- Recommend ppd-server instead of power-profiles-daemon: there is
also tuned-ppd, which provides the same dbus interface. If the
user does not chose between the two, we suggest the original
power-profiles-daemon.
- Fix escaping of commented out patch: with RPM 4.20, %patch
becomes a standard, expandable macro, that can span more than one
line. Commenting out with #%patch can thus lead to invalid
results.
- Update to version 3.6.4:
+ http2: Fix regression on 32bit systems when reading response
data.
==== llvm19 ====
Version update (19.1.6 -> 19.1.7)
- Update to version 19.1.7.
* This release contains bug-fixes for the LLVM 19.1.0 release.
This release is API and ABI compatible with 19.1.0.
- Rebase llvm-do-not-install-static-libraries.patch.
==== python-rpds-py ====
Version update (0.21.0 -> 0.22.3)
- Update to version 0.22.3:
* Properly tag a release fixing the soundness issue.
* Bump to PyO3 0.23.3, avoiding 0.23.x's previous soundness
issues.
* [pre-commit.ci] pre-commit autoupdate
- Update to version 0.22.1:
* Tag a release for regaining all the Windows wheels.
* ci: separate free-threaded and standard 3.13 distribution
builds
* Bump pyo3 from 0.23.1 to 0.23.2
- Update to version 0.22.0:
* Bump to 0.22.0 for a free-threading-supported beta release.
* Enable free-threaded wheel builds
* [pre-commit.ci] pre-commit autoupdate
* [pre-commit.ci] auto fixes from pre-commit.com hooks
* revert changes to wheel-building config
* work around CPython issue 127065
* declare support for free-threading
* [pre-commit.ci] pre-commit autoupdate
* Bump pyo3 from 0.23.0 to 0.23.1
* Build on all branches.
* Skip zizmor in pre-commit.ci as well.
* add 3.13t to CI config
* point Cargo.toml at pyo3 0.23 on crates.io
* update rpds.py for PyO3 0.23
* [pre-commit.ci] pre-commit autoupdate
* Bump the zizmor version.
==== rsync ====
Version update (3.3.0 -> 3.4.1)
- Update to 3.4.1
* BUG FIXES:
- fixed handling of -H flag with conflict in internal flag values
- fixed a user after free in logging of failed rename
- fixed build on systems without openat()
- removed dependency on alloca() in bundled popt
* DEVELOPER RELATED:
- fix to permissions handling in the developer release script
- Drop 705.patch, because now in upstream.
- update to 3.4.1
* fixed handling of -H flag with conflict in internal flag values
(replaces 705.patch)
* fixed a user after free in logging of failed rename
* fixed build on systems without openat()
* removed dependency on alloca() in bundled popt
- Backport patch from PR 705 to fix broken handling of hashes and
hard links:
* Add 705.patch
- Update to 3.4
* Bump to protocol 32
Drop CVE patches:
* Drop rsync-gcc14.patch
* Removed rsync-CVE-2024-12084-overflow-01.patch
* Removed rsync-CVE-2024-12084-overflow-02.patch
* Removed rsync-CVE-2024-12085.patch
* Removed rsync-CVE-2024-12086_01.patch
* Removed rsync-CVE-2024-12086_02.patch
* Removed rsync-CVE-2024-12086_03.patch
* Removed rsync-CVE-2024-12086_04.patch
* Removed rsync-CVE-2024-12087_01.patch
* Removed rsync-CVE-2024-12087_02.patch
* Removed rsync-CVE-2024-12088.patch
* Removed rsync-CVE-2024-12747.patch
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
* Added rsync-CVE-2024-12747.patch
- Security update, fix multiple vulnerabilities:
* CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing
* CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
* CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
* CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
* CVE-2024-12088, bsc#1234104 - --safe-links Bypass
* Added rsync-CVE-2024-12084-overflow-01.patch
* Added rsync-CVE-2024-12084-overflow-02.patch
* Added rsync-CVE-2024-12085.patch
* Added rsync-CVE-2024-12086_01.patch
* Added rsync-CVE-2024-12086_02.patch
* Added rsync-CVE-2024-12086_03.patch
* Added rsync-CVE-2024-12086_04.patch
* Added rsync-CVE-2024-12087_01.patch
* Added rsync-CVE-2024-12087_02.patch
* Added rsync-CVE-2024-12088.patch
==== skopeo ====
Version update (1.16.1 -> 1.17.0)
- Update to version 1.17.0:
* Bump to c/Skopeo v1.17.0
* Bump c/common to v0.60.0
* fix(deps): update module github.com/containers/image/v5 to v5.33.0
* Trigger a rebuild of the ostree-rs-ext container
* Update contrib/cirrus/ostree_ext.dockerfile for DNF 5
* update CI images to f41
* cirrus: use dnf remove over erase
* fix(deps): update golang.org/x/exp digest to f66d83c
* fix(deps): update module github.com/containers/storage to v1.55.1 (fixes CVE-2024-9676 / bsc#1231698)
* Fix format string inconsistency causing a build failure
* proxy: Add various debug logging
* chore(deps): update dependency containers/automation_images to v20241010
* * Added option to create digest file for syncing images. * Digest file output would have docker reference of source and sha of of the mainfest sync'd with the target. This file would not be created if dry-run flag is enabled * improved the sync document to include the correct output for manifest file. * added new line for the manifest file once all images are sync'd * Ensuring we log on manifest digest if the copy operation was successful. * Check for errors if any once sync process is complete. * Ensure to capture the failure when closing the manifest file. * Ensure we are not writing manifest sha for failed copy of imagesand aborting the process in case write to file fails
* Packit: constrain downstream koji job to fedora package
* fix(deps): update module golang.org/x/term to v0.25.0
* fix(deps): update module github.com/containers/common to v0.60.4
* fix(deps): update golang.org/x/exp digest to 701f63a
* vendor: switch to moby/sys/capability (#2428)
* Document that zstd:chunked is downgraded to zstd when encrypting
* fix(deps): update module github.com/containers/common to v0.60.3
* Packit: split out ELN jobs and reuse fedora downstream targets
* Packit: Enable sidetags for bodhi updates
* chore(deps): update dependency golangci/golangci-lint to v1.61.0
* fix(deps): update module golang.org/x/term to v0.24.0
* Use a range expression
* Update to Go 1.22
* Restrict Packit targets to those that support Go 1.22
* fix(deps): update golang.org/x/exp digest to 9b4947d
* chore(deps): update dependency containers/automation_images to v20240821
* Update skopeo-generate-sigstore-key.1.md
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3
* fix(deps): update module github.com/masterminds/semver/v3 to v3.3.0
* fix(deps): update module github.com/containers/common to v0.60.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2
* fix(deps): update module github.com/containers/image/v5 to v5.32.2
* Replace egrep with grep -E
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.1
* fix(deps): update module github.com/containers/common to v0.60.1
* fix(deps): update module github.com/containers/image/v5 to v5.32.1
* fix(deps): update module golang.org/x/term to v0.23.0
* The fakeroot package doesn't exist in RHEL.
* Bump Skopeo to v1.17.0-dev
- drop merged patch:
* 0001-Update-container-storage-to-v1.55.1.patch
==== suse-module-tools ====
Version update (16.0.55 -> 16.0.56)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.56:
* rpm-script: create /boot/vmlinuz and /boot/initrd in kiwi environment
(bsc#1234275, bsc#1234759)
