Packages changed: filesystem gawk (5.2.0 -> 5.2.1) heaptrack (1.3.0 -> 1.4.0) iputils (20211215 -> 20221126) kdump (1.0.2+git20.gcb129d0 -> 1.0.2+git26.gc6fab38) libX11 libeconf (0.4.8+git20221114.7ff7704 -> 0.4.9) libgcrypt (1.9.4 -> 1.10.1) libotr mpfr === Details === ==== filesystem ==== - Add %_user_tmpfilesdir to the filesystem - Added zh_Hans (simplified Chinese) and zh_Hant (traditional chinese) locales ==== gawk ==== Version update (5.2.0 -> 5.2.1) - Update to gawk 5.2.1 * Issues related to the sign of NaN and Inf values on RiscV have been fixed * A few issues with the debugger have been fixed. * More subtle issues with untyped array elements being passed to functions have been fixed. * The rwarray extension's readall() function has had some bugs fixed. * The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x. - double-free.patch, pma.patch, nan-sign.patch: Removed ==== heaptrack ==== Version update (1.3.0 -> 1.4.0) Subpackages: heaptrack-gui heaptrack-lang - Update to 1.4.0 * Pass client exit code in heaptrack.sh * Leverage non-deprecated mallinfo2 * Add support for the mimalloc allocator * Explicitly encode which hooks are required and which are optional * Make mi_* symbols truly optional by usig weak symbols for them * Prevent malloc from disappearing in inlining example * handle calling heaptrack_stop() without debuginfo * Ensure we don't try to overwrite invalid tables * Make elf_symbol_table a view of const Elf::Sym * Ensure we don't read outside the string table for symbol names * Silence -Wuse-after-free for realloc call ==== iputils ==== Version update (20211215 -> 20221126) - Update to version 20221126 https://github.com/iputils/iputils/releases/tag/20221126 - Update configure variables (ninfod, rarpd and rdisc were removed from upstream in next release => remove -DBUILD_NINFOD=false -DBUILD_RARPD=false - DBUILD_RDISC=false) - Remove 2 backported fixes from this release 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ==== kdump ==== Version update (1.0.2+git20.gcb129d0 -> 1.0.2+git26.gc6fab38) - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - ppc64: rebuild initrd image after migration (bsc#1191410) - kdumptool calibrate: modify fadump suggestions (jsc#IBM-1027) ==== libX11 ==== Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * fixed Firefox freezes (regression since 1.8.2) (boo#1205778) ==== libeconf ==== Version update (0.4.8+git20221114.7ff7704 -> 0.4.9) Subpackages: libeconf0 libeconf0-32bit - Update to version 0.4.9: * libeconf.h: added missing sys/types.h header (#171) * new API calls: econf_readFileWithCallback, econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172) * Checking NULL comment parameter in the parsing functions. ==== libgcrypt ==== Version update (1.9.4 -> 1.10.1) Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac - Update to 1.10.1: * Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc. * Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules. * Add the hardware optimizations config file hwf.deny to the /etc/gcrypt/ directory. This file can be used to globally disable the use of hardware based optimizations. * Remove not needed separate_hmac256_binary hmac256 package - Update to 1.10.0: * New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification. * Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures. * Bug fixes: - Fix Elgamal encryption for other implementations. [bsc#1190239, CVE-2021-40528] - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. - Simplification of the entropy gatherer when using the getentropy system call. * Interface changes relative to the 1.10.0 release: - GCRYCTL_SET_DECRYPTION_TAG NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code. - GCRYCTL_NO_FIPS_MODE = 83 NEW control code. - GCRY_CIPHER_MODE_SIV NEW mode. - GCRY_CIPHER_MODE_GCM_SIV NEW mode. - GCRY_CIPHER_EXTENDED NEW flag. - GCRY_SIV_BLOCK_LEN NEW macro. - gcry_cipher_set_decryption_tag NEW macro. - GCRY_KDF_ARGON2 NEW constant. - GCRY_KDF_BALLOON NEW constant. - GCRY_KDF_ARGON2D NEW constant. - GCRY_KDF_ARGON2I NEW constant. - GCRY_KDF_ARGON2ID NEW constant. - gcry_kdf_hd_t NEW type. - gcry_kdf_job_fn_t NEW type. - gcry_kdf_dispatch_job_fn_t NEW type. - gcry_kdf_wait_all_jobs_fn_t NEW type. - struct gcry_kdf_thread_ops NEW struct. - gcry_kdf_open NEW function. - gcry_kdf_compute NEW function. - gcry_kdf_final NEW function. - gcry_kdf_close NEW function. - gcry_pk_hash_sign NEW function. - gcry_pk_hash_verify NEW function. - gcry_pk_random_override_new NEW function. * Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename to libgcrypt-1.10.0-allow_FSM_same_state.patch * Remove unused CAVS tests and related patches: - cavs_driver.pl cavs-test.sh - libgcrypt-1.6.1-fips-cavs.patch - drbg_test.patch * Remove DSA sign/verify patches for the FIPS CAVS test since DSA has been disabled in FIPS mode: - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch * Rebase libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt_indicators_changes.patch and libgcrypt-indicate-shake.patch and merge both into libgcrypt-FIPS-SLI-hash-mac.patch * Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to libgcrypt-FIPS-SLI-kdf-leylength.patch * Rebase libgcrypt-jitterentropy-3.4.0.patch * Rebase libgcrypt-FIPS-rndjent_poll.patch * Rebase libgcrypt-out-of-core-handler.patch and rename to libgcrypt-1.10.0-out-of-core-handler.patch * Since the FIPS .hmac file is now calculated with the internal tool hmac256, only the "module is complete" trigger .fips file is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch to libgcrypt-1.10.0-use-fipscheck.patch * Remove patches fixed upstream: - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - libgcrypt-fix-rng.patch - libgcrypt-1.8.3-fips-ctor.patch - libgcrypt-1.8.4-use_xfree.patch - libgcrypt-1.8.4-getrandom.patch - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch - libgcrypt-dsa-rfc6979-test-fix.patch - libgcrypt-fix-tests-fipsmode.patch ... changelog too long, skipping 27 lines ... * Update libgcrypt.keyring ==== libotr ==== - Add sys/socket.h to the test suite that FTBFS without the include * Add libotr-4.1.1-include-socket.h.patch ==== mpfr ==== - Add mpfr-4.1.1-patch01.patch to fix bug with code using the mpfr_custom_get_kind macro.