Packages changed: gnome-control-center (47.1.1+9 -> 47.2) gnome-online-accounts (3.52.1 -> 3.52.2) gnome-terminal (3.54.1 -> 3.54.2) gnome-user-share (47.0+0 -> 47.2) gtk4 (4.16.6 -> 4.16.7) kdump (2.0.11 -> 2.0.12) libadwaita (1.6.1 -> 1.6.2) libnetfilter_conntrack libnvme libsoup (3.6.0 -> 3.6.1) passt (20241030.ee7d0b6 -> 20241121.238c69f) podman (5.3.0 -> 5.3.1) python-tornado6 (6.4.1 -> 6.4.2) vte (0.78.1 -> 0.78.2) xdm xen (4.19.0_04 -> 4.19.0_06) === Details === ==== gnome-control-center ==== Version update (47.1.1+9 -> 47.2) Subpackages: gnome-control-center-color gnome-control-center-goa - Update to version 47.2: + Accessibility: Remove "screen" labels that take too much space + Appearance: Fix accidental reset of accent colors config + Apps: Fix some memory leaks + Color: Ensure profiles are connected before operating on them + Mobile Networks: Fix alignment of status pages + Mouse: - Fix illustration assets requiring gstreamer-plugins-bad - Update illustration assets + Printers: Remove wrong tooltip in the "Add Printer" button + Updated translations. ==== gnome-online-accounts ==== Version update (3.52.1 -> 3.52.2) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.52.2: + Bugs fixed: - goadavclient.c: add WebDAV default candidate to test - goafedoraprovider: fix use-after-free + Updated translations. ==== gnome-terminal ==== Version update (3.54.1 -> 3.54.2) Subpackages: nautilus-extension-terminal - Update to version 3.54.2: + Updated translations. ==== gnome-user-share ==== Version update (47.0+0 -> 47.2) - Adjust _service definition: upstream has changed their tag format to be a simple VERSION tag. - Update to version 47.2: + Fix a compiling issue for non-gnu C toolchain. ==== gtk4 ==== Version update (4.16.6 -> 4.16.7) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.7: + Text: Reduce the size of error underlines. + Accessibility: - Fix a wrong return value type. - Fix an invalid free call. ==== kdump ==== Version update (2.0.11 -> 2.0.12) - upgrade to version 2.0.12 * fadump: pass additional parameters for capture kernel (jsc#PED-9889) ==== libadwaita ==== Version update (1.6.1 -> 1.6.2) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.6.2: + AdwDialog: Fix accessible role critical when using window-backed dialogs. + AdwHeaderBar: Fix a typo in docs. + AdwMessageDialog: Fix a typo in adw_message_dialog_response() deprecation message. + AdwStyleManager: Fix initial color scheme value on Windows. + Updated translations. ==== libnetfilter_conntrack ==== - Specfile modernization ==== libnvme ==== Subpackages: libnvme-mi1 libnvme1 - Fix tests on s390 * add 0002-test-mock-pass-thru-unknown-ioctls.patch ==== libsoup ==== Version update (3.6.0 -> 3.6.1) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Update to version 3.6.1: + Fix `soup_uri_copy()` reading port as a long instead of an int + Fix possible NULL deref in `soup_uri_decode_data_uri()` + Fix possible overflow in `SoupContentSniffer` + Fix assertion in `soup_uri_decode_data_uri()` on URLs with a path starting with `//` + headers: Be more robust against invalid input when parsing params + websocket: Fix possibility of being stuck in a read loop - Drop patches fixed upstream: + 6adc0e3e.patch + 29b96fab.patch + a35222dd.patch + 4c9e75c6.patch ==== passt ==== Version update (20241030.ee7d0b6 -> 20241121.238c69f) Subpackages: passt-selinux - Update to version 20241121.238c69f: * tcp: Acknowledge keep-alive segments, ignore them for the rest * tcp: Reset ACK_TO_TAP_DUE flag whenever an ACK isn't needed anymore * ndp: Don't send unsolicited RAs if NDP is disabled * ndp: Don't send unsolicited router advertisement if we can't, yet * selinux: Use auth_read_passwd() interface for all our getpwnam() needs * ndp: Send unsolicited Router Advertisements * passt: Seed libc's pseudo random number generator * util: Add general low-level random bytes helper * ndp: Make route lifetime a #define * ndp: Use struct assignment in preference to memcpy() for IPv6 addresses * ndp: Split out helpers for sending specific NDP message types * ndp: Add ndp_send() helper * ndp: Remove redundant update to addr_seen * cppcheck: Don't check the system headers * linux_dep: Fix CLOSE_RANGE_UNSHARE availability handling * linux_dep: Move close_range() conditional handling to linux_dep.h * log: Only check for FALLOC_FL_COLLAPSE_RANGE availability at runtime * tap, tcp, util: Add some missing SOCK_CLOEXEC flags * passt: Use NOLINT clang-tidy block instead of NOLINTNEXTLINE * util: Define small and big thresholds for socket buffers as unsigned long long * tap: Cast TAP_BUF_BYTES - ETH_MAX_MTU to ssize_t, not TAP_BUF_BYTES * dhcpv6: Turn some option headers pointers to const * dhcpv6: Use for loop instead of goto to avoid false positive cppcheck warning * tcp: unify payload and flags l2 frames array * test: Improve test for NDP assigned prefix * test: Don't require 64-bit prefixes in perf tests * test: Make nstool hold robust against interruptions to control clients * test: Rename propagating signal handler * util: Work around cppcheck bug 6936 * udp: Don't dereference uflow before NULL check in udp_reply_sock_handler() * ndp: Use const pointer for ndp_ns packet * linux_dep: Generalise tcp_info.h to handling Linux extension compatibility * fwd: Squash different-signedness comparison warning * util: Remove unused ffsl() function * clang: Add rudimentary clangd configuration * Makefile: Don't attempt to auto-detect stack size * Makefile: Use -DARCH for qrap only * seccomp: Simplify handling of AUDIT_ARCH * Makefile: Move NETNS_RUN_DIR definition to C code * netlink: RTA_PAYLOAD() returns int, not size_t * flow: Correct type of flowside_at_sidx() * arch: Avoid explicit access to 'environ' * clang: Move clang-tidy configuration from Makefile to .clang-tidy * Makefile: Simplify exclusion of qrap from static checks * clang: Add .clang-format file * test: Adjust misplaced sleeps in two_guests code * tap: Explicitly cast TUNSETIFF to fix build warning with musl on ppc64le * tcp: Fix build against musl, __sum16 comes from linux/types.h ==== podman ==== Version update (5.3.0 -> 5.3.1) - Update to version 5.3.1: * Bump to v5.3.1 * Update release notes for v5.3.1 * Update windows installer tests * Windows: don't install WSL/HyperV on update * Switch to non-installing WSL by default * docs: add 5.3 as Reference version * only read ssh_config for non machine connections * ssh_config: allow IdentityFile file with tilde * ssh_config: do not overwrite values from config file * connection: ignore errors when parsing ssh_config * spec: clamp rlimits in a userns * cirrus: set proper DEST_BRANCH for 5.3 * libpod: addHosts() prevent nil deref * Bump bundled krunkit to 0.1.4 * fix podman machine init --ignition-path * Bump to v5.3.1-dev ==== python-tornado6 ==== Version update (6.4.1 -> 6.4.2) - Update to 6.4.2: + Security Improvements: * Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. (CVE-2024-52804, bsc#1233668) ==== vte ==== Version update (0.78.1 -> 0.78.2) - Update to version 0.78.2: + build: Fix typo in pread check + emulation: Use U+2426 for SUB + lib: Remove an unnecessary move + widget: - Use correct type for out param - Use correct termprop name ==== xdm ==== - tweak the login screen: * use sans serif font * use branding wallpaper and colors * do not require xli, recommend feh ==== xen ==== Version update (4.19.0_04 -> 4.19.0_06) - bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (XSA-463) xsa463-01.patch xsa463-02.patch xsa463-03.patch xsa463-04.patch xsa463-05.patch xsa463-06.patch xsa463-07.patch xsa463-08.patch xsa463-09.patch - bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (XSA-464) xsa464.patch - Drop stdvga-cache.patch - bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin