- update to 20240722.1 (boo#1236438)
* potential integer overflow in hash container create/resize
==== filesystem ====
- add Provides: may-perform-usrmerge (bsc#1236481)
- Add support for loongarch64
- Remove /usr/etc/skel/bin/
==== fwupd ====
Version update (1.9.27 -> 2.0.4+4)
Subpackages: typelib-1_0-Fwupd-2_0
- Update to version 2.0.4+4:
+ dell-kestrel: cleanup the devices when disconnected
+ Raise authentication requirements for emulation-load
+ uefi-dbx: Only list the version in the quirk file key
- Update to version 2.0.4:
+ This release adds the following features:
- Record the entire USB descriptor in the emulation data
- Return defined return code when network metadata refresh
fails
+ This release fixes the following bugs:
- Add a new private flag of 'delayed-removal' to remove a
footgun
- Added a more specific instance ID for qc-s5gen2 USB devices
- Add fadvise64 to the systemd syscall allowlist
- Add the Unifying bootloader VID/PID as a full instance ID
- Allow disabling zero-length packet for modem-manager devices
- Allow recovering Logitech Bolt receiver in bootloader mode
- Correctly parse CSV streams without trailing NULs
- Detect if network is reachable before downloading metadata
- Disabling reading the OptionROM device after dumping
- Do not claim kernel interface to avoid Parade downstream port
resets
- Do not save BootOrder when measuring system integrity
- Enumerate child nordic-hid devices correctly
- Fix a possible critical warning for Mediatek scaler devices
- Fix Firehose padding for some modem-manager devices
- Fix UEFI capsule updates when using 4096 byte NVME blocksize
- Get the Dell dock update package version correctly
- Never read more of the composite stream from a partial stream
- Notify snapd about DBX updates
- Probe sd_mod before starting
- Properly handle FU_DEVICE_PRIVATE_FLAG_NO_GENERIC_GUIDS
- Remove the test for CSME 18 manufacturing lock
- Restore the Logitech compatibility UFY instance IDs
- Show the correct version when installing a same-device
composite update
- Show updates with problems when using 'fwupdmgr get-releases'
- Split up the AMD GPU VBIOS P/N for the version
- Use attr USB4_TYPE rather than guessing from
thunderbolt_domain
- Use the ISO date as a dbx version number for the Microsoft
KEK
- Use the KEK to set the dbx vendor ID
==== gnome-terminal ====
Version update (3.54.2 -> 3.54.3)
Subpackages: nautilus-extension-terminal
- Update to version 3.54.3:
+ ci: Add CI.
- Drop obsolete and unused update-desktop-files BuildRequires: the
corresponding macro is already removed in the past.
- Update to version 3.24.48:
+ GtkFileChooser: Stop replacing : (colon) with U+2236 (ratio)
+ GtkEmojiChooser: Update to Unicode 16 / CLDR 46
+ GtkSpinButton:
- Use semantically appropriate icon names
- Make numeric spin buttons always LTR
+ GtkEntry:
- Stop guessing text direction from keyboard layout
- Add a shortcut and context menu item to change text direction
+ GtkEventControllerMotion: Make enter and leave signals work
+ Accessibility: Use message dialog titles as names
+ GDK: Fix portal handling of gvfs files
+ Wayland:
- Support the xdg_foreign_v2 protocol
- Try to fix monitor geometry on sway
- Improve font setting fallback
- Use a better default cursor size
- Fix a crash during DND
+ Updated translations.
==== hicolor-icon-theme ====
Version update (0.17 -> 0.18)
- Update to version 0.18:
* Provide a pkgconfig file
* Create HiDPI directories
* Port build system to Meson
- Create devel subpackage for pkgconfig file
- Create all directories under symbolic
(needed by budgie-desktop)
- Create 1024x1024 HiDPI directories
- Update to version v7.12.0:
* Bump version to 7.12.0
* API: Add /version endpoint to registrar
* Remove unused registrar_common.py file
* scripts: Download coverage data directly from Testing Farm
* docs: Add separate documentation for each API version
* scripts/create_runtime_policy.sh: fix path for the exclude list
* docs: add documentation for keylime-policy
* [Automatic] Update Keylime base image 2025-01-02
* templates: Add the new agent.conf option 'api_versions'
* Enable autocompletion using argcomplete
* build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2
* test: remove typed-ast from test-requirements.txt
* tests: fix rpm tests to account for older createrepo_c versions
* Configure EPEL-10 repo in packit-ci.fmf
* packit: Fix typo to run keylime-policy-commands test
* build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1
* build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3
* docker/ci: Add xxd to the CI image
* docker/ci: Fix CI image build for dnf5
* build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1
* build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0
* keylime-policy: improve error handling when provided a bad key (sign)
* keylime-policy: exit with status 1 when the commands failed
* keylime-policy: use Certificate() from models.base to validate certs
* keylime-policy: check for valid cert file when using x509 backend (sign)
* keylime-policy: fix help for "keylime-policy sign" verb
* tenant: Correctly log number of tries when deleting
* tests: Use Fedora 41 to generate code coverage
* [Automatic] Update Keylime base image 2024-12-02
* update TCTI environment variable usage
* build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2
* keylime-policy: add `create measured-boot' subcommand
* keylime-policy: add `sign runtime' subcommand
* keylime-policy: add logger to use with the policy tool
* docker/release/build_locally.sh: Fail if skopeo is not installed
* installer.sh: Restore execution permission
* installer: Fix string comparison
* build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0
* build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0
* build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0
* build(deps): bump actions/setup-python from 5.2.0 to 5.3.0
* installer.sh: updated EPEL, PEP668 Fix, logic fix
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0
* build(deps): bump actions/checkout from 4.2.1 to 4.2.2
* postgresql support for docker using psycopg2
* [Automatic] Update Keylime base image 2024-11-04
* End of term for @maugustosilva + propose @ansasaki
* installer.sh: update package list, add workaround for PEP 668
* build(deps): bump actions/checkout from 4.2.0 to 4.2.1
* keylime.conf: full removal
* Drop pending SPDX-License-Identifier headers
* create_runtime_policy: Validate algorithm from IMA measurement log
* test_create_runtime_policy: Add test for mismatching algorithms
* create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity
* create_runtime_policy: drop commment with test data
* create_runtime_policy: Use a common method to guess algorithm
* keylime-policy: rename tool to keylime-policy instead of keylime_policy
* keylime_policy: create runtime: remove --use-ima-measurement-list
* keylime_policy: use consistent arg names for create_runtime_policy
* tests: Add more tests to Packit CI
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3
* build(deps): bump actions/checkout from 4.1.7 to 4.2.0
* [Automatic] Update Keylime base image 2024-10-01
* elchecking/example: workaround empty PK, KEK, db and dbx
* elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2
* create_runtime_policy: Fix log level for debug messages
* build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2
* build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5
* pylintrc: Ignore too-many-positional-arguments check
* keylime/web/base/controller: Move TypeAlias definition out of class
* test_create_runtime_policy: Add tests for algorithm priority
* test_create_runtime_policy: Add test case for symbolic links
* create_runtime_policy: Calculate digests in multiple threads
* create_runtime_policy: Allow rootfs to be in any directory
* keylime_policy: Calculate digests from each source separately
* create_runtime_policy: Simplify boot_aggregate parsing
* ima: Validate JSON when loading IMA Keyring from string
* docs: include IDevID page also in the sidebar
* docs: point to installation guide from RHEL and SLE Micro
* build(deps): bump actions/setup-python from 5.1.1 to 5.2.0
* build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1
* change check_tpm_origin_check to a warning that does not prevent registration
* docs: Fix Runtime Policy JSON schema to reflect the reality
* README: update meeting time to 16:00 UK time
* [Automatic] Update Keylime base image 2024-09-11
* Sets absolute path for files inside a rootfs dir
* policy/create_runtime_policy: fix handling of empty lines in exclude list
* keylime_policy: setting 'log_hash_alg' to 'sha1' (template-hash algo)
* tests: apply workarounds to known bugs
* codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright)
* codestyle: convert bytearrays to bytes to get expected type (pyright)
* codestyle: Use new variables after changing datatype (pyright)
* Revert "DO NOT MERGE, TEMPORARY COMMIT"
* [Automatic] Update Keylime base image 2024-08-16
* Lint: ignore reportArgumentType and reportInvalidTypeForm errors
* docker: Install latest Keylime during image build
* cert_utils: add description why loading using cryptography might fail
* Enable test functional/iak-idevid-persisted-and-protected
... changelog too long, skipping 58 lines ...
* verifier, tenant: make payload for agent completely optional
==== libphonenumber ====
Version update (8.13.40 -> 8.13.53)
- Update to version 8.13.53:
* Fixed a bug where the extension was appended twice in
formatOutOfCountryKeepingAlphaChars in the Java version and
updated FormatOutOfCountryKeepingAlphaChars in the C++ version
to format the extension.
* Updated metadata
- pwquality.conf moved from /etc/security to /usr/lib/security
==== liburing ====
- disable more tests on s390x
==== libvpx ====
Version update (1.14.1 -> 1.15.0)
- Update to version 1.15.0:
* Fix to Uninitialized scalar variable in `vp9_rd_pick_inter_mode_sb()`
* Fix to Integer-overflow in `resize_multistep`
* Fix to Heap-buffer-overflow in `vpx_sad64x64_avx2`
* Fix to Crash in `vpx_sad8x8_sse2`
* Fix to Assertion in `write_modes`
* Support profile guided optimizations
* Fix to Integer-overflow in `encode_frame_to_data_rate`
* Fix to Integer-overflow in `vp9_svc_check_reset_layer_rc_flag`
* Fix to core dump error from /usr/bin/tools/tiny_ssim --help
* Fix to use-of-uninitialized-value in `vp9_setup_tpl_stats`
* Fix to Undefined-shift in `vp9_cyclic_refresh_setup`
* Fix to redundant `&& __GNUC__` preproc check
* Fix to valgrind warning in EncodeAPI.OssFuzz69906
* Fix to Index-out-of-bounds in `vp8_rd_pick_inter_mode`
* Fix to Integer-overflow in `vp8_pick_frame_size`
* Fix to Use-of-uninitialized-value in `vpx_codec_peek_stream_info`
* Fix to log clutters with the message "Warning: Desired height too large"
* Fix to Integer-overflow in `vp9_svc_adjust_avg_frame_qindex`
* Fix to integer overflows caused by huge target bitrate, frame rate, or g_timebase numerator or denominator
* Fix to missing license headers
* Fix to build failure for Android Armv7
* Fix to integer overflows in image helpers
* Fix to Integer-overflow in `vp9_calc_iframe_target_size_one_pass_cbr`
* Fix to Heap-buffer-overflow in `vp9_pick_inter_mode`
* Fix to Segv in `vp9_multi_thread_tile_init`
* Fix to Use-of-uninitialized-value in `vp9_row_mt_sync_mem_dealloc`
* Fix to Crash in `mbloop_filter_vertical_edge_c`
* Fix to Check failed in CheckUnwind
* Fix to Heap-buffer-overflow in `write_modes_b` and `vpx_write`
* Fix to Possible signed integer overflow found in `vpx_codec_encode`
* Fix to build conflicts between Abseil and libaom/libvpx in Win ARM64 builds
* Fix to build failures on aarch64
* Fix to Data race in libvpx ARM NEON
* Fix to Heap-buffer-overflow in `scale_plane_1_to_2_phase_0`
* Fix to integer overflow in `encode_mb_row`
* Fix to Floating-point-exception in `vp8_pick_frame_size`
* Fix to Heap-buffer-overflow in `vp9_enc_setup_mi`
* Fix to build failure with --target=arm64-win64-vs17
* Fix to heap-buffer-overflow write in `vpx_img_read()`
* Fix to C vs armv8-linux-gcc encode mismatches for `y4m_360p_10bit_input`
* Fix to Null-dereference READ in `ml_predict_var_rd_partitioning`
* Fix to Heap-buffer-overflow in `vpx_scaled_2d_ssse3`
* Fix to Crash in `convolve_horiz`
* Fix to Ill in `vpx_scaled_2d_ssse3`
* Fix to Global-buffer-overflow in `cost_coeffs`
==== osinfo-db ====
Version update (20240701 -> 20250124)
- Update to database version 20250124 (jsc#PED-8910)
osinfo-db-20250124.tar.xz
- Drop patches contained in new tarball
add-opensuse-leap-15.6-support.patch
add-sle15sp6-support.patch
add-slem5.5-support.patch
==== python-referencing ====
Version update (0.36.1 -> 0.36.2)
- Update to version 0.36.2:
* Release using the newer twine release to preserve PEP 639
license metadata.
==== rust-keylime ====
Version update (0.2.6+13 -> 0.2.7+1)
- Update to version 0.2.7+1:
* dist: Enable logging for keylime library in the service
* Bump version to 0.2.7
* scripts: Download coverage data from Testing Farm directly
* main: Remove unnecessary lifetime
* cargo: Bump pretty_env_logger to version 0.5.0
* scripts: Fix regex in download_packit_coverage.sh
* cargo: Bump clap crate to version 4.5.23
* cargo: Bump base64 crate to version 0.22.1
* build(deps): bump log from 0.4.22 to 0.4.25
* build(deps): bump serde_json from 1.0.133 to 1.0.135
* cargo: Bump tokio crate to version 1.42.0
* packit: Fix RPM builds on copr
* cargo: Bump thiserror crate to version 0.2.9
* cargo: Update reqwest to version 0.12.12
* build(deps): bump libc from 0.2.168 to 0.2.169
* build(deps): bump glob from 0.3.1 to 0.3.2
* version: Implement API version validation and ordering
* main: Support using multiple API versions for registration
* keylime: Introduce the registrar_client module
* Provide endpoints under multiple API versions
* Move 'serialization' module to the keylime library
* Drop unnecessary dependency on common::API_VERSION
* keylime-agent.conf: Bump version to 2.3
* build(deps): bump serde from 1.0.210 to 1.0.217
* build(deps): bump pest_derive from 2.7.14 to 2.7.15
* build(deps): bump pest from 2.7.14 to 2.7.15
* build(deps): bump libc from 0.2.167 to 0.2.168
* config: Make IAK and IDevID certificates optional
* Fix warnings reported by clippy
* workflows: Run job in the CI container directly
* tests: Add unit test for device ID builder
* main: Move IAK/IDevID related code to dedicated module
* tests: Add script to generate IAK and IDevID certificates
* build(deps): bump openssl from 0.10.66 to 0.10.68
* build(deps): bump uuid from 1.10.0 to 1.11.0
* build(deps): bump serde_json from 1.0.128 to 1.0.133
* build(deps): bump actix-web from 4.5.1 to 4.9.0
* build(deps): bump reqwest from 0.12.7 to 0.12.9
* tests/setup_swtpm.sh: Add script to setup temporary TPM
* Use a single TPM context and avoid race conditions during tests
* config: Enable passing a hostname instead of IP
* build(deps): bump clap from 4.3.11 to 4.5.21
* build(deps): bump tempfile from 3.10.1 to 3.14.0
* build(deps): bump pest_derive from 2.7.6 to 2.7.14
* build(deps): bump pest from 2.7.6 to 2.7.14
* build(deps): bump codecov/codecov-action from 4 to 5
* workflows: Submit the coverage for merged PR from Fedora 41
* tests: Use Fedora 41 to generate code coverage
* api: Make API configuration modular
* agent_handler: Move the /agent scope configuration
* notifications_handler: Move the /notifications scope configuration
* quotes_handler: Move the /quotes scope configuration to quotes_handler
* keys_handler: Move /keys scope configuration to keys_handler
* Use ${DESTDIR} for config
* Fix showing wrong UUID
* build(deps): bump actix-rt from 2.9.0 to 2.10.0
* config: Refactor AgentConfig Source trait implementation
* build(deps): bump log from 0.4.21 to 0.4.22
* build(deps): bump serde_json from 1.0.120 to 1.0.128
* tpm: check if EK certificate has valid ASN.1 DER encoding
* build(deps): bump futures from 0.3.27 to 0.3.31
* cargo: Bump reqwest to version 0.12.7
* build(deps): bump serde from 1.0.203 to 1.0.210
* tests: Add more tests to Packit CI
* build(deps): bump docker/build-push-action from 5 to 6
* tests: apply workarounds to known bugs
==== serd ====
Version update (0.30.16 -> 0.32.2)
- Update to 0.32.2
* Enable clang nullability checks
* Fix writing empty list objects within blank nodes
- Set build docs for TW only as it requires sphixygen since now
- Refresh 001-serd-docdir.patch
- Update to 0.32.0
* Add Windows path separator support to serd_node_new_file_uri()
* Add long "help" and "version" options to serdi
* Add options to disable html or singlehtml documentation
* Add serd_reader_skip_until_byte() to public API
* Allow SERD_API to be defined by the user
* Avoid creating test files in the current directory
* Avoid using ASCII grave as a quote
* Check for POSIX features with the build system
* Clean up and improve test suite
* Clean up code
* Fix crash when trying to read chunks without starting
* Fix hang when skipping an error at EOF when lax parsing
* Fix incorrect parsing of strange quote escape patterns
* Fix possible hang when writing nested Turtle lists
* Fix potential memory leaks when a write is aborted
* Fix relative URI creation
* Gracefully handle bad characters in Turtle blank node syntax
* Gracefully handle bad characters in Turtle datatype syntax
* Improve TriG pretty-printing and remove trailing newlines
* Improve pretty-printing of lists and inline subjects
* Improve serdi man page
* Improve writer error handling
* Make URI writing stricter by default
* Make serd_reader_read_chunk() work with NQuads
* Override pkg-config dependency within meson
* Remove junk files from documentation install
* Remove support for writing Turtle named inline nodes extension
* Replace duplicated dox_to_sphinx script with sphinxygen dependency
* Test header for warnings more strictly
* Update standard test suites
==== sord ====
Version update (0.16.14 -> 0.16.16)
- remove 67bcd63bda9d7b095489a09b9880aa730ddb5488.patch now upstream
- update to 0.16.16
* Allow SORD_API to be defined by the user
* Fix command line help interface of sord_validate
* Fix dependencies in pkg-config file
* Override pkg-config dependency within meson
* Port sord_validate to pcre2
* Switch to external zix dependency
- Drop opencv sub-package, and hence no longer needed
pkgconfig(opencv) BuildRequires and various provides, Supplements
and Conflicts.
==== vte ====
Version update (0.78.2 -> 0.78.3)
- Update to version 0.78.3:
+ widget: Guard signal disconnect on non-null object
+ widget: Scroll the alternate screen into the viewport
==== wtmpdb ====
Version update (0.13.0+git.20240814 -> 0.70.0+git20250121.3e409b5)
Subpackages: libwtmpdb0
- Update to version 0.70.0+git20250121.3e409b5:
* Fix installation of all wtmpdbd man page variants
* Release version 0.70.0
* Add wtmpdbd.8 manual page
* wtmpdbd: fix printing help text
* wtmpdbd: more fine granular log level filtering
* wtmpdbd: implement varlink_event_loop_with_idle
* wtmpdbd.socket: fix socket descriptor name
* meson: no longer check for v258 sd-varlink function
- Update to version 0.60.0+git20250120.64d23d8:
* Release version 0.60.0
* Merge reader/write socket to one generic one
* wtmpdbd: add Ping, SetLogLevel and GetEnvironment
- Update to version 0.50.0+git20250117.a9b48cf:
* wtmpdbd.service: secure more
* wtmpdb: Implement json output for last (#20)
- Update to version 0.50.0+git20250110.cbabeb7:
* Harden wtmpdbd.service
* libwtmpdb: fallback to sqlite if SELinux blocks varlink socket
- Update to version 0.50.0+git20250110.12da60f:
* Release version 0.50.0
* README: add wtmpdbd
* wtmpdbd: Print stopped message
* wtmpdbd.service: preset WTMPDBD_OPTS
* wtmpdbd: don't call listen if started by a socket
* tst-varlink: skip if varlink is not supported
* libwtmpdb: set varlink_is_active to 0 without systemd
* libwtmpdb: always define varlink checks
* wtmpdb: define quiet only if we have systemd
* libwtmpdb: return error if varlink support is missing
* Send sd_notify(STOPPING=1);
* Check if systemd has sd_varlink_server_listen_name()
* wtmpdbd.service: optional read /etc/default/wtmpdbd
* wtmpdbd: simplify creation of varlink sockets
* Set umaks with varlink to 0077, improve error reporting
* wtmpdbd: enable to start via sockets
* libwtmpdb: handle ECONNRESET as wtmpdbd not running
* libwtmpdb: fix crash in varlink if error==NULL
* Install daemon in libexec directory
* tst-get_id: skip if there is no db file
* libwtmpdb: improve error return code
* db path "varlink" will enforce varlink interface
* Add service and socket files
* wmtpdb: call wtmpdb_* functions with NULL as path
* wtmpdbd: add socket activation
* Implement varlink read_all client side
* Make wtmpdbd support compiletime config
* Add daemon using varlink for communication
* Document that openssh is special
* libwtmpdb: create wrapper around sqlite functions
* Make mkdir_p more robust
