for sane-airscan fixes the following issues: Ship sane-airscan in version 0.99.30: * WSD: sca:ScannerDescription requested in sca:GetScannerElementsRequest * WSD: Ricoh Aficio MP 201: fixed detection of "ADF empty" state * HTTP: logged "end of input" event * test-decode: more informative usage when invoked without args * test-devcaps: stub implementation * test-devcaps: works for WSD * WSD: fixed ADF duplex on Epson Workforce WF-3520 * test-devcaps: works for eSCL too * Device model name propagated from zeroconf to proto handlers, for quirks * WSD: fix for ADF scan on RICOH Aficio MP 201 * WSD: more information requested in sca:GetScannerElementsRequest * Some devices don't behave if sca:ImagesToTransfer isn't set as expected. * README: fixed OKI supported table entries * OKI-MB471/OKI-MC332dn/OKI-MC362dn marked as not supporting eSCL * Dell E514dw added to the list * Kyocera TASKalfa 3051ci added to the list * doc: add Epson ET-2650 series * Add EPSON WF-2760 Series * WSD: Add content type selection * eSCL: Add scan intent selection * Fixed logging of supported/chosen scan intent * eSCL: fixed parsing of the supported scan intents in the device capabilities * ID_SCANINTENT better documented * Tweaked a textual description of the scan-intent option * SANE name for ID_SCANINTENT_DOCUMENT now "Document" (was "Text") * Added ID_SCANINTENT_UNSET value for the 'sane-intent' * Setting "scan-intent" now requires a precise match. * eSCL: delay between subsequent loads made Brother-specific * WSD: cosmetic * WSD: workaround for ADF Duplex on Brother MFC-9370CDW * The "sane-intent" option cannot be SANE_CAP_INACTIVE sane-airscan-0.99.30-bp156.2.1.src.rpm sane-airscan-0.99.30-bp156.2.1.x86_64.rpm sane-airscan-0.99.30-bp156.2.1.i586.rpm sane-airscan-0.99.30-bp156.2.1.aarch64.rpm sane-airscan-0.99.30-bp156.2.1.ppc64le.rpm sane-airscan-0.99.30-bp156.2.1.s390x.rpm openSUSE-2024-393 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account_invoice_stock, trytond_party, trytond_purchase, trytond_stock, trytond_stock_supply fixes the following issues: Changes in tryton: - Version 6.0.46 - Bugfix Release Changes in trytond: - Version 6.0.55 - Bugfix Release - Version 6.0.53 - Bugfix Release Changes in trytond_account_invoice_stock: - Version 6.0.4 - Bugfix Release - sources are not signed anymore Changes in trytond_stock_supply: - Version 6.0.10 - Bugfix Release Changes in trytond_stock: - Version 6.0.30 - Bugfix Release - Version 6.0.29 - Bugfix Release Changes in trytond_party: - Version 6.0.7 - Bugfix Release Changes in trytond_purchase: - Version 6.0.19 - Bugfix Release - Version 6.0.18 - Bugfix Release tryton-6.0.46-bp156.2.12.1.noarch.rpm tryton-6.0.46-bp156.2.12.1.src.rpm trytond-6.0.55-bp156.2.12.1.noarch.rpm trytond-6.0.55-bp156.2.12.1.src.rpm trytond_account_invoice_stock-6.0.4-bp156.2.3.1.noarch.rpm trytond_account_invoice_stock-6.0.4-bp156.2.3.1.src.rpm trytond_party-6.0.7-bp156.2.3.1.noarch.rpm trytond_party-6.0.7-bp156.2.3.1.src.rpm trytond_purchase-6.0.19-bp156.2.9.1.noarch.rpm trytond_purchase-6.0.19-bp156.2.9.1.src.rpm trytond_stock-6.0.30-bp156.2.6.1.noarch.rpm trytond_stock-6.0.30-bp156.2.6.1.src.rpm trytond_stock_supply-6.0.10-bp156.2.6.1.noarch.rpm trytond_stock_supply-6.0.10-bp156.2.6.1.src.rpm openSUSE-2024-395 moderate openSUSE Backports SLE-15-SP6 Update This update for gede fixes the following issues: - New upstream version 2.21.1 * Add Qt6 port - New upstream version 2.20.2 * Fixed incorrect cursor position in console output - New upstream release 2.20.1 * Added support for entering gdb commands manually - Do not force a ctags vendor on users gede-2.21.1-bp156.2.3.1.src.rpm gede-2.21.1-bp156.2.3.1.x86_64.rpm gede-qt6-2.21.1-bp156.2.3.1.src.rpm gede-qt6-2.21.1-bp156.2.3.1.x86_64.rpm gede-2.21.1-bp156.2.3.1.aarch64.rpm gede-qt6-2.21.1-bp156.2.3.1.aarch64.rpm gede-2.21.1-bp156.2.3.1.ppc64le.rpm gede-qt6-2.21.1-bp156.2.3.1.ppc64le.rpm gede-2.21.1-bp156.2.3.1.s390x.rpm gede-qt6-2.21.1-bp156.2.3.1.s390x.rpm openSUSE-2024-398 moderate openSUSE Backports SLE-15-SP6 Update This update for libcpuid fixes the following issues: - Update to version 0.7.1: * Fix cpuid kernel module build on ARM * Return ERR_NO_CPUID when cpuid kernel module cannot be used on AArch32 * state * Refactor the build of the bindings (#203) * Fix build error on AArch64 when HWCAP_CPUID is not defined (#205) * Fix build on Windows ARM with MSVC (206) * Fix detection of Intel Meteor Lake * Support for Intel Arrow Lake * Support for AMD Turin - update to 0.7.0: * Version 0.7.0 (2024-08-26): * Fix handle leaks in rdmsr.c (#199) * Fix cpuid_get_hypervisor when NULL data is provided (#199) * Prevent intel_fn11 array overruns (#199) * Support for AMD Hawk Point * Support for more AMD Phoenix (8000 series) * Add cpu_clock_by_tsc() function to the library (#124) * Check x86 CPUs MSR support (#185) * Add support for ARM CPUs (AArch32 + AArch64) (#200) * Add cpu_feature_level_t enumerated values for x86 CPUs (#177) * Support up to 4 subleaf entries for CPUID leaf 0x80000026 (#189) * Support for Extended CPU topology subleaf in cpuid_identify_purpose_amd() (#189) * Support CPU purpose for AMD x86 CPUs (#189) * Add cpuid Linux and FreeBSD kernel modules for ARM CPUs * Improve errors handling in cpuid_get_all_raw_data() and cpuid_get_raw_data_core() (#202) * Support get_total_cpus() on DragonFly BSD * Improve set_cpu_affinity() on NetBSD * Fix build on OpenBSD * Improve behavior when CPU affinity cannot be set * Fix a regression in cpuid_tool about arguments doing nothing (like --rdmsr or --cpuid) * Fix a segmentation fault when using --quiet in cpuid_tool * Improve error handling in cpu_identify_all() * Add Python bindings (#197) * Support for AMD Granite Ridge * Support for AMD Strix Point * Detect x2APIC and AVX512 features for AMD x86 CPUs - update to release 0.6.5 * Support for Intel Bay Trail-M * Support for Intel Bay Trail-T * Support for Intel Bay Trail-D * Support for AMD Storm Peak * Support for Intel Raport Lake Refresh * Support heterogeneous RAW dumps in cpu_identify_all() * Support for Intel Meteor Lake, including detection of LP E-Cores * Support for Intel Emerald Rapids-SP * Support for more AMD Van Gogh - Update to release 0.6.4 * Support for AMD Genoa, Phoenix, Dragon Range, Ryzen Z1 * Support for Intel Sapphire Rapids-WS, Skylake (server), Cascade Lake, Ice-Lake (server), Sapphire Rapids-SP, Raptor Lake-H/HX, Apollo lake * Improve support for Arrandale, Alder-Lake and Raptor-Lake P/U * Initial support for Centaur CPUs (VIA and Zhaoxin) libcpuid-0.7.1-bp156.2.3.1.src.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-devel-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-tools-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid17-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.i586.rpm libcpuid-devel-0.7.1-bp156.2.3.1.i586.rpm libcpuid-tools-0.7.1-bp156.2.3.1.i586.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid17-0.7.1-bp156.2.3.1.i586.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-devel-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-tools-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid17-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-devel-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-tools-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid17-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm openSUSE-2024-403 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: Update to version 1.4.4~git0.c3dbf83: - Check DNS on replication loop start not at task start (#3243) - Work around systemd race condition (#3262) - Clear invalid tokens from unix resolver (#3256) - Allow OAuth2 loopback redirects if the path matches (#3252) - Correctly display domain name on login (#3254) - Display account_id during success/deny paths in unixd (#3253) - s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250) - handle missing map_group setting in config (#3242) - owncloud: Add SameSite=Lax config for cross-domain auth (#3245) - Yaleman/issue3229 (#3239) kanidm-1.4.4~git0.c3dbf83-bp156.13.1.src.rpm kanidm-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-clients-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-docs-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-server-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-unixd-clients-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-clients-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-docs-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-server-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-unixd-clients-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm openSUSE-2024-399 moderate openSUSE Backports SLE-15-SP6 Update This update for minikube fixes the following issues: - update to 1.34.0 (boo#1227017 boo#1227049 boo#1227005): For a more detailed changelog, including changes occurring in pre-release versions, see CHANGELOG.md. https://github.com/kubernetes/minikube/blob/master/CHANGELOG.md * Breaking Changes: - Bump minimum podman version to 4.9.0 #19457 - Disallow using Docker Desktop 4.34.0 #19576 * Features: - Bump default Kubernetes version to v1.31.0 #19435 - Add new driver for macOS: vfkit #19423 - Add Parallels driver support for darwin/arm64 #19373 - Add new volcano addon #18602 - Addons ingress-dns: Added support for all architectures #19198 - Support privileged ports on WSL #19370 - VM drivers with docker container-runtime now use docker-buildx for image building #19339 - Support running x86 QEMU on arm64 #19228 - Add -o json option for addon images command #19364 * Improvements: - add -d shorthand for --driver #19356 - add -c shorthand for --container-runtime #19217 - kvm2: Don't delete the "default" libvirt network #18920 - Update MINIKUBE_HOME usage #18648 - CNI: Updated permissions to support network policies on kindnet #19360 - GPU: Set NVIDIA_DRIVER_CAPABILITIES to all when GPU is enabled #19345 - Improved error message when trying to use mount on system missing 9P #18995 - Improved error message when enabling KVM addons on non-KVM cluster #19195 - Added warning when loading image with wrong arch #19229 - profile list --output json handle empty config folder #16900 - Check connectivity outside minikube when connectivity issuse #18859 * Bugs: - Fix not creating API server tunnel for QEMU w/ builtin network #19191 - Fix waiting for user input on firewall unblock when --interactive=false #19531 - Fix network retry check when subnet already in use for podman #17779 - Fix empty tarball when generating image save #19312 - Fix missing permission for kong-serviceaccount #19002 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.17 to 1.5.23 #19341 #19501 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.2 to v0.25.0 #18992 #19152 #19349 - Addon kong: Update kong image from 3.6.1 to 3.7.1 #19046 #19124 - Addon kubevirt: Update bitnami/kubectl image from 1.30.0 to 1.31.0 #18929 #19087 #19313 #19479 - Addon ingress: Update ingress-nginx/controller image from v1.10.1 to v1.11.2 #19302 #19461 - Addon inspektor-gadget: Update inspektor-gadget image from v0.27.0 to v0.32.0 #18872 #18931 #19011 #19166 #19411 #19554 - Addon istio-provisioner: Update istio/operator image from 1.21.2 to 1.23.0 #18932 #19052 #19167 #19283 #19450 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.15.0 to v0.16.2 #19162 #19266 #19336 #19409 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.1 to v0.7.2 #19529 - Addon YAKD: bump marcnuri/yakd image from 0.0.4 to 0.0.5 #19145 - CNI: Update calico from v3.27.3 to v3.28.1 #18870 #19377 - CNI: Update cilium from v1.15.3 to v1.16.1 #18925 #19084 #19247 #19337 #19476 - CNI: Update kindnetd from v20240202-8f1494ea to v20240813-c6f155d6 #18933 #19252 #19265 #19307 #19378 #19446 - CNI: Update flannel from v0.25.1 to v0.25.6 #18966 #19008 #19085 #19297 #19522 - Kicbase: Update nerdctld from 0.6.0 to 0.6.1 #19282 - Kicbase: Bump ubuntu:jammy from 20240427 to 20240808 #19068 #19184 #19478 - Kicbase/ISO: Update buildkit from v0.13.1 to v0.15.2 #19024 #19116 #19264 #19355 #19452 - Kicbase/ISO: Update cni-plugins from v1.4.1 to v1.5.1 #19044 #19128 - Kicbase/ISO: Update containerd from v1.7.15 to v1.7.21 #18934 #19106 #19186 #19298 #19521 - Kicbase/ISO: Update cri-dockerd from v0.3.12 to v0.3.15 #19199 #19249 - Kicbase/ISO: Update crun from 1.14.4 to 1.16.1 #19112 #19389 #19443 - Kicbase/ISO: Update docker from 26.0.2 to 27.2.0 #18993 #19038 #19142 #19153 #19175 #19319 #19326 #19429 #19530 - Kicbase/ISO: Update nerdctl from 1.7.5 to 1.7.6 #18869 - Kicbase/ISO: Update runc from v1.1.12 to v1.1.13 #19104 - update to 1.33.1: * Bugs: - Fix DNSSEC validation failed errors #18830 - Fix too many open files errors #18832 - CNI cilium: Fix cilium pods failing to start-up #18846 - Addon ingress: Fix enable failing on arm64 machines using VM driver #18779 - Addon kubeflow: Fix some components missing arm64 images #18765 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.15 to 1.5.17 #18773 #18811 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.1 to v0.23.2 #18793 - Addon ingress: Update ingress-nginx/controller image from v1.10.0 to v1.10.1 #18756 - Addon istio-provisioner: Update istio/operator image from 1.21.1 to 1.21.2 #18757 - Addon kubevirt: Update bitnami/kubectl image from 1.29.3 to 1.30.0 #18711 #18771 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.14.5 to v0.15.0 #18703 - CNI cilium: Update from v1.15.1 to v1.15.3 #18846 - High Availability: Update kube-vip from 0.7.1 to v0.8.0 #18774 - Kicbase/ISO: Update docker from 26.0.1 to 26.0.2 #18706 - Kicbase: Bump ubuntu:jammy from 20240227 to 20240427 #18702 #18769 #18804 - update to 1.33.0: * Features: - Support multi-control plane - HA clusters --ha #17909 Tutorial - Add support for Kubernetes v1.30 #18669 - Support exposing clusterIP services via minikube service #17877 - Addon gvisor: Add arm64 support #18063 #18453 - New Addon: YAKD - Kubernetes Dashboard addon #17775 * Minor Improvements: - Add active kubecontext to minikube profile list output #17735 - CNI calico: support kubeadm.pod-network-cidr #18233 - CNI bridge: Ensure pod communications are allowed #16143 - Addon auto-pause: Remove memory leak & add configurable interval #17936 - image build: Add docker.io/library to image short names #16214 - cp: Create directory if not present #17715 - Move errors getting logs into log output itself #18007 - Add default sysctls to allow privileged ports with no capabilities #18421 - Include extended attributes in preload tarballs #17829 - Apply kubeadm.applyNodeLabels label to all nodes #16416 - Limit driver status check to 20s #17553 - Include journalctl logs if systemd service fails to start #17659 - Fix "Failed to enable container runtime: sudo systemctl restart cri-docker" #17907 - Fix containerd redownloading existing images on start #17671 - Fix kvm2 not detecting containerd preload #17658 - Fix modifying Docker binfmt config #17830 - Fix auto-pause addon #17866 - Fix not using preload with overlayfs storage driver #18333 - Fix image repositories not allowing subdomains with numbers #17496 - Fix stopping cluster when using kvm2 with containerd #17967 - Fix starting more than one cluster on kvm2 arm64 #18241 - Fix starting kvm2 clusters using Linux on arm64 Mac #18239 - Fix displaying error when deleting non-existing cluster #17713 - Fix no-limit not being respected on restart #17598 - Fix not applying kubeadm.applyNodeLabels label to nodes added after inital start #16416 - Fix logs delimiter output #17734 * Bugs: - Fix unescaped local host regex #18617 - Fix regex on validateNetwork to support special characters #18158 * Version Upgrades: - Bump Kubernetes version default: v1.30.0 and latest: v1.30.0 #18669 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.0 to 0.23.1 #18517 - Addon inspektor-gadget: Update inspektor-gadget image from v0.26.0 to v0.27.0 #18588 - Addon istio-provisioner: Update istio/operator image from 1.21.0 to 1.21.1 #18644 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.0 to v0.7.1 #18551 - CNI: Update calico from v3.27.0 to v3.27.3 #18206 - CNI: Update flannel from v0.24.4 to v0.25.1 #18641 - Kicbase/ISO: Update buildkit from v0.13.0 to v0.13.1 #18566 - Kicbase/ISO: Update containerd from v1.7.14 to v1.7.15 #18621 - Kicbase/ISO: Update cri-dockerd from v0.3.3 to v0.3.12 #18585 - Kicbase/ISO: Update crun from 1.14 to 1.14.4 #18610 - Kicbase/ISO: Update docker from 25.0.4 to 26.0.1 #18485 #18649 - Kicbase/ISO: Update nerdctl from 1.7.4 to 1.7.5 #18634 - Kicbase: Update nerdctld from 0.5.1 to 0.6.0 #18647 - update to 1.32.0: * rootless: support `--container-runtime=docker` #17520 * Install NVIDIA container toolkit during image build (offline support) * Fix no-limit option for config validation #17530 * NVIDIA GPU support with new `--gpus=nvidia` flag for docker driver #15927 #17314 #17488 * New `kubeflow` addon #17114 * New `local-path-provisioner` addon #15062 * Kicbase: Add `no-limit` option to `--cpus` & `--memory` flags #17491 * Hyper-V: Add memory validation for odd numbers #17325 * QEMU: Improve cpu type and IP detection #17217 * Mask http(s)_proxy password from startup output #17116 * `--delete-on-faliure` also recreates cluster for kubeadm failures #16890 * Addon auto-pause: Configure intervals using `--auto-pause- interval` #17070 * `--kubernetes-version` checks GitHub for version validation and improved error output for invalid versions #16865 * Bugs: * QEMU: Fix addons failing to enable #17402 * Fix downloading the wrong kubeadm images for k8s versions after minikube release #17373 * Fix enabling & disabling addons with non-existing cluster #17324 * Fix delete if container-runtime doesn't exist #17347 * Fix network not found not being detected on new Docker versions #17323 * Fix addon registry doesn't follow Minikube DNS domain name configuration (--dns-domain) #15585 * Version Upgrades: * Bump Kubernetes version default: v1.28.3 and latest: v1.28.3 * Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.9 to 1.5.11 #17225 #17259 * Addon headlamp: Update headlamp-k8s/headlamp image from v0.19.0 to v0.20.1 #17135 #17365 * Addon ingress: Update ingress-nginx/controller image from v1.8.1 to v1.9.3 #17223 #17297 #17348 #17421 * Addon inspektor-gadget: Update inspektor-gadget image from v0.19.0 to v0.21.0 #17176 #17340 * Addon istio-provisioner: Update istio/operator image from 1.12.2 to 1.19.3 #17383 #17436 * Addon kong: Update kong image from 3.2 to 3.4.2 #17485 * Addon registry: Update registry image from 2.8.1 to 2.8.3 #17382 #17467 * CNI: Update calico from v3.26.1 to v3.26.3 #17363 #17375 * CNI: Update flannel from v0.22.1 to v0.22.3 #17102 #17263 * CNI: Update kindnetd from v20230511-dc714da8 to v20230809-80a64d96 #17233 * Kicbase/ISO: Update buildkit from v0.11.6 to v0.12.2 #17194 * Kicbase/ISO: Update containerd from v1.7.3 to v1.7.7 #17243 #17466 * Kicbase/ISO: Update crictl from v1.21.0 to v1.28.0 #17240 * Kicbase/ISO: Update docker from 24.0.4 to 24.0.6 #17120 #17207 * Kicbase/ISO: Update nerdctl from 1.0.0 to 1.6.2 #17145 #17339 #17434 * Kicbase/ISO: Update runc from v1.1.7 to v1.1.9 #17250 * Kicbase: Bump ubuntu:jammy from 20230624 to 20231004 #17086 #17174 #17345 #17423 - update to 1.31.2: * docker-env Regression: * Create `~/.ssh` directory if missing #16934 * Fix adding guest to `~/.ssh/known_hosts` when not needed #17030 * Verify containerd storage separately from docker #16972 * cni: Fix regression in auto selection #16912 docker-machine-driver-kvm2-1.34.0-bp156.2.3.1.x86_64.rpm minikube-1.34.0-bp156.2.3.1.src.rpm minikube-1.34.0-bp156.2.3.1.x86_64.rpm minikube-bash-completion-1.34.0-bp156.2.3.1.noarch.rpm minikube-1.34.0-bp156.2.3.1.i586.rpm docker-machine-driver-kvm2-1.34.0-bp156.2.3.1.aarch64.rpm minikube-1.34.0-bp156.2.3.1.aarch64.rpm openSUSE-2024-397 important openSUSE Backports SLE-15-SP6 Update This update for radare2 fixes the following issues: Update to version 5.9.8: - CVE-2024-29645: buffer overflow vulnerability allows an attacker to execute arbitrary code via the parse_die function (boo#1234065). - For more details, check full release notes: https://github.com/radareorg/radare2/releases/tag/5.9.8 https://github.com/radareorg/radare2/releases/tag/5.9.6 https://github.com/radareorg/radare2/releases/tag/5.9.4 https://github.com/radareorg/radare2/releases/tag/5.9.2 https://github.com/radareorg/radare2/releases/tag/5.9.0 https://github.com/radareorg/radare2/releases/tag/5.8.8 radare2-5.9.8-bp156.4.3.1.src.rpm radare2-5.9.8-bp156.4.3.1.x86_64.rpm radare2-devel-5.9.8-bp156.4.3.1.x86_64.rpm radare2-zsh-completion-5.9.8-bp156.4.3.1.noarch.rpm radare2-5.9.8-bp156.4.3.1.aarch64.rpm radare2-devel-5.9.8-bp156.4.3.1.aarch64.rpm radare2-5.9.8-bp156.4.3.1.ppc64le.rpm radare2-devel-5.9.8-bp156.4.3.1.ppc64le.rpm radare2-5.9.8-bp156.4.3.1.s390x.rpm radare2-devel-5.9.8-bp156.4.3.1.s390x.rpm openSUSE-2024-400 low openSUSE Backports SLE-15-SP6 Update This update for nanopb fixes the following issues: - CVE-2024-53984: Fix memory not released on error return (boo#1234088) libprotobuf-nanopb0-0.4.6-bp156.4.3.1.x86_64.rpm nanopb-0.4.6-bp156.4.3.1.src.rpm nanopb-devel-0.4.6-bp156.4.3.1.x86_64.rpm nanopb-source-0.4.6-bp156.4.3.1.noarch.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.i586.rpm nanopb-devel-0.4.6-bp156.4.3.1.i586.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.aarch64.rpm nanopb-devel-0.4.6-bp156.4.3.1.aarch64.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.ppc64le.rpm nanopb-devel-0.4.6-bp156.4.3.1.ppc64le.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.s390x.rpm nanopb-devel-0.4.6-bp156.4.3.1.s390x.rpm openSUSE-2024-401 moderate openSUSE Backports SLE-15-SP6 Update This update for arch-install-scripts fixes the following issues: - New upstream release 29 * arch-chroot: fix unshare chroot /dev symlinks * arch-chroot: bind mount over a /etc/resolv.conf symlink (requires mount >= 2.39) * arch-chroot: add option to preserve the chroot resolv.conf * arch-chroot: ensure /run is mounted with --make-private * genfstab: ensure swap devices adhere to -f * genfstab: remove atgc mount option arch-install-scripts-29-bp156.3.3.1.noarch.rpm arch-install-scripts-29-bp156.3.3.1.src.rpm