Packages changed: abseil-cpp alpine (2.25.1 -> 2.26) apache2 apache2-manual apache2-prefork apache2-utils apparmor atftp exim (4.95 -> 4.96) krusader libapparmor mutt (2.2.5 -> 2.2.6) python-pycryptodome (3.14.1 -> 3.15.0) python-pyzmq (22.3.0 -> 23.2.0) quagga squid === Details === ==== abseil-cpp ==== - Remove obsolete 0%{suse_version} < 1500 conditions - Add options-old.patch, options-cxx17.patch * Ensure ABI stability regardless of compiler settings per instruction in the header. ==== alpine ==== Version update (2.25.1 -> 2.26) Subpackages: pico - Update to release 2.26 * Alpine is built with password file support by default. If Alpine is built with SMIME support and the password file does not exist, then Alpine will create it by default and encrypt it. * In the past, Alpine did not recognize images embedded in an HTML file, so now it does and a link to open them is given. Additionally, Alpine did not pass these images to an external browser for display using the external command; it does so now. * Support for code_verifier and code_challenge when generating a refresh token and access token in Gmail and Outlook using the S256 method and plain method. * Changed the redirect_uri scheme for Gmail, as Google is deprecating the use of oob. Changed to http://localhost. Users are supposed to enter the URL they see in their browser in place of the code. * Added support to the LDAP attribute "userCertificate"; * If new mail has arrived when a user is closing a mailbox, Alpine will also announce how many new messages have arrived. ==== apache2 ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== apache2-manual ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== apache2-prefork ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== apache2-utils ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ==== atftp ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== exim ==== Version update (4.95 -> 4.96) - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - update to exim 4.96 * Move from using the pcre library to pcre2. * Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. * Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. * Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. * Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. * Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. * Convert all uses of select() to poll(). * Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. * Bug 2838: Fix for i32lp64 hard-align platforms * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. * Debugging initiated by an ACL control now continues through into routing and transport processes. * The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. * Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. * Support for Berkeley DB versions 1 and 2 is withdrawn. * When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. * Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. * Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. * The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. * Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. * Fix CHUNKING on a continued-transport. Previously the usabilility of the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. * Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. * OpenSSL: fix transport-required OCSP stapling verification under session resumption. * TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. * Fix string_copyn() for limit greater than actual string length. * Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. * Fix CHUNKING for a second message on a connection when the first was rejected. * Fix ${srs_encode ...} to handle an empty sender address, now returning an empty address. * Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. ==== krusader ==== Subpackages: kio_iso - Add patch to fix the 'Compress' menu (boo#1198725) * 0001-Fixed-non-working-actions-for-create-extract-archive.patch - Spec cleanup ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ==== mutt ==== Version update (2.2.5 -> 2.2.6) Subpackages: mutt-doc mutt-lang - update to 2.2.6: * This is a bug-fix release, fixing a variety of small issues ==== python-pycryptodome ==== Version update (3.14.1 -> 3.15.0) - update to 3.15.0: * Add support for curves Ed25519 and Ed448, including export and import of keys. * Add support for EdDSA signatures. * Add support for Asymmetric Key Packages (RFC5958) to import private keys. * GH#620: for Crypto.Util.number.getPrime , do not sequentially scan numbers searching for a prime. ==== python-pyzmq ==== Version update (22.3.0 -> 23.2.0) - Update to 23.2.0 * Use zmq.Event enums in parse_monitor_message for nicer reprs * Fix building bundled libzmq with ZMQ_DRAFT_API=1 * Fix subclassing zmq.Context with additional arguments in the constructor. Subclasses may now have full control over the signature, rather than purely adding keyword-only arguments * Typos and other small fixes - Release 23.1.0 * Fix global name of zmq.EVENT_HANDSHAKE_* constants * Fix constants missing when using import zmq.green as zmq * {func}zmq.utils.monitor.recv_monitor_msg now supports async Sockets. - Release 23.0.0 * all zmq constants are now available as Python enums (e.g. zmq.SocketType.PULL, zmq.SocketOption.IDENTITY), generated statically from zmq.h instead of at compile-time. This means that checks for the presence of a constant (hasattr(zmq, 'RADIO')) is not a valid check for the presence of a feature. This practice has never been robust, but it may have worked sometimes. Use direct checks via e.g. {func}zmq.has or {func}zmq.zmq_version_info. * A bit more type coverage of Context.term and Context.socket * Remove all use of deprecated stdlib distutils * Update to Cython 0.29.30 (required for Python 3.11 compatibility) * Compatibility with Python 3.11.0b1 * Switch to myst for docs * Deprecate zmq.utils.strtypes, now unused * Updates to autoformatting, linting - Drop less-flaky.patch: pytest-rerunfailures without the flaky package can handle it. - Fix rpmlint errors * no-dependency-on python-base 3.X: depend on python(abi) = 3.X * unused-rpmlintrc-filter: Was unflavored, not required with the above -- drop rpmlintc * spurious-executable-perm: fix by chmod -x * obsolete-suse-version-check 1000. This package is not branched into any project for the maintenance of other distributions ==== quagga ==== Subpackages: libospf0 libospfapiclient0 libzebra1 - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_bgpd.service.patch * harden_isisd.service.patch * harden_ospf6d.service.patch * harden_ospfd.service.patch * harden_ripd.service.patch * harden_ripngd.service.patch * harden_zebra.service.patch - Avoid using libpcre-posix, which is intended for systems without a working regex.h, symbols clash with libc and undefined behaviour may ensue. ==== squid ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.