openSUSE-2024-81 low openSUSE Backports SLE-15-SP6 Update This update for hello ships a testupdate to 15 sp6 backports. hello-2.12.1-bp156.2.2.1.src.rpm hello-2.12.1-bp156.2.2.1.x86_64.rpm hello-debuginfo-2.12.1-bp156.2.2.1.x86_64.rpm hello-debugsource-2.12.1-bp156.2.2.1.x86_64.rpm hello-lang-2.12.1-bp156.2.2.1.noarch.rpm hello-2.12.1-bp156.2.2.1.i586.rpm hello-debuginfo-2.12.1-bp156.2.2.1.i586.rpm hello-debugsource-2.12.1-bp156.2.2.1.i586.rpm hello-2.12.1-bp156.2.2.1.aarch64.rpm hello-debuginfo-2.12.1-bp156.2.2.1.aarch64.rpm hello-debugsource-2.12.1-bp156.2.2.1.aarch64.rpm hello-2.12.1-bp156.2.2.1.ppc64le.rpm hello-debuginfo-2.12.1-bp156.2.2.1.ppc64le.rpm hello-debugsource-2.12.1-bp156.2.2.1.ppc64le.rpm hello-2.12.1-bp156.2.2.1.s390x.rpm hello-debuginfo-2.12.1-bp156.2.2.1.s390x.rpm hello-debugsource-2.12.1-bp156.2.2.1.s390x.rpm openSUSE-2024-155 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API chromedriver-125.0.6422.141-bp156.2.3.1.x86_64.rpm chromium-125.0.6422.141-bp156.2.3.1.src.rpm chromium-125.0.6422.141-bp156.2.3.1.x86_64.rpm chromedriver-125.0.6422.141-bp156.2.3.1.aarch64.rpm chromium-125.0.6422.141-bp156.2.3.1.aarch64.rpm openSUSE-2024-150 moderate openSUSE Backports SLE-15-SP6 Update This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service (boo#1220403) libhtp-0.5.42-bp156.3.3.1.src.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.x86_64.rpm libhtp-devel-0.5.42-bp156.3.3.1.x86_64.rpm libhtp2-0.5.42-bp156.3.3.1.x86_64.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.x86_64.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.i586.rpm libhtp-devel-0.5.42-bp156.3.3.1.i586.rpm libhtp2-0.5.42-bp156.3.3.1.i586.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.i586.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.aarch64.rpm libhtp-devel-0.5.42-bp156.3.3.1.aarch64.rpm libhtp2-0.5.42-bp156.3.3.1.aarch64.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.aarch64.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp-devel-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp2-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.ppc64le.rpm libhtp-debugsource-0.5.42-bp156.3.3.1.s390x.rpm libhtp-devel-0.5.42-bp156.3.3.1.s390x.rpm libhtp2-0.5.42-bp156.3.3.1.s390x.rpm libhtp2-debuginfo-0.5.42-bp156.3.3.1.s390x.rpm openSUSE-2024-157 important openSUSE Backports SLE-15-SP6 Update This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) nano-7.2-bp156.3.3.1.src.rpm nano-7.2-bp156.3.3.1.x86_64.rpm nano-debuginfo-7.2-bp156.3.3.1.x86_64.rpm nano-debugsource-7.2-bp156.3.3.1.x86_64.rpm nano-lang-7.2-bp156.3.3.1.noarch.rpm nano-7.2-bp156.3.3.1.i586.rpm nano-debuginfo-7.2-bp156.3.3.1.i586.rpm nano-debugsource-7.2-bp156.3.3.1.i586.rpm nano-7.2-bp156.3.3.1.aarch64.rpm nano-debuginfo-7.2-bp156.3.3.1.aarch64.rpm nano-debugsource-7.2-bp156.3.3.1.aarch64.rpm nano-7.2-bp156.3.3.1.ppc64le.rpm nano-debuginfo-7.2-bp156.3.3.1.ppc64le.rpm nano-debugsource-7.2-bp156.3.3.1.ppc64le.rpm nano-7.2-bp156.3.3.1.s390x.rpm nano-debuginfo-7.2-bp156.3.3.1.s390x.rpm nano-debugsource-7.2-bp156.3.3.1.s390x.rpm openSUSE-2024-163 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Fix virtiofsd search path virtme-1.25-bp156.2.3.1.noarch.rpm virtme-1.25-bp156.2.3.1.src.rpm openSUSE-2024-164 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.2.0 * Add config option to reverse option order - Version 5.1.0 * Increase prio from 90 to 70 for packman/openh264 repos - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [boo#1212476] - Version 5.2.0 * Add config option to reverse option order - Version 5.1.0 * Increase prio from 90 to 70 for packman/openh264 repos opi-5.2.0-bp156.2.3.1.noarch.rpm opi-5.2.0-bp156.2.3.1.src.rpm openSUSE-2024-161 moderate openSUSE Backports SLE-15-SP6 Update plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): gmenudbusmenuproxy-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-session-5.27.11-bp156.3.3.1.noarch.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-5.27.11-bp156.3.3.1.src.rpm plasma5-workspace-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.x86_64.rpm plasma5-workspace-lang-5.27.11-bp156.3.3.1.noarch.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.x86_64.rpm xembedsniproxy-5.27.11-bp156.3.3.1.x86_64.rpm gmenudbusmenuproxy-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.aarch64.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.aarch64.rpm xembedsniproxy-5.27.11-bp156.3.3.1.aarch64.rpm gmenudbusmenuproxy-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-session-wayland-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-devel-5.27.11-bp156.3.3.1.ppc64le.rpm plasma5-workspace-libs-5.27.11-bp156.3.3.1.ppc64le.rpm xembedsniproxy-5.27.11-bp156.3.3.1.ppc64le.rpm openSUSE-2024-159 moderate openSUSE Backports SLE-15-SP6 Update This update for gajim, python-css-parser fixes the following issues: gajim changes: Express python dependencies directly. (boo#1225938) python-css-parser changes: update to 1.0.10 (boo#1225938): * Fix selector specificity calculation for pseudo-classes update to 1.0.9: * replace deprecated use of cgi.parse_header * drop python 3.6 support update to 1.0.8: * Replace removed assertEquals with assertEqual * Upgrade other unittest asserts for clearer error messages * tests: adjust exception string checks for python 3.11 * tests: fix warning about \( and \o being invalid sequences * Fix serialization of unknown rules containing comments - drop relax_error_msg_check.patch (upstream) gajim-1.8.4-bp156.2.3.1.noarch.rpm gajim-1.8.4-bp156.2.3.1.src.rpm gajim-lang-1.8.4-bp156.2.3.1.noarch.rpm python-css-parser-1.0.10-bp156.4.3.1.src.rpm python311-css-parser-1.0.10-bp156.4.3.1.noarch.rpm openSUSE-2024-261 moderate openSUSE Backports SLE-15-SP6 Update This update for vlc fixes the following issues: Update to version 3.0.21: + Decoders: * Improve Opus ambisonic support * Fix some ASS subtitle rendering issues * Fix Opus in MP4 behaviour * Fix VAAPI hw decoding with some drivers + Input: * Add support for HTTP content range handling according to RFC 9110 * Fix some HLS Adaptive Streaming not working in audio-only mode + Video Output: * Super Resolution scaling with AMD GPUs * The D3D11 HDR option can also turn on/off HDR for all sources regardless of the display * Improve subtitles rendering on Apple platforms of notably Asian languages by correcting font fallback lookups + Video Filter: * New AMD VQ Enhancer filter * Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources + Audio Output: * Fix regression on macOS causing crashes when using audio devices with more than 9 channels + Services Discovery: * Fix exposed UPnP directory URL schemes to be compliant with RFC 3986 + libVLC: * the HWND passed to libvlc_media_player_set_hwnd must have the WS_CLIPCHILDREN style set. * Fix crashes when using caopengllayer + Misc: * Fix various warnings, leaks and potential crashes * Fix security integer overflow in MMS module libvlc5-3.0.21-bp156.2.3.1.x86_64.rpm libvlccore9-3.0.21-bp156.2.3.1.x86_64.rpm vlc-3.0.21-bp156.2.3.1.src.rpm vlc-3.0.21-bp156.2.3.1.x86_64.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.x86_64.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.x86_64.rpm vlc-devel-3.0.21-bp156.2.3.1.x86_64.rpm vlc-jack-3.0.21-bp156.2.3.1.x86_64.rpm vlc-lang-3.0.21-bp156.2.3.1.noarch.rpm vlc-noX-3.0.21-bp156.2.3.1.x86_64.rpm vlc-opencv-3.0.21-bp156.2.3.1.x86_64.rpm vlc-qt-3.0.21-bp156.2.3.1.x86_64.rpm vlc-vdpau-3.0.21-bp156.2.3.1.x86_64.rpm libvlc5-3.0.21-bp156.2.3.1.aarch64.rpm libvlccore9-3.0.21-bp156.2.3.1.aarch64.rpm vlc-3.0.21-bp156.2.3.1.aarch64.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.aarch64.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.aarch64.rpm vlc-devel-3.0.21-bp156.2.3.1.aarch64.rpm vlc-jack-3.0.21-bp156.2.3.1.aarch64.rpm vlc-noX-3.0.21-bp156.2.3.1.aarch64.rpm vlc-opencv-3.0.21-bp156.2.3.1.aarch64.rpm vlc-qt-3.0.21-bp156.2.3.1.aarch64.rpm vlc-vdpau-3.0.21-bp156.2.3.1.aarch64.rpm libvlc5-3.0.21-bp156.2.3.1.ppc64le.rpm libvlccore9-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-codec-fluidsynth-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-codec-gstreamer-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-devel-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-jack-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-noX-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-opencv-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-qt-3.0.21-bp156.2.3.1.ppc64le.rpm vlc-vdpau-3.0.21-bp156.2.3.1.ppc64le.rpm openSUSE-2024-171 moderate openSUSE Backports SLE-15-SP6 Update This update for python-python-sql fixes the following issues: - update to 1.5.1: * Use parameter for start and end of WINDOW FRAME * Use parameter for limit and offset - version 1.5.0: * naming scheme broken upstream * Add MERGE query * Support “UPSERT” with ON CONFLICT clause on INSERT query * Remove default escape char on LIKE and ILIKE * Add GROUPING SETS, CUBE, and ROLLUP clauses for GROUP BY. python-python-sql-1.5.1-bp156.2.3.1.src.rpm python311-python-sql-1.5.1-bp156.2.3.1.noarch.rpm openSUSE-2024-168 important openSUSE Backports SLE-15-SP6 Update This update for gdcm fixes the following issues: - CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398). gdcm-3.0.24-bp156.2.4.1.src.rpm gdcm-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-applications-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-devel-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-examples-3.0.24-bp156.2.4.1.x86_64.rpm libgdcm3_0-3.0.24-bp156.2.4.1.x86_64.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.x86_64.rpm python3-gdcm-3.0.24-bp156.2.4.1.x86_64.rpm gdcm-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-applications-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-devel-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-examples-3.0.24-bp156.2.4.1.aarch64.rpm libgdcm3_0-3.0.24-bp156.2.4.1.aarch64.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.aarch64.rpm python3-gdcm-3.0.24-bp156.2.4.1.aarch64.rpm gdcm-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-applications-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-devel-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-examples-3.0.24-bp156.2.4.1.ppc64le.rpm libgdcm3_0-3.0.24-bp156.2.4.1.ppc64le.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.ppc64le.rpm python3-gdcm-3.0.24-bp156.2.4.1.ppc64le.rpm gdcm-3.0.24-bp156.2.4.1.s390x.rpm gdcm-applications-3.0.24-bp156.2.4.1.s390x.rpm gdcm-devel-3.0.24-bp156.2.4.1.s390x.rpm gdcm-examples-3.0.24-bp156.2.4.1.s390x.rpm libgdcm3_0-3.0.24-bp156.2.4.1.s390x.rpm libsocketxx1_2-3.0.24-bp156.2.4.1.s390x.rpm python3-gdcm-3.0.24-bp156.2.4.1.s390x.rpm openSUSE-2024-173 moderate openSUSE Backports SLE-15-SP6 Update This update for shadowsocks-v2ray-plugin fixes the following issues: Update version to 5.15.1 * Fixed crash (boo#1226385) golang-github-teddysun-v2ray-plugin-5.15.1-bp156.2.3.1.noarch.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.src.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.x86_64.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.i586.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.aarch64.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.ppc64le.rpm shadowsocks-v2ray-plugin-5.15.1-bp156.2.3.1.s390x.rpm openSUSE-2024-166 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.51.0: * Gracefully degrade when fetching annotations fails due to 403 (#9113) * replaced deprecated --json-result flag with --format=json in the gh at docstring. * Specify rpm repository to avoid conflicts with community repositories * Add `signer-repo` and `signer-workflow` flags to `gh attestation verify` (#9137) * Ensure signed RPMs have attestations Update to version 2.50.0: * Build completions during release on macos * Add build provenance for gh CLI releases (#9087) * Add integration tests for `gh attestation verify` shared workflow use case (#9107) * Update readme about MacOS pkg * Remove `v` prefix when `pkgmacos` is called * Integrate argument array to remove duplicate code * Added native min os version blocking * Fix distribution.xml + min macos version requirements * Fix directory already exists * Add a `gh variable get FOO` command (#9106) * Add comment to pr diff regex * Update regex in changedFilesNames to handle quoted paths * fix: rename the `Attempts` field to `Attempt`; expose in `gh run view` and `gh run ls` (#8905) * Change minimum build script macOS version * Cleanup pkgmacos build script * Removed redundant specifications * feat: add support for stateReason in `gh pr view` (#9080) * Update choice title * Update pkg title * update generated content for man pages and website * williammartin simplifications * remove no-op if clause that returns 'No Aliases' * Conditionalize references, remove redundant alias * list the various alias permutations for the command and subcommands * Remove TODO and add comment on LoginFlow tests * Comment the purpose of the helper config contract * Test git credentials are configured in LoginFlow * Add HelperConfig contract test and FakeHelperConfig * Inject GitCredentialFlow to LoginFlow as test seam * Removed unused param flagDryRun from upgradeFunc * Added summary TTY message to tests * Added TTY message to summarize checking extension upgrades * Add Helper test for Windows * Add tests for gitcredentials Updater * Fix mistaken git installation error check * Move gitcredentials HelperConfig and add tests * Comment the new gitcredentials package * Comment the git credential flow * Remove unnecessary credential setup private method * Use tighter interface in setup-git * Rename gitcredentials Configure to ConfigureOurs * Make gitcredential helper smarter * Move fetching configured helper into gitcredentials * Extract units for configuring and updating git credential helpers * Implement ExportData to filter json fields * fix: rename fields list * feat: add json output for PR checks * Fix doc bug for gh run watch gh-2.51.0-bp156.2.3.1.src.rpm gh-2.51.0-bp156.2.3.1.x86_64.rpm gh-bash-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-fish-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-zsh-completion-2.51.0-bp156.2.3.1.noarch.rpm gh-2.51.0-bp156.2.3.1.i586.rpm gh-2.51.0-bp156.2.3.1.aarch64.rpm gh-2.51.0-bp156.2.3.1.ppc64le.rpm gh-2.51.0-bp156.2.3.1.s390x.rpm openSUSE-2024-170 moderate openSUSE Backports SLE-15-SP6 Update This update for rubygem-bcrypt_pbkdf fixes the following issues: Updated to version 1.1.1 - see installed CHANGELOG.md ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.x86_64.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.x86_64.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.x86_64.rpm rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.src.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.i586.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.aarch64.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.ppc64le.rpm ruby2.5-rubygem-bcrypt_pbkdf-1.1.1-bp156.4.3.1.s390x.rpm ruby2.5-rubygem-bcrypt_pbkdf-doc-1.1.1-bp156.4.3.1.s390x.rpm ruby2.5-rubygem-bcrypt_pbkdf-testsuite-1.1.1-bp156.4.3.1.s390x.rpm openSUSE-2024-174 moderate openSUSE Backports SLE-15-SP6 Update This update for sngrep fixes the following issues: - CVE-2024-35434: heap buffer overflow in rtp_check_packet sngrep-1.8.1-bp156.2.3.1.src.rpm sngrep-1.8.1-bp156.2.3.1.x86_64.rpm sngrep-1.8.1-bp156.2.3.1.i586.rpm sngrep-1.8.1-bp156.2.3.1.aarch64.rpm sngrep-1.8.1-bp156.2.3.1.ppc64le.rpm sngrep-1.8.1-bp156.2.3.1.s390x.rpm openSUSE-2024-193 moderate openSUSE Backports SLE-15-SP6 Update This update for keepassxc fixes the following issues: Update to 2.7.9: - Changes: - Passkeys: Ability to easily remove a passkey from an entry [#10777] - Snap: Use new desktop portal for native messaging integration [#10906] - Fixes: - Improve entry placeholder/reference feature [#10846] - Improve CSV importing when title field isn't specified [#10843] - Improve encrypted Bitwarden importing [#10800] - Improve database settings UX [#10821] - Improve handling of clipboard actions from entry preview [#10810] - Improve group/entry view resize behavior and set sensible defaults [#10641] - Passkeys: Fix incorrect username fill [#10874] - Passkeys: Return additional data to the extension [#10857] - Fix password clear timer inconsistency on unlock view [#10708] - Fix portability check [#10760] - Fix page overflow on HTML exports [#10735] - Fix broken builds when using system provided zxcvbn [#10717] - Fix copy password button when text is selected [#10853] - Fix tab ordering on application settings pages [#10907] - SSH Agent: Fix broken decrypt button [#10638] - Flatpak: Fix configuration settings off-by-one error [#10688] keepassxc-2.7.9-bp156.2.3.1.src.rpm keepassxc-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.x86_64.rpm keepassxc-lang-2.7.9-bp156.2.3.1.noarch.rpm keepassxc-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.aarch64.rpm keepassxc-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.ppc64le.rpm keepassxc-2.7.9-bp156.2.3.1.s390x.rpm keepassxc-debuginfo-2.7.9-bp156.2.3.1.s390x.rpm keepassxc-debugsource-2.7.9-bp156.2.3.1.s390x.rpm openSUSE-2024-194 moderate openSUSE Backports SLE-15-SP6 Update This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. kbfs-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-git-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-tool-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm keybase-client-6.2.8-bp156.2.3.1.src.rpm keybase-client-6.2.8-bp156.2.3.1.x86_64.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.x86_64.rpm kbfs-6.2.8-bp156.2.3.1.i586.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-git-6.2.8-bp156.2.3.1.i586.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-tool-6.2.8-bp156.2.3.1.i586.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.i586.rpm keybase-client-6.2.8-bp156.2.3.1.i586.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.i586.rpm kbfs-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-git-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-tool-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm keybase-client-6.2.8-bp156.2.3.1.aarch64.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.aarch64.rpm kbfs-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-git-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-tool-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm keybase-client-6.2.8-bp156.2.3.1.ppc64le.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.ppc64le.rpm kbfs-6.2.8-bp156.2.3.1.s390x.rpm kbfs-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm kbfs-git-6.2.8-bp156.2.3.1.s390x.rpm kbfs-git-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm kbfs-tool-6.2.8-bp156.2.3.1.s390x.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm keybase-client-6.2.8-bp156.2.3.1.s390x.rpm keybase-client-debuginfo-6.2.8-bp156.2.3.1.s390x.rpm openSUSE-2024-180 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Test-MockModule fixes the following issues: Update to version 0.178.0: - 6724a30 - Simplify CI workflow - Nicolas R - 1801372 - Multiple improvements - Nicolas R - e97e316 - Add protection to _replace_sub - Nicolas R perl-Test-MockModule-0.178.0-bp156.2.3.1.noarch.rpm perl-Test-MockModule-0.178.0-bp156.2.3.1.src.rpm openSUSE-2024-181 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Minion fixes the following issues: - updated to 10.29 see /usr/share/doc/packages/perl-Minion/Changes - updated to 10.28 see /usr/share/doc/packages/perl-Minion/Changes 10.28 2023-11-217 - Improved repair and history performance in most cases. 10.27 2023-11-20 - Improved repair performance in cases where there are a lot of finished jobs with dependencies. - updated to 10.26 see /usr/share/doc/packages/perl-Minion/Changes 10.26 2023-11-10 - Added type information to worker status. - Improved workers by calling srand() after starting a new job process. perl-Minion-10.290.0-bp156.3.3.1.noarch.rpm perl-Minion-10.290.0-bp156.3.3.1.src.rpm openSUSE-2024-182 moderate openSUSE Backports SLE-15-SP6 Update This update for perl-Perl-Tidy fixes the following issues: - updated to 20240511 ## 2024 05 11 - The option --valign-signed-numbers, or -vsn is now the default. It was introduced in the previous release has been found to significantly improve the overall appearance of columns of signed and unsigned numbers. See the previous Change Log entry for an example. This will change the formatting in scripts with columns of vertically aligned signed and unsigned numbers. Use -nvsn to turn this option off and avoid this change. - Previously, a line break was made before a short concatenated terminal quoted string, such as "\n", if the previous line had a greater starting indentation. The break is now placed after the short quote. This keeps code a little more compact. For example: # old rule: break before "\n" here because '$name' has more indentation: my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; # new rule: break after a short terminal quote like "\n" for compactness; my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; - The option --delete-repeated-commas is now the default. It makes the following checks and changes: - Repeated commas like ',,' are removed with a warning - Repeated fat commas like '=> =>' are removed with a warning - The combination '=>,' produces a warning but is not changed These warnings are only output if --warning-output, or -w, is set. Use --nodelete-repeated-commas, or -ndrc, to retain repeated commas. - The operator ``**=`` now has spaces on both sides by default. Previously, there was no space on the left. This change makes its spacing the same as all other assignment operators. The previous behavior can be obtained with the parameter setting -nwls='**='. - The option --file-size-order, or -fso is now the default. When perltidy is given a list of multiple filenames to process, they are sorted by size and processed in order of increasing size. This can significantly reduce memory usage by Perl. This option has always been used in testing, where typically several jobs each operating on thousands of filenames are running at the same time and competing for system resources. If this option is not wanted for some reason, it can be deactivated with -nfso. - In the option --dump-block-summary, the number of sub arguments indicated for each sub now includes any leading object variable passed with an arrow-operator call. Previously the count would have been decreased by one in this case. This change is needed for compatibility with future updates. - Fix issue git #138 involving -xlp (--extended-line-up-parentheses). When multiple-line quotes and regexes have long secondary lines, these line lengths could influencing some spacing and indentation, but they should not have since perltidy has no control over their indentation. This has been fixed. This will mainly influence code which uses -xlp and has long multi-line quotes. - Add option --minimize-continuation-indentation, -mci (see git #137). This flag allows perltidy to remove continuation indentation in some special cases where it is not really unnecessary. For a simple example, the default formatting for the following snippet is: # perltidy -nmci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); The second and third lines are one level deep in a container, and are also statement continuations, so they get indented by the sum of the -i value and the -ci value. If this flag is set, the indentation is reduced by -ci spaces, giving # perltidy -mci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); This situation is relatively rare except in code which has long quoted strings and the -nolq flag is also set. This flag is currently off by default, but it could become the default in a future version. - Add options --dump-mismatched-args (or -dma) and --warn-mismatched-arg (or -wma). These options look for and report instances where the number of args expected by a sub appear to differ from the number passed to the sub. The -dump version writes the results for a single file to standard output and exits: perltidy -dma somefile.pl >results.txt The -warn version formats as normal but reports any issues as warnings in the error file: perltidy -wma somefile.pl The -warn version may be customized with the following additional parameters if necessary to avoid needless warnings: --warn-mismatched-arg-types=s (or -wmat=s), --warn-mismatched-arg-exclusion-list=s (or -wmaxl=s), and --warn-mismatched-arg-undercount-cutoff=n (or -wmauc=n). --warn-mismatched-arg-overcount-cutoff=n (or -wmaoc=n). These are explained in the manual. - Add option --valign-wide-equals, or -vwe, for issue git #135. Setting this parameter causes the following assignment operators = **= += *= &= <<= &&= -= /= |= >>= ||= //= .= %= ^= x= to be aligned vertically with the ending = all aligned. For example, here is the default formatting of a snippet of code: $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; And here is the same code formatted with -vwe: # perltidy -vwe $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; This option currently is off by default to avoid changing existing formatting. - Added control --delete-interbracket-arrows, or -dia, to delete optional hash ref and array ref arrows between brackets as in the following expression (see git #131) return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; # perltidy -dia gives: return $self->{'commandline'}{'arg_list'}[0][0]{'hostgroups'}; Added the opposite control --aia-interbracket-arrows, or -aia, to add arrows. So applied to the previous line the arrows are restored: # perltidy -aia return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; The manual describes additional controls for adding and deleting just selected interbracket arrows. - updated to 20240202 see /usr/share/doc/packages/perl-Perl-Tidy/CHANGES.md ## 2024 02 02 - Added --valign-signed-numbers, or -vsn. This improves the appearance of columns of numbers by aligning leading algebraic signs. For example: # perltidy -vsn my $xyz_shield = [ [ -0.060, -0.060, 0. ], [ 0.060, -0.060, 0. ], [ 0.060, 0.060, 0. ], [ -0.060, 0.060, 0. ], [ -0.0925, -0.0925, 0.092 ], [ 0.0925, -0.0925, 0.092 ], [ 0.0925, 0.0925, 0.092 ], [ -0.0925, 0.0925, 0.092 ], ]; # perltidy -nvsn (current DEFAULT) my $xyz_shield = [ [ -0.060, -0.060, 0. ], [ 0.060, -0.060, 0. ], [ 0.060, 0.060, 0. ], [ -0.060, 0.060, 0. ], [ -0.0925, -0.0925, 0.092 ], [ 0.0925, -0.0925, 0.092 ], [ 0.0925, 0.0925, 0.092 ], [ -0.0925, 0.0925, 0.092 ], ]; This new option works well but is currently OFF to allow more testing and fine-tuning. It is expected to be activated in a future release. - Added --dump-mixed-call-parens (-dmcp ) which will dump a list of operators which are sometimes followed by parens and sometimes not. This can be useful for developing a uniform style for selected operators. Issue git #128. For example perltidy -dmcp somefile.pl >out.txt produces lines like this, where the first number is the count of uses with parens, and the second number is the count without parens. k:caller:2:1 k:chomp:3:4 k:close:7:4 - Added --want-call-parens=s (-wcp=s) and --nowant-call-parens=s (-nwcp=s) options which will warn of paren uses which do not match a selected style. The manual has details. But for example, perltidy -wcp='&' somefile.pl will format as normal but warn if any user subs are called without parens. - Added --dump-unusual-variables (-duv) option to dump a list of variables with certain properties of interest. For example perltidy -duv somefile.pl >vars.txt produces a file with lines which look something like 1778:u: my $input_file 6089:r: my $j: reused - see line 6076 The values on the line which are separated by colons are: line number - the number of the line of the input file issue - a single letter indicating the issue, see below variable name - the name of the variable, preceded by a keyword note - an optional note referring to another line The issue is indicated by a letter which may be one of: r: reused variable name s: sigil change but reused bareword p: lexical variable with scope in multiple packages u: unused variable This is very useful for locating problem areas and bugs in code. - Added a related flag --warn-variable-types=string (-wvt=string) option to warn if certain types of variables are found in a script. The types are a space-separated string which may include 'r', 's', and 'p' but not 'u'. For example perltidy -wvt='r s' somefile.pl will check for and warn if any variabls of type 'r', or 's' are seen, but not 'p'. All possible checks may be indicated with a '*' or '1': perltidy -wvt='*' somefile.pl The manual has further details. - All parameters taking integer values are now checked for out-of-range values before processing starts. When a maximum or maximum range is exceeded, the new default behavior is to write a warning message, reset the value to its default setting, and continue. This default behavior can be changed with the new parameter --integer-range-check=n, or -irc=n, as follows: n=0 skip check completely (for stress-testing perltidy only) n=1 reset bad values to defaults but do not issue a warning n=2 reset bad values to defaults and issue a warning [DEFAULT] n=3 stop immediately if any values are out of bounds The settings n=0 and n=1 are mainly useful for testing purposes. - The --dump-block-summary (-dbs) option now includes the number of sub args in the 'type' column. For example, 'sub(9)' indicates a sub with 9 args. Subs whose arg count cannot easily be determined are indicated as 'sub(*)'. The count does not include a leading '$self' or '$class' arg. - Added flag --space-signature-paren=n, or -ssp=n (issue git #125). This flag works the same as the existing flag --space-prototype-paren=n except that it applies to the space before the opening paren of a sub signature instead of a sub prototype. Previously, there was no control over this (a space always occurred). For example, given the following line: sub circle( $xc, $yc, $rad ); The following results can now be obtained, according to the value of n: sub circle( $xc, $yc, $rad ); # n=0 [no space] sub circle( $xc, $yc, $rad ); # n=1 [default; same as input] sub circle ( $xc, $yc, $rad ); # n=2 [space] The spacing in previous versions of perltidy corresponded to n=2 (always a space). The new default value, n=1, will produce a space if and only if there was a space in the input text. - The --dump-block-summary option can report an if-elsif-elsif-.. chain as a single line item with the notation -dbt='elsif3', for example, where the '3' is an integer which specifies the minimum number of elsif blocks required for a chain to be reported. The manual has details. - Fix problem c269, in which the new -ame parameter could incorrectly emit an else block when two elsif blocks were separated by a hanging side comment (a very rare situation). - When braces are detected to be unbalanced, an attempt is made to localize the error by comparing the indentation at closing braces with their actual nesting levels. This can be useful for files which have previously been formatted by perltidy. To illustrate, a test was made in which the closing brace at line 30644 was commented out in a file with a total of over 62000 lines. The new error message is Final nesting depth of '{'s is 1 The most recent un-matched '{' is on line 6858 ... Table of nesting level differences at closing braces. This might help localize brace errors if the file was previously formatted. line: (brace level) - (level expected from old indentation) 30643: 0 30645: 1 Previously, the error file only indicated that the error in this case was somewhere after line 6858, so the new table is very helpful. Closing brace indentation is checked because it is unambiguous and can be done very efficiently. - The -DEBUG option no longer automatically also writes a .LOG file. Use --show-options if the .LOG file is needed. - The run time of this version with all new options in use is no greater than that of the previous version thanks to optimization work. perl-Perl-Tidy-20240511.0.0-bp156.2.3.1.noarch.rpm perl-Perl-Tidy-20240511.0.0-bp156.2.3.1.src.rpm openSUSE-2024-175 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit fixes the following issues: - disable selinux on leap versions without selinux - set libexec dir to %_libexecdir (boo#1223533) - new version 316: * cockpit.js API: Fix format_bytes() units - new version 315: * Networking: Show additional ports for each firewall zone * Networking: List Firewall active zones when unprivileged * Inline documentation * Support for transient virtual machines * UEFI for virtual machines * Unattended virtual machines installation * Localize times * Better support for various TLS certificate formats * Overview: Add CPU utilization to usage card * Dashboard: Support SSH identity unlocking when adding new machines * SElinux: Introduce an Ansible automation script * Machines: Support 'bridge' type network interfaces * Machines: Support 'bus' type disk configuration cockpit-316-bp156.2.3.1.src.rpm cockpit-316-bp156.2.3.1.x86_64.rpm cockpit-bridge-316-bp156.2.3.1.x86_64.rpm cockpit-devel-316-bp156.2.3.1.x86_64.rpm cockpit-doc-316-bp156.2.3.1.noarch.rpm cockpit-kdump-316-bp156.2.3.1.noarch.rpm cockpit-networkmanager-316-bp156.2.3.1.noarch.rpm cockpit-packagekit-316-bp156.2.3.1.noarch.rpm cockpit-pcp-316-bp156.2.3.1.x86_64.rpm cockpit-selinux-316-bp156.2.3.1.noarch.rpm cockpit-storaged-316-bp156.2.3.1.noarch.rpm cockpit-system-316-bp156.2.3.1.noarch.rpm cockpit-ws-316-bp156.2.3.1.x86_64.rpm cockpit-316-bp156.2.3.1.aarch64.rpm cockpit-bridge-316-bp156.2.3.1.aarch64.rpm cockpit-devel-316-bp156.2.3.1.aarch64.rpm cockpit-pcp-316-bp156.2.3.1.aarch64.rpm cockpit-ws-316-bp156.2.3.1.aarch64.rpm cockpit-316-bp156.2.3.1.ppc64le.rpm cockpit-bridge-316-bp156.2.3.1.ppc64le.rpm cockpit-devel-316-bp156.2.3.1.ppc64le.rpm cockpit-pcp-316-bp156.2.3.1.ppc64le.rpm cockpit-ws-316-bp156.2.3.1.ppc64le.rpm cockpit-316-bp156.2.3.1.s390x.rpm cockpit-bridge-316-bp156.2.3.1.s390x.rpm cockpit-devel-316-bp156.2.3.1.s390x.rpm cockpit-pcp-316-bp156.2.3.1.s390x.rpm cockpit-ws-316-bp156.2.3.1.s390x.rpm openSUSE-2024-176 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.2.1 * Update freeoffice.py opi-5.2.1-bp156.2.6.1.noarch.rpm opi-5.2.1-bp156.2.6.1.src.rpm openSUSE-2024-177 moderate openSUSE Backports SLE-15-SP6 Update This update for mygnuhealth fixes the following issues: - version 2.2.0 * Support for Kivy 2.3.0 * Localization. MyGNUHealth now has support for different languages. English, Spanish and Chinese are available to use, and French, German, Italian are ready to be translated. There will be a translation component for MyGNUHealth at Codeberg's Weblate instance. * Bluetooth functionality: Starting with MyGH series 2.2 we provide bluetooth integration for open compatible devices and health trackers. We include the link with the Pinetime Smartwatch (experimental) and the possibility to link to any open hardware device (glucometer, scales, blood pressure monitors, .. ). We need to get a list of available medical devices that respect our privacy and freedom, so let us know of any! * Charts now allow to select date ranges with calendar widgets The Book of Life have a revised format for the pages. The charts have been improved in the format and include x axis labels. mygnuhealth-2.2.0-bp156.2.3.1.src.rpm mygnuhealth-2.2.0-bp156.2.3.1.x86_64.rpm mygnuhealth-2.2.0-bp156.2.3.1.aarch64.rpm mygnuhealth-2.2.0-bp156.2.3.1.ppc64le.rpm mygnuhealth-2.2.0-bp156.2.3.1.s390x.rpm openSUSE-2024-178 moderate openSUSE Backports SLE-15-SP6 Update This update for python-Routes fixes the following issues: - update to 2.5.1: * Add compatibility for Python 3.7+. * Add graceful fallback for invalid character encoding from request object. * Enhanced performance for matching routes that share the same static prefix. * Fixed issue with child routes not passing route conditions to the Mapper.connect call. * Fixed documentation to reflect default value for minimization. * Allow backslash to escape special characters in route paths. * Resolve invalid escape sequences. * Remove support for Python 2.6, 3.3, and 3.4. * Remove obsolete Python 2.3 compat code. - update to 2.4.1: * Release as a universal wheel. PR #75. * Convert readthedocs links for their .org -> .io migration for hosted projects. - update to 2.3.1: * Backwards compatability fix - connect should work with mandatory routename and optional path. Patch by Davanum Srinivas (PR #65). * Fix sub_domain equivalence check. Patch by Nikita Uvarov * Add support for protocol-relative URLs generation (i.e. starting with double slash ``//``). PR #60. Patch by Sviatoslav Sydorenko. * Add support for the ``middleware`` extra requirement, making possible to depend on ``webob`` optionally. PR #59. Patch by Sviatoslav Sydorenko. * Fix matching of an empty string route, which led to exception in earlier versions. PR #58. Patch by Sviatoslav Sydorenko. * Add support for the ``requirements`` option when using mapper.resource to create routes. PR #57. Patch by Sean Dague. * Concatenation fix when using submappers with path prefixes. Multiple submappers combined the path prefix inside the controller argument in non-obvious ways. The controller argument will now be properly carried through when using submappers. PR #28. - update to 2.2: * Fix Python 3 support. Patch by Victor Stinner. - update to 2.1: * Fix 3 other route matching groups in route.py to use anonymous groups for optional sections to avoid exceeding regex limits. Fixes #15. * Printing a mapper now includes the Controller/action parameters from the route. Fixes #11. * Fix regression that didn't allow passing in params 'host', 'protocol', or 'anchor'. They can now be passed in with a trailing '_' as was possible before commit d1d1742903fa5ca24ef848a6ae895303f2661b2a. Fixes #7. * URL generation with/without SCRIPT_NAME was resulting in the URL cache failing to return the appropriate cached URL generation. The URL cache should always include the SCRIPT_NAME, even if its empty, in the cache to avoid this, and now does. Fixes #6. * Extract Route creation into separate method in Mapper. Subclasses of Route can be created by Mappers now. * Use the first X_FORWARDED_FOR value if there are multiple proxies in the path. Fixes #5. * Python 3.2/3.3 Support. Fixes Issue #2. Thanks to Alejandro Sánchez for the pull request! - Update to version 1.13: * Fix bug with dots forcing extension by default. The portion with the dot can now be recognized. Patch by Michael Basnight. python-Routes-2.5.1-bp156.2.1.src.rpm python3-Routes-2.5.1-bp156.2.1.noarch.rpm openSUSE-2024-184 moderate openSUSE Backports SLE-15-SP6 Update This update for python-guessit, python-rebulk fixes the following issues: python-guessit: - Raise version requirement for python-rebulk (fixes boo#1226826) python-rebulk: - Update to version 3.2.0 Features: * dependencies: Add python 3.11 support and drop python 3.6 support. Fixes: * Remove pytest-runner from setup_requires. python-guessit-3.8.0-bp156.2.3.1.src.rpm python3-guessit-3.8.0-bp156.2.3.1.noarch.rpm python-rebulk-3.2.0-bp156.4.3.1.src.rpm python3-rebulk-3.2.0-bp156.4.3.1.noarch.rpm openSUSE-2024-191 moderate openSUSE Backports SLE-15-SP6 Update This update for wg-info fixes the following issues: * Fix regex escaping wg-info-20240702.9b5c479-bp156.2.3.1.noarch.rpm wg-info-20240702.9b5c479-bp156.2.3.1.src.rpm openSUSE-2024-188 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account, trytond_account_invoice, trytond_currency, trytond_purchase fixes the following issues: Changes in trytond_purchase: - Version 6.0.16 - Bugfix Release Changes in trytond_currency: - Version 6.0.6 - Bugfix Release Changes in trytond_account_invoice: - Version 6.0.18 - Bugfix Release Changes in trytond_account: - Version 6.0.26 - Bugfix Release Changes in trytond: - Version 6.0.48 - Bugfix Release Changes in tryton: - Version 6.0.40 - Bugfix Release tryton-6.0.40-bp156.2.3.1.noarch.rpm tryton-6.0.40-bp156.2.3.1.src.rpm trytond-6.0.48-bp156.2.3.1.noarch.rpm trytond-6.0.48-bp156.2.3.1.src.rpm trytond_account-6.0.26-bp156.2.3.1.noarch.rpm trytond_account-6.0.26-bp156.2.3.1.src.rpm trytond_account_invoice-6.0.18-bp156.2.3.1.noarch.rpm trytond_account_invoice-6.0.18-bp156.2.3.1.src.rpm trytond_currency-6.0.6-bp156.4.3.1.noarch.rpm trytond_currency-6.0.6-bp156.4.3.1.src.rpm trytond_purchase-6.0.16-bp156.2.3.1.noarch.rpm trytond_purchase-6.0.16-bp156.2.3.1.src.rpm openSUSE-2024-189 moderate openSUSE Backports SLE-15-SP6 Update This update for mtail fixes the following issues: - Adjust system call filter for Leap 15.6 mtail-3.0.0rc51-bp156.4.3.1.src.rpm mtail-3.0.0rc51-bp156.4.3.1.x86_64.rpm mtail-3.0.0rc51-bp156.4.3.1.i586.rpm mtail-3.0.0rc51-bp156.4.3.1.aarch64.rpm mtail-3.0.0rc51-bp156.4.3.1.ppc64le.rpm mtail-3.0.0rc51-bp156.4.3.1.s390x.rpm openSUSE-2024-195 moderate openSUSE Backports SLE-15-SP6 Update This update for afl fixes the following issues: Updated to 4.21c: * afl-fuzz - fixed a regression in afl-fuzz that resulted in a 5-10% performace loss do a switch from gettimeofday() to clock_gettime() which should be rather three times faster. The reason for this is unknown. - new queue selection algorithm based on 2 core years of queue data analysis. gives a noticable improvement on coverage although the results seem counterintuitive :-) - added AFL_DISABLE_REDUNDANT for huge queues - added `AFL_NO_SYNC` environment variable that does what you think it does - fix AFL_PERSISTENT_RECORD - run custom_post_process after standard trimming - prevent filenames in the queue that have spaces - minor fix for FAST schedules - more frequent stats update when syncing (todo: check performance impact) - now timing of calibration, trimming and syncing is measured seperately, thanks to @eqv! - -V timing is now accurately the fuzz time (without syncing), before long calibration times and syncing could result in now fuzzing being made when the time was already run out until then, thanks to @eqv! - fix -n uninstrumented mode when ending fuzzing - enhanced the ASAN configuration - make afl-fuzz use less memory with cmplog and fix a memleak * afl-cc: - re-enable i386 support that was accidently disabled - fixes for LTO and outdated afl-gcc mode for i386 - fix COMPCOV split compare for old LLVMs - disable xml/curl/g_ string transform functions because we do not check for null pointers ... TODO - ensure shared memory variables are visible in weird build setups - compatability to new LLVM 19 changes * afl-cmin - work with input files that have a space * afl-showmap - fix memory leak on shmem testcase usage (thanks to @ndrewh) - minor fix to collect coverage -C (thanks to @bet4it) * Fixed a shmem mmap bug (that rarely came up on MacOS) * libtokencap: script generate_libtoken_dict.sh added by @a-shvedov Updated to 4.20c: + A new forkserver communication model is now introduced. afl-fuzz is backward compatible to old compiled targets if they are not built for CMPLOG/Redqueen, but new compiled targets will not work with old afl-fuzz versions! + Recompile all targets that are instrumented for CMPLOG/Redqueen! - AFL++ now supports up to 4 billion coverage edges, up from 6 million. - New compile option: `make PERFORMANCE=1` - this will enable special CPU dependent optimizations that make everything more performant - but the binaries will likely won't work on different platforms. Also enables a faster hasher if the CPU requirements are met. - The persistent record feature (see config.h) was expanded to also support replay, thanks to @quarta-qti ! - afl-fuzz: - the new deterministic fuzzing feature is now activated by default, deactivate with -z. Parameters -d and -D are ignored. - small improvements to CMPLOG/redqueen - workround for a bug with MOpt -L when used with -M - in the future we will either remove or rewrite MOpt. - fix for `-t xxx+` feature - -e extension option now saves the queue items, crashes, etc. with the extension too - fixes for trimmming, correct -V time and reading stats on resume by eqv thanks a lot! - afl-cc: - added collision free caller instrumentation to LTO mode. activate with `AFL_LLVM_LTO_CALLER=1`. You can set a max depth to go through single block functions with `AFL_LLVM_LTO_CALLER_DEPTH` (default 0) - fixes for COMPCOV/LAF and most other modules - fix for GCC_PLUGIN cmplog that broke on std::strings - afl-whatsup: - now also displays current average speed - small bugfixes - Fixes for aflpp custom mutator and standalone tool - Minor edits to afl-persistent-config - Prevent temporary files being left behind on aborted afl-whatsup - More CPU benchmarks added to benchmark/ Updated to 4.10c: - afl-fuzz: - default power schedule is now EXPLORE, due a fix in fast schedules explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! - better deterministic fuzzing is now available, benchmarks have shown to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR! - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ - workaround for ASAN with gcc_plugin mode - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) fuzzing feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should - dynamic instrumentation filtering for LLVM NATIVE, thanks @Mozilla! see utils/dynamic_covfilter/README.md - qemu_mode: - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! - updated Nyx checkout (fixes a bug) and some QOL - updated the custom grammar mutator - document afl-cmin does not work on macOS (but afl-cmin.bash does) afl-4.21c-bp156.2.3.1.src.rpm afl-4.21c-bp156.2.3.1.x86_64.rpm afl-4.21c-bp156.2.3.1.i586.rpm afl-4.21c-bp156.2.3.1.aarch64.rpm afl-4.21c-bp156.2.3.1.ppc64le.rpm afl-4.21c-bp156.2.3.1.s390x.rpm openSUSE-2024-196 moderate openSUSE Backports SLE-15-SP6 Update This update for tpm-fido fixes the following issues: - Require system-user-tss for tss group - Ensure uhid module is loaded on boot so udev will set permissions tpm-fido-20230621.5f8828b-bp156.2.3.1.src.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.x86_64.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.i586.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.aarch64.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.ppc64le.rpm tpm-fido-20230621.5f8828b-bp156.2.3.1.s390x.rpm openSUSE-2024-206 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit fixes the following issues: - new version 320: * pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126) - changes in older versions: * Storage: Btrfs snapshots * Podman: Add image pull action * Files: Bookmark support * webserver: System user changes * Metrics: Grafana setup now prefers Valkey - Invalid json against the storaged manifest boo#1227299 cockpit-320-bp156.2.6.3.src.rpm cockpit-320-bp156.2.6.3.x86_64.rpm cockpit-bridge-320-bp156.2.6.3.x86_64.rpm cockpit-devel-320-bp156.2.6.3.x86_64.rpm cockpit-doc-320-bp156.2.6.3.noarch.rpm cockpit-kdump-320-bp156.2.6.3.noarch.rpm cockpit-networkmanager-320-bp156.2.6.3.noarch.rpm cockpit-packagekit-320-bp156.2.6.3.noarch.rpm cockpit-pcp-320-bp156.2.6.3.x86_64.rpm cockpit-selinux-320-bp156.2.6.3.noarch.rpm cockpit-storaged-320-bp156.2.6.3.noarch.rpm cockpit-system-320-bp156.2.6.3.noarch.rpm cockpit-ws-320-bp156.2.6.3.x86_64.rpm cockpit-320-bp156.2.6.3.aarch64.rpm cockpit-bridge-320-bp156.2.6.3.aarch64.rpm cockpit-devel-320-bp156.2.6.3.aarch64.rpm cockpit-pcp-320-bp156.2.6.3.aarch64.rpm cockpit-ws-320-bp156.2.6.3.aarch64.rpm cockpit-320-bp156.2.6.3.ppc64le.rpm cockpit-bridge-320-bp156.2.6.3.ppc64le.rpm cockpit-devel-320-bp156.2.6.3.ppc64le.rpm cockpit-pcp-320-bp156.2.6.3.ppc64le.rpm cockpit-ws-320-bp156.2.6.3.ppc64le.rpm cockpit-320-bp156.2.6.3.s390x.rpm cockpit-bridge-320-bp156.2.6.3.s390x.rpm cockpit-devel-320-bp156.2.6.3.s390x.rpm cockpit-pcp-320-bp156.2.6.3.s390x.rpm cockpit-ws-320-bp156.2.6.3.s390x.rpm openSUSE-2024-200 moderate openSUSE Backports SLE-15-SP6 Update This update for obs-service-download_url fixes the following issues: Update to version 0.2.1: * CVE-2024-22033: fixed argument parsing option injection (boo#1227203) obs-service-download_url-0.2.1-bp156.2.3.1.noarch.rpm obs-service-download_url-0.2.1-bp156.2.3.1.src.rpm openSUSE-2024-270 moderate openSUSE Backports SLE-15-SP6 Update This update for AusweisApp fixes the following issues: Version 2.1.1 - Visual adjustments and optimization of the graphical user interface. - Fixed rarely occurring problems in connection with the browser used. - Textual adjustments. - Fixed READER messages in the SDK when using unknown cards or when the connection to the card is unstable. Version 2.1.0 - Visual adjustments and optimization of the graphical user interface. - Improved detection of system language on macOS. - Removed the five minutes time limit for password entry when the ID card is placed on the reader. - Fixed display of changed device names when using "Smartphone as card reader". - Add an option to disable animations. - Fixed the behavior of "Smartphone as card reader" with activated password entry when using a PUK. - Fixed of the connection test with a password-protected proxy in the diagnostics on desktop systems. - Drop support for macOS 11 Big Sur. - Fixed processing of certificates with CAv3 extension. - Unified documentation for installation and integration. - Update of OpenSSL to version 3.1.5. Version 2.0.3 - Fixed crash on macOS 11. - Fixed missing German translation. - Fixed display of release notes. Version 2.0.2 - Avoid showing hints to the PIN reset service. Version 2.0.1 - Fixed an issue where settings were not saved on iOS and macOS. - Fixed entitlements on macOS. Version 2.0.0 - Renamed AusweisApp2 to AusweisApp. - Completely revised graphical user interface. - Dark mode is now supported on all platforms. - The display in landscape mode has been optimized and is now set automatically. - System font and size are now honored by the app. - Optimized usability of the title bar. - Online help is no longer available. - The provider list is no longer integrated in AusweisApp but can now be accessed via the AusweisApp website. - History of authentication processes has been removed. - The PDF export function for personal data has been removed. AusweisApp-2.1.1-bp156.2.1.src.rpm AusweisApp-2.1.1-bp156.2.1.x86_64.rpm AusweisApp-2.1.1-bp156.2.1.aarch64.rpm AusweisApp-2.1.1-bp156.2.1.ppc64le.rpm AusweisApp-2.1.1-bp156.2.1.s390x.rpm openSUSE-2024-202 moderate openSUSE Backports SLE-15-SP6 Update This update for Botan fixes the following issues: Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - boo#1227238 * CVE-2024-34703 - boo#1227607 * CVE-2024-39312 - boo#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14 Botan-2.19.5-bp156.3.3.1.src.rpm Botan-2.19.5-bp156.3.3.1.x86_64.rpm Botan-doc-2.19.5-bp156.3.3.1.noarch.rpm libbotan-2-19-2.19.5-bp156.3.3.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.3.1.x86_64.rpm python3-botan-2.19.5-bp156.3.3.1.x86_64.rpm Botan-2.19.5-bp156.3.3.1.i586.rpm libbotan-2-19-2.19.5-bp156.3.3.1.i586.rpm libbotan-2-19-32bit-2.19.5-bp156.3.3.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.3.1.i586.rpm libbotan-devel-32bit-2.19.5-bp156.3.3.1.x86_64.rpm python3-botan-2.19.5-bp156.3.3.1.i586.rpm Botan-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-2-19-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-2-19-64bit-2.19.5-bp156.3.3.1.aarch64_ilp32.rpm libbotan-devel-2.19.5-bp156.3.3.1.aarch64.rpm libbotan-devel-64bit-2.19.5-bp156.3.3.1.aarch64_ilp32.rpm python3-botan-2.19.5-bp156.3.3.1.aarch64.rpm Botan-2.19.5-bp156.3.3.1.ppc64le.rpm libbotan-2-19-2.19.5-bp156.3.3.1.ppc64le.rpm libbotan-devel-2.19.5-bp156.3.3.1.ppc64le.rpm python3-botan-2.19.5-bp156.3.3.1.ppc64le.rpm Botan-2.19.5-bp156.3.3.1.s390x.rpm libbotan-2-19-2.19.5-bp156.3.3.1.s390x.rpm libbotan-devel-2.19.5-bp156.3.3.1.s390x.rpm python3-botan-2.19.5-bp156.3.3.1.s390x.rpm openSUSE-2024-207 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-ohif fixes the following issues: Version 1.3: * Updated OHIF to 3.8.3 * Enabled support for segmentation and microscopy modes Note that the microscopy mode is not stable yet in OHIF! * Fixed wrong MIME type for app-config.js that prevents the OHIF viewer from loading with Orthanc 1.12.2 orthanc-ohif-1.3-bp156.2.3.1.src.rpm orthanc-ohif-1.3-bp156.2.3.1.x86_64.rpm orthanc-ohif-1.3-bp156.2.3.1.aarch64.rpm orthanc-ohif-1.3-bp156.2.3.1.ppc64le.rpm orthanc-ohif-1.3-bp156.2.3.1.s390x.rpm openSUSE-2024-375 moderate openSUSE Backports SLE-15-SP6 Update This update for pagure fixes the following issues: - repair service startup on Leap 15.6 and Tumbleweed - Backport patches to fix issues after 5.14.1 release (https://pagure.io/pagure/pull-request/5486) * fix(5.14.x): Use '==' instead of 'is' in template if condition because to work with old Jinja2 versions * fix(oidc): Edge case, avoid 'KeyError' after pagure update if a cached session is used Update to 5.14.1 * no upstream changelog pagure-5.14.1-bp156.3.5.1.noarch.rpm pagure-5.14.1-bp156.3.5.1.src.rpm pagure-ci-5.14.1-bp156.3.5.1.noarch.rpm pagure-ev-5.14.1-bp156.3.5.1.noarch.rpm pagure-loadjson-5.14.1-bp156.3.5.1.noarch.rpm pagure-logcom-5.14.1-bp156.3.5.1.noarch.rpm pagure-milters-5.14.1-bp156.3.5.1.noarch.rpm pagure-mirror-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-chameleon-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-default-openSUSE-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-default-upstream-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-pagureio-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-srcfpo-5.14.1-bp156.3.5.1.noarch.rpm pagure-theme-upstream-5.14.1-bp156.3.5.1.noarch.rpm pagure-web-apache-httpd-5.14.1-bp156.3.5.1.noarch.rpm pagure-web-nginx-5.14.1-bp156.3.5.1.noarch.rpm pagure-webhook-5.14.1-bp156.3.5.1.noarch.rpm openSUSE-2024-204 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933) * CVE-2024-6290: Use after free in Dawn * CVE-2024-6291: Use after free in Swiftshader * CVE-2024-6292: Use after free in Dawn * CVE-2024-6293: Use after free in Dawn * CVE-2024-6100: Type Confusion in V8 * CVE-2024-6101: Inappropriate implementation in WebAssembly * CVE-2024-6102: Out of bounds memory access in Dawn * CVE-2024-6103: Use after free in Dawn * CVE-2024-5830: Type Confusion in V8 * CVE-2024-5831: Use after free in Dawn * CVE-2024-5832: Use after free in Dawn * CVE-2024-5833: Type Confusion in V8 * CVE-2024-5834: Inappropriate implementation in Dawn * CVE-2024-5835: Heap buffer overflow in Tab Groups * CVE-2024-5836: Inappropriate Implementation in DevTools * CVE-2024-5837: Type Confusion in V8 * CVE-2024-5838: Type Confusion in V8 * CVE-2024-5839: Inappropriate Implementation in Memory Allocator * CVE-2024-5840: Policy Bypass in CORS * CVE-2024-5841: Use after free in V8 * CVE-2024-5842: Use after free in Browser UI * CVE-2024-5843: Inappropriate implementation in Downloads * CVE-2024-5844: Heap buffer overflow in Tab Strip * CVE-2024-5845: Use after free in Audio * CVE-2024-5846: Use after free in PDFium * CVE-2024-5847: Use after free in PDFium - Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (boo#1226170) chromedriver-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromedriver-debuginfo-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromium-126.0.6478.126-bp156.2.6.1.src.rpm chromium-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromium-debuginfo-126.0.6478.126-bp156.2.6.1.x86_64.rpm chromedriver-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromedriver-debuginfo-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromium-126.0.6478.126-bp156.2.6.1.aarch64.rpm chromium-debuginfo-126.0.6478.126-bp156.2.6.1.aarch64.rpm openSUSE-2024-203 critical openSUSE Backports SLE-15-SP6 Update This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. znc-1.9.1-bp156.2.3.1.src.rpm znc-1.9.1-bp156.2.3.1.x86_64.rpm znc-devel-1.9.1-bp156.2.3.1.x86_64.rpm znc-lang-1.9.1-bp156.2.3.1.noarch.rpm znc-perl-1.9.1-bp156.2.3.1.x86_64.rpm znc-python3-1.9.1-bp156.2.3.1.x86_64.rpm znc-tcl-1.9.1-bp156.2.3.1.x86_64.rpm znc-1.9.1-bp156.2.3.1.i586.rpm znc-devel-1.9.1-bp156.2.3.1.i586.rpm znc-perl-1.9.1-bp156.2.3.1.i586.rpm znc-python3-1.9.1-bp156.2.3.1.i586.rpm znc-tcl-1.9.1-bp156.2.3.1.i586.rpm znc-1.9.1-bp156.2.3.1.aarch64.rpm znc-devel-1.9.1-bp156.2.3.1.aarch64.rpm znc-perl-1.9.1-bp156.2.3.1.aarch64.rpm znc-python3-1.9.1-bp156.2.3.1.aarch64.rpm znc-tcl-1.9.1-bp156.2.3.1.aarch64.rpm znc-1.9.1-bp156.2.3.1.ppc64le.rpm znc-devel-1.9.1-bp156.2.3.1.ppc64le.rpm znc-perl-1.9.1-bp156.2.3.1.ppc64le.rpm znc-python3-1.9.1-bp156.2.3.1.ppc64le.rpm znc-tcl-1.9.1-bp156.2.3.1.ppc64le.rpm znc-1.9.1-bp156.2.3.1.s390x.rpm znc-devel-1.9.1-bp156.2.3.1.s390x.rpm znc-perl-1.9.1-bp156.2.3.1.s390x.rpm znc-python3-1.9.1-bp156.2.3.1.s390x.rpm znc-tcl-1.9.1-bp156.2.3.1.s390x.rpm openSUSE-2024-212 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 126.0.6478.182 (boo#1227979): - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use after free in Audio - CVE-2024-6777: Use after free in Navigation - CVE-2024-6778: Race in DevTools - CVE-2024-6779: Out of bounds memory access in V8 chromedriver-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromium-126.0.6478.182-bp156.2.11.1.src.rpm chromium-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromium-debuginfo-126.0.6478.182-bp156.2.11.1.x86_64.rpm chromedriver-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromium-126.0.6478.182-bp156.2.11.1.aarch64.rpm chromium-debuginfo-126.0.6478.182-bp156.2.11.1.aarch64.rpm openSUSE-2024-209 moderate openSUSE Backports SLE-15-SP6 Update This update for cobbler fixes the following issues: - Update to 3.3.6 * Upstream all openSUSE specific patches that were maintained in Git * Fix rename of items that had uppercase letters * Skip inconsistent collections instead of crashing the daemon - Update to 3.3.5 * Added collection indicies for UUID's, MAC's, IP addresses and hostnames (boo#1219933) * Re-added to_dict() caching * Added lazy loading for the daemon (off by default) - Update to 3.3.4 * Added cobbler-tests-containers subpackage * Updated the distro_signatures.json database * The default name for grub2-efi changed to grubx64.efi to match the DHCP template cobbler-3.3.6-bp156.2.3.1.noarch.rpm cobbler-3.3.6-bp156.2.3.1.src.rpm cobbler-tests-3.3.6-bp156.2.3.1.noarch.rpm cobbler-tests-containers-3.3.6-bp156.2.3.1.noarch.rpm openSUSE-2024-210 important openSUSE Backports SLE-15-SP6 Update This update for global fixes the following issues: - CVE-2024-38448: htags may allow code execution via untrusted dbpath (boo#1226420) global-6.6.9-bp156.3.3.1.src.rpm global-6.6.9-bp156.3.3.1.x86_64.rpm global-debuginfo-6.6.9-bp156.3.3.1.x86_64.rpm global-debugsource-6.6.9-bp156.3.3.1.x86_64.rpm global-6.6.9-bp156.3.3.1.i586.rpm global-debuginfo-6.6.9-bp156.3.3.1.i586.rpm global-debugsource-6.6.9-bp156.3.3.1.i586.rpm global-6.6.9-bp156.3.3.1.aarch64.rpm global-debuginfo-6.6.9-bp156.3.3.1.aarch64.rpm global-debugsource-6.6.9-bp156.3.3.1.aarch64.rpm global-6.6.9-bp156.3.3.1.ppc64le.rpm global-debuginfo-6.6.9-bp156.3.3.1.ppc64le.rpm global-debugsource-6.6.9-bp156.3.3.1.ppc64le.rpm global-6.6.9-bp156.3.3.1.s390x.rpm global-debuginfo-6.6.9-bp156.3.3.1.s390x.rpm global-debugsource-6.6.9-bp156.3.3.1.s390x.rpm openSUSE-2024-213 moderate openSUSE Backports SLE-15-SP6 Update This update for robin-map fixes the following issues: Update to version 1.3.0: * Add erase_fast(iterator pos) method which in contrast to erase(iterator pos) doesn't return an iterator, avoiding the cost of looking for the next element after erasure of the element at iterator pos. Changes of version 1.2.2: * Specify library version & versioning rules in headers * Mark error_message in numeric_cast as unused to avoid compiler warning in some cases * Remove support for CMake < 3.3 robin-map-1.3.0-bp156.2.3.1.src.rpm robin-map-devel-1.3.0-bp156.2.3.1.noarch.rpm openSUSE-2024-215 moderate openSUSE Backports SLE-15-SP6 Update This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. (bsc#1228128) python-sentry-sdk-0.14.4-bp156.4.3.1.src.rpm python3-sentry-sdk-0.14.4-bp156.4.3.1.noarch.rpm openSUSE-2024-216 moderate openSUSE Backports SLE-15-SP6 Update This update for deepin-branding-openSUSE fixes the following issues: - Update default wallpaper (boo#1228113) deepin-branding-openSUSE-15.4-bp156.5.3.1.src.rpm deepin-desktop-schemas-branding-openSUSE-15.4-bp156.5.3.1.noarch.rpm deepin-launcher-branding-openSUSE-15.4-bp156.5.3.1.noarch.rpm openSUSE-2024-225 moderate openSUSE Backports SLE-15-SP6 Update This update for assimp fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class (boo#1228142), assimp-5.3.1-bp156.3.3.1.src.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm assimp-debugsource-5.3.1-bp156.3.3.1.x86_64.rpm assimp-devel-5.3.1-bp156.3.3.1.x86_64.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm libassimp5-5.3.1-bp156.3.3.1.x86_64.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.x86_64.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm assimp-debugsource-5.3.1-bp156.3.3.1.aarch64.rpm assimp-devel-5.3.1-bp156.3.3.1.aarch64.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm libassimp5-5.3.1-bp156.3.3.1.aarch64.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.aarch64.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-debugsource-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-devel-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm libassimp5-5.3.1-bp156.3.3.1.ppc64le.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.ppc64le.rpm assimp-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm assimp-debugsource-5.3.1-bp156.3.3.1.s390x.rpm assimp-devel-5.3.1-bp156.3.3.1.s390x.rpm assimp-devel-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm libassimp5-5.3.1-bp156.3.3.1.s390x.rpm libassimp5-debuginfo-5.3.1-bp156.3.3.1.s390x.rpm openSUSE-2024-226 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Update create.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` gh-2.53.0-bp156.2.6.1.src.rpm gh-2.53.0-bp156.2.6.1.x86_64.rpm gh-bash-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-fish-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-zsh-completion-2.53.0-bp156.2.6.1.noarch.rpm gh-2.53.0-bp156.2.6.1.i586.rpm gh-2.53.0-bp156.2.6.1.aarch64.rpm gh-2.53.0-bp156.2.6.1.ppc64le.rpm gh-2.53.0-bp156.2.6.1.s390x.rpm openSUSE-2024-220 moderate openSUSE Backports SLE-15-SP6 Update This update for caddy fixes the following issues: - Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) - Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) - Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) * Second half of 6dce493 * caddyhttp: Alter log message when request is unhandled (close #5182) * chore: Bump Go version in CI (#6310) * go.mod: go 1.22.3 * Fix typos (#6311) * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set "Vary: Accept-Encoding" header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` (#6270) * caddytls: Option to configure certificate lifetime (#6253) * replacer: Implement `file.*` global replacements (#5463) * caddyhttp: Address some Go 1.20 features (#6252) * Quell linter (false positive) * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) * caddytls: Add Caddyfile support for on-demand permission module (close #6260) * reverseproxy: Remove long-deprecated buffering properties * reverseproxy: Reuse buffered request body even if partially drained * reverseproxy: Accept EOF when buffering * logging: Fix default access logger (#6251) * fileserver: Improve Vary handling (#5849) * cmd: Only validate config is proper JSON if config slice has data (#6250) * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) * encode: Slight fix for the previous commit * encode: Improve Etag handling (fix #5849) * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) * caddyfile: Populate regexp matcher names by default (#6145) * caddyhttp: record num. bytes read when response writer is hijacked (#6173) * caddyhttp: Support multiple logger names per host (#6088) * chore: fix some typos in comments (#6243) * encode: Configurable compression level for zstd (#6140) * caddytls: Remove shim code supporting deprecated lego-dns (#6231) * connection policy: add `local_ip` matcher (#6074) * reverseproxy: Wait for both ends of websocket to close (#6175) * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * caddytls: Still provision permission module if ask is specified * fileserver: read etags from precomputed files (#6222) * fileserver: Escape # and ? in img src (fix #6237) * reverseproxy: Implement modular CA provider for TLS transport (#6065) * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) * cmd: Fix panic related to config filename (fix #5919) * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) * admin: Make `Etag` a header, not a trailer (#6208) * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) * gitignore: Add rule for caddyfile.go (#6225) * chore: Fix broken links in README.md (#6223) * chore: Upgrade some dependencies (#6221) * caddyhttp: Add plaintext response to `file_server browse` (#6093) * admin: Use xxhash for etag (#6207) * modules: fix some typo in conments (#6206) * caddyhttp: Replace sensitive headers with REDACTED (close #5669) * caddyhttp: close quic connections when server closes (#6202) * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) * chore: upgrade deps (#6198) * chore: remove repetitive word (#6193) * Added a null check to avoid segfault on rewrite query ops (#6191) * rewrite: `uri query` replace operation (#6165) * logging: support `ms` duration format and add docs (#6187) * replacer: use RWMutex to protect static provider (#6184) * caddyhttp: Allow `header` replacement with empty string (#6163) * vars: Make nil values act as empty string instead of `"<nil>"` (#6174) * chore: Update quic-go to v0.42.0 (#6176) * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) * reverseproxy: configurable active health_passes and health_fails (#6154) * reverseproxy: Configurable forward proxy URL (#6114) * caddyhttp: upgrade to cel v0.20.0 (#6161) * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) * caddyhttp: suppress flushing if the response is being buffered (#6150) * chore: encode: use FlushError instead of Flush (#6168) * encode: write status immediately when status code is informational (#6164) * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) * rewrite: Implement `uri query` operations (#6120) * fix struct names (#6151) * fileserver: Preserve query during canonicalization redirect (#6109) * logging: Implement `log_append` handler (#6066) * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) * logging: Implement `append` encoder, allow flatter filters config (#6069) * ci: fix the integration test `TestLeafCertLoaders` (#6149) * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) * cmd: Adjust config load logs/errors (#6032) * reverseproxy: SRV dynamic upstream failover (#5832) * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) * core: OnExit hooks (#6128) * cmd: fix the output of the `Usage` section (#6138) * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) * acmeserver: add policy field to define allow/deny rules (#5796) * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) * caddyfile: Assert having a space after heredoc marker to simply check (#6117) * chore: Update Chroma to get the new Caddyfile lexer (#6118) * reverseproxy: use context.WithoutCancel (#6116) * caddyfile: Reject directives in the place of site addresses (#6104) * caddyhttp: Register post-shutdown callbacks (#5948) * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) * caddyauth: Drop support for `scrypt` (#6091) * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) * caddyauth: Rename `basicauth` to `basic_auth` (#6092) * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) * caddyfile: Reject long heredoc markers (#6098) * chore: Rename CI jobs, run on M1 mac (#6089) * update comment * improved list * fix: add back text/* * fix: add more media types to the compressed by default list * acmeserver: support specifying the allowed challenge types (#5794) * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) * caddyhttp: Test cases for `%2F` and `%252F` (#6084) * bump to golang 1.22 (#6083) * fileserver: Browse can show symlink target if enabled (#5973) * core: Support NO_COLOR env var to disable log coloring (#6078) * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) * Update comment in setcap helper script * caddytls: Make on-demand 'ask' permission modular (#6055) * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) * chore: enabling a few more linters (#5961) * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) * caddyfile: Switch to slices.Equal for better performance (#6061) * tls: modularize trusted CA providers (#5784) * logging: Automatic `wrap` default for `filter` encoder (#5980) * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) * caddyfile: Normalize & flatten all unmarshalers (#6037) * cmd: reverseproxy: log: use caddy logger (#6042) * matchers: `query` now ANDs multiple keys (#6054) * caddyfile: Add heredoc support to `fmt` command (#6056) * refactor: move automaxprocs init in caddycmd.Main() * caddyfile: Allow heredoc blank lines (#6051) * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) * fileserver: Implement caddyfile.Unmarshaler interface (#5850) * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) * caddyhttp: Security enhancements for client IP parsing (#5805) * replacer: Fix escaped closing braces (#5995) * filesystem: Globally declared filesystems, `fs` directive (#5833) * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) * httpcaddyfile: Fix redir <to> html (#6001) * httpcaddyfile: Support client auth verifiers (#6022) * tls: add reuse_private_keys (#6025) * reverseproxy: Only change Content-Length when full request is buffered (#5830) * Switch Solaris-derivatives away from listen_unix (#6021) * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) * build(deps): bump actions/setup-go from 4 to 5 (#6012) * chore: check against errors of `io/fs` instead of `os` (#6011) * caddyhttp: support unix sockets in `caddy respond` command (#6010) * fileserver: Add total file size to directory listing (#6003) * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) * cmd: use automaxprocs for better perf in containers (#5711) * logging: Add `zap.Option` support (#5944) * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) * metrics: Record request metrics on HTTP errors (#5979) * go.mod: Updated quic-go to v0.40.1 (#5983) * fileserver: Enable compression for command by default (#5855) * fileserver: New --precompressed flag (#5880) * caddyhttp: Add `uuid` to access logs when used (#5859) * proxyprotocol: use github.com/pires/go-proxyproto (#5915) * cmd: Preserve LastModified date when exporting storage (#5968) * core: Always make AppDataDir for InstanceID (#5976) * chore: cross-build for AIX (#5971) * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - CVEs: * CVE-2024-22189 (boo#1222468) * CVE-2023-45142 - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) caddy-2.8.4-bp156.3.3.1.src.rpm caddy-2.8.4-bp156.3.3.1.x86_64.rpm caddy-bash-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-fish-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-zsh-completion-2.8.4-bp156.3.3.1.noarch.rpm caddy-2.8.4-bp156.3.3.1.i586.rpm caddy-2.8.4-bp156.3.3.1.aarch64.rpm caddy-2.8.4-bp156.3.3.1.ppc64le.rpm caddy-2.8.4-bp156.3.3.1.s390x.rpm openSUSE-2024-229 moderate openSUSE Backports SLE-15-SP6 Update This update for python-csvkit fixes the following issues: - Add missing Requires. (boo#1227705) python-csvkit-1.0.5-bp156.4.3.1.src.rpm python3-csvkit-1.0.5-bp156.4.3.1.noarch.rpm openSUSE-2024-224 moderate openSUSE Backports SLE-15-SP6 Update This update for keybase-client fixes the following issues: - Update the Image dependency to address CVE-2024-24792 (boo#1227167). kbfs-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-git-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-tool-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm keybase-client-6.2.8-bp156.2.6.1.src.rpm keybase-client-6.2.8-bp156.2.6.1.x86_64.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.x86_64.rpm kbfs-6.2.8-bp156.2.6.1.i586.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-git-6.2.8-bp156.2.6.1.i586.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-tool-6.2.8-bp156.2.6.1.i586.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.i586.rpm keybase-client-6.2.8-bp156.2.6.1.i586.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.i586.rpm kbfs-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-git-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-tool-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm keybase-client-6.2.8-bp156.2.6.1.aarch64.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.aarch64.rpm kbfs-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-git-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-tool-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm keybase-client-6.2.8-bp156.2.6.1.ppc64le.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.ppc64le.rpm kbfs-6.2.8-bp156.2.6.1.s390x.rpm kbfs-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm kbfs-git-6.2.8-bp156.2.6.1.s390x.rpm kbfs-git-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm kbfs-tool-6.2.8-bp156.2.6.1.s390x.rpm kbfs-tool-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm keybase-client-6.2.8-bp156.2.6.1.s390x.rpm keybase-client-debuginfo-6.2.8-bp156.2.6.1.s390x.rpm openSUSE-2024-221 important openSUSE Backports SLE-15-SP6 Update This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). python-nltk-3.7-bp156.4.3.1.src.rpm python3-nltk-3.7-bp156.4.3.1.noarch.rpm openSUSE-2024-233 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: Update to 1.26: * Proper integration with Arch * Inclusion of a vng manpage * The host's /tmp is now also visible from the guest * A new --configitem option that allows to quickly change specific kernel config options (with --build) * Bug fixes virtme-1.26-bp156.2.6.1.noarch.rpm virtme-1.26-bp156.2.6.1.src.rpm openSUSE-2024-235 moderate openSUSE Backports SLE-15-SP6 Update This update for mpv fixes the following issues: Update to version 0.38.0+git20240618.bc5ab97d: - Fixed jerky playing, including desync (boo#1228348) libmpv2-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.src.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-bash-completion-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.noarch.rpm mpv-devel-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.x86_64.rpm mpv-zsh-completion-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.noarch.rpm libmpv2-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm mpv-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm mpv-devel-0.38.0+git20240618.bc5ab97d-bp156.2.3.1.aarch64.rpm openSUSE-2024-231 moderate openSUSE Backports SLE-15-SP6 Update This update for python-notebook fixes the following issues: - Update to 5.7.11 * sanitizer fix CVE-2021-32798 (boo#1227583) - Update to 5.7.10 * no upstream changelog - Update to 5.7.9 * Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358) * Update from preact to React jupyter-notebook-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch.rpm jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch.rpm python-notebook-5.7.11-bp156.4.3.1.src.rpm python3-notebook-5.7.11-bp156.4.3.1.noarch.rpm python3-notebook-lang-5.7.11-bp156.4.3.1.noarch.rpm openSUSE-2024-237 moderate openSUSE Backports SLE-15-SP6 Update This update for gnuhealth fixes the following issues: - version 4.4.1 * Issue #15: readfp on setup.py no longer supported since python 3.12 * Issue #33: health orthanc: Errors on imaging request when worklist template set on imaging test type gnuhealth-4.4.1-bp156.2.3.1.noarch.rpm gnuhealth-4.4.1-bp156.2.3.1.src.rpm gnuhealth-orthanc-4.4.1-bp156.2.3.1.noarch.rpm openSUSE-2024-236 moderate openSUSE Backports SLE-15-SP6 Update This update for python-schema fixes the following issues: - build for both Python 3.6 and 3.11 (boo#1228797) python-schema-0.6.7-bp156.4.3.1.src.rpm python3-schema-0.6.7-bp156.4.3.1.noarch.rpm python311-schema-0.6.7-bp156.4.3.1.noarch.rpm openSUSE-2024-238 moderate openSUSE Backports SLE-15-SP6 Update This update for yt-dlp fixes the following issues: - Update to release 2024.08.01 * youtube: * Change default player clients to ios,tv * Fix n function name extraction for player 20dfca59 * Fix age-verification workaround - Update to release 2024.07.25 * youtube: Fix n function name extraction for player 3400486c - Update to release 2024.07.16 * Support auto-tty and no_color-tty for --color * youtube: Avoid poToken experiment player responses - Update to release 2024.07.09 * youtube: Remove broken n function extraction fallback - Update to release 2024.07.01: * Properly sanitize file-extension to prevent file system modification and RCE. Unsafe extensions are now blocked from being downloaded. [CVE-2024-38519 boo#1227305] python311-yt-dlp-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-2024.08.01-bp156.2.3.1.src.rpm yt-dlp-bash-completion-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-fish-completion-2024.08.01-bp156.2.3.1.noarch.rpm yt-dlp-zsh-completion-2024.08.01-bp156.2.3.1.noarch.rpm openSUSE-2024-239 moderate openSUSE Backports SLE-15-SP6 Update This update for ksh fixes the following issues: - fix segfault in variable substitution [boo#1129288] - fix untrusted environment execution [boo#1160796] [CVE-2019-14868] ksh-93vu-bp156.6.3.1.src.rpm ksh-93vu-bp156.6.3.1.x86_64.rpm ksh-devel-93vu-bp156.6.3.1.x86_64.rpm ksh-93vu-bp156.6.3.1.i586.rpm ksh-devel-93vu-bp156.6.3.1.i586.rpm ksh-93vu-bp156.6.3.1.aarch64.rpm ksh-devel-93vu-bp156.6.3.1.aarch64.rpm ksh-93vu-bp156.6.3.1.ppc64le.rpm ksh-devel-93vu-bp156.6.3.1.ppc64le.rpm ksh-93vu-bp156.6.3.1.s390x.rpm ksh-devel-93vu-bp156.6.3.1.s390x.rpm openSUSE-2024-240 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account_invoice, trytond_purchase fixes the following issues: Changes in tryton: - Version 6.0.41 - Bugfix Release Changes in trytond: - Version 6.0.50 - Bugfix Release Changes in trytond_purchase: - Version 6.0.17 - Bugfix Release Changes in trytond_account_invoice: - Version 6.0.19 - Bugfix Release tryton-6.0.41-bp156.2.6.1.noarch.rpm tryton-6.0.41-bp156.2.6.1.src.rpm trytond-6.0.50-bp156.2.6.1.noarch.rpm trytond-6.0.50-bp156.2.6.1.src.rpm trytond_account_invoice-6.0.19-bp156.2.6.1.noarch.rpm trytond_account_invoice-6.0.19-bp156.2.6.1.src.rpm trytond_purchase-6.0.17-bp156.2.6.1.noarch.rpm trytond_purchase-6.0.17-bp156.2.6.1.src.rpm openSUSE-2024-241 moderate openSUSE Backports SLE-15-SP6 Update This update for mygnuhealth, python-bleak fixes the following issues: Changes in mygnuhealth: - version 2.2.1 * Fix issue #34 - MyGH crashes when clicking 'Network' * translation update - added dependency on bleak Changes in python-bleak: - Introduce version 0.22.2: mygnuhealth-2.2.1-bp156.2.6.1.src.rpm mygnuhealth-2.2.1-bp156.2.6.1.x86_64.rpm python-bleak-0.22.2-bp156.2.1.src.rpm python311-bleak-0.22.2-bp156.2.1.noarch.rpm python-bleak-test-0.22.2-bp156.2.1.src.rpm python-dbus_fast-2.22.1-bp156.2.1.src.rpm python311-dbus_fast-2.22.1-bp156.2.1.x86_64.rpm python-dbus_fast-test-2.22.1-bp156.2.1.src.rpm python311-dbus_fast-2.22.1-bp156.2.1.i586.rpm mygnuhealth-2.2.1-bp156.2.6.1.aarch64.rpm python311-dbus_fast-2.22.1-bp156.2.1.aarch64.rpm mygnuhealth-2.2.1-bp156.2.6.1.ppc64le.rpm python311-dbus_fast-2.22.1-bp156.2.1.ppc64le.rpm mygnuhealth-2.2.1-bp156.2.6.1.s390x.rpm python311-dbus_fast-2.22.1-bp156.2.1.s390x.rpm openSUSE-2024-246 moderate openSUSE Backports SLE-15-SP6 Update This update for thunar fixes the following issues: - Update to 4.18.11: * Use parent windows for undo/redo dialog (#1393) * Fix for misc_open_new_windows_in_split_view (#889) * Dont add directories to recent:/// (#1372) * build: clang: Fix -Wmissing-noreturn * build: clang: Fix -Wsingle-bit-bitfield-constant-conversion * Focus split view pane on DnD events (#1243) * Dont reload folder when "draw_frames" is set (#1337) * Allow submenu UCAs in toolbar (#780) * Fix shortcuts for ucas in subfolders (#1043) * Dont show 'open location' on recent icon(#1297) * Fix for image preview visibility (#1285) * Prevent focus stealing of file transfer dialog (#643) * Dont update "last-view" when searching (#1278) * Translation Updates - Update to 4.18.10: * Prevent infinite reload loop for symlinks (#1270) - Update to 4.18.9: * g_file_get_basename over realpath (#1030) * Fix and simplify symlink resolver (#1260) * Fix thumbnailer symlink support (#1260) * Prevent GLib GIO CRITICAL (#1204) * Translation Updates libthunarx-3-0-4.18.11-bp156.2.3.1.x86_64.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.x86_64.rpm thunar-4.18.11-bp156.2.3.1.src.rpm thunar-4.18.11-bp156.2.3.1.x86_64.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.x86_64.rpm thunar-debugsource-4.18.11-bp156.2.3.1.x86_64.rpm thunar-devel-4.18.11-bp156.2.3.1.x86_64.rpm thunar-lang-4.18.11-bp156.2.3.1.noarch.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.x86_64.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.aarch64.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.aarch64.rpm thunar-4.18.11-bp156.2.3.1.aarch64.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.aarch64.rpm thunar-debugsource-4.18.11-bp156.2.3.1.aarch64.rpm thunar-devel-4.18.11-bp156.2.3.1.aarch64.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.aarch64.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.ppc64le.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-debugsource-4.18.11-bp156.2.3.1.ppc64le.rpm thunar-devel-4.18.11-bp156.2.3.1.ppc64le.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.ppc64le.rpm libthunarx-3-0-4.18.11-bp156.2.3.1.s390x.rpm libthunarx-3-0-debuginfo-4.18.11-bp156.2.3.1.s390x.rpm thunar-4.18.11-bp156.2.3.1.s390x.rpm thunar-debuginfo-4.18.11-bp156.2.3.1.s390x.rpm thunar-debugsource-4.18.11-bp156.2.3.1.s390x.rpm thunar-devel-4.18.11-bp156.2.3.1.s390x.rpm typelib-1_0-Thunarx-3_0-4.18.11-bp156.2.3.1.s390x.rpm openSUSE-2024-248 moderate openSUSE Backports SLE-15-SP6 Update This update for iodine fixes the following issues: - Comment out PrivateDevices in hardening, (boo#1216238 and boo#1228788). Modified: * iodine.service. * iodined.service. - Comment out ProtectClock in hardening, (boo#1206835). Modified: * iodine.service. * iodined.service. iodine-0.7.0-bp156.6.3.1.src.rpm iodine-0.7.0-bp156.6.3.1.x86_64.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.x86_64.rpm iodine-debugsource-0.7.0-bp156.6.3.1.x86_64.rpm iodine-0.7.0-bp156.6.3.1.i586.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.i586.rpm iodine-debugsource-0.7.0-bp156.6.3.1.i586.rpm iodine-0.7.0-bp156.6.3.1.aarch64.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.aarch64.rpm iodine-debugsource-0.7.0-bp156.6.3.1.aarch64.rpm iodine-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-debugsource-0.7.0-bp156.6.3.1.ppc64le.rpm iodine-0.7.0-bp156.6.3.1.s390x.rpm iodine-debuginfo-0.7.0-bp156.6.3.1.s390x.rpm iodine-debugsource-0.7.0-bp156.6.3.1.s390x.rpm openSUSE-2024-249 low openSUSE Backports SLE-15-SP6 Update This update for debhelper fixes the following issues: - fix perl compatibility for Leap (boo#1228955) debhelper-13.11.5-bp156.2.3.1.noarch.rpm debhelper-13.11.5-bp156.2.3.1.src.rpm openSUSE-2024-287 moderate openSUSE Backports SLE-15-SP6 Update This update for cockpit, cockpit-machines fixes the following issues: Changes in cockpit: - Fix libexecdir for leap and sle (boo#1223533) - Fix systemd units folder for leap and sle (boo#1226541) - Recommend cockpit-packagekit if zypper is installed - new version 321: * Bug fixes and performance improvements - update_version.sh: use instead of `osc service mr` to do version updates. updated README.packaging Changes in cockpit-machines: - Add initial package of version 316 cockpit-machines-316-bp156.2.2.noarch.rpm cockpit-machines-316-bp156.2.2.src.rpm cockpit-321-bp156.2.9.1.src.rpm cockpit-321-bp156.2.9.1.x86_64.rpm cockpit-bridge-321-bp156.2.9.1.x86_64.rpm cockpit-devel-321-bp156.2.9.1.x86_64.rpm cockpit-doc-321-bp156.2.9.1.noarch.rpm cockpit-kdump-321-bp156.2.9.1.noarch.rpm cockpit-networkmanager-321-bp156.2.9.1.noarch.rpm cockpit-packagekit-321-bp156.2.9.1.noarch.rpm cockpit-pcp-321-bp156.2.9.1.x86_64.rpm cockpit-selinux-321-bp156.2.9.1.noarch.rpm cockpit-storaged-321-bp156.2.9.1.noarch.rpm cockpit-system-321-bp156.2.9.1.noarch.rpm cockpit-ws-321-bp156.2.9.1.x86_64.rpm cockpit-321-bp156.2.9.1.aarch64.rpm cockpit-bridge-321-bp156.2.9.1.aarch64.rpm cockpit-devel-321-bp156.2.9.1.aarch64.rpm cockpit-pcp-321-bp156.2.9.1.aarch64.rpm cockpit-ws-321-bp156.2.9.1.aarch64.rpm cockpit-321-bp156.2.9.1.ppc64le.rpm cockpit-bridge-321-bp156.2.9.1.ppc64le.rpm cockpit-devel-321-bp156.2.9.1.ppc64le.rpm cockpit-pcp-321-bp156.2.9.1.ppc64le.rpm cockpit-ws-321-bp156.2.9.1.ppc64le.rpm cockpit-321-bp156.2.9.1.s390x.rpm cockpit-bridge-321-bp156.2.9.1.s390x.rpm cockpit-devel-321-bp156.2.9.1.s390x.rpm cockpit-pcp-321-bp156.2.9.1.s390x.rpm cockpit-ws-321-bp156.2.9.1.s390x.rpm openSUSE-2024-294 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - kanidm version 1.3.3~git0.f075d13: * Release 1.3.3 * Mail substr index (#2981) kanidm-1.3.3~git0.f075d13-bp156.4.1.src.rpm kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64.rpm kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64.rpm openSUSE-2024-254 important openSUSE Backports SLE-15-SP6 Update This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert "Teach gn to handle systems with > 64 processors" * [apple] Rename the code-signing properties of create_bundle * Fix a typo in "gn help refs" output * Revert "[bundle] Use "phony" builtin tool for create_bundle targets" * [bundle] Use "phony" builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of "source_set" stamp file * [swift] Update `gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of "stamp" tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by "gn analyze" * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 chromedriver-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromium-127.0.6533.119-bp156.2.14.1.src.rpm chromium-127.0.6533.119-bp156.2.14.1.x86_64.rpm chromium-debuginfo-127.0.6533.119-bp156.2.14.1.x86_64.rpm gn-0.20240730-bp156.2.3.1.src.rpm gn-0.20240730-bp156.2.3.1.x86_64.rpm gn-debuginfo-0.20240730-bp156.2.3.1.x86_64.rpm gn-debugsource-0.20240730-bp156.2.3.1.x86_64.rpm rust-bindgen-0.69.1-bp156.2.1.src.rpm rust-bindgen-0.69.1-bp156.2.1.x86_64.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.x86_64.rpm gn-0.20240730-bp156.2.3.1.i586.rpm gn-debuginfo-0.20240730-bp156.2.3.1.i586.rpm gn-debugsource-0.20240730-bp156.2.3.1.i586.rpm rust-bindgen-0.69.1-bp156.2.1.i586.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.i586.rpm chromedriver-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromium-127.0.6533.119-bp156.2.14.1.aarch64.rpm chromium-debuginfo-127.0.6533.119-bp156.2.14.1.aarch64.rpm gn-0.20240730-bp156.2.3.1.aarch64.rpm gn-debuginfo-0.20240730-bp156.2.3.1.aarch64.rpm gn-debugsource-0.20240730-bp156.2.3.1.aarch64.rpm rust-bindgen-0.69.1-bp156.2.1.aarch64.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.aarch64.rpm gn-0.20240730-bp156.2.3.1.ppc64le.rpm gn-debuginfo-0.20240730-bp156.2.3.1.ppc64le.rpm gn-debugsource-0.20240730-bp156.2.3.1.ppc64le.rpm rust-bindgen-0.69.1-bp156.2.1.ppc64le.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.ppc64le.rpm gn-0.20240730-bp156.2.3.1.s390x.rpm gn-debuginfo-0.20240730-bp156.2.3.1.s390x.rpm gn-debugsource-0.20240730-bp156.2.3.1.s390x.rpm rust-bindgen-0.69.1-bp156.2.1.s390x.rpm rust-bindgen-debuginfo-0.69.1-bp156.2.1.s390x.rpm openSUSE-2024-328 moderate openSUSE Backports SLE-15-SP6 Update This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] CHANGELOG * Managesieve: Protect special scripts in managesieve_kolab_master mode * Fix newmail_notifier notification focus in Chrome (#9467) * Fix fatal error when parsing some TNEF attachments (#9462) * Fix double scrollbar when composing a mail with many plain text lines (#7760) * Fix decoding mail parts with multiple base64-encoded text blocks (#9290) * Fix bug where some messages could get malformed in an import from a MBOX file (#9510) * Fix invalid line break characters in multi-line text in Sieve scripts (#9543) * Fix bug where "with attachment" filter could fail on some fts engines (#9514) * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) * Fix bug where a long subject title could not be displayed in some cases (#9416) * Fix infinite loop when parsing malformed Sieve script (#9562) * Fix bug where imap_conn_option's 'socket' was ignored (#9566) * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] roundcubemail-1.6.8-bp156.2.3.1.noarch.rpm roundcubemail-1.6.8-bp156.2.3.1.src.rpm openSUSE-2024-258 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives chromedriver-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromium-128.0.6613.84-bp156.2.17.1.src.rpm chromium-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromium-debuginfo-128.0.6613.84-bp156.2.17.1.x86_64.rpm chromedriver-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromium-128.0.6613.84-bp156.2.17.1.aarch64.rpm chromium-debuginfo-128.0.6613.84-bp156.2.17.1.aarch64.rpm openSUSE-2024-300 moderate openSUSE Backports SLE-15-SP6 Update This update for ntpd-rs fixes the following issues: - Introducing ntpd-rs version 1.2.3 ntpd-rs-1.2.3-bp156.2.1.src.rpm ntpd-rs-1.2.3-bp156.2.1.x86_64.rpm ntpd-rs-common-1.2.3-bp156.2.1.noarch.rpm ntpd-rs-1.2.3-bp156.2.1.i586.rpm ntpd-rs-1.2.3-bp156.2.1.aarch64.rpm ntpd-rs-1.2.3-bp156.2.1.ppc64le.rpm ntpd-rs-1.2.3-bp156.2.1.s390x.rpm openSUSE-2024-264 moderate openSUSE Backports SLE-15-SP6 Update This update for retry fixes the following issues: - Update to version 1723625520.fd868ce: * Add an option for infinite retries retry-1723625520.fd868ce-bp156.2.3.1.noarch.rpm retry-1723625520.fd868ce-bp156.2.3.1.src.rpm openSUSE-2024-266 moderate openSUSE Backports SLE-15-SP6 Update This update for xfwm4 fixes the following issues: - Fix user-after-free in tabwinRemoveClient with (boo#1228524) xfwm4-4.18.0-bp156.3.3.1.src.rpm xfwm4-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-branding-upstream-4.18.0-bp156.3.3.1.noarch.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.x86_64.rpm xfwm4-lang-4.18.0-bp156.3.3.1.noarch.rpm xfwm4-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.aarch64.rpm xfwm4-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.ppc64le.rpm xfwm4-4.18.0-bp156.3.3.1.s390x.rpm xfwm4-debuginfo-4.18.0-bp156.3.3.1.s390x.rpm xfwm4-debugsource-4.18.0-bp156.3.3.1.s390x.rpm openSUSE-2024-273 moderate openSUSE Backports SLE-15-SP6 Update rust-bindgen was updated to fix the following issues: Update to version 0.70.1: * Revert "Only trigger the publish workflow manually" * Fix `collapsible_match` clippy warning * Add `#[clippy::allow]` attribute to `const` layout tests * Fix creduce example * Fix creduce install link * Fix create-tag.yml Update to version 0.70.0: * Fix generation of extern "C" blocks with llvm 18 * Update shlex dependency (RUSTSEC-2024-0006, boo#1229375) * Try to avoid repr(packed) for explicitly aligned types when not needed * Support Float16 * Fix alignment contribution from bitfields * Replace peeking_take_while by itertools * Add blocklist_var * Stabilize thiscall_abi * Allow older itertools * Add target mappings for riscv64imac and riscv32imafc. * Add a complex macro fallback API * Add option to use DST structs for flexible arrays * Add option to dynamically load variables * Add option in CLI to use rustified non-exhaustive enums * Remove which and lazy-static dependencies * Generate compile-time layout tests * Print bindgen-cli errors to stderr instead of stdout * Fix --formatter=prettyplease not working in bindgen-cli by adding prettyplease feature and enabling it by default for bindgen-cli * Fix --allowlist-item so anonymous enums are no longer ignored * Use clang_getFileLocation instead of clang_getSpellingLocation to fix clang-trun * Fix generated constants: f64::INFINITY, f64::NEG_ INFINITY,f64::NAN * Update tempfile and rustix due to GHSA-c827-hfw6-qwvm (boo#1229376) rust-bindgen-0.70.1-bp156.5.1.src.rpm rust-bindgen-0.70.1-bp156.5.1.x86_64.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.x86_64.rpm rust-bindgen-0.70.1-bp156.5.1.i586.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.i586.rpm rust-bindgen-0.70.1-bp156.5.1.aarch64.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.aarch64.rpm rust-bindgen-0.70.1-bp156.5.1.ppc64le.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.ppc64le.rpm rust-bindgen-0.70.1-bp156.5.1.s390x.rpm rust-bindgen-debuginfo-0.70.1-bp156.5.1.s390x.rpm openSUSE-2024-267 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia chromedriver-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromium-128.0.6613.113-bp156.2.20.1.src.rpm chromium-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromium-debuginfo-128.0.6613.113-bp156.2.20.1.x86_64.rpm chromedriver-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromium-128.0.6613.113-bp156.2.20.1.aarch64.rpm chromium-debuginfo-128.0.6613.113-bp156.2.20.1.aarch64.rpm openSUSE-2024-269 moderate openSUSE Backports SLE-15-SP6 Update trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * release: v0.54.0 [main] (#7075) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * release: v0.53.0 [main] (#6855) * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * release: v0.52.1 [release/v0.52] (#6877) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * release: v0.52.0 [main] (#6809) * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) trivy-0.54.1-bp156.2.3.1.src.rpm trivy-0.54.1-bp156.2.3.1.x86_64.rpm trivy-0.54.1-bp156.2.3.1.i586.rpm trivy-0.54.1-bp156.2.3.1.aarch64.rpm trivy-0.54.1-bp156.2.3.1.ppc64le.rpm trivy-0.54.1-bp156.2.3.1.s390x.rpm openSUSE-2024-292 moderate openSUSE Backports SLE-15-SP6 Update This update for adios fixes the following issues: - Require python3-PyYAML instead of non-existent python-PyYAML (boo#1228146) adios-gnu-mpich-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.noarch.rpm adios-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.noarch.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.src.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-1.13.1-bp156.4.3.1.src.rpm adios-openmpi2-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-1.13.1-bp156.4.3.1.src.rpm adios-openmpi3-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-1.13.1-bp156.4.3.1.src.rpm adios-openmpi4-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.x86_64.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.x86_64.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.i586.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.i586.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.aarch64.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.aarch64.rpm adios_1_13_1-gnu-mpich-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mpich-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-mvapich2-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi2-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi3-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios_1_13_1-gnu-openmpi4-hpc-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi2-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi3-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-devel-1.13.1-bp156.4.3.1.ppc64le.rpm adios-openmpi4-devel-static-1.13.1-bp156.4.3.1.ppc64le.rpm openSUSE-2024-277 moderate openSUSE Backports SLE-15-SP6 Update This update for abcde fixes the following issues: - Fix arithmetic on non-octal track numbers (boo#1219527) abcde-2.9.3-bp156.5.3.1.noarch.rpm abcde-2.9.3-bp156.5.3.1.src.rpm openSUSE-2024-276 important openSUSE Backports SLE-15-SP6 Update This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240) * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229) * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238) * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239) * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231) * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241) * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236) * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235) * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237) * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230) * Improve PHP 8.3 support * When importing packages via command line, data source profile could not be selected * When changing password, returning to previous page does not always work * When using LDAP authentication the first time, warnings may appear in logs * When editing/viewing devices, add IPv6 info to hostname tooltip * Improve speed of polling when Boost is enabled * Improve support for Half-Hour time zones * When user session not found, device lists can be incorrectly returned * On import, legacy templates may generate warnings * Improve support for alternate locations of Ping * Improve PHP 8.1 support for Installer * Fix issues with number formatting * Improve PHP 8.1 support when SpikeKill is run first time * Improve PHP 8.1 support for SpikeKill * When using Chinese to search for graphics, garbled characters appear. * When importing templates, preview mode will not always load * When remote poller is installed, MySQL TimeZone DB checks are not performed * When Remote Poller installation completes, no finish button is shown * Unauthorized agents should be recorded into logs * Poller cache may not always update if hostname changes * When using CMD poller, Failure and Recovery dates may have incorrect values * Saving a Tree can cause the tree to become unpublished * Web Basic Authentication does not record user logins * When using Accent-based languages, translations may not work properly * Fix automation expressions for device rules * Improve PHP 8.1 Support during fresh install with boost * Add a device "enabled/disabled" indicator next to the graphs * Notify the admin periodically when a remote data collector goes into heartbeat status * Add template for Aruba Clearpass * Add fliter/sort of Device Templates by Graph Templates - cacti-spine 1.2.27: * Restore AES Support cacti-spine-1.2.27-bp156.2.3.1.src.rpm cacti-spine-1.2.27-bp156.2.3.1.x86_64.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.x86_64.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.x86_64.rpm cacti-1.2.27-bp156.2.3.1.noarch.rpm cacti-1.2.27-bp156.2.3.1.src.rpm cacti-spine-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.i586.rpm cacti-spine-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.aarch64.rpm cacti-spine-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.ppc64le.rpm cacti-spine-1.2.27-bp156.2.3.1.s390x.rpm cacti-spine-debuginfo-1.2.27-bp156.2.3.1.s390x.rpm cacti-spine-debugsource-1.2.27-bp156.2.3.1.s390x.rpm openSUSE-2024-290 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: Update to version 2.55.0: * Add flox to linux installation instructions * Update pkg/cmd/issue/develop/develop.go * Update api/queries_branch_issue_reference.go * add testing * fix behavior for `issue develop -b non-exist-branch` * Describe bucket and state JSON fields in pr checks command * Fix pr checks exit code (#9452) * Add a note about external contributors to `working-with-us.md` * Update attestation TUF root * include required permissions to generate attestations * build(deps): bump github.com/creack/pty from 1.1.21 to 1.1.23 (#9459) * Do not generate build attestations for otherBinWorkflow.yml * Use latest checkout version, generate attestations, and specify go version file input. * Update `gh search issues --project` flag doc to specify `owner/number` syntax * Update `gh search prs --project` flag doc to specify `owner/number` syntax * build(deps): bump actions/attest-build-provenance from 1.4.0 to 1.4.1 * Minor grammatical fix * Add test cases for PGP, SSH and X.509 signatures * Explain why not looking for signature begin marker * Wrap flags with backticks, continued * Replace `--project.*` flags' `name` with `title` in docs (#9443) * Change to requiring bundle v0.2 * Fix tests * Require Sigstore Bundle v0.3 when verifying with `gh attestation` * Change `gh repo set-default --view` to print to `stderr` when no default exists (#9431) * Document that `gh run download` downloads the latest artifact by default * Deduplicate the initialization of editor mode * Update docs/triage.md * Add Acceptance Criteria requirement to triage.md for accepted issues * Add `pr create --editor` * build(deps): bump github.com/google/go-containerregistry * Fix host handling in variable and secret delete * Unify use of tab indent in non-test source files * Update `gh variable get` to use repo host * build(deps): bump actions/attest-build-provenance from 1.3.3 to 1.4.0 * Add Flox as an installation option * Update tests with changes to `gitTagInfo` function * Add example for `--notes-from-tag` * Add test for `gitTagInfo` * Use signature-stripped tag annotation content Update to version 2.54.0: * update test and remove logic to check SourceRepositoryOwnerURI is empty string * update test * minor fix * update test * added * handle attest case insensitivity * Fix missing variable * Use closure-scoped variable to catch `--remove-milestone` option * Use closure-scoped variable to catch `--remove-milestone` option * build(deps): bump github.com/google/go-containerregistry * Verify `--milestone` and `--remove-milestone` are not assignable at the same time * Assert correct parsing of `--remove-milestone` option * Verify `--body` and `--body-file` are not assignable at the same time * Add `--remove-milestone` option * Improve `--remove-milestone` option description * Point to `Editable.MilestoneId` method * build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 * Update sigstore-go in gh CLI to v0.5.1 (#9366) * Handle `--bare` clone targets (#9271) * Slightly clarify when CLI will exit with 4 * Export databaseId for releases * Alphabetise release json fields * Add test for release view json export fields * Expose fullDatabaseId for PR json export * Add examples for template usage in PR and issue creation * document exit code behavior * Update documentation for gh api PATCH * Exit with 1 on authentication failure * Verify `--milestone` and `--remove-milestone` are not assignable at the same time * Assert correct parsing of `--remove-milestone` option * Add `--remove-milestone` option * Remove unused expected `output` from test case (with `wantsErr: true`) * Verify `--body` and `--body-file` are not assignable at the same time * Remove attestation test that requires being online (#9340) * Remove redundant whitespace gh-2.55.0-bp156.2.9.1.src.rpm gh-2.55.0-bp156.2.9.1.x86_64.rpm gh-bash-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-fish-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-zsh-completion-2.55.0-bp156.2.9.1.noarch.rpm gh-2.55.0-bp156.2.9.1.i586.rpm gh-2.55.0-bp156.2.9.1.aarch64.rpm gh-2.55.0-bp156.2.9.1.ppc64le.rpm gh-2.55.0-bp156.2.9.1.s390x.rpm openSUSE-2024-279 moderate openSUSE Backports SLE-15-SP6 Update This update for python-Paste fixes the following issues: Update to 3.10.1: * Correct packaging and testing when not in a clean virtualenv version 3.10.0: * Move development to https://github.com/pasteorg/paste * Vendor cgi.FieldStorage and cgitb.Hook * More cleaning of Python 2 style code. update to 3.9.0: * misc bugs + please pyflakes * Remove unused format_environ method in watchthreads APP update to 3.8.0: * remove most python2 compatibility update to 3.7.1: * The main change for 3.7.0 and beyond is dropping support for Python 2. In the past it was possible to get Paste to work in Python 2 with some effort. That's now no longer possible. If Python 2 is required for some reason, use an older version of Paste. update to 3.6.1: * Turn on github action for tests on pull requests * Add a Makefile for simple automation Update to 3.5.3: * Use importlib instead of imp with Python 3. update to 3.5.2: * Fix py3 compatibility in paste.wsgilib.catch_errors (#70) * A Python 3 application might only define `__next__`, not `next`. Use `six.next` instead. * This is very similar to https://github.com/cdent/paste/pull/53, and was apparently missed there. update to 3.5.1: * Replace deprecated threading.currentThread, getName and setDaemon with threading.current_thread, name and daemon. update to 3.5.0: * Python 3 fixes to auth and wsgi.errors handling; notably making wsgi.errors text. Update to 3.4.6: * Explicit pkg_resource dependency to easy packaging. * Remove deprecated dependencies paste/fixture.py. * Update setup.py to work with setuptools 50.1.0+ update to 3.4.3: * Patch auth ticket to be python3 compatible. update to 3.4.2: * Correct sorting of items() in EvalHTMLFormatter. * Fix next in iterators in wsgilib.py. update to 3.4.0 * Python 3 updates for use of StringIO and auth_tkt.py. * Use six.BytesIO when reading wsgi.input. * Allow binding IPv6 address when starting a server. update to 3.2.6 * Correctly handle HEAD requests (to send empty body) when gzip encoding requested. * Use is_alive instead of isAlive for Python 3.9 compatibility. * Use encodebytes instead of deprecated encodestring. * Fix Python 2 and 3 compatibility for base64. update to 3.2.3: * Correct ``100 Continue`` in Python 3 * Avoid some reference cycles through tracebacks in httpserver.py Update to 3.2.0: * Ensure unicode URLs work in TestApp. * Make LimitedLengthFile file return empty bytes. * Protect against accidental close in FieldStorage. version update to 3.1.0 * Allow anything that can read() for a file-like response, not just a ``file`` instance. Update to v3.0.8: * Fix quoting of bytestrings Update to 3.0.7: * Write bytestrings when calling wsgi_write_chunk * Revert "Remove use of OpenSSL.tsafe, which links to OpenSSL.SSL update to 3.0.5: * Use correct variable when building message for exception * Remove use of OpenSSL.tsafe, which links to OpenSSL.SSL anyways. (#16) * Fix error on httpserver shutdown * Add support for limited testing with travis-ci * Merged in hroncok/paste/py37 (pull request #41) * Don't raise StopIteration from generator, return instead * Fix up testing after switch to pytest * Make iterators Python3-compatible * Don't raise StopIteration inside a generator * add link to read the docs to README * Prepare docs for publishing to RTFD * py3 fixes for form handling in paste.fixture (#8) * paste.fixture: fix form offset handling (#12) * Don't delete dict item while iterating over same dict (#14) * Enable coverage reporting via codecov (#10) - update to 2.0.3: * Add tests/test_httpserver.py * Fix improper commas in request headers in wsgi_environ * tests/test_httpserver.py: Use `email` module instead of `mimetools` * tests/test_httpserver.py: Add test_environ_with_multiple_values * Make get all values of a header work on both Python 2 and 3 * Make get_headers default to Python 3; fallback to Python 2 * Make utility function private: _get_headers * Fix Python 3 issue in paste/fixture.py * test_wsgirequest_charset: Use UTF-8 instead of iso-8859-1 * Replace cgi.parse_qsl w/ six.moves.urllib.parse.parse_sql * replace ``has_key`` method to ``in`` operator #9 * Don't display invalid error message when socket in use * Update docs/news.txt for 2.0.2 * Added tag 2.0.2 for changeset 53f5c2cd7f50 * Python 3: App must always return binary type. * Python 3: Always encode params if passed as text types * Python 3: Don't mangle strangely encoded input * Python 3: Use the same python interpreter for CGI scripts. * Python 3: add workarounds for cgi.FieldStorage * Python 3: avoid spurious warnings * Python 3: dict.items() doesn't return a list anymore * Python 3: ignore exception details in doctests * Python 3: let html_quote() and url() always return the same type * Python 3: use compatible print syntax in example text * Change six requirement to >=1.4.0 * tox.ini: Add py35 to envlist * Enable testing with pypy * tox.ini: Measure test coverage * paste.wsgilib.add_close: Add __next__ method * Add tests for `add_close` class * Uncomment/cleanup paste.wsgilib.app_close.__next__ * Check paste.wsgilib.add_close._closed * Make add_close.next() leverage add_close.__next__() update to version 2.0.1: * Fix setup.py for six dependency: move the six dependency from extras_require to install_requires * Port paste.proxy to Python 3 * Fix paste.exceptions.serial_number_generator.hash_identifier() on Python 3 * Fix paste.util.threadedprint.uninstall() * Add README.rst file - additional changes from version 2.0: * Experimental Python 3 support * paste now requires the six module * Drop support of Python 2.5 and older * Fixed egg:Paste#cgi * In paste.httpserver: give a 100 Continue response even when the server has been configured as an HTTP/1.0 server * Fixed parsing of paths beginning with multiple forward slashes * Add tox.ini to run tests with tox on Python 2.6, 2.7 and 3.4 - Initial version, obsoletes 'python-paste' python-Paste-3.10.1-bp156.2.1.src.rpm python311-Paste-3.10.1-bp156.2.1.noarch.rpm openSUSE-2024-278 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108) * CVE-2024-8362: Use after free in WebAudio * CVE-2024-7970: Out of bounds write in V8 chromedriver-128.0.6613.119-bp156.2.23.1.x86_64.rpm chromium-128.0.6613.119-bp156.2.23.1.src.rpm chromium-128.0.6613.119-bp156.2.23.1.x86_64.rpm chromedriver-128.0.6613.119-bp156.2.23.1.aarch64.rpm chromium-128.0.6613.119-bp156.2.23.1.aarch64.rpm openSUSE-2024-285 moderate openSUSE Backports SLE-15-SP6 Update This update for python-PasteDeploy fixes the following issues: Ship python-PasteDeploy version 2.1.1+git.1652668078.0f0697d. python-PasteDeploy-2.1.1+git.1652668078.0f0697d-bp156.2.1.src.rpm python311-PasteDeploy-2.1.1+git.1652668078.0f0697d-bp156.2.1.noarch.rpm openSUSE-2024-289 moderate openSUSE Backports SLE-15-SP6 Update This update for python-WebTest, python-WSGIProxy2 fixes the following issues: - python-WebTest ships in version 3.0.0. - python-WSGIProxy2 is shipped in version 0.5.1. python-WSGIProxy2-0.5.1-bp156.2.1.src.rpm python311-WSGIProxy2-0.5.1-bp156.2.1.noarch.rpm python-WSGIProxy2-test-0.5.1-bp156.2.1.src.rpm python-WebTest-3.0.0-bp156.2.1.src.rpm python-WebTest-doc-3.0.0-bp156.2.1.noarch.rpm python311-WebTest-3.0.0-bp156.2.1.noarch.rpm openSUSE-2024-286 moderate openSUSE Backports SLE-15-SP6 Update This update for python-ldap fixes the following issues: python-ldap is shipped in version 3.4.4. python-ldap-3.4.4-bp156.2.1.src.rpm python3-ldap-3.4.4-bp156.2.1.i586.rpm openSUSE-2024-284 moderate openSUSE Backports SLE-15-SP6 Update This update for python-maxminddb delivers the 2.2.0 version. python-maxminddb-2.2.0-bp156.2.1.src.rpm python3-maxminddb-2.2.0-bp156.2.1.x86_64.rpm python3-maxminddb-2.2.0-bp156.2.1.i586.rpm python3-maxminddb-2.2.0-bp156.2.1.aarch64.rpm python3-maxminddb-2.2.0-bp156.2.1.ppc64le.rpm python3-maxminddb-2.2.0-bp156.2.1.s390x.rpm openSUSE-2024-313 low openSUSE Backports SLE-15-SP6 Update This update of python-django-auth-ldap is delivered in version in version 4.0.0. python-django-auth-ldap-4.0.0-bp156.2.1.src.rpm python311-django-auth-ldap-4.0.0-bp156.2.1.noarch.rpm openSUSE-2024-315 low openSUSE Backports SLE-15-SP6 Update python3-Django is needed in Backports:SLE-15-SP6 after all (jsc#PED-8919) python-Django-2.2.28-bp156.3.1.src.rpm python3-Django-2.2.28-bp156.3.1.noarch.rpm openSUSE-2024-288 moderate openSUSE Backports SLE-15-SP6 Update This update ships python-geoip. python-geoip2-2.9.0-bp156.2.1.src.rpm python3-geoip2-2.9.0-bp156.2.1.noarch.rpm openSUSE-2024-295 moderate openSUSE Backports SLE-15-SP6 Update python-django-webtest is shipped in version 1.9.12. python-django-webtest-1.9.12-bp156.2.1.src.rpm python311-django-webtest-1.9.12-bp156.2.1.x86_64.rpm python311-django-webtest-1.9.12-bp156.2.1.aarch64.rpm python311-django-webtest-1.9.12-bp156.2.1.ppc64le.rpm python311-django-webtest-1.9.12-bp156.2.1.s390x.rpm openSUSE-2024-293 low openSUSE Backports SLE-15-SP6 Update This update for python-yq fixes the following issue: - Build with python 3.11 (bsc#1229853). python-yq-3.2.2-bp156.2.3.1.src.rpm python311-yq-3.2.2-bp156.2.3.1.noarch.rpm openSUSE-2024-296 moderate openSUSE Backports SLE-15-SP6 Update This update ships python3-Pillow 8.4.0. python3-Pillow-8.4.0-bp156.2.1.src.rpm python3-Pillow-8.4.0-bp156.2.1.x86_64.rpm python3-Pillow-tk-8.4.0-bp156.2.1.x86_64.rpm python3-Pillow-8.4.0-bp156.2.1.i586.rpm python3-Pillow-tk-8.4.0-bp156.2.1.i586.rpm python3-Pillow-8.4.0-bp156.2.1.aarch64.rpm python3-Pillow-tk-8.4.0-bp156.2.1.aarch64.rpm python3-Pillow-8.4.0-bp156.2.1.ppc64le.rpm python3-Pillow-tk-8.4.0-bp156.2.1.ppc64le.rpm python3-Pillow-8.4.0-bp156.2.1.s390x.rpm python3-Pillow-tk-8.4.0-bp156.2.1.s390x.rpm openSUSE-2024-297 moderate openSUSE Backports SLE-15-SP6 Update This update for lsyncd fixes the following issues: update to version 2.3.1 (2022-11-17): * multiple bugfixes, style fixes * add nix flake support * add support for tunnel commands * add support for batchSizeLimit * add -onepass option * add crontab support * support relative executable paths lsyncd-2.3.1-bp156.4.3.1.src.rpm lsyncd-2.3.1-bp156.4.3.1.x86_64.rpm lsyncd-2.3.1-bp156.4.3.1.i586.rpm lsyncd-2.3.1-bp156.4.3.1.aarch64.rpm lsyncd-2.3.1-bp156.4.3.1.ppc64le.rpm lsyncd-2.3.1-bp156.4.3.1.s390x.rpm openSUSE-2024-299 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Update to 1.28: * setup.py: include dependencies parsing requirements.txt * virtme-ng: fix typo in command help * virtme-configkernel: disable nvram support * configkernel: config comment cosmetics * configkernel: act more like kernel's make O=outdir * vng-run: get kdir from O=outdir * vng: propagate --verbose to configkernel * vng: alias --custom to --config * run.py: add a --qemu-opts='...' option bundling hint to help * init: Always create /run/tmp folder * Don't require ".git" to be a directory * Specify "refs/heads/__virtme__" in git push - Update to 1.27: * Introduce VNG_PACKAGE to force a proper packaging version virtme-ng v1.27 virtme-1.28-bp156.2.9.1.noarch.rpm virtme-1.28-bp156.2.9.1.src.rpm openSUSE-2024-301 moderate openSUSE Backports SLE-15-SP6 Update This update for timescaledb and orafce rebuilds them against the current releases of postgresql. postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.src.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.x86_64.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.src.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.x86_64.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.x86_64.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.i586.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.i586.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.i586.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.aarch64.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.aarch64.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.aarch64.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.ppc64le.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.ppc64le.rpm postgresql12-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql12-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql12-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql14-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-debuginfo-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql15-orafce-debugsource-4.1.1+git0.519b5b5-bp156.4.2.1.s390x.rpm postgresql13-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql13-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql13-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql14-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql15-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-debuginfo-2.14.0-bp156.2.2.1.s390x.rpm postgresql16-timescaledb-debugsource-2.14.0-bp156.2.2.1.s390x.rpm openSUSE-2024-302 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391) * CVE-2024-8636: Heap buffer overflow in Skia * CVE-2024-8637: Use after free in Media Router * CVE-2024-8638: Type Confusion in V8 * CVE-2024-8639: Use after free in Autofill chromedriver-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromedriver-debuginfo-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromium-128.0.6613.137-bp156.2.26.1.src.rpm chromium-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromium-debuginfo-128.0.6613.137-bp156.2.26.1.x86_64.rpm chromedriver-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromedriver-debuginfo-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromium-128.0.6613.137-bp156.2.26.1.aarch64.rpm chromium-debuginfo-128.0.6613.137-bp156.2.26.1.aarch64.rpm openSUSE-2024-303 moderate openSUSE Backports SLE-15-SP6 Update This update for htmldoc fixes the following issues: - CVE-2024-45508: Fixed an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node [boo#1230022]. htmldoc-1.9.16-bp156.3.3.1.src.rpm htmldoc-1.9.16-bp156.3.3.1.x86_64.rpm htmldoc-1.9.16-bp156.3.3.1.i586.rpm htmldoc-1.9.16-bp156.3.3.1.aarch64.rpm htmldoc-1.9.16-bp156.3.3.1.ppc64le.rpm htmldoc-1.9.16-bp156.3.3.1.s390x.rpm openSUSE-2024-309 moderate openSUSE Backports SLE-15-SP6 Update This update for emptyepsilon fixes the following issues: Version 2024.08.09: * Add a quick&dirty way to get callback errors * Clamp the warp and jump commands * fix voice path scenario 51 * fix voice path scenario 48 * Fix the wiggle console with just 1 text line emptyepsilon-2024.08.09-bp156.3.3.1.src.rpm emptyepsilon-2024.08.09-bp156.3.3.1.x86_64.rpm emptyepsilon-2024.08.09-bp156.3.3.1.aarch64.rpm emptyepsilon-2024.08.09-bp156.3.3.1.s390x.rpm openSUSE-2024-330 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account, trytond_stock, trytond_stock_supply fixes the following issues: Changes in tryton: - Version 6.0.43 - Bugfix Release Changes in trytond: - Version 6.0.52 - Bugfix Release Changes in trytond_stock_supply: - Version 6.0.9 - Bugfix Release Changes in trytond_stock: - Version 6.0.28 - Bugfix Release Changes in trytond_account: - Version 6.0.27 - Bugfix Release tryton-6.0.43-bp156.2.9.1.noarch.rpm tryton-6.0.43-bp156.2.9.1.src.rpm trytond-6.0.52-bp156.2.9.1.noarch.rpm trytond-6.0.52-bp156.2.9.1.src.rpm trytond_account-6.0.27-bp156.2.6.1.noarch.rpm trytond_account-6.0.27-bp156.2.6.1.src.rpm trytond_stock-6.0.28-bp156.2.3.1.noarch.rpm trytond_stock-6.0.28-bp156.2.3.1.src.rpm trytond_stock_supply-6.0.9-bp156.2.3.1.noarch.rpm trytond_stock_supply-6.0.9-bp156.2.3.1.src.rpm openSUSE-2024-308 moderate openSUSE Backports SLE-15-SP6 Update This update for python-ldap fixes the following issues: - Enable sle15_python_module_pythons (boo#1229549) python-ldap-3.4.4-bp156.5.1.src.rpm python311-ldap-3.4.4-bp156.5.1.x86_64.rpm python311-ldap-3.4.4-bp156.5.1.i586.rpm python311-ldap-3.4.4-bp156.5.1.aarch64.rpm python311-ldap-3.4.4-bp156.5.1.ppc64le.rpm python311-ldap-3.4.4-bp156.5.1.s390x.rpm openSUSE-2024-339 moderate openSUSE Backports SLE-15-SP6 Update This update for virtme fixes the following issues: - Update to 1.31: * Fix a packaging issue, after an attempt to modernize the build system we realized that we were not installing the bash completion file anymore, so we have temporarily reverted the change to cut this new release. See gh/arighi/virtme-ng#181 * Initial support to run virtme-ng on macOS - Update to 1.30: * Initial support for NVIDIA GPUs passthrough * Possibility to use pre-compiled -rc kernels from Ubuntu mainline builds * Possibility to use virtiofs natively on arm64 * Some improvements to run virtme-ng cross-architecture and cross-distro * Bug fixes - Workaround python packaging deficiency - Update to 1.29: * Minor packaging fix, addressing an issue where the requirements.txt file was missing from the source tarball published on PyPI. This won't affect anyone, unless you're trying to build virtme-ng directly from the tarball available on PyPI virtme-1.31-bp156.2.14.1.noarch.rpm virtme-1.31-bp156.2.14.1.src.rpm openSUSE-2024-319 moderate openSUSE Backports SLE-15-SP6 Update This update for coredns fixes the following issues: Update to version 1.11.3: * optimize the performance for high qps (#6767) * bump deps * Fix zone parser error handling (#6680) * Add alternate option to forward plugin (#6681) * fix: plugin/file: return error when parsing the file fails (#6699) * [fix:documentation] Clarify autopath README (#6750) * Fix outdated test (#6747) * Bump go version from 1.21.8 to 1.21.11 (#6755) * Generate zplugin.go correctly with third-party plugins (#6692) * dnstap: uses pointer receiver for small response writer (#6644) * chore: fix function name in comment (#6608) * [plugin/forward] Strip local zone from IPV6 nameservers (#6635) - fixes CVE-2023-30464 - fixes CVE-2023-28452 Update to upstream head (git commit #5a52707): * bump deps to address security issue CVE-2024-22189 * Return RcodeServerFailure when DNS64 has no next plugin (#6590) * add plusserver to adopters (#6565) * Change the log flags to be a variable that can be set prior to calling Run (#6546) * Enable Prometheus native histograms (#6524) * forward: respect context (#6483) * add client labels to k8s plugin metadata (#6475) * fix broken link in webpage (#6488) * Repo controlled Go version (#6526) * removed the mutex locks with atomic bool (#6525) Update to version 1.11.2: * rewrite: fix multi request concurrency issue in cname rewrite (#6407) * plugin/tls: respect the path specified by root plugin (#6138) * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333) * fix: make the codeowners link relative (#6397) * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351) * plugin/cache: key cache on Checking Disabled (CD) bit (#6354) * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395) * Add PITS Global Data Recovery Services as an adopter (#6304) * Handle UDP responses that overflow with TC bit with test case (#6277) * plugin/rewrite: add rcode as a rewrite option (#6204) - CVE-2024-0874: coredns: CD bit response is cached and served later - Update to version 1.11.1: * Revert “plugin/forward: Continue waiting after receiving malformed responses * plugin/dnstap: add support for “extra” field in payload * plugin/cache: fix keepttl parsing - Update to version 1.11.0: * Adds support for accepting DNS connections over QUIC (doq). * Adds CNAME target rewrites to the rewrite plugin. * Plus many bug fixes, and some security improvements. * This release introduces the following backward incompatible changes: + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice. + The bufsize plugin changed its default size limit value to 1232 + Some changes to forward plugin metrics. - Update to version 1.10.1: * Corrected architecture labels in multi-arch image manifest * A new plugin timeouts that allows configuration of server listener timeout durations * acl can drop queries as an action * template supports creating responses with extended DNS errors * New weighted policy in loadbalance * Option to serve original record TTLs from cache - Update to version 1.10.0: * core: add log listeners for k8s_event plugin (#5451) * core: log DoH HTTP server error logs in CoreDNS format (#5457) * core: warn when domain names are not in RFC1035 preferred syntax (#5414) * plugin/acl: add support for extended DNS errors (#5532) * plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602) * plugin/cache: add cache disable option (#5540) * plugin/cache: add metadata for wildcard record responses (#5308) * plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320) * plugin/cache: correct responses to Authenticated Data requests (#5191) * plugin/dnstap: add identity and version support for the dnstap plugin (#5555) * plugin/file: add metadata for wildcard record responses (#5308) * plugin/forward: enable multiple forward declarations (#5127) * plugin/forward: health_check needs to normalize a specified domain name (#5543) * plugin/forward: remove unused coredns_forward_sockets_open metric (#5431) * plugin/header: add support for query modification (#5556) * plugin/health: bypass proxy in self health check (#5401) * plugin/health: don't go lameduck when reloading (#5472) * plugin/k8s_external: add support for PTR requests (#5435) * plugin/k8s_external: resolve headless services (#5505) * plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461) * plugin/ready: reset list of readiness plugins on startup (#5492) * plugin/rewrite: add PTR records to supported types (#5565) * plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459) * plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462) * plugin/rewrite: support min and max TTL values (#5508) * plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460) * plugin/trace: read trace context info from headers for DOH (#5439) * plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957) * core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 * core: update golang.org/x/crypto to fix CVE-2022-27191 * plugin/acl: adding a check to parse out zone info * plugin/dnstap: support FQDN TCP endpoint * plugin/errors: add stacktrace option to log a stacktrace during panic recovery * plugin/template: return SERVFAIL for zone-match regex-no-match case coredns-1.11.3-bp156.4.3.1.src.rpm coredns-1.11.3-bp156.4.3.1.x86_64.rpm coredns-extras-1.11.3-bp156.4.3.1.noarch.rpm coredns-1.11.3-bp156.4.3.1.i586.rpm coredns-1.11.3-bp156.4.3.1.aarch64.rpm openSUSE-2024-311 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.58 (stable released 2024-09-17) (boo#1230678) * CVE-2024-8904: Type Confusion in V8 * CVE-2024-8905: Inappropriate implementation in V8 * CVE-2024-8906: Incorrect security UI in Downloads * CVE-2024-8907: Insufficient data validation in Omnibox * CVE-2024-8908: Inappropriate implementation in Autofill * CVE-2024-8909: Inappropriate implementation in UI chromedriver-129.0.6668.58-bp156.2.29.2.x86_64.rpm chromium-129.0.6668.58-bp156.2.29.2.src.rpm chromium-129.0.6668.58-bp156.2.29.2.x86_64.rpm chromedriver-129.0.6668.58-bp156.2.29.2.aarch64.rpm chromium-129.0.6668.58-bp156.2.29.2.aarch64.rpm openSUSE-2024-316 moderate openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: gh was updated to version 2.57.0: * Update go-gh to use api subdomains * Use api subdomains for commands using ghinstance package * Add test for extension install fallback to amd64 on darwin * suppress att verify output when no tty * add att verify test for custom OIDC issuer * build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 * Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available * This commit introduces tenancy aware attestation policy building. * use sigstore-go v0.6.2 * check specific err * check err in GetLocalAttestations * check for sigstore-go validation errs * get latest sigstore-go commit * handle os.PathError in GetLocalAttestations * Move non-integration test to different test file * print verify err * check for os.PathError * dont print err content * update bundle file parsing err messages * Expand active test cases * Added `--active` flag to the `gh auth status` command Update to version 2.56.0: * Check for nil values to prevent nil dereference panic * build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 * Update linux install to point to GPG troubleshoot * Revert "Remove note explaining 2 year old GPG ID change" * Remove note explaining 2 year old GPG ID change * Rename ProtobufBundle to Bundle * Upgrade to sigstore-go v0.6.1 * `gh attestation verify` handles empty JSONL files (#9541) * verify 2nd artifact without swapping order (#9532) * Improve the help message for -F (#9525) * build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 (#9518) * "offline" verification using the bundle of attestations without any additional handling of the file (#9523) * Drop surplus trailing space char in flag names in web * Remove `Internal` from `gh repo create` prompt when owner is not an org (#9465) * Fix doc typo for `repo sync` * Quote repo names consistently in `gh repo sync` stdout (#9491) * update error message * rename flag to bundle-from-oci * fix the trimming of log filenames for `gh run view` * Check http scheme as well * Always print URL scheme to stdout gh-2.57.0-bp156.2.12.1.src.rpm gh-2.57.0-bp156.2.12.1.x86_64.rpm gh-bash-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-debuginfo-2.57.0-bp156.2.12.1.x86_64.rpm gh-fish-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-zsh-completion-2.57.0-bp156.2.12.1.noarch.rpm gh-2.57.0-bp156.2.12.1.i586.rpm gh-debuginfo-2.57.0-bp156.2.12.1.i586.rpm gh-2.57.0-bp156.2.12.1.aarch64.rpm gh-debuginfo-2.57.0-bp156.2.12.1.aarch64.rpm gh-2.57.0-bp156.2.12.1.ppc64le.rpm gh-debuginfo-2.57.0-bp156.2.12.1.ppc64le.rpm gh-2.57.0-bp156.2.12.1.s390x.rpm gh-debuginfo-2.57.0-bp156.2.12.1.s390x.rpm openSUSE-2024-314 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964) * CVE-2024-9120: Use after free in Dawn * CVE-2024-9121: Inappropriate implementation in V8 * CVE-2024-9122: Type Confusion in V8 * CVE-2024-9123: Integer overflow in Skia - bump BR for nodejs to minimal 20.0 chromedriver-129.0.6668.70-bp156.2.32.1.x86_64.rpm chromium-129.0.6668.70-bp156.2.32.1.src.rpm chromium-129.0.6668.70-bp156.2.32.1.x86_64.rpm chromedriver-129.0.6668.70-bp156.2.32.1.aarch64.rpm chromium-129.0.6668.70-bp156.2.32.1.aarch64.rpm openSUSE-2024-321 moderate openSUSE Backports SLE-15-SP6 Update This update for read-edid fixes the following issues: - Drop libx86 support, it's no longer maintained in Factory. - Add wrapper for get-edid (boo#1219395) * default to not calling VBE BIOS which may crash * print a warning message when i2c-dev driver is not loaded read-edid-3.0.2-bp156.5.3.1.src.rpm read-edid-3.0.2-bp156.5.3.1.x86_64.rpm read-edid-3.0.2-bp156.5.3.1.i586.rpm openSUSE-2024-323 moderate openSUSE Backports SLE-15-SP6 Update This update for xfce4-dict fixes the following issues: Update to version 0.8.7 * panel-plugin: Drop submenu (#2) * panel-plugin: Add submenus to toggle search mode (#2) * panel-plugin: Reduce default text size * panel-plugin: Restore function of the button in text entry * Change log level (#17) * prefs: Add radio buttons to correct group * scan-build: Fix deadcode.DeadStores * scan-build: Add false positive file * I18n: Update po/LINGUAS list * build: Use XDT_VERSION_INIT and get rid of configure.ac.in * build: Switch from intltool to gettext * Translation Updates Update to version 0.8.6 * Use getaddrinfo(3) to support IPv6 DICT servers * Add icons at missing sizes, clean up SVG metadata xfce4-dict-0.8.7-bp156.2.3.1.src.rpm xfce4-dict-0.8.7-bp156.2.3.1.x86_64.rpm xfce4-dict-lang-0.8.7-bp156.2.3.1.noarch.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.x86_64.rpm xfce4-dict-0.8.7-bp156.2.3.1.aarch64.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.aarch64.rpm xfce4-dict-0.8.7-bp156.2.3.1.ppc64le.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.ppc64le.rpm xfce4-dict-0.8.7-bp156.2.3.1.s390x.rpm xfce4-panel-plugin-dict-0.8.7-bp156.2.3.1.s390x.rpm openSUSE-2024-411 moderate openSUSE Backports SLE-15-SP6 Update This update for libgarcon, libxfce4ui, libxfce4util, mousepad, ristretto, xfburn, xfce4-clipman-plugin, xfce4-kbdleds-plugin, xfce4-notifyd, xfce4-panel, xfce4-power-manager, xfce4-session, xfce4-settings, xfce4-taskmanager, xfce4-terminal fixes the following issues: libgarcon update to version 4.18.2 * garcon-gtk: Remove weak ref on GarconMenu on finalize() * Use target desktop files instead of symlinks (Fixes #1) * garcon-gtk: Avoid populating a wrong menu * garcon-gtk: Prevent use-after-free when loading garcon menu * Add icon at 64px, clean up SVG metadata * Translation Updates libxfce4ui update to version 4.18.6 * shortcuts-grabber: Remove filtering by level - Update to version 4.18.5 * build: Search for bind_textdomain_codeset in libintl too * sm-client: Reset SmcConnection when IceConnection is closed on error * docs: Improve xfce_sm_client_get() * shortcuts-grabber: Fix filtering by level * shortcuts-grabber: Simplify filtering by group * shortcuts-grabber: Variable renaming * shortcuts-grabber: Filter grabbing by key level * Detect keyboard shortcuts with only single modifier keys on key release * Translation Updates - Update to version 4.18.2 * Search for bind_textdomain_codeset in libintl too * xfce-rc: Add support for the LANGUAGE environment variable * Add missing config.h includes * Improve checksum calculation (#17) * xfce-rc: Document the fact that delimiter escaping is not supported * xfce-rc: Properly write translated entries when available * Update bug report address - Update to version 0.6.2 * history: Default to yes when user is asked to restore previous session * build: Search for bind_textdomain_codeset in libintl too * tests: Increase timeout a bit * tests: Check for pwait/pidwait * dialogs: Do not reuse text buffer to test encoding in save-as dialog * history: Remove dead code * history: Rework paste menu * Move paste history to mousepad-history.c * window: Fix GVariant management * Do not scroll text view when zooming in or out * file-monitoring: Delay emission of "externaly-modified" signal * Fix a typo in a comment, additionnal → additional. * Add icons at missing sizes, clean up SVG metadata * search: Properly reset current match * Translation Updates - Update to version 0.13.2 * Fix duplicate mnemonic in File menu * image_viewer: Add missing sanity check * Fix criticals about unset GIO attributes * viewer: Fix possible crash when closing while an image is loading * Ensure that file manager proxy creation is non-blocking * Add icons at missing sizes, clean up SVG metadata * Translation Updates - Update to version 0.7.2 * Fix help dialog opening on unintended keypresses - Update to version 0.7.1 * build: clang: Silence -Wcast-align * build: clang: Fix -Wmissing-noreturn * build: clang: Fix -Wuninitialized * build: clang: Fix -Wunused-but-set-variable * Simulate F1 accelerator for Help * Add Contents entry to Help menu * build: Fix autoconf warning * Add missing end tag to ui file * I18n: Update po/LINGUAS list * build: Use XDT_VERSION_INIT and get rid of configure.ac.in * build: Switch from intltool to gettext * Fix bashism in configure test * Add missing G_END_DECLS * Remove roles from about dialog * Look for toast and img extensions, not just iso * Fix segfault when settings file is readonly * Update README.md * Translation Updates - Update to version 1.6.6 * Use X11 clipboard manager from libxfce4ui if available * collector: Fix sanity check * history: Make search case-sensitive * actions: Update gimp command (Fixes #96) * build: Use system wlr-protocols if avail or fall back to submodule * clipboard-manager: Add missing static qualifier * build: Lower xfce4-dev-tools requirements to stable version * Fix xfce_titled_dialog_create_action_area() deprecation * build: Simplify and clarify X11/Wayland distinction * build: Define our own windowing macro instead of extending GDK's * build: Add check for gdk-wayland * Translation Updates - Re-generate xfce4-clipman-plugin-relax-x11-version.patch - Update to version 1.6.5 * wayland: Hide skip-action-on-key-down setting * wayland: Hide persistent-primary-clipboard setting * Add set-text action to plugin app to allow D-Bus calls * Add Wayland impl for clipboard-manager * Make clipboard manager an interface and add X11 impl * Rename x11-clipboard-manager to clipboard-manager * Move paste_on_activate() to common * Make X11 dependencies optional and guard X11 code paths * cleanup: Remove unused project files * cleanup: Remove useless variable assignment * tests: Add missing include * history-dialog: Fix memory leak * ui: Mark 2 strings translatable * history-dialog: Keep paste-on-activate in sync with the settings (V2) * settings: Fix tooltip text * status-icon: Enable tooltip * status-icon: Add missing sanity check * popup-clipman: Replace deprecated gdk_keyboard_grab() * Replace deprecated gtk_menu_popup() when possible * collector: Do not restore default clipboard if not really empty * menu: Fix translated string * Update URLs * Translation Updates - Add xfce4-clipman-plugin-relax-x11-version.patch - Update to version 0.3.0 * Ability to show/hide leds * Add missing x11 linker flags - update to 0.9.6: * Use shared_module() for panel plugin meson build * Fix menu being destroyed before item activation handlers running * Translation Updates - update to 0.9.5: * Add an option to set the minimum width of notification windows * Fix include issue with meson build * Only emblem the panel plugin icon when theme lacks the 'new' variant * Destroy and recreate the panel menu every time it's popped up * Add meson build files * Fix uninitialized field warning * Move NOTIFICATIONS_SPEC_VERSION out of the build system * Remove redundant positioning code from Wayland path * Use different layer-shell anchors on Wayland * build: clang: Silence -Wcast-align * common: Explicitly depend on gio-unix-2.0 * Fix positioning on Wayland in multi-monitor setups * Set output on layer-shell surface on Wayland * Fix active-monitor notification positioning on Wayland * Translation Updates - Rebase xfce4-notifyd-relax-x11-version.patch - update to 0.9.4: * Clarify why the symbolic icons don't go in symbolic/status * Fix icons directory names * Fall back to monitor 0 if no primary monitor set * Add a fallback for drawing the unread notification emblem * Remove redundant icon embleming code * Fix opacity on notification hover * Translation Updates - Update to version 4.18.6 * Do not use g_log_set_always_fatal() * launcher: Ensure default icon in empty launchers * build: Search for bind_textdomain_codeset in libintl too * Fix memory management of GTypeModules * pager: Avoid recursion in WnckScren signal handler * pager: Do not query workspace count if screen is not initialized * libxfce4panel: Fix custom menu items management * clock: Create monitor proxy asynchronously * Add missing G_BEGIN_DECLS * Translation Updates - Update to version 4.18.4 * power: Fix overall charge state calculation * systray-icon: Handle scroll events * Only show desktop files in Xfce * main: Add missing newline in version info * Remove outdated references to xfce-goodies * pm-helper: Add missing GError initialization * settings: Fix debug log * settings: Fix inconsistent ref values between ui and gobject * Fix initial state of "Handle brightness keys" switch in settings UI * Ungrab brightness keys when not handling them * Revert "Fix system-sleep-inactivity min value" * Fix system-sleep-inactivity min value * Translation Updates - Update to version 4.18.3 * power: Fix inhibition management * settings: Present window to the user when already opened * settings: Remove useless g_application_hold/release() * A review of signal handlers disconnection * Remove #ifdefs DEBUG * brightness: Rework min level management * Refactor XfpmBrightness * Remove useless logs * backlight: Adjust some spacing for consistency / readability * backlight: Return earlier when brightness key event should not be handled * backlight: fix "handle display brightness keys" setting * Simplify brightness level management (Fixes #139) * Add missing properties for panel plugin settings * Use same debug function everywhere (V2) * brightness: Silence more warnings * Fix previous commit (again) * Fix previous commit * Fix g_spawn*_sync() wait status management * brightness: Fix g_spawn() wait status management * Silence some more warnings * Update docs url * power: Fix memory leak * settings: Fix hidden widgets when !has_lcd_brightness * backlight: Fix xfconf warning about cancelled operation * Lower some warning levels * Use same debug function everywhere * Fix upower object management * plugin: Fix non unreffed objects on finalize * systray-icon: Fix "floating object" warning on finalize * systray-icon: Fix "invalid property" warnings * Suspend system if lock screen fails on lid close (Fixes #209) * Add energy rate into device details * power: Fix use of g_hash_table_get_values() * Fix light locker integration (Fixes #201) * Add app icon at 64px, 96px, clean up SVG metadata * Fix description for pending states. * Translation Updates - Update to version 4.18.4 * Explicitly depend on gio-unix-2.0 * Replace deprecated xfce_spawn_command_line_on_screen() * Add missing G_(BEGIN|END)_DECLS * Add xapp for Wallpaper and Screenshot in xfce-portals.conf * Add minimal xdg-desktop-portal conf file for Xfce (Fixes #181) * Ensure all various XDG_* etc. env vars are passed to DBus and systemd * Add missing export for XDG_CONFIG_HOME and XDG_CACHE_HOME * Clean up SVG icon metadata for 24px, 48px actions * Add action icons at 96px * Add icons at missing sizes, clean up SVG metadata * Translation Updates - Added xfce-portals.conf file. XDP 0.18.0 requires desktop and other environments to have their own portals.conf drop in file and this is a workaround until a better fix lands (boo#1215641) - Added xdg-current-desktop-xfce.desktop to autostart to ensure variable XDG_CURRENT_DESKTOP variable is properly exposed to systemd (boo#1215641) - Relax requirement of branding package version to prevent xfce4-branding-openSUSE breaking on Leap due to repos being out of sync (boo#1216470) - Update to version 4.18.6 * Revert "x11: displays: Disable new outputs if /Notify is set to "Do nothing"" - Update to version 4.18.5 * keyboard-settings: Escape markup characters in command tooltips * xfce-randr: Take RR_DoubleScan and RR_Interlace flags into account * display-settings: Better fit with the way GApplication works * display-settings: Fix xfconf warning * display-settings: Fix cairo surface management * Fix memory leaks around display_settings_get_profiles() * x11: displays: Fix use of deprecation macros * x11: displays: Disable new outputs if /Notify is set to "Do nothing" * Translation Updates - Update to version 4.18.4 * display-settings: Fix memory management of confirmation dialog * xfsettingsd: displays: Always do some actions on RRScreenChangeNotify * xfsettingsd: displays: Fix memory leak * settings-manager: Support absolute path as icon name * Replace deprecated xfce_spawn(_command_line)?_on_screen * appearance: Match more dark themes (fixes #495) * appearance: Check for presence of color-scheme key * Apply matching xfwm4 when the switch is clicked * displays: Lower warning level * Translation Updates - Update to version 1.5.7 * build: Fix -Wcast-align warning from clang * Fix UBSan errors * settings-dialog: Fix XtmRefreshRate memory leak * Dark mode for process-statusbar * Dark mode for process-monitor * Allow multiple instances via command line option. * Fix blurry app icons when UI scale > 1 * Use symbolic window picker icon in toolbar * Fix broken "show-legend" setting sync * Translation Updates - Update to version 1.1.3 * prefs-dialog: Fix wrong assert * screen: Fix wrong assert * Translation Updates - Update to version 1.1.2 * Update tooltip when hovering over a hyperlink * build: Align CFLAGS with LDADD * prefs-dialog: Add missing strings to translate (#222) * dropdown: Default dropdown-toggle-focus to false * Add runtime guard for XfceSMClient * build: Restrict XfceSMClient to X11 * Determine cwd on FreeBSD in a native way instead of using linprocfs * window: Remove weak ref on prefs dialog in finalize() * build: Get rid of #ifdef G_ENABLE_DEBUG * Do not reconnect accels when closing last tab * build: Lower xfce4-dev-tools requirements to stable version * search-dialog: Use xfce_titled_dialog_set_default_response() * Translation Updates * backport fix for "paste unsafe text" dialog not popping up (gxo#apps/xfce4-terminal#299) exo-4.18.0-bp156.3.2.1.src.rpm exo-data-4.18.0-bp156.3.2.1.x86_64.rpm exo-debuginfo-4.18.0-bp156.3.2.1.x86_64.rpm exo-debugsource-4.18.0-bp156.3.2.1.x86_64.rpm exo-devel-4.18.0-bp156.3.2.1.x86_64.rpm exo-lang-4.18.0-bp156.3.2.1.noarch.rpm exo-tools-4.18.0-bp156.3.2.1.x86_64.rpm exo-tools-debuginfo-4.18.0-bp156.3.2.1.x86_64.rpm libexo-2-0-4.18.0-bp156.3.2.1.x86_64.rpm libexo-2-0-debuginfo-4.18.0-bp156.3.2.1.x86_64.rpm libgarcon-1-0-4.18.2-bp156.4.3.1.x86_64.rpm libgarcon-4.18.2-bp156.4.3.1.src.rpm libgarcon-branding-upstream-4.18.2-bp156.4.3.1.noarch.rpm libgarcon-data-4.18.2-bp156.4.3.1.noarch.rpm libgarcon-devel-4.18.2-bp156.4.3.1.x86_64.rpm libgarcon-doc-4.18.2-bp156.4.3.1.noarch.rpm libgarcon-lang-4.18.2-bp156.4.3.1.noarch.rpm libxfce4kbd-private-3-0-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4kbd-private-3-0-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-2-0-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-2-0-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-4.18.6-bp156.2.3.1.src.rpm libxfce4ui-branding-upstream-4.18.6-bp156.2.3.1.noarch.rpm libxfce4ui-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-debugsource-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-devel-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-devel-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-doc-4.18.6-bp156.2.3.1.noarch.rpm libxfce4ui-lang-4.18.6-bp156.2.3.1.noarch.rpm libxfce4ui-tools-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4ui-tools-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm typelib-1_0-Libxfce4ui-2_0-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4util-4.18.2-bp156.3.3.1.src.rpm libxfce4util-debuginfo-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util-debugsource-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util-devel-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util-lang-4.18.2-bp156.3.3.1.noarch.rpm libxfce4util-tools-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util-tools-debuginfo-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util7-4.18.2-bp156.3.3.1.x86_64.rpm libxfce4util7-debuginfo-4.18.2-bp156.3.3.1.x86_64.rpm typelib-1_0-Libxfce4util-1_0-4.18.2-bp156.3.3.1.x86_64.rpm libmousepad0-0.6.2-bp156.2.3.1.x86_64.rpm libmousepad0-debuginfo-0.6.2-bp156.2.3.1.x86_64.rpm mousepad-0.6.2-bp156.2.3.1.src.rpm mousepad-0.6.2-bp156.2.3.1.x86_64.rpm mousepad-debuginfo-0.6.2-bp156.2.3.1.x86_64.rpm mousepad-debugsource-0.6.2-bp156.2.3.1.x86_64.rpm mousepad-devel-0.6.2-bp156.2.3.1.x86_64.rpm mousepad-lang-0.6.2-bp156.2.3.1.noarch.rpm ristretto-0.13.2-bp156.2.3.1.src.rpm ristretto-0.13.2-bp156.2.3.1.x86_64.rpm ristretto-debuginfo-0.13.2-bp156.2.3.1.x86_64.rpm ristretto-debugsource-0.13.2-bp156.2.3.1.x86_64.rpm ristretto-lang-0.13.2-bp156.2.3.1.noarch.rpm xfburn-0.7.2-bp156.3.3.1.src.rpm xfburn-0.7.2-bp156.3.3.1.x86_64.rpm xfburn-debuginfo-0.7.2-bp156.3.3.1.x86_64.rpm xfburn-debugsource-0.7.2-bp156.3.3.1.x86_64.rpm xfburn-lang-0.7.2-bp156.3.3.1.noarch.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.src.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.x86_64.rpm xfce4-clipman-plugin-debuginfo-1.6.6-bp156.2.3.1.x86_64.rpm xfce4-clipman-plugin-debugsource-1.6.6-bp156.2.3.1.x86_64.rpm xfce4-clipman-plugin-lang-1.6.6-bp156.2.3.1.noarch.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.src.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.x86_64.rpm xfce4-dev-tools-debuginfo-4.18.1-bp156.2.2.1.x86_64.rpm xfce4-dev-tools-debugsource-4.18.1-bp156.2.2.1.x86_64.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.src.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.x86_64.rpm xfce4-kbdleds-plugin-debuginfo-0.3.0-bp156.3.3.1.x86_64.rpm xfce4-kbdleds-plugin-debugsource-0.3.0-bp156.3.3.1.x86_64.rpm xfce4-kbdleds-plugin-lang-0.3.0-bp156.3.3.1.noarch.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.src.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.x86_64.rpm xfce4-notifyd-branding-upstream-0.9.6-bp156.2.3.1.noarch.rpm xfce4-notifyd-debuginfo-0.9.6-bp156.2.3.1.x86_64.rpm xfce4-notifyd-debugsource-0.9.6-bp156.2.3.1.x86_64.rpm xfce4-notifyd-lang-0.9.6-bp156.2.3.1.noarch.rpm libxfce4panel-2_0-4-4.18.6-bp156.2.3.1.x86_64.rpm libxfce4panel-2_0-4-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm typelib-1_0-Libxfce4panel-2_0-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-panel-4.18.6-bp156.2.3.1.src.rpm xfce4-panel-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-panel-branding-upstream-4.18.6-bp156.2.3.1.noarch.rpm xfce4-panel-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-panel-debugsource-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-panel-devel-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-panel-lang-4.18.6-bp156.2.3.1.noarch.rpm xfce4-panel-restore-defaults-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.src.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-power-manager-branding-upstream-4.18.4-bp156.2.3.1.noarch.rpm xfce4-power-manager-debuginfo-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-power-manager-debugsource-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-power-manager-lang-4.18.4-bp156.2.3.1.noarch.rpm xfce4-power-manager-plugin-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-power-manager-plugin-debuginfo-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-session-4.18.4-bp156.2.3.1.src.rpm xfce4-session-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-session-branding-upstream-4.18.4-bp156.2.3.1.noarch.rpm xfce4-session-debuginfo-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-session-debugsource-4.18.4-bp156.2.3.1.x86_64.rpm xfce4-session-lang-4.18.4-bp156.2.3.1.noarch.rpm xfce4-settings-4.18.6-bp156.2.3.1.src.rpm xfce4-settings-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-settings-branding-upstream-4.18.6-bp156.2.3.1.noarch.rpm xfce4-settings-color-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-settings-color-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-settings-debuginfo-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-settings-debugsource-4.18.6-bp156.2.3.1.x86_64.rpm xfce4-settings-lang-4.18.6-bp156.2.3.1.noarch.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.src.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.x86_64.rpm xfce4-taskmanager-debuginfo-1.5.7-bp156.2.3.1.x86_64.rpm xfce4-taskmanager-debugsource-1.5.7-bp156.2.3.1.x86_64.rpm xfce4-taskmanager-lang-1.5.7-bp156.2.3.1.noarch.rpm xfce4-terminal-1.1.3-bp156.2.3.1.src.rpm xfce4-terminal-1.1.3-bp156.2.3.1.x86_64.rpm xfce4-terminal-debuginfo-1.1.3-bp156.2.3.1.x86_64.rpm xfce4-terminal-debugsource-1.1.3-bp156.2.3.1.x86_64.rpm xfce4-terminal-lang-1.1.3-bp156.2.3.1.noarch.rpm libxfconf-0-3-4.18.3-bp156.3.2.1.x86_64.rpm libxfconf-0-3-debuginfo-4.18.3-bp156.3.2.1.x86_64.rpm libxfconf-devel-4.18.3-bp156.3.2.1.x86_64.rpm typelib-1_0-Xfconf-0-4.18.3-bp156.3.2.1.x86_64.rpm xfconf-4.18.3-bp156.3.2.1.src.rpm xfconf-4.18.3-bp156.3.2.1.x86_64.rpm xfconf-debuginfo-4.18.3-bp156.3.2.1.x86_64.rpm xfconf-debugsource-4.18.3-bp156.3.2.1.x86_64.rpm xfconf-lang-4.18.3-bp156.3.2.1.noarch.rpm xiccd-0.3.0-bp156.4.2.1.src.rpm xiccd-0.3.0-bp156.4.2.1.x86_64.rpm xiccd-debuginfo-0.3.0-bp156.4.2.1.x86_64.rpm xiccd-debugsource-0.3.0-bp156.4.2.1.x86_64.rpm exo-data-4.18.0-bp156.3.2.1.i586.rpm exo-debuginfo-4.18.0-bp156.3.2.1.i586.rpm exo-debugsource-4.18.0-bp156.3.2.1.i586.rpm exo-devel-4.18.0-bp156.3.2.1.i586.rpm exo-tools-4.18.0-bp156.3.2.1.i586.rpm exo-tools-debuginfo-4.18.0-bp156.3.2.1.i586.rpm libexo-2-0-4.18.0-bp156.3.2.1.i586.rpm libexo-2-0-debuginfo-4.18.0-bp156.3.2.1.i586.rpm libgarcon-1-0-4.18.2-bp156.4.3.1.i586.rpm libgarcon-devel-4.18.2-bp156.4.3.1.i586.rpm libxfce4kbd-private-3-0-4.18.6-bp156.2.3.1.i586.rpm libxfce4kbd-private-3-0-debuginfo-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-2-0-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-2-0-debuginfo-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-debuginfo-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-debugsource-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-devel-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-devel-debuginfo-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-tools-4.18.6-bp156.2.3.1.i586.rpm libxfce4ui-tools-debuginfo-4.18.6-bp156.2.3.1.i586.rpm typelib-1_0-Libxfce4ui-2_0-4.18.6-bp156.2.3.1.i586.rpm libxfce4util-debuginfo-4.18.2-bp156.3.3.1.i586.rpm libxfce4util-debugsource-4.18.2-bp156.3.3.1.i586.rpm libxfce4util-devel-4.18.2-bp156.3.3.1.i586.rpm libxfce4util-tools-4.18.2-bp156.3.3.1.i586.rpm libxfce4util-tools-debuginfo-4.18.2-bp156.3.3.1.i586.rpm libxfce4util7-4.18.2-bp156.3.3.1.i586.rpm libxfce4util7-debuginfo-4.18.2-bp156.3.3.1.i586.rpm typelib-1_0-Libxfce4util-1_0-4.18.2-bp156.3.3.1.i586.rpm libmousepad0-0.6.2-bp156.2.3.1.i586.rpm libmousepad0-debuginfo-0.6.2-bp156.2.3.1.i586.rpm mousepad-0.6.2-bp156.2.3.1.i586.rpm mousepad-debuginfo-0.6.2-bp156.2.3.1.i586.rpm mousepad-debugsource-0.6.2-bp156.2.3.1.i586.rpm mousepad-devel-0.6.2-bp156.2.3.1.i586.rpm ristretto-0.13.2-bp156.2.3.1.i586.rpm ristretto-debuginfo-0.13.2-bp156.2.3.1.i586.rpm ristretto-debugsource-0.13.2-bp156.2.3.1.i586.rpm xfburn-0.7.2-bp156.3.3.1.i586.rpm xfburn-debuginfo-0.7.2-bp156.3.3.1.i586.rpm xfburn-debugsource-0.7.2-bp156.3.3.1.i586.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.i586.rpm xfce4-clipman-plugin-debuginfo-1.6.6-bp156.2.3.1.i586.rpm xfce4-clipman-plugin-debugsource-1.6.6-bp156.2.3.1.i586.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.i586.rpm xfce4-dev-tools-debuginfo-4.18.1-bp156.2.2.1.i586.rpm xfce4-dev-tools-debugsource-4.18.1-bp156.2.2.1.i586.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.i586.rpm xfce4-kbdleds-plugin-debuginfo-0.3.0-bp156.3.3.1.i586.rpm xfce4-kbdleds-plugin-debugsource-0.3.0-bp156.3.3.1.i586.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.i586.rpm xfce4-notifyd-debuginfo-0.9.6-bp156.2.3.1.i586.rpm xfce4-notifyd-debugsource-0.9.6-bp156.2.3.1.i586.rpm libxfce4panel-2_0-4-4.18.6-bp156.2.3.1.i586.rpm libxfce4panel-2_0-4-debuginfo-4.18.6-bp156.2.3.1.i586.rpm typelib-1_0-Libxfce4panel-2_0-4.18.6-bp156.2.3.1.i586.rpm xfce4-panel-4.18.6-bp156.2.3.1.i586.rpm xfce4-panel-debuginfo-4.18.6-bp156.2.3.1.i586.rpm xfce4-panel-debugsource-4.18.6-bp156.2.3.1.i586.rpm xfce4-panel-devel-4.18.6-bp156.2.3.1.i586.rpm xfce4-panel-restore-defaults-4.18.6-bp156.2.3.1.i586.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.i586.rpm xfce4-power-manager-debuginfo-4.18.4-bp156.2.3.1.i586.rpm xfce4-power-manager-debugsource-4.18.4-bp156.2.3.1.i586.rpm xfce4-power-manager-plugin-4.18.4-bp156.2.3.1.i586.rpm xfce4-power-manager-plugin-debuginfo-4.18.4-bp156.2.3.1.i586.rpm xfce4-session-4.18.4-bp156.2.3.1.i586.rpm xfce4-session-debuginfo-4.18.4-bp156.2.3.1.i586.rpm xfce4-session-debugsource-4.18.4-bp156.2.3.1.i586.rpm xfce4-settings-4.18.6-bp156.2.3.1.i586.rpm xfce4-settings-color-4.18.6-bp156.2.3.1.i586.rpm xfce4-settings-color-debuginfo-4.18.6-bp156.2.3.1.i586.rpm xfce4-settings-debuginfo-4.18.6-bp156.2.3.1.i586.rpm xfce4-settings-debugsource-4.18.6-bp156.2.3.1.i586.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.i586.rpm xfce4-taskmanager-debuginfo-1.5.7-bp156.2.3.1.i586.rpm xfce4-taskmanager-debugsource-1.5.7-bp156.2.3.1.i586.rpm xfce4-terminal-1.1.3-bp156.2.3.1.i586.rpm xfce4-terminal-debuginfo-1.1.3-bp156.2.3.1.i586.rpm xfce4-terminal-debugsource-1.1.3-bp156.2.3.1.i586.rpm libxfconf-0-3-4.18.3-bp156.3.2.1.i586.rpm libxfconf-0-3-debuginfo-4.18.3-bp156.3.2.1.i586.rpm libxfconf-devel-4.18.3-bp156.3.2.1.i586.rpm typelib-1_0-Xfconf-0-4.18.3-bp156.3.2.1.i586.rpm xfconf-4.18.3-bp156.3.2.1.i586.rpm xfconf-debuginfo-4.18.3-bp156.3.2.1.i586.rpm xfconf-debugsource-4.18.3-bp156.3.2.1.i586.rpm xiccd-0.3.0-bp156.4.2.1.i586.rpm xiccd-debuginfo-0.3.0-bp156.4.2.1.i586.rpm xiccd-debugsource-0.3.0-bp156.4.2.1.i586.rpm exo-data-4.18.0-bp156.3.2.1.aarch64.rpm exo-debuginfo-4.18.0-bp156.3.2.1.aarch64.rpm exo-debugsource-4.18.0-bp156.3.2.1.aarch64.rpm exo-devel-4.18.0-bp156.3.2.1.aarch64.rpm exo-tools-4.18.0-bp156.3.2.1.aarch64.rpm exo-tools-debuginfo-4.18.0-bp156.3.2.1.aarch64.rpm libexo-2-0-4.18.0-bp156.3.2.1.aarch64.rpm libexo-2-0-debuginfo-4.18.0-bp156.3.2.1.aarch64.rpm libgarcon-1-0-4.18.2-bp156.4.3.1.aarch64.rpm libgarcon-devel-4.18.2-bp156.4.3.1.aarch64.rpm libxfce4kbd-private-3-0-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4kbd-private-3-0-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-2-0-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-2-0-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-debugsource-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-devel-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-devel-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-tools-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4ui-tools-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm typelib-1_0-Libxfce4ui-2_0-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4util-debuginfo-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util-debugsource-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util-devel-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util-tools-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util-tools-debuginfo-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util7-4.18.2-bp156.3.3.1.aarch64.rpm libxfce4util7-debuginfo-4.18.2-bp156.3.3.1.aarch64.rpm typelib-1_0-Libxfce4util-1_0-4.18.2-bp156.3.3.1.aarch64.rpm libmousepad0-0.6.2-bp156.2.3.1.aarch64.rpm libmousepad0-debuginfo-0.6.2-bp156.2.3.1.aarch64.rpm mousepad-0.6.2-bp156.2.3.1.aarch64.rpm mousepad-debuginfo-0.6.2-bp156.2.3.1.aarch64.rpm mousepad-debugsource-0.6.2-bp156.2.3.1.aarch64.rpm mousepad-devel-0.6.2-bp156.2.3.1.aarch64.rpm ristretto-0.13.2-bp156.2.3.1.aarch64.rpm ristretto-debuginfo-0.13.2-bp156.2.3.1.aarch64.rpm ristretto-debugsource-0.13.2-bp156.2.3.1.aarch64.rpm xfburn-0.7.2-bp156.3.3.1.aarch64.rpm xfburn-debuginfo-0.7.2-bp156.3.3.1.aarch64.rpm xfburn-debugsource-0.7.2-bp156.3.3.1.aarch64.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.aarch64.rpm xfce4-clipman-plugin-debuginfo-1.6.6-bp156.2.3.1.aarch64.rpm xfce4-clipman-plugin-debugsource-1.6.6-bp156.2.3.1.aarch64.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.aarch64.rpm xfce4-dev-tools-debuginfo-4.18.1-bp156.2.2.1.aarch64.rpm xfce4-dev-tools-debugsource-4.18.1-bp156.2.2.1.aarch64.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.aarch64.rpm xfce4-kbdleds-plugin-debuginfo-0.3.0-bp156.3.3.1.aarch64.rpm xfce4-kbdleds-plugin-debugsource-0.3.0-bp156.3.3.1.aarch64.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.aarch64.rpm xfce4-notifyd-debuginfo-0.9.6-bp156.2.3.1.aarch64.rpm xfce4-notifyd-debugsource-0.9.6-bp156.2.3.1.aarch64.rpm libxfce4panel-2_0-4-4.18.6-bp156.2.3.1.aarch64.rpm libxfce4panel-2_0-4-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm typelib-1_0-Libxfce4panel-2_0-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-panel-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-panel-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-panel-debugsource-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-panel-devel-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-panel-restore-defaults-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-power-manager-debuginfo-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-power-manager-debugsource-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-power-manager-plugin-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-power-manager-plugin-debuginfo-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-session-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-session-debuginfo-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-session-debugsource-4.18.4-bp156.2.3.1.aarch64.rpm xfce4-settings-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-settings-color-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-settings-color-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-settings-debuginfo-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-settings-debugsource-4.18.6-bp156.2.3.1.aarch64.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.aarch64.rpm xfce4-taskmanager-debuginfo-1.5.7-bp156.2.3.1.aarch64.rpm xfce4-taskmanager-debugsource-1.5.7-bp156.2.3.1.aarch64.rpm xfce4-terminal-1.1.3-bp156.2.3.1.aarch64.rpm xfce4-terminal-debuginfo-1.1.3-bp156.2.3.1.aarch64.rpm xfce4-terminal-debugsource-1.1.3-bp156.2.3.1.aarch64.rpm libxfconf-0-3-4.18.3-bp156.3.2.1.aarch64.rpm libxfconf-0-3-debuginfo-4.18.3-bp156.3.2.1.aarch64.rpm libxfconf-devel-4.18.3-bp156.3.2.1.aarch64.rpm typelib-1_0-Xfconf-0-4.18.3-bp156.3.2.1.aarch64.rpm xfconf-4.18.3-bp156.3.2.1.aarch64.rpm xfconf-debuginfo-4.18.3-bp156.3.2.1.aarch64.rpm xfconf-debugsource-4.18.3-bp156.3.2.1.aarch64.rpm xiccd-0.3.0-bp156.4.2.1.aarch64.rpm xiccd-debuginfo-0.3.0-bp156.4.2.1.aarch64.rpm xiccd-debugsource-0.3.0-bp156.4.2.1.aarch64.rpm exo-data-4.18.0-bp156.3.2.1.ppc64le.rpm exo-debuginfo-4.18.0-bp156.3.2.1.ppc64le.rpm exo-debugsource-4.18.0-bp156.3.2.1.ppc64le.rpm exo-devel-4.18.0-bp156.3.2.1.ppc64le.rpm exo-tools-4.18.0-bp156.3.2.1.ppc64le.rpm exo-tools-debuginfo-4.18.0-bp156.3.2.1.ppc64le.rpm libexo-2-0-4.18.0-bp156.3.2.1.ppc64le.rpm libexo-2-0-debuginfo-4.18.0-bp156.3.2.1.ppc64le.rpm libgarcon-1-0-4.18.2-bp156.4.3.1.ppc64le.rpm libgarcon-devel-4.18.2-bp156.4.3.1.ppc64le.rpm libxfce4kbd-private-3-0-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4kbd-private-3-0-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-2-0-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-2-0-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-debugsource-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-devel-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-devel-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-tools-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4ui-tools-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm typelib-1_0-Libxfce4ui-2_0-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4util-debuginfo-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util-debugsource-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util-devel-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util-tools-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util-tools-debuginfo-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util7-4.18.2-bp156.3.3.1.ppc64le.rpm libxfce4util7-debuginfo-4.18.2-bp156.3.3.1.ppc64le.rpm typelib-1_0-Libxfce4util-1_0-4.18.2-bp156.3.3.1.ppc64le.rpm libmousepad0-0.6.2-bp156.2.3.1.ppc64le.rpm libmousepad0-debuginfo-0.6.2-bp156.2.3.1.ppc64le.rpm mousepad-0.6.2-bp156.2.3.1.ppc64le.rpm mousepad-debuginfo-0.6.2-bp156.2.3.1.ppc64le.rpm mousepad-debugsource-0.6.2-bp156.2.3.1.ppc64le.rpm mousepad-devel-0.6.2-bp156.2.3.1.ppc64le.rpm ristretto-0.13.2-bp156.2.3.1.ppc64le.rpm ristretto-debuginfo-0.13.2-bp156.2.3.1.ppc64le.rpm ristretto-debugsource-0.13.2-bp156.2.3.1.ppc64le.rpm xfburn-0.7.2-bp156.3.3.1.ppc64le.rpm xfburn-debuginfo-0.7.2-bp156.3.3.1.ppc64le.rpm xfburn-debugsource-0.7.2-bp156.3.3.1.ppc64le.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.ppc64le.rpm xfce4-clipman-plugin-debuginfo-1.6.6-bp156.2.3.1.ppc64le.rpm xfce4-clipman-plugin-debugsource-1.6.6-bp156.2.3.1.ppc64le.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.ppc64le.rpm xfce4-dev-tools-debuginfo-4.18.1-bp156.2.2.1.ppc64le.rpm xfce4-dev-tools-debugsource-4.18.1-bp156.2.2.1.ppc64le.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.ppc64le.rpm xfce4-kbdleds-plugin-debuginfo-0.3.0-bp156.3.3.1.ppc64le.rpm xfce4-kbdleds-plugin-debugsource-0.3.0-bp156.3.3.1.ppc64le.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.ppc64le.rpm xfce4-notifyd-debuginfo-0.9.6-bp156.2.3.1.ppc64le.rpm xfce4-notifyd-debugsource-0.9.6-bp156.2.3.1.ppc64le.rpm libxfce4panel-2_0-4-4.18.6-bp156.2.3.1.ppc64le.rpm libxfce4panel-2_0-4-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm typelib-1_0-Libxfce4panel-2_0-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-panel-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-panel-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-panel-debugsource-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-panel-devel-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-panel-restore-defaults-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-power-manager-debuginfo-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-power-manager-debugsource-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-power-manager-plugin-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-power-manager-plugin-debuginfo-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-session-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-session-debuginfo-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-session-debugsource-4.18.4-bp156.2.3.1.ppc64le.rpm xfce4-settings-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-settings-color-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-settings-color-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-settings-debuginfo-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-settings-debugsource-4.18.6-bp156.2.3.1.ppc64le.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.ppc64le.rpm xfce4-taskmanager-debuginfo-1.5.7-bp156.2.3.1.ppc64le.rpm xfce4-taskmanager-debugsource-1.5.7-bp156.2.3.1.ppc64le.rpm xfce4-terminal-1.1.3-bp156.2.3.1.ppc64le.rpm xfce4-terminal-debuginfo-1.1.3-bp156.2.3.1.ppc64le.rpm xfce4-terminal-debugsource-1.1.3-bp156.2.3.1.ppc64le.rpm libxfconf-0-3-4.18.3-bp156.3.2.1.ppc64le.rpm libxfconf-0-3-debuginfo-4.18.3-bp156.3.2.1.ppc64le.rpm libxfconf-devel-4.18.3-bp156.3.2.1.ppc64le.rpm typelib-1_0-Xfconf-0-4.18.3-bp156.3.2.1.ppc64le.rpm xfconf-4.18.3-bp156.3.2.1.ppc64le.rpm xfconf-debuginfo-4.18.3-bp156.3.2.1.ppc64le.rpm xfconf-debugsource-4.18.3-bp156.3.2.1.ppc64le.rpm xiccd-0.3.0-bp156.4.2.1.ppc64le.rpm xiccd-debuginfo-0.3.0-bp156.4.2.1.ppc64le.rpm xiccd-debugsource-0.3.0-bp156.4.2.1.ppc64le.rpm exo-data-4.18.0-bp156.3.2.1.s390x.rpm exo-debuginfo-4.18.0-bp156.3.2.1.s390x.rpm exo-debugsource-4.18.0-bp156.3.2.1.s390x.rpm exo-devel-4.18.0-bp156.3.2.1.s390x.rpm exo-tools-4.18.0-bp156.3.2.1.s390x.rpm exo-tools-debuginfo-4.18.0-bp156.3.2.1.s390x.rpm libexo-2-0-4.18.0-bp156.3.2.1.s390x.rpm libexo-2-0-debuginfo-4.18.0-bp156.3.2.1.s390x.rpm libgarcon-1-0-4.18.2-bp156.4.3.1.s390x.rpm libgarcon-devel-4.18.2-bp156.4.3.1.s390x.rpm libxfce4kbd-private-3-0-4.18.6-bp156.2.3.1.s390x.rpm libxfce4kbd-private-3-0-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-2-0-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-2-0-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-debugsource-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-devel-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-devel-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-tools-4.18.6-bp156.2.3.1.s390x.rpm libxfce4ui-tools-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm typelib-1_0-Libxfce4ui-2_0-4.18.6-bp156.2.3.1.s390x.rpm libxfce4util-debuginfo-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util-debugsource-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util-devel-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util-tools-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util-tools-debuginfo-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util7-4.18.2-bp156.3.3.1.s390x.rpm libxfce4util7-debuginfo-4.18.2-bp156.3.3.1.s390x.rpm typelib-1_0-Libxfce4util-1_0-4.18.2-bp156.3.3.1.s390x.rpm libmousepad0-0.6.2-bp156.2.3.1.s390x.rpm libmousepad0-debuginfo-0.6.2-bp156.2.3.1.s390x.rpm mousepad-0.6.2-bp156.2.3.1.s390x.rpm mousepad-debuginfo-0.6.2-bp156.2.3.1.s390x.rpm mousepad-debugsource-0.6.2-bp156.2.3.1.s390x.rpm mousepad-devel-0.6.2-bp156.2.3.1.s390x.rpm ristretto-0.13.2-bp156.2.3.1.s390x.rpm ristretto-debuginfo-0.13.2-bp156.2.3.1.s390x.rpm ristretto-debugsource-0.13.2-bp156.2.3.1.s390x.rpm xfburn-0.7.2-bp156.3.3.1.s390x.rpm xfburn-debuginfo-0.7.2-bp156.3.3.1.s390x.rpm xfburn-debugsource-0.7.2-bp156.3.3.1.s390x.rpm xfce4-clipman-plugin-1.6.6-bp156.2.3.1.s390x.rpm xfce4-clipman-plugin-debuginfo-1.6.6-bp156.2.3.1.s390x.rpm xfce4-clipman-plugin-debugsource-1.6.6-bp156.2.3.1.s390x.rpm xfce4-dev-tools-4.18.1-bp156.2.2.1.s390x.rpm xfce4-dev-tools-debuginfo-4.18.1-bp156.2.2.1.s390x.rpm xfce4-dev-tools-debugsource-4.18.1-bp156.2.2.1.s390x.rpm xfce4-kbdleds-plugin-0.3.0-bp156.3.3.1.s390x.rpm xfce4-kbdleds-plugin-debuginfo-0.3.0-bp156.3.3.1.s390x.rpm xfce4-kbdleds-plugin-debugsource-0.3.0-bp156.3.3.1.s390x.rpm xfce4-notifyd-0.9.6-bp156.2.3.1.s390x.rpm xfce4-notifyd-debuginfo-0.9.6-bp156.2.3.1.s390x.rpm xfce4-notifyd-debugsource-0.9.6-bp156.2.3.1.s390x.rpm libxfce4panel-2_0-4-4.18.6-bp156.2.3.1.s390x.rpm libxfce4panel-2_0-4-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm typelib-1_0-Libxfce4panel-2_0-4.18.6-bp156.2.3.1.s390x.rpm xfce4-panel-4.18.6-bp156.2.3.1.s390x.rpm xfce4-panel-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm xfce4-panel-debugsource-4.18.6-bp156.2.3.1.s390x.rpm xfce4-panel-devel-4.18.6-bp156.2.3.1.s390x.rpm xfce4-panel-restore-defaults-4.18.6-bp156.2.3.1.s390x.rpm xfce4-power-manager-4.18.4-bp156.2.3.1.s390x.rpm xfce4-power-manager-debuginfo-4.18.4-bp156.2.3.1.s390x.rpm xfce4-power-manager-debugsource-4.18.4-bp156.2.3.1.s390x.rpm xfce4-power-manager-plugin-4.18.4-bp156.2.3.1.s390x.rpm xfce4-power-manager-plugin-debuginfo-4.18.4-bp156.2.3.1.s390x.rpm xfce4-session-4.18.4-bp156.2.3.1.s390x.rpm xfce4-session-debuginfo-4.18.4-bp156.2.3.1.s390x.rpm xfce4-session-debugsource-4.18.4-bp156.2.3.1.s390x.rpm xfce4-settings-4.18.6-bp156.2.3.1.s390x.rpm xfce4-settings-color-4.18.6-bp156.2.3.1.s390x.rpm xfce4-settings-color-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm xfce4-settings-debuginfo-4.18.6-bp156.2.3.1.s390x.rpm xfce4-settings-debugsource-4.18.6-bp156.2.3.1.s390x.rpm xfce4-taskmanager-1.5.7-bp156.2.3.1.s390x.rpm xfce4-taskmanager-debuginfo-1.5.7-bp156.2.3.1.s390x.rpm xfce4-taskmanager-debugsource-1.5.7-bp156.2.3.1.s390x.rpm xfce4-terminal-1.1.3-bp156.2.3.1.s390x.rpm xfce4-terminal-debuginfo-1.1.3-bp156.2.3.1.s390x.rpm xfce4-terminal-debugsource-1.1.3-bp156.2.3.1.s390x.rpm libxfconf-0-3-4.18.3-bp156.3.2.1.s390x.rpm libxfconf-0-3-debuginfo-4.18.3-bp156.3.2.1.s390x.rpm libxfconf-devel-4.18.3-bp156.3.2.1.s390x.rpm typelib-1_0-Xfconf-0-4.18.3-bp156.3.2.1.s390x.rpm xfconf-4.18.3-bp156.3.2.1.s390x.rpm xfconf-debuginfo-4.18.3-bp156.3.2.1.s390x.rpm xfconf-debugsource-4.18.3-bp156.3.2.1.s390x.rpm xiccd-0.3.0-bp156.4.2.1.s390x.rpm xiccd-debuginfo-0.3.0-bp156.4.2.1.s390x.rpm xiccd-debugsource-0.3.0-bp156.4.2.1.s390x.rpm openSUSE-2024-329 important openSUSE Backports SLE-15-SP6 Update This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.19: * Cancel button in SeaMonkey bookmarking star ui not working bug 1872623. * Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the one in toolkit bug 1896292. * Remove obsolete registerFactoryLocation calls from cZ bug 1870930. * Remove needless implements='nsIDOMEventListener' and QI bug 1611010. * Replace use of nsIStandardURL::Init bug 1864355. * Switch SeaMonkey website from hg.mozilla.org to heptapod. bug 1870934. * Allow view-image to open a data: URI by setting a flag on the loadinfo bug 1877001. * Save-link-as feature should use the loading principal and context menu using nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD bug 1879726. * Use punycode in SeaMonkey JS bug 1864287. * Font lists in preferences are no longer grouped by font type, port asynchronous handling like Bug 1399206 bug 1437393. * SeaMonkey broken tab after undo closed tab with invalid protocol bug 1885748. * SeaMonkey session restore is missing the checkboxes in the Classic theme bug 1896174. * Implement about:credits on seamonkey-project.org website bug 1898467. * Fix for the 0.0.0.0 day vulnerability oligo summary. * Link in update notification does not open Browser bug 1888364. * Update ReadExtensionPrefs in Preferences.cpp bug 1890196. * Add about:seamonkey page to SeaMonkey bug 1897801. * SeaMonkey 2.53.19 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.19 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.14 and Thunderbird 115.14 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. seamonkey-2.53.19-bp156.2.3.1.src.rpm seamonkey-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-dom-inspector-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-irc-2.53.19-bp156.2.3.1.x86_64.rpm seamonkey-2.53.19-bp156.2.3.1.i586.rpm seamonkey-dom-inspector-2.53.19-bp156.2.3.1.i586.rpm seamonkey-irc-2.53.19-bp156.2.3.1.i586.rpm openSUSE-2024-325 moderate openSUSE Backports SLE-15-SP6 Update This update for toolbox fixes the following issues: - Revert last change and update SLE/Leap Micro images to 5.5 (boo#1227328) - Update SLE/Leap Micro images from 5.4 to 6.0 (boo#1227328) - Update to version 2.3+git20240704.84ec25e: * toolbox: use correct container state tense in msg - Update to version 2.3+git20231030.3a6ef35: * Mount /dev/pts as mount type=devpts instead of --volume * fix typo creat -> create * Remove trailing whitespace * Fix bash error when container cannot be pulled toolbox-2.3+git20240704.84ec25e-bp156.4.3.1.noarch.rpm toolbox-2.3+git20240704.84ec25e-bp156.4.3.1.src.rpm openSUSE-2024-327 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 129.0.6668.89 (stable released 2024-09-24) (boo#1231232) * CVE-2024-7025: Integer overflow in Layout * CVE-2024-9369: Insufficient data validation in Mojo * CVE-2024-9370: Inappropriate implementation in V8 chromedriver-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromedriver-debuginfo-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromium-129.0.6668.89-bp156.2.35.1.src.rpm chromium-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromium-debuginfo-129.0.6668.89-bp156.2.35.1.x86_64.rpm chromedriver-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromedriver-debuginfo-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromium-129.0.6668.89-bp156.2.35.1.aarch64.rpm chromium-debuginfo-129.0.6668.89-bp156.2.35.1.aarch64.rpm openSUSE-2024-352 moderate openSUSE Backports SLE-15-SP6 Update This update for python-jupyterlab fixes the following issues: - Build the full pacakge with the javascript dependencies as a new source in vendor.tar.gz. - CVE-2024-43805: Fixed data access via malicious Markdown due to HTML injection leading to DOM clobbering (boo#1229914) jupyter-jupyterlab-2.2.10-bp156.3.3.1.noarch.rpm python-jupyterlab-2.2.10-bp156.3.3.1.src.rpm python3-jupyterlab-2.2.10-bp156.3.3.1.noarch.rpm openSUSE-2024-332 moderate openSUSE Backports SLE-15-SP6 Update This update for qbittorrent fixes the following issues: Update to version 5.0.0 (fixes boo#1231149) * New features: * Support creating .torrent with larger piece size * Improve tracker entries handling * Add separate filter item for tracker errors * Allow to remove tracker from tracker filter widget menu * Implement "Reannounce In" column * Expose "DHT bootstrap nodes" setting * Add support for Mark-of-the-Web (https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/) * Allow to keep unwanted files in separate folder * Add "Copy Comment" to the torrent list's context menu * Allow relative profile paths * Enable Ctrl+F hotkey for more inputs * Add seeding limits to RSS and Watched folders options UI * Subcategories implicitly follow the parent category options * Add option to name each qbittorrent instance * Add button for sending test email * Allow torrents to override default share limit action * Use Start/Stop instead of Resume/Pause * Add the Popularity metric * Focus on Download button if torrent link retrieved from the clipboard * Add ability to pause/resume entire BitTorrent session * Add an option to set BitTorrent session shutdown timeout * Apply "Excluded file names" to folder names as well * Allow to use regular expression to filter torrent content * Allow to move content files to Trash instead of deleting them * Add ability to display torrent "privateness" in UI * Add a flag in "Peers" tab denoting a connection using NAT hole punching * Bug fixes: * Display error message when unrecoverable error occurred * Update size of selected files when selection is changed * Normalize tags by trimming leading/trailing whitespace * Correctly handle share limits in torrent options dialog * Adjust tracker tier when adding additional trackers * Fix inconsistent naming between "Done/Progress" column * Sanitize peer client names * Apply share limits immediately when torrent downloading is finished * Show download progress for folders with zero byte size as 100 instead of 0 * Fix highlighted piece color * Apply "merge trackers" logic regardless of way the torrent is added * Web UI: * Improve WebUI responsiveness * Do not exit the app when WebUI has failed to start * Add "Moving" filter to side panel * Add dark theme * Allow to remember torrent content files deletion * Leave the fields empty when value is invalid * Use natural sorting * Improve WebUI login behavior * Conditionally show filters sidebar * Add support for running concurrent searches * Improve accuracy of trackers list * Fix error when category doesn't exist * Improve table scrolling and selection on mobile * Restore search tabs on load * Restore previously used tab on load * Increase default height of "Share ratio limit" dialog * Use enabled search plugins by default * Add columns "Incomplete Save Path", "Info Hash v1", "Info Hash v2" * Always create generic filter items * Provide "Use Category paths in Manual Mode" option * Provide "Merge trackers to existing torrent" option * Web API: * Fix wrong timestamp values * Send binary data with filename and mime type specified * Expose API for the torrent creator * Add support for SSL torrents * Provide endpoint for listing directory content * Provide "private" flag via "torrents/info" endpoint * Add a way to download .torrent file using search plugin * Add "private" filter for "torrents/info" endpoint * Add root_path to "torrents/info" result * RSS: * Show RSS feed title in HTML browser * Allow to set delay between requests to the same host * Search: * Allow users to specify Python executable path * Lazy load search plugins * Add date column to the built-in search engine * Allow to rearrange search tabs * Other changes: * Add support for systemd power management * Add support for localized man pages * Specify a locale if none is set * Drop support for Qt5, qmake, autotools * Minimum supported versions: Qt: 6.5, Boost: 1.76, OpenSSL: 3.0.2 * Switch to C++20 Update to version 4.6.7 * Bug fixes: * The updater will launch the link to the build variant you're currently using * Web UI: * RSS: The list of feeds wouldn't load for Apply Rule * Focus on Download button if torrent link retrieved from the clipboard Update to version 4.6.6 * Bug fixes: * Fix handling of tags containing '&' character * Show scroll bar in Torrent Tags dialog * Apply bulk changes to correct content widget items * Hide zero status filters when torrents are removed * Fix `Incomplete Save Path` cannot be changed for torrents without metadata * Web UI: * Correctly apply changed "save path" of RSS rules * Clear tracker list on full update * Other changes: * Update User-Agent string for internal downloader and search engines Update to version 4.6.5 * Bug fixes: * Prevent app from being closed when disabling system tray icon * Fix <kbd>Enter</kbd> key behavior in Add new torrent dialog * Prevent invalid status filter index from being used * Add extra offset for dialog frame * Don't overwrite stored layout of main window with incorrect one * Don't forget to resume "missing files" torrent when rechecking * Web UI: * Restore ability to use server-side translation by custom WebUI * Fix wrong peer number * Other: * Improve AppStream metadata qbittorrent-5.0.0-bp156.3.3.1.src.rpm qbittorrent-5.0.0-bp156.3.3.1.x86_64.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.x86_64.rpm qbittorrent-5.0.0-bp156.3.3.1.aarch64.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.aarch64.rpm qbittorrent-5.0.0-bp156.3.3.1.ppc64le.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.ppc64le.rpm qbittorrent-5.0.0-bp156.3.3.1.s390x.rpm qbittorrent-nox-5.0.0-bp156.3.3.1.s390x.rpm openSUSE-2024-336 moderate openSUSE Backports SLE-15-SP6 Update This update rebuilds libzypp-testsuite-tools against current libzypp. libzypp-testsuite-tools-5.0.5-bp156.3.2.1.src.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.x86_64.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.i586.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.aarch64.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.ppc64le.rpm libzypp-testsuite-tools-5.0.5-bp156.3.2.1.s390x.rpm openSUSE-2024-333 low openSUSE Backports SLE-15-SP6 Update Fix scanner search crash on startup ksanecore-23.08.5-bp156.2.3.1.src.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-devel-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-lang-23.08.5-bp156.2.3.1.noarch.rpm libKSaneCore1-23.08.5-bp156.2.3.1.x86_64.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.x86_64.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.i586.rpm ksanecore-devel-23.08.5-bp156.2.3.1.i586.rpm libKSaneCore1-23.08.5-bp156.2.3.1.i586.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.i586.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.aarch64.rpm ksanecore-devel-23.08.5-bp156.2.3.1.aarch64.rpm libKSaneCore1-23.08.5-bp156.2.3.1.aarch64.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.aarch64.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.ppc64le.rpm ksanecore-devel-23.08.5-bp156.2.3.1.ppc64le.rpm libKSaneCore1-23.08.5-bp156.2.3.1.ppc64le.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.ppc64le.rpm ksanecore-debugsource-23.08.5-bp156.2.3.1.s390x.rpm ksanecore-devel-23.08.5-bp156.2.3.1.s390x.rpm libKSaneCore1-23.08.5-bp156.2.3.1.s390x.rpm libKSaneCore1-debuginfo-23.08.5-bp156.2.3.1.s390x.rpm openSUSE-2024-335 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 129.0.6668.100 (boo#1231420) * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V8 chromedriver-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromedriver-debuginfo-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromium-129.0.6668.100-bp156.2.38.1.src.rpm chromium-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromium-debuginfo-129.0.6668.100-bp156.2.38.1.x86_64.rpm chromedriver-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromedriver-debuginfo-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromium-129.0.6668.100-bp156.2.38.1.aarch64.rpm chromium-debuginfo-129.0.6668.100-bp156.2.38.1.aarch64.rpm openSUSE-2025-3 important openSUSE Backports SLE-15-SP6 Update This update for etcd fixes the following issues: Update to version 3.5.12: * Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 * test: fix TestHashKVWhenCompacting: ensure all goroutine finished * print error log when creating peer listener failed * mvcc: Printing etcd backend database related metrics inside scheduleCompaction function * dependency: update go version to 1.20.13 * commit bbolt transaction if there is any pending deleting operations * add tests to test tx delete consistency. * Don't flock snapshot files * Backport adding digest for etcd base image. * Add a unit tests and missing flags in etcd help. * Add missing flag in etcd help. * Backport testutils.ExecuteUntil to 3.5 branch * member replace e2e test * Check if be is nil to avoid panic when be is overriden with nil by recoverSnapshotBackend on line 517 * Don't redeclare err and snapshot variable, fixing validation of consistent index and closing database on defer * test: enable gofail in release e2e test. * [3.5] backport health check e2e tests. * tests: Extract e2e cluster setup to separate package - Update to version 3.5.11: * etcdserver: add linearizable_read check to readyz. * etcd: Update go version to 1.20.12 * server: disable redirects in peer communication * etcdserver: add metric counters for livez/readyz health checks. * etcdserver: add livez and ready http endpoints for etcd. * http health check bug fixes * server: Split metrics and health code * server: Cover V3 health with tests * server: Refactor health checks * server: Run health check tests in subtests * server: Rename test case expect fields * server: Use named struct initialization in healthcheck test * Backport server: Don't follow redirects when checking peer urls. * Backport embed: Add tracing integration test. * Backport server: Have tracingExporter own resources it initialises. * Backport server: Add sampling rate to distributed tracing. * upgrade github.com/stretchr/testify,google.golang.org/genproto/googleapis/api,google.golang.org/grpc to make it consistent * CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 * github workflow: run arm64 tests on every push * etcd: upgrade go version from 1.20.10 to 1.20.11 * bump bbolt to 1.3.8 for etcd 3.5 * 3.5: upgrade gRPC-go to 1.58.3 * Backport corrupt check test fix "etcd server shouldn't wait for the ready notification infinitely on startup" * etcdserver: add cluster id check for hashKVHandler * [release-3.5]: upgrade gRPC-go to v1.52.0 * backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) * Return to default write scheduler since golang.org/x/net@v0.11.0 started using round robin * Bump go to v1.20.10 Part of https://github.com/etcd-io/etcd/issues/16740 * bump golang.org/x/net to 0.17.0 Part of https://github.com/etcd-io/etcd/issues/16740 * etcd: upgrade go version to 1.20.9 * Remove obsolete http 1.0 version. * fix:Ensure that go version is only defined in one file for release-3.5 * Fix panic in etcd validate secure endpoints * dependency: bump golang to 1.20.8 * Backport redirect metrics data into file to reduce output. * test.sh: increase timeout for grpcproxy test * test: add v3 curl test to cover maintenance hash/hashkv REST API * api: fix duplicate gateway url issue * pkg: add a verification on the pagebytes which must be > 0 * tests: Backport deflake for TestWatchDelay * tests: Backport deflake for TestPageWriterRandom * Backport adding unit test for socket options. * Backport export reuse-port and reuse-address * Fix goword failure in rafthttp/transport.go. * Backport update to golang 1.20 minor release. * bump go version to 1.19.12 * Update workflows to use makefile recipes for unit, integration & e2e-release. * Backport Makefile recipes for common test commands. * pkg/flags: fix UniqueURLs'Set to remove duplicates in UniqueURLs'uss * Backport fix to e2e release version identifcation. * Backport #14368 to v3.5 * Follow up https://github.com/etcd-io/etcd/pull/16068#discussion_r1263667496 * etcdserver: backport check scheduledCompactKeyName and finishedCompactKeyName before writing hash to release-3.5. * Backport #13577 Disable auth gracefully without impacting existing watchers. * bump go version to 1.19.11 to fix CVE GO-2023-1878 * clientv3: create keepAliveCtxCloser goroutine only if ctx can be canceled * [3.5] etcdutl: fix db double closed * clientv3: remove v3.WithFirstKey() in Barrier.Wait() * update etcdctl flag description for snapshot restores * etcdutl: update description for --mark-compacted and --bump-revision flags in snapshot restore command * Adding optional revision bump and mark compacted to snapshot restore * Revert "Merge pull request #16119 from natusameer/release-3.5" * Add e2e-arm64.yaml and tests-arm64.yaml to release-3.5 scheduled at 1.30 * Backport .github/workflows: Read .go-version as a step and not separate workflow. * Add first unit test for authApplierV3 * Early exit auth check on lease puts * remove stack log when etcdutl restore * etcdserver: fix corruption check when server has just been compacted * replace gobin with go install * [3.5] Backport updating go to latest patch release 1.19.10 * add compact hash check to help * Fix test of clientv3/naming * clientv3/naming/endpoints: fix endpoints prefix bug fixes bug with multiple endpoints with same prefix * grpcproxy: fix memberlist results not update when proxy node down - Update to version 3.5.9: * Move go version to dedicated .go-version file * tests: e2e and integration test for timetolive * etcdserver: protect lease timetilive with auth * Backport go update to latest patch release 1.19.9. * Backport centralising go version for actions workflows. * server: backport 15743, improved description of --initial-cluster-state flag - Update to version 3.5.8: * etcdserver: Guarantee order of requested progress notifications * etcdserver: verify field 'username' and 'revision' present when decoding a JWT token * set zap logging to wsproxy * security: remove password after authenticating the user * test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235 * bump golang to 1.19.8 * server/auth: disallow creating empty permission ranges * chore: enable strict mode for test CI * Fixes: #15266 All docker images of Architecture show amd64 * scripts: Add testing of etcd in local image in release workflow. * server: Fix defer function closure escape * tests: Test separate http port connection multiplexing * server: Add --listen-client-http-urls flag to allow running grpc server separate from http server * server: Pick one address that all grpc gateways connect to * server: Extract resolveUrl helper function * server: Separate client listener grouping from serving * refactor: Use proper variable names for urls * sever/auth: fix addUserWithNoOption of store_test * server/auth: fix auth panic bug when user changes password * Automated cherry-pick of #14860: Trigger release in current branch for github workflow case * server/embed: fix data race when start insecure grpc * server: Test watch restore * mvcc: update minRev when watcher stays synced * tests: Add v2 API to connection multiplexing test * tests: Add connection muiltiplexer testing * tests: Backport RunUtilCompletion * tests: Backport tls for etcdctl * tests: Extract e2e test utils * tests: Allow specifying http version in curl * tests: Refactor newClient args * tests: Refactor CURLPrefixArgs * Backport tls 1.3 support. * server: Switch back to random scheduler to improve resilience to watch starvation * test: Test etcd watch stream starvation under high read response load when sharing the same connection * tests: Allow configuring progress notify interval in e2e tests * Run go mod tidy * Updated go to 1.19.7. * Backport go_srcs_in_module changes and fix goword failures. * Formatted source code for go 1.19.6. * Bump to go 1.19.6 * Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. * test:enhance the test case TestV3WatchProgressOnMemberRestart * clientv3: correct the nextRev on receving progress notification response * etcdserver: add failpoints walBeforeSync and walAfterSync * Fix regression in timestamp resolution * upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies * bump github.com/stretchr/testify to v1.8.1 * bump bbolt to v1.3.7 for release-3.5 * netutil: consistently format ipv6 addresses * docker: remove nsswitch.conf - Update to version 3.5.7: * etcdserver: return membership.ErrIDNotFound when the memberID not found * etcdserver: process the scenaro of the last WAL record being partially synced to disk * update nsswitch.conf for 3.5 * 3.5: remove the dependency on busybox * Remove dependency on gobin * resolve build error: parameter may not start with quote character ' * remove .travis.yml * format the source code and tidy the dependencies using go 1.17.13 * bump go version to 1.17.13 * deps: bump golang.org/x/net to v0.4.0 to address CVEs * security: use distroless base image to address critical Vulnerabilities * cidc: specify the correct branch name of release-3.5 in workflow for trivy nightly scan * Add trivy nightly scan for release-3.5 * clientv3: revert the client side change in 14547 * client/pkg/v3: fixes Solaris build of transport * etcdserver: fix nil pointer panic for readonly txn * Fix go fmt error * [3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE * etcdserver: intentionally set the memberID as 0 in corruption alarm - Update to version 3.5.6: * release: build with consistent paths * client/pkg/fileutil: add missing logger to {Create,Touch}DirAll * test: add test case to cover the CommonName based authentication * test: add certificate with root CommonName * clientv3: do not refresh token when using TLS CommonName based authentication * etcdserver: call the OnPreCommitUnsafe in unsafeCommit * add range flag for delete in etcdctl * server: add more context to panic message * fix:close conn * clientv3: fix the design & implementation of double barrier * test: added e2e test case for issue 14571: etcd doesn't load auth info when recovering from a snapshot * etcdserver: call refreshRangePermCache on Recover() in AuthStore. #14574 * server: add a unit test case for authStore.Reocver() with empty rangePermCache * Backport #14591 to 3.5. * client/v3: Add backoff before retry when watch stream returns unavailable * etcdserver: added more debug log for the purgeFile goroutine * netutil: make a `raw` URL comparison part of the urlsEqual function * Apply suggestions from code review * netutil: add url comparison without resolver to URLStringsEqual * tests/Dockerfile: Switch to ubuntu 22.04 base * Makefile: Additional logic fix * *: avoid closing a watch with ID 0 incorrectly * tests: a test case for watch with auth token expiration * *: handle auth invalid token and old revision errors in watch * server/etcdmain: add configurable cipher list to gRPC proxy listener * Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4 - Update to version 3.5.5: * fix the flaky test fix_TestV3AuthRestartMember_20220913 for 3.5 * etcdctl: fix move-leader for multiple endpoints * testing: fix TestOpenWithMaxIndex cleanup * server,test: refresh cache on each NewAuthStore * server/etcdmain: add build support for Apple M1 * tests: Fix member id in CORRUPT alarm * server: Make corrtuption check optional and period configurable * server: Implement compaction hash checking * tests: Cover periodic check in tests * server: Refactor compaction checker * tests: Move CorruptBBolt to testutil * tests: Rename corruptHash to CorruptBBolt * tests: Unify TestCompactionHash and extend it to also Delete keys and Defrag * tests: Add tests for HashByRev HTTP API * tests: Add integration tests for compact hash * server: Cache compaction hash for HashByRev API * server: Extract hasher to separate interface * server: Remove duplicated compaction revision * server: Return revision range that hash was calcualted for * server: Store real rv range in hasher * server: Move adjusting revision to hasher * server: Pass revision as int * server: Calculate hash during compaction * server: Fix range in mock not returning same number of keys and values * server: Move reading KV index inside scheduleCompaction function * server: Return error from scheduleCompaction * server: Refactor hasher * server: Extract kvHash struct * server: Move unsafeHashByRev to new hash.go file * server: Extract unsafeHashByRev function * server: Test HashByRev values to make sure they don't change * server: Cover corruptionMonitor with tests * server: Extract corruption detection to dedicated struct * server: Extract triggerCorruptAlarm to function * move consistent_index forward when executing alarmList operation * fix the potential data loss for clusters with only one member * [backport 3.5] server: don't panic in readonly serializable txn * Backport of pull/14354 to 3.5.5 * Refactor the keepAliveListener and keepAliveConn * clientv3: close streams after use in lessor keepAliveOnce method * Change default sampling rate from 100% to 0% * Fix the failure in TestEndpointSwitchResolvesViolation * update all related dependencies * move setupTracing into a separate file config_tracing.go * etcdserver: bump OpenTelemetry to 1.0.1 * Change default sampling rate from 100% to 0% * server/auth: protect rangePermCache with a RW lock * Improve error message for incorrect values of ETCD_CLIENT_DEBUG * add e2e test cases to cover the maxConcurrentStreams * Add flag `--max-concurrent-streams` to set the max concurrent stream each client can open at a time * add the uint32Value data type * Client: fix check for WithPrefix op * client/v3: do not overwrite authTokenBundle on dial * restrict the max size of each WAL entry to the remaining size of the file * Add FileReader and FileBufReader utilities * Backport two lease related bug fixes to 3.5 * scripts: Detect staged files before building release * scripts: Avoid additional repo clone * Make DRY_RUN explicit * scripts: Add tests for release scripts * server/auth: enable tokenProvider if recoved store enables auth * Update golang.org/x/crypto to latest - Update to version 3.5.4: * Update conssitent_index when applying fails * Add unit test for canonical SRV records * Revert "trim the suffix dot from the srv.Target for etcd-client DNS lookup" - add variable ETCD_OPTIONS to both service unit and configuration file this allows the user to easily add things like "--enable-v2=true" - Update to version 3.5.3: https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.3 * clientv3: disable mirror auth test with proxy * cv3/mirror: Fetch the most recent prefix revision * set backend to cindex before recovering the lessor in applySnapshot * support linearizable renew lease * clientv3: filter learners members during autosync * etcdserver: upgrade the golang.org/x/crypto dependency * fix the data inconsistency issue by adding a txPostLockHook into the backend * server: Save consistency index and term to backend even when they decrease * server: Add verification of whether lock was called within out outside of apply * go.mod: Upgrade to prometheus/client_golang v1.11.1 * server: Use default logging configuration instead of zap production one * Fix offline defrag * backport 3.5: #13676 load all leases from backend * server/storage/backend: restore original bolt db options after defrag * always print raft term in decimal when displaying member list in json * enhance health check endpoint to support serializable request * trim the suffix dot from the srv.Target for etcd-client DNS lookup - Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported - Update etcd.conf variables - Add the new etcdutl into separate subpackage - Update to version 3.5.2: * Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254. * fix runlock bug * server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL * etcdserver,integration: Store remaining TTL on checkpoint * lease,integration: add checkpoint scheduling after leader change * set the backend again after recovering v3 backend from snapshot * *: implement a retry logic for auth old revision in the client * client/v3: refresh the token when ErrUserEmpty is received while retrying * server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers * storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6) - Update to version 3.5.1: * version: 3.5.1 * Dockerfile: bump debian bullseye-20210927 * client: Use first endpoint as http2 authority header * tests: Add grpc authority e2e tests * client: Add grpc authority header integration tests * tests: Allow configuring integration tests to use TCP * test: Use unique number for grpc port * tests: Cleanup member interface by exposing Bridge directly * tests: Make using bridge optional * tests: Rename grpcAddr to grpcURL to imply that it includes schema * tests: Remove bridge dependency on unix * Decouple prefixArgs from os.Env dependency * server: Ensure that adding and removing members handle storev2 and backend out of sync * Stop using tip golang version in CI * fix self-signed-cert-validity parameter cannot be specified in the config file * fix health endpoint not usable when authentication is enabled * workflows: remove ARM64 job for maintenance - Update to version 3.5.0: * See link below, diff is too big https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0 - Added hardening to systemd service(s) (boo#1181400) - Change to sysuser-tools to create system user - Update to version 3.4.16: * Backport-3.4 exclude alarms from health check conditionally * etcdserver/mvcc: update trace.Step condition * Backport-3.4 etcdserver/util.go: reduce memory when logging range requests * .travis,Makefile,functional: Bump go 1.12 version to v1.12.17 * integration: Fix 'go test --tags cluster_proxy --timeout=30m -v ./integration/...' * pkg/tlsutil: Adjust cipher suites for go 1.12 * Fix pkg/tlsutil (test) to not fail on 386. * bill-of-materials.json: Update golang.org/x/sys * .travis,test: Turn race off in Travis for go version 1.15 * integration : fix TestTLSClientCipherSuitesMismatch in go1.13 * vendor: Run go mod vendor * go.mod,go.sum: Bump github.com/creack/pty that includes patch * go.mod,go.sum: Comply with go v1.15 * etcdserver,wal: Convert int to string using rune() * integration,raft,tests: Comply with go v1.15 gofmt * .travis.yml: Test with go v1.15.11 * pkpkg/testutil/leak.go: Allowlist created by testing.runTests.func1 * vendor: Run go mod vendor * go.sum, go.mod: Run go mod tidy with go 1.12 * go.mod: Pin go to 1.12 version * etcdserver: fix incorrect metrics generated when clients cancel watches * integration: relax leader timeout from 3s to 4s * etcdserver: when using --unsafe-no-fsync write data * server: Added config parameter experimental-warning-apply-duration * etcdserver: Fix PeerURL validation - update etcd.service: avoid args from commandline and environment as it leads to start failure (boo#1183703) - Update to version 3.4.15: * [Backport-3.4] etcdserver/api/etcdhttp: log successful etcd server side health check in debug level * etcdserver: Fix 64 KB websocket notification message limit * vendor: bump gorilla/websocket * pkg/fileutil: fix F_OFD_ constants - Update to version 3.4.14: * pkg/netutil: remove unused "iptables" wrapper * tools/etcd-dump-metrics: validate exec cmd args * clientv3: get AuthToken automatically when clientConn is ready. * etcdserver: add ConfChangeAddLearnerNode to the list of config changes * integration: add flag WatchProgressNotifyInterval in integration test - Update to version 3.4.13: * pkg: file stat warning * Automated cherry pick of #12243 on release 3.4 * version: 3.4.12 * etcdserver: Avoid panics logging slow v2 requests in integration tests * version: 3.4.11 * Revert "etcdserver/api/v3rpc: "MemberList" never return non-empty ClientURLs" * *: fix backport of PR12216 * *: add experimental flag for watch notify interval * clientv3: remove excessive watch cancel logging * etcdserver: add OS level FD metrics * pkg/runtime: optimize FDUsage by removing sort * clientv3: log warning in case of error sending request * etcdserver/api/v3rpc: "MemberList" never return non-empty ClientURLs - Update to version 3.4.10 [CVE-2020-15106][boo#1174951]: * Documentation: note on data encryption * etcdserver: change protobuf field type from int to int64 (#12000) * pkg: consider umask when use MkdirAll * etcdmain: let grpc proxy warn about insecure-skip-tls-verify * etcdmain: fix shadow error * pkg/fileutil: print desired file permission in error log * pkg: Fix dir permission check on Windows * auth: Customize simpleTokenTTL settings. * mvcc: chanLen 1024 is to biger,and it used more memory. 128 seems to be enough. Sometimes the consumption speed is more than the production speed. * auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. * etcdmain: fix shadow error * doc: add TLS related warnings * etcdserver:FDUsage set ticker to 10 minute from 5 seconds. This ticker will check File Descriptor Requirements ,and count all fds in used. And recorded some logs when in used >= limit/5*4. Just recorded message. If fds was more than 10K,It's low performance due to FDUsage() works. So need to increase it. * clientv3: cancel watches proactively on client context cancellation * wal: check out of range slice in "ReadAll", "decoder" * etcdctl, etcdmain: warn about --insecure-skip-tls-verify options * Documentation: note on the policy of insecure by default * etcdserver: don't let InternalAuthenticateRequest have password * auth: a new error code for the case of password auth against no password user * Documentation: note on password strength * etcdmain: best effort detection of self pointing in tcp proxy * Discovery: do not allow passing negative cluster size * wal: fix panic when decoder not set * embed: fix compaction runtime err * pkg: check file stats * etcdserver, et al: add --unsafe-no-fsync flag * wal: add TestValidSnapshotEntriesAfterPurgeWal testcase * wal: fix crc mismatch crash bug * rafthttp: log snapshot download duration * rafthttp: improve snapshot send logging * *: make sure snapshot save downloads SHA256 checksum * etcdserver/api/snap: exclude orphaned defragmentation files in snapNames * etcdserver: continue releasing snap db in case of error * etcdserver,wal: fix inconsistencies in WAL and snapshot * cherry pick of #11564 (#11880) * mvcc: fix deadlock bug * auth: optimize lock scope for CheckPassword * auth: ensure RoleGrantPermission is compatible with older versions * etcdserver: print warn log when failed to apply request * auth: cleanup saveConsistentIndex in NewAuthStore * auth: print warning log when error is ErrAuthOldRevision * auth: add new metric 'etcd_debugging_auth_revision' * tools/etcd-dump-db: add auth decoder, optimize print format * *: fix auth revision corruption bug * etcdserver: watch stream got closed once one request is not permitted (#11708) * version: 3.4.7 * wal: add "etcd_wal_writes_bytes_total" * pkg/ioutil: add "FlushN" * test: auto detect branch when finding merge base * mvcc/kvstore:when the number key-value is greater than one million, compact take too long and blocks other requests * version: 3.4.6 * lease: fix memory leak in LeaseGrant when node is follower * version: 3.4.5 * words: whitelist "racey" * Revert "version: 3.4.5" * words: whitelist "hasleader" * version: 3.4.5 * etcdserver/api/v3rpc: handle api version metadata, add metrics * clientv3: embed api version in metadata * etcdserver/api/etcdhttp: log server-side /health checks * proxy/grpcproxy: add return on error for metrics handler * etcdctl: fix member add command * etcdserver: fix quorum calculation when promoting a learner member * etcdserver: corruption check via http * mvcc/backend: check for nil boltOpenOptions * mvcc/backend: Delete orphaned db.tmp files before defrag * auth: correct logging level * e2e: test curl auth on onoption user * auth: fix NoPassWord check when add user * auth: fix user.Options nil pointer * mvcc/kvstore:fixcompactbug * mvcc: update to "etcd_debugging_mvcc_total_put_size_in_bytes" * mvcc: add "etcd_mvcc_put_size_in_bytes" to monitor the throughput of put request. * clientv3: fix retry/streamer error message * etcdserver: wait purge file loop during shutdown * integration: disable TestV3AuthOldRevConcurrent * etcdserver: remove auth validation loop * scripts/release: list GPG key only when tagging is needed etcd-3.5.12-bp156.4.3.1.src.rpm etcd-3.5.12-bp156.4.3.1.x86_64.rpm etcdctl-3.5.12-bp156.4.3.1.x86_64.rpm etcdutl-3.5.12-bp156.4.3.1.x86_64.rpm etcd-3.5.12-bp156.4.3.1.aarch64.rpm etcdctl-3.5.12-bp156.4.3.1.aarch64.rpm etcdutl-3.5.12-bp156.4.3.1.aarch64.rpm etcd-3.5.12-bp156.4.3.1.ppc64le.rpm etcdctl-3.5.12-bp156.4.3.1.ppc64le.rpm etcdutl-3.5.12-bp156.4.3.1.ppc64le.rpm etcd-3.5.12-bp156.4.3.1.s390x.rpm etcdctl-3.5.12-bp156.4.3.1.s390x.rpm etcdutl-3.5.12-bp156.4.3.1.s390x.rpm openSUSE-2024-337 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.58 (boo#1231694) * CVE-2024-9954: Use after free in AI * CVE-2024-9955: Use after free in Web Authentication * CVE-2024-9956: Inappropriate implementation in Web Authentication * CVE-2024-9957: Use after free in UI * CVE-2024-9958: Inappropriate implementation in PictureInPicture * CVE-2024-9959: Use after free in DevTools * CVE-2024-9960: Use after free in Dawn * CVE-2024-9961: Use after free in Parcel Tracking * CVE-2024-9962: Inappropriate implementation in Permissions * CVE-2024-9963: Insufficient data validation in Downloads * CVE-2024-9964: Inappropriate implementation in Payments * CVE-2024-9965: Insufficient data validation in DevTools * CVE-2024-9966: Inappropriate implementation in Navigations chromedriver-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromedriver-debuginfo-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromium-130.0.6723.58-bp156.2.41.1.src.rpm chromium-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromium-debuginfo-130.0.6723.58-bp156.2.41.1.x86_64.rpm chromedriver-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromedriver-debuginfo-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromium-130.0.6723.58-bp156.2.41.1.aarch64.rpm chromium-debuginfo-130.0.6723.58-bp156.2.41.1.aarch64.rpm openSUSE-2024-338 moderate openSUSE Backports SLE-15-SP6 Update This update for hostapd fixes the following issues: hostapd was updated to 2024-07-20 / v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions hostapd-2.11-bp156.2.3.1.src.rpm hostapd-2.11-bp156.2.3.1.x86_64.rpm hostapd-2.11-bp156.2.3.1.i586.rpm hostapd-2.11-bp156.2.3.1.aarch64.rpm hostapd-2.11-bp156.2.3.1.ppc64le.rpm hostapd-2.11-bp156.2.3.1.s390x.rpm openSUSE-2024-342 moderate openSUSE Backports SLE-15-SP6 Update This update for lxc fixes the following issues: lxc was updated to 6.0.2: The LXC team is pleased to announce the release of LXC 6.0.2! This is the second bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Some of the highlights for this release are: - Reduced log level on some common messages - Fix compilation error on aarch64 * Detailed changelog - Remove unused function - idmap: Lower logging level of newXidmap tools to INFO - Exit 0 when there's no error - doc: Fix definitions of get_config_path and set_config_path - README: Update security contact - fix possible clang compile error in AARCH Update to 6.0.1: The LXC team is pleased to announce the release of LXC 6.0.1! This is the first bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Highlights - Fixed some build tooling issues - Fixed startup failures on system without IPv6 support - Updated AppArmor rules to avoid potential warnings Update to 6.0.0: The LXC team is pleased to announce the release of LXC 6.0 LTS! This is the result of two years of work since the LXC 5.0 release and is the sixth LTS release for the LXC project. This release will be supported until June 2029. * New multi-call binary¶ A new tools-multicall=true configuration option can be used to produce a single lxc binary which can then have all other lxc-XYZ commands be symlinked to. This allows for a massive disk space reduction, particularly useful for embedded platforms. * Add a set_timeout function to the library A new set_timeout function is available on the main lxc_container struct and allow for setting a global timeout for interactions with the LXC monitor. Prior to this, there was no timeout, leading to potential deadlocks as there's also no way to cancel an monitor request. As a result of adding this new symbol to the library, we have bumped the liblxc symbol version to 1.8.0. * LXC bridge now has IPV6 enabled The default lxcbr0 bridge now comes with IPv6 enabled by default, using an IPv6 ULA subnet. Support for uid/gid selection in lxc-usernsexec The lxc-usernsexec tool now has both -u and -g options to control what resulting UID and GID (respectively) the user wishes to use (defaulting to 0/0). * Improvements to lxc-checkconfig lxc-checkconfig now only shows the version if lxc-start is present (rather than failing). Additionally, it's seen a number of other cosmetic improvements as well as now listing the maximum number of allowed namespaces for every namespace type. * Support for squashfs OCI images The built-in oci container template can now handle squashfs compressed OCI images through the use of atomfs. * Switched from systemd's dbus to dbus-1 LXC now uses libdbus-1 for DBus interactions with systemd rather than using libsystemd. The reason for this change is that libdbus-1 is readily available for static builds. * Removed Upstart support Support for the Upstart init system has finally been removed from LXC. This shouldn't really affect anyone at this stage and allowed for cleaning up some logic and config files from our repository. liblxc-devel-6.0.2-bp156.2.3.1.x86_64.rpm liblxc1-6.0.2-bp156.2.3.1.x86_64.rpm lxc-6.0.2-bp156.2.3.1.src.rpm lxc-6.0.2-bp156.2.3.1.x86_64.rpm lxc-bash-completion-6.0.2-bp156.2.3.1.noarch.rpm lxc-ja-doc-6.0.2-bp156.2.3.1.noarch.rpm lxc-ko-doc-6.0.2-bp156.2.3.1.noarch.rpm pam_cgfs-6.0.2-bp156.2.3.1.x86_64.rpm liblxc-devel-6.0.2-bp156.2.3.1.i586.rpm liblxc1-6.0.2-bp156.2.3.1.i586.rpm lxc-6.0.2-bp156.2.3.1.i586.rpm pam_cgfs-6.0.2-bp156.2.3.1.i586.rpm liblxc-devel-6.0.2-bp156.2.3.1.aarch64.rpm liblxc1-6.0.2-bp156.2.3.1.aarch64.rpm lxc-6.0.2-bp156.2.3.1.aarch64.rpm pam_cgfs-6.0.2-bp156.2.3.1.aarch64.rpm liblxc-devel-6.0.2-bp156.2.3.1.ppc64le.rpm liblxc1-6.0.2-bp156.2.3.1.ppc64le.rpm lxc-6.0.2-bp156.2.3.1.ppc64le.rpm pam_cgfs-6.0.2-bp156.2.3.1.ppc64le.rpm liblxc-devel-6.0.2-bp156.2.3.1.s390x.rpm liblxc1-6.0.2-bp156.2.3.1.s390x.rpm lxc-6.0.2-bp156.2.3.1.s390x.rpm pam_cgfs-6.0.2-bp156.2.3.1.s390x.rpm openSUSE-2024-343 moderate openSUSE Backports SLE-15-SP6 Update This update for Botan fixes the following issues: - Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan. Botan-2.19.5-bp156.3.6.1.src.rpm Botan-2.19.5-bp156.3.6.1.x86_64.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm Botan-debugsource-2.19.5-bp156.3.6.1.x86_64.rpm Botan-doc-2.19.5-bp156.3.6.1.noarch.rpm libbotan-2-19-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-devel-2.19.5-bp156.3.6.1.x86_64.rpm python3-botan-2.19.5-bp156.3.6.1.x86_64.rpm Botan-2.19.5-bp156.3.6.1.i586.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.i586.rpm Botan-debugsource-2.19.5-bp156.3.6.1.i586.rpm libbotan-2-19-2.19.5-bp156.3.6.1.i586.rpm libbotan-2-19-32bit-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-32bit-debuginfo-2.19.5-bp156.3.6.1.x86_64.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.i586.rpm libbotan-devel-2.19.5-bp156.3.6.1.i586.rpm libbotan-devel-32bit-2.19.5-bp156.3.6.1.x86_64.rpm python3-botan-2.19.5-bp156.3.6.1.i586.rpm Botan-2.19.5-bp156.3.6.1.aarch64.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.aarch64.rpm Botan-debugsource-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-2-19-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-2-19-64bit-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm libbotan-2-19-64bit-debuginfo-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-devel-2.19.5-bp156.3.6.1.aarch64.rpm libbotan-devel-64bit-2.19.5-bp156.3.6.1.aarch64_ilp32.rpm python3-botan-2.19.5-bp156.3.6.1.aarch64.rpm Botan-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-debugsource-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-2-19-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.ppc64le.rpm libbotan-devel-2.19.5-bp156.3.6.1.ppc64le.rpm python3-botan-2.19.5-bp156.3.6.1.ppc64le.rpm Botan-2.19.5-bp156.3.6.1.s390x.rpm Botan-debuginfo-2.19.5-bp156.3.6.1.s390x.rpm Botan-debugsource-2.19.5-bp156.3.6.1.s390x.rpm libbotan-2-19-2.19.5-bp156.3.6.1.s390x.rpm libbotan-2-19-debuginfo-2.19.5-bp156.3.6.1.s390x.rpm libbotan-devel-2.19.5-bp156.3.6.1.s390x.rpm python3-botan-2.19.5-bp156.3.6.1.s390x.rpm openSUSE-2024-341 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.69 (boo#1232060) * CVE-2024-10229: Inappropriate implementation in Extensions * CVE-2024-10230: Type Confusion in V8 * CVE-2024-10231: Type Confusion in V8 chromedriver-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromedriver-debuginfo-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromium-130.0.6723.69-bp156.2.44.1.src.rpm chromium-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromium-debuginfo-130.0.6723.69-bp156.2.44.1.x86_64.rpm chromedriver-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromedriver-debuginfo-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromium-130.0.6723.69-bp156.2.44.1.aarch64.rpm chromium-debuginfo-130.0.6723.69-bp156.2.44.1.aarch64.rpm openSUSE-2024-353 moderate openSUSE Backports SLE-15-SP6 Update This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882) kmail-account-wizard-23.08.5-bp156.2.3.1.src.rpm kmail-account-wizard-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-debuginfo-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-debugsource-23.08.5-bp156.2.3.1.x86_64.rpm kmail-account-wizard-lang-23.08.5-bp156.2.3.1.noarch.rpm kmail-account-wizard-23.08.5-bp156.2.3.1.aarch64.rpm kmail-account-wizard-debuginfo-23.08.5-bp156.2.3.1.aarch64.rpm kmail-account-wizard-debugsource-23.08.5-bp156.2.3.1.aarch64.rpm openSUSE-2024-345 moderate openSUSE Backports SLE-15-SP6 Update This update for xsd fixes the following issues: - CVE-2024-50602: Fixed libexpat DoS via XML_ResumeParser in xsd (boo#1232580) xsd-4.1.0-bp156.5.3.1.src.rpm xsd-4.1.0-bp156.5.3.1.x86_64.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.x86_64.rpm xsd-debugsource-4.1.0-bp156.5.3.1.x86_64.rpm xsd-doc-4.1.0-bp156.5.3.1.noarch.rpm xsd-4.1.0-bp156.5.3.1.i586.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.i586.rpm xsd-debugsource-4.1.0-bp156.5.3.1.i586.rpm xsd-4.1.0-bp156.5.3.1.aarch64.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.aarch64.rpm xsd-debugsource-4.1.0-bp156.5.3.1.aarch64.rpm xsd-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-debugsource-4.1.0-bp156.5.3.1.ppc64le.rpm xsd-4.1.0-bp156.5.3.1.s390x.rpm xsd-debuginfo-4.1.0-bp156.5.3.1.s390x.rpm xsd-debugsource-4.1.0-bp156.5.3.1.s390x.rpm openSUSE-2024-354 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-wsi fixes the following issues: Version 2.1 * Support of sparse encoding of tiles in OpenSlide (notably for MIRAX format) * OrthancWSIDicomizer supports plain TIFF, besides hierarchical TIFF * New option: "--force-openslide" to force the use of OpenSlide on TIFF-like files * New option: "--padding" to control deep zoom of plain PNG/JPEG/TIFF images over IIIF * Added support for DICOM tag "Recommended Absent Pixel CIELab" (0048,0015) * Force version of Mirador to 3.3.0 * In the IIIF manifest, reverse the order of the "sizes" field, which seems to fix compatibility with Mirador v4.0.0-alpha orthanc-wsi-2.1-bp156.2.3.1.src.rpm orthanc-wsi-2.1-bp156.2.3.1.x86_64.rpm orthanc-wsi-2.1-bp156.2.3.1.aarch64.rpm orthanc-wsi-2.1-bp156.2.3.1.ppc64le.rpm orthanc-wsi-2.1-bp156.2.3.1.s390x.rpm openSUSE-2024-346 important openSUSE Backports SLE-15-SP6 Update This update for mosquitto fixes the following issues: - Update to latest release to address the following security issues: * CVE-2024-3935 (boo#1232635) * CVE-2024-10525 (boo#1232636) Update to version 2.0.20 Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers". - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Update to version 2.0.19 Security: * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Broker: * Fix assert failure when loading a persistence file that contains subscriptions with no client id. * Fix local bridges being incorrectly expired when persistent_client_expiration is in use. * Fix use of CLOCK_BOOTTIME for getting time. * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Client library: * Fix some error codes being converted to string as "unknown". * Clear SSL error state to avoid spurious error reporting. * Fix "payload format invalid" not being allowed as a PUBREC reason code. * Don't allow SUBACK with missing reason codes. Update to 2.0.18 (boo#1214918, CVE-2023-28366, boo#1215865, CVE-2023-0809, boo#1215864, CVE-2023-3592): * Fix crash on subscribe under certain unlikely conditions. * Fix mosquitto_rr not honouring `-R`. Closes #2893. * Fix `max_queued_messages 0` stopping clients from receiving messages. * Fix `max_inflight_messages` not being set correctly. * Fix `mosquitto_passwd -U` backup file creation. * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Broker will now reject Will messages that attempt to publish to $CONTROL/. * Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8. * Fix potential crash when loading invalid persistence file. * Library will no longer allow single level wildcard certificates, e.g. *.com * Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing. * Fix some retained topic memory not being cleared immediately after used. * Fix error handling related to the `bind_interface` option. * Fix std* files not being redirected when daemonising, when built with assertions removed. * Fix default settings incorrectly allowing TLS v1.1. * Use line buffered mode for stdout. * Fix bridges with non-matching cleansession/local_cleansession being expired on start after restoring from persistence * Fix connections being limited to 2048 on Windows. The limit is now 8192, where supported. * Broker will log warnings if sensitive files are world readable/writable, or if the owner/group is not the same as the user/group the broker is running as. In future versions the broker will refuse to open these files. * mosquitto_memcmp_const is now more constant time. * Only register with DLT if DLT logging is enabled. * Fix any possible case where a json string might be incorrectly loaded. This could have caused a crash if a textname or textdescription field of a role was not a string, when loading the dynsec config from file only. * Dynsec plugin will not allow duplicate clients/groups/roles when loading config from file, which matches the behaviour for when creating them. * Fix heap overflow when reading corrupt config with "log_dest file". * Use CLOCK_BOOTTIME when available, to keep track of time. This solves the problem of the client OS sleeping and the client hence not being able to calculate the actual time for keepalive purposes. * Fix default settings incorrectly allowing TLS v1.1. Closes * Fix high CPU use on slow TLS connect. * Fix incorrect topic-alias property value in mosquitto_sub json output. * Fix confusing message on TLS certificate verification. * mosquitto_passwd uses mkstemp() for backup files. * `mosquitto_ctrl dynsec init` will refuse to overwrite an existing file, without a race-condition. Update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing "out of memory" error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify the client/group if a new group/client being added is not valid. * Dynamic security: Fix the plugin being able to be loaded twice. Currently only a single plugin can interact with a unique $CONTROL topic. Using multiple instances of the plugin would produce duplicate entries in the config file. Closes #2601. Closes #2470. * Fix case where expired messages were causing queued messages not to be delivered. Closes #2609. * Fix websockets not passing on the X-Forwarded-For header. * Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl ctx not being initialised until starting to connect. Closes #2537. * Fix incorrect use of SSL_connect. Closes #2594. * Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564. * Add documentation of struct mosquitto_message to header. Closes #2561. * Fix documentation omission around mosquitto_reinitialise. Closes #2489. * Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463. * Fix failure to close thread in some situations. Closes #2545. * Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. * Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation. Update to version 2.0.14: Broker: * Fix bridge not respecting receive-maximum when reconnecting with MQTT v5. Client library: * Fix mosquitto_topic_matches_sub2() not using the length parameters. * Fix incorrect subscribe_callback in mosquittopp.h. Update to version 2.0.13: Broker: * Fix `max_keepalive` option not being able to be set to 0. * Fix LWT messages not being delivered if `per_listener_settings` was set to true. * Various fixes around inflight quota management. * Fix problem parsing config files with Windows line endings. * Don't send retained messages when a shared subscription is made * Fix client id not showing in log on failed connections, where possible. * Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. * Fix mosquitto_plugin.h not including mosquitto_broker.h. Client library: * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid closing invalid sockets in `mosquitto_destroy()` on error. Clients: - Fix date format in mosquitto_sub output. - Update to version 2.0.12 * Includes security fixes for CVE-2021-34434 (boo#1190048) and CVE-2020-13849 (boo#1190101) Security : * An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed. * Using certain listener related configuration options e.g. `cafile`, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes #2283. * CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access,the client would keep its existing subscription. This has been fixed. * Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed. Broker: * Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. * Fix `max_connections` option not being correctly counted. * Fix TLS certificates and TLS-PSK not being able to be configured at the same time. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. * Fix broker not quiting if e.g. the `password_file` is specified as a directory. Closes #2241. * Fix listener mount_point not being removed on outgoing messages. * Strict protocol compliance fixes, plus test suite. * Fix $share subscriptions not being recovered for durable clients that reconnect. * Update plugin configuration documentation. Closes #2286. Client library: * If a client uses TLS-PSK then force the default cipher list to use "PSK" ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without# verifying certificates, because they were not configured. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Apps: * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working. Clients: * Document TLS certificate behaviour when using `-p 8883`. Build: * Fix installation using WITH_TLS=no. Closes #2281. * Fix builds with libressl 3.4.0. Closes #2198. * Remove some unnecessary code guards related to libressl. * Fix printf format build warning on MIPS. Closes #2271. Update to version 2.0.11: Security: * If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. This has been fixed. Broker: * Fix possible crash having just upgraded from 1.6 if `per_listener_settings true` is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. * Fix bridge not reconnectng if the first reconnection attempt fails. * Improve QoS 0 outgoing packet queueing. * Fix QoS 0 messages not being queued when `queue_qos0_messages` was enabled. Clients: * If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. * Fix `mosquitto_pub -l` quitting if a message publication is attempted when the broker is temporarily unavailable. libmosquitto1-2.0.20-bp156.2.3.1.x86_64.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm libmosquittopp1-2.0.20-bp156.2.3.1.x86_64.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-2.0.20-bp156.2.3.1.src.rpm mosquitto-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-clients-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.x86_64.rpm mosquitto-devel-2.0.20-bp156.2.3.1.x86_64.rpm libmosquitto1-2.0.20-bp156.2.3.1.aarch64.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm libmosquittopp1-2.0.20-bp156.2.3.1.aarch64.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-clients-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.aarch64.rpm mosquitto-devel-2.0.20-bp156.2.3.1.aarch64.rpm libmosquitto1-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquittopp1-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-clients-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.ppc64le.rpm mosquitto-devel-2.0.20-bp156.2.3.1.ppc64le.rpm libmosquitto1-2.0.20-bp156.2.3.1.s390x.rpm libmosquitto1-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm libmosquittopp1-2.0.20-bp156.2.3.1.s390x.rpm libmosquittopp1-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-clients-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-clients-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-debuginfo-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-debugsource-2.0.20-bp156.2.3.1.s390x.rpm mosquitto-devel-2.0.20-bp156.2.3.1.s390x.rpm openSUSE-2024-358 moderate openSUSE Backports SLE-15-SP6 Update This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add "Simple pread/pwrite" disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable "Move to trash" option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle "torrent finished after move" event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream qbittorrent-5.0.1-bp156.3.6.1.src.rpm qbittorrent-5.0.1-bp156.3.6.1.x86_64.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.x86_64.rpm qbittorrent-5.0.1-bp156.3.6.1.aarch64.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.aarch64.rpm qbittorrent-5.0.1-bp156.3.6.1.ppc64le.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.ppc64le.rpm qbittorrent-5.0.1-bp156.3.6.1.s390x.rpm qbittorrent-nox-5.0.1-bp156.3.6.1.s390x.rpm openSUSE-2024-347 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Update to version 130.0.6723.91 (boo#1232566): - CVE-2024-10487: Out of bounds write in Dawn - CVE-2024-10488: Use after free in WebRTC chromedriver-130.0.6723.91-bp156.2.47.1.x86_64.rpm chromium-130.0.6723.91-bp156.2.47.1.src.rpm chromium-130.0.6723.91-bp156.2.47.1.x86_64.rpm chromedriver-130.0.6723.91-bp156.2.47.1.aarch64.rpm chromium-130.0.6723.91-bp156.2.47.1.aarch64.rpm openSUSE-2024-365 moderate openSUSE Backports SLE-15-SP6 Update This update for python3-djangorestframework, python3-djangorestframework-simplejwt, python3-pytest-django fixes the following issues: This update ships: - python3-pytest-django: in version 3.9.0 - python3-djangorestframework: in version 3.11.2. - python3-djangorestframework-simplejwt: in version 4.6.0 python3-djangorestframework-simplejwt-4.6.0-bp156.4.1.noarch.rpm python3-djangorestframework-simplejwt-4.6.0-bp156.4.1.src.rpm python3-djangorestframework-3.11.2-bp156.5.1.noarch.rpm python3-djangorestframework-3.11.2-bp156.5.1.src.rpm python3-pytest-django-3.9.0-bp156.4.1.noarch.rpm python3-pytest-django-3.9.0-bp156.4.1.src.rpm openSUSE-2024-360 moderate openSUSE Backports SLE-15-SP6 Update This update for AusweisApp fixes the following issues: - Enforce use of legacy OpenSSL API to be able to use smartcards. - New upstream release + Version 2.2.2 - Visual adjustments and optimization of the graphical user interface. - Optimization of accessibility and keyboard operability. - Addition of the Android ABIs armeabi-v7a and x86_64 in addition to arm64-v8a in the SDK. - New upstream release + Version 2.2.1 - Visual adjustments and optimization of the graphical user interface. - Optimization of accessibility and keyboard usability. - Prevention of the display of external content in the graphical user interface. - Support for smartphones with Android 15 where optimized memory management has been activated. - Support for 16 KB page sizes on Android. - Stabilization of the iOS SDK during fast restarts. - Correction of the behavior when using Qt 6.6.3. - Avoidance of a log file within the container in the container SDK. - Update of the Android NDK to r27b (27.1.12297006). - Update of the Android SDK Platform to Android 15 (API level 35). - Update of OpenSSL to version 3.3.2. - Add missing libQt6Svg6 runtime dependency to Requires - New upstream release + Version 2.2.0 - Visual adjustments and optimization of the graphical user interface. - Display of the old and new device name when using "Smartphone as card reader" if the name of a device has changed. - An information page has been added at the end of an authentication before forwarding to the service provider. - Increased the time allowed to respond to card commands on Android to support badges that have switched to a safe slow mode after too many incorrect CAN entries. - Improved accessibility options. - Support for Android 8 has been discontinued. - The "Smartphone as card reader" function now requires at least version 2.1.0. - Support for ChromeOS has been added. - Support for key lengths smaller than 3000 bits has been discontinued. - Changelog added to the documentation for the SDK. - Functional extension of the SDK (see changelog). - Update of Qt to version 6.7.2. - Update of OpenSSL to version 3.3.1. AusweisApp-2.2.2-bp156.5.1.src.rpm AusweisApp-2.2.2-bp156.5.1.x86_64.rpm AusweisApp-2.2.2-bp156.5.1.aarch64.rpm AusweisApp-2.2.2-bp156.5.1.ppc64le.rpm AusweisApp-2.2.2-bp156.5.1.s390x.rpm openSUSE-2024-364 important openSUSE Backports SLE-15-SP6 Update This update for virtualbox fixes the following issues: Update to release 7.1.4: * NAT: Fixed DHCP problems with certain guests when domain is empty * VMSVGA: Improved flickering, black screen and other screen update issues with recent Linux kernels * Linux Guest Additions: Introduce initial support for kernel 6.12 * EFI: Added missing LsiLogic MPT SCSI driver again to fix booting from devices attached to this device if the EFI firmware is used (7.1.0 regression) * EFI: Restored broken network boot support (7.1.0 regression) * Adressed CVE-2024-21248 [boo#1231735], CVE-2024-21273 [boo#1231736], CVE-2024-21259 [boo#1231737], CVE-2024-21263 [boo#1231738] - Make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225] Update to release 7.1: * The GUI now offers a selection between Basic and Experienced user level with reduced or full UI functionality. * VRDE: If user does not set up TLS with custom certificates, enable it with self-signed certificate, including issuing a new one before the old one expires * NAT: New engine with IPv6 support. * Linux host and guest: Added Wayland support for Clipboard sharing. - Changed license from Gpl-2.0 to Gpl-3.0 Version bump to VirtualBox 7.0.20 (released July 16 2024 by Oracle)) This is a maintenance release. The following items were fixed and/or added: - TPM: Fixed errors appearing the event viewer with Windows guests - macOS Hosts: Fixed passing USB devices to the VM (bug #21218) - Audio: Fixed recording with HDA emulation after newer Windows 10 / 11 guests got rebooted - USB: Fixed a deadlock in OHCI triggered when saving the current state of a VM or taking a snapshot (bug #22059) - Linux Guest and Host: Introduced initial support for OpenSuse 15.6 kernel - Linux Guest and Host: Introduced initial support for RHEL 9.5 kernel (bug #22099) - Guest Additions: Shared Clipboard: Fixed issue when extra new lines were pasted when copying text between Win and X11 (bug #21716) - UEFI Secure Boot: Add new Microsoft certificates to list for new VMs kbuild-0.1.9998+svn3613-bp156.2.3.1.src.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.x86_64.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.aarch64.rpm kbuild-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1.ppc64le.rpm openSUSE-2024-359 moderate openSUSE Backports SLE-15-SP6 Update This update for opi fixes the following issues: - Version 5.4.0 * Show key ID when importing or deleting package signing keys * Add option to install google-chrome-canary - Version 5.3.0 * Fix tests for new zypper version * fix doblue slash in packman repo url * Add Plugin to install Libation opi-5.4.0-bp156.2.9.1.noarch.rpm opi-5.4.0-bp156.2.9.1.src.rpm openSUSE-2024-361 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - Update to version 1.4.0~git2.770efa8: * Resolve incorrect handling of rhost in pam (#3171) - Update to version 1.4.0~git1.c297c3f: * Docker makefile latest * Release 1.4.0 * chore: Made oauth2 scopes required in CLI (#3165) * More "choosing a domain" revision (#3161) * Update missing inputmode numeric when adding a new TOTP. (#3160) * Improve OAuth2 authorisation ux (#3158) * Fix attribute scim sync attribute naming (#3159) * Change to text input and use numeric mode for TOTP prompts. (#3154) * Fix release note date and typos (#3153) * Release 1.4.0-pre * Release Notes (#3149) * Remove WASM (#3148) * Rewrite "choosing a domain", add other considerations (#3147) * Harmonize UI and remove unused css (#3033) * ripping out some extra packages (#3146) * OAuth2 Device flow foundations (#3098) * htmx by default (#3145) * Support reloading via systemd (#3144) * Chore: Refactor Groups to be more generic (#3136) * 20241024 1271 cert reload on SIGHUP (#3140) * Update docs, improve locking (#3141) * 2856 - use tags for containers on build (#3139) * Fix image when too smol (#3138) * yale's rabbit-hole-chasing-htmx-fixing-megapatch (#3135) * ipinfo should be single value (#3137) * Tidy the reauth ui (#3130) * Add missing schemas to get OpenAPI validation to pass. (#3129) * Change some OperationError into HTTP Bad Request (400). (#3125) * Bump the all group with 11 updates (#3127) * Bump the all group in /pykanidm with 5 updates (#3128) * Fill in some Swagger API docs for a few v1 endpoints. (#3126) * Diagram Improvements in Book (#3124) * Fix passkey auth flow redirects (#3123) * Improve handling of inaccesible shadow file (#3122) * Log HTTP Not Found (404) as info log level. (#3119) * more errors for the people (#3121) * 20241017 unixd home (#3113) * 20241017 3107 token ttl (#3114) * docs: Update kanidm_ppa instructions for new repo logic (#3117) * fix(lint) minor lint fix for unnecessary match use (#3118) * Totp input changes (#3115) * Add the strict flag on client creates for developers (#3111) * Working scim entry get for person (#3088) * Add nss testframework and fallback when daemon offline (#3093) * Improve deb packaging, add aarch64 (#3083) * Cache buster buster (#3091) * fix(http): status content type should be JSON (#3096) * Bump the all group across 1 directory with 7 updates (#3106) * Bump the all group across 1 directory with 10 updates (#3103) * 20241012 attr name SCIM fix (#3102) * Scim add EntryReference (#3079) * Bump the all group across 1 directory with 3 updates (#3094) * Fix Increment Replication Post Upgrade (#3089) * Remove white background from square logo (#3087) * Add support for group extension (#3081) * 20240921 ssh keys and unix password in credential update session (#3056) * Fix landing and redirect URLs for GitLab, add some useful links (#3055) * [htmx] Make it harder to miss the save button on the cred update page (#3013) * Add example Outline config (#3076) * 20240925 cleanups (#3060) * Add instructions for unlinking Homebrew Rust on macOS (#3085) * Don't reprompt for login when no session exists in cli (#3082) * Make good on some TechDebt (#3084) * Feat: Adding POSIX Password fallback (#3067) * Bump the all group across 1 directory with 13 updates (#3080) * Complete the implementation of the posix account cache (#3041) * 20240926 tech debt (#3066) * Fix migration of last mod cid (#3065) * Increase totp secret size (#3061) * Bump mozilla-actions/sccache-action from 0.0.5 to 0.0.6 in the all group (#3075) * Improve pipe handling on linux (#3069) * reformat oauth2 URL list, highlight legacy bits (#3062) * scim_proto: fix incorrect language tag (#3064) * Add ownCloud example config (#3059) * Add example config for JetBrains Hub / YouTrack (#3058) * Bump the all group with 8 updates (#3053) * Bump the all group in /pykanidm with 3 updates (#3054) * Document basic authenticating GitLab to Kanidm (#3050) * fix(doc): updating docker container ref (#3049) * Resolve incorrect SCIM Sync serialisation (#3047) * CLI image error nicening (#3037) * Add rfc7009 and rfc7662 metadata to oidc discovery (#3046) * More openapi tweaks (#3038) * Bump the all group with 6 updates (#3044) * Bump the all group in /pykanidm with 3 updates (#3043) * fix(docs): make it clearer that bearer auth is a thing (#3031) * implements additional traits for filter types (#3036) * 20240810 SCIM entry basic (#3032) * CreatedAt/ModifiedAt fix (#3034) * Pykanidm fixes (#3030) * 20240906 Attribute as an Enum Type (#3025) * Bump the all group with 9 updates (#3029) * Bump the all group in /pykanidm with 4 updates (#3028) * Credentials page/Self cred update flow UI improvements (#3012) * 20240828 Support Larger Images, Allow Custom Domain Icons (#3016) * MemberOf in search implies DirectMemberOf (#3024) * fix(kanidm): don't allow empty string fields on CLI (#3018) * Bump cryptography from 42.0.4 to 43.0.1 in /pykanidm in the pip group (#3023) * generate completions for elvish and fish (#3015) * Bump the all group with 4 updates (#3021) * Bump the all group in /pykanidm with 3 updates (#3022) * 20240820 SCIM value (#2992) * fix(daemon): handling IPv6 addresses in healthcheck (#3004) * fix(webui): Javascript errors after server-side update blocking login. Fixed after cache invalidating (#3011) * OAuth2 Token Type (#3008) * Bump the all group in /pykanidm with 4 updates (#3007) * Bump the all group with 8 updates (#3006) * Spattering of oauth2 stuff (#3000) * Doc multi instance (#2997) * Expose group rename (#2999) * feat: self cred update flow (#2995) * Better Error Message (#2998) * Add missing group for application admin (#2991) * enforcen den clippen (#2990) * 20240817 group mail acp (#2982) * 20240810 application passwords (#2968) * Bump the all group with 17 updates (#2986) * Bump the all group in /pykanidm with 3 updates (#2985) * Mail substr index (#2981) * Doc format, add api-token section (#2975) * [HTMX] small profile improvements (#2974) * Foundations of pam/nss multi resolver * TLS, no seriously. (#2963) * Update suse.md to avoid Authentication token manipulation error (#2973) * Add Alpine Linux installation instructions (#2871) * Bump the all group across 1 directory with 10 updates (#2966) * [HTMX] User settings (#2929) * Bump the all group in /pykanidm with 2 updates (#2965) * Docs updates (#2961) * Bump aiohttp from 3.10.0 to 3.10.2 in /pykanidm in the pip group (#2962) * Prevent bug in pam (#2960) * Improve migration error message (#2959) * Fix incorrect logic in cred update flow (#2956) * Docker-and-docs-fixes (#2954) * Bump the all group in /pykanidm with 5 updates (#2952) * Bump the all group with 10 updates (#2953) * Added orca flag to extend privileged authentication expiry (#2949) * In honour of SebaT, error on db lock acq timeout (#2947) * Add measurement of lock acquisition (#2946) * [htmx] Credential Update page (#2897) * Update to 1.4.0-dev (#2943) kanidm-1.4.0~git2.770efa8-bp156.7.1.src.rpm kanidm-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-clients-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-docs-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-server-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-unixd-clients-1.4.0~git2.770efa8-bp156.7.1.x86_64.rpm kanidm-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-clients-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-docs-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-server-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm kanidm-unixd-clients-1.4.0~git2.770efa8-bp156.7.1.aarch64.rpm openSUSE-2024-355 important openSUSE Backports SLE-15-SP6 Update This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 (boo#1231740, CVE-2024-21272) - WL#16452: Bundle all installable authentication plugins when building the C-extension - WL#16444: Drop build support for DEB packages - WL#16442: Upgrade gssapi version to 1.8.3 - WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors - WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support - WL#16307: Remove Python 3.8 support - WL#16306: Add support for Python 3.13 - BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers - BUG#37013057: mysql-connector-python Parameterized query SQL injection - BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host - BUG#36577957: Update charset/collation description indicate this is 16 bits - 9.0.0: - WL#16350: Update dnspython version - WL#16318: Deprecate Cursors Prepared Raw and Named Tuple - WL#16284: Update the Python Protobuf version - WL#16283: Remove OpenTelemetry Bundled Installation - BUG#36664998: Packets out of order error is raised while changing user in aio - BUG#36611371: Update dnspython required versions to allow latest 2.6.1 - BUG#36570707: Collation set on connect using C-Extension is ignored - BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES - BUG#36289767: MySQLCursorBufferedRaw does not skip conversion - 8.4.0 - WL#16203: GPL License Exception Update - WL#16173: Update allowed cipher and cipher-suite lists - WL#16164: Implement support for new vector data type - WL#16127: Remove the FIDO authentication mechanism - WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension - BUG#36227964: Improve OpenTelemetry span coverage - BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection - 8.3.0 - WL#16015: Remove use of removed COM_ commands - WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python - WL#15983: Stop using mysql_ssl_set api - WL#15982: Remove use of mysql_shutdown - WL#15950: Support query parameters for prepared statements - WL#15942: Improve type hints and standardize byte type handling - WL#15836: Split mysql and mysqlx into different packages - WL#15523: Support Python DB API asynchronous execution - BUG#35912790: Binary strings are converted when using prepared statements - BUG#35832148: Fix Django timezone.utc deprecation warning - BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments - BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS python-mysql-connector-python-9.1.0-bp156.4.3.1.src.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.x86_64.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.i586.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.aarch64.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.ppc64le.rpm python3-mysql-connector-python-9.1.0-bp156.4.3.1.s390x.rpm openSUSE-2024-362 moderate openSUSE Backports SLE-15-SP6 Update This update for stressapptest fixes the following issues: - Configure with --enable-default-optimizations to get the tool compiled with correct definitions (boo#1227462). - Update to v1.0.11 * Bugfixes and compiler compatibility updates. * LoongArch, MIPS support * aarch64 vector instruction support stressapptest-1.0.11-bp156.5.3.1.src.rpm stressapptest-1.0.11-bp156.5.3.1.x86_64.rpm stressapptest-1.0.11-bp156.5.3.1.i586.rpm stressapptest-1.0.11-bp156.5.3.1.aarch64.rpm stressapptest-1.0.11-bp156.5.3.1.ppc64le.rpm stressapptest-1.0.11-bp156.5.3.1.s390x.rpm openSUSE-2024-357 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 130.0.6723.116 (boo#1232843) - CVE-2024-10826: Use after free in Family Experiences - CVE-2024-10827: Use after free in Serial chromedriver-130.0.6723.116-bp156.2.50.1.x86_64.rpm chromium-130.0.6723.116-bp156.2.50.1.src.rpm chromium-130.0.6723.116-bp156.2.50.1.x86_64.rpm chromedriver-130.0.6723.116-bp156.2.50.1.aarch64.rpm chromium-130.0.6723.116-bp156.2.50.1.aarch64.rpm openSUSE-2024-366 moderate openSUSE Backports SLE-15-SP6 Update This update for python-PyPDF2 fixes the following issues: - CVE-2022-24859: Fixed infinite loop vulnerability (boo#1198588) python-PyPDF2-1.26.0-bp156.4.3.1.src.rpm python3-PyPDF2-1.26.0-bp156.4.3.1.noarch.rpm openSUSE-2024-368 low openSUSE Backports SLE-15-SP6 Update This update for keepassxc fixes the following issues: - drop runtime dependency on update-desktop-files keepassxc-2.7.9-bp156.2.6.1.src.rpm keepassxc-2.7.9-bp156.2.6.1.x86_64.rpm keepassxc-lang-2.7.9-bp156.2.6.1.noarch.rpm keepassxc-2.7.9-bp156.2.6.1.i586.rpm keepassxc-2.7.9-bp156.2.6.1.aarch64.rpm keepassxc-2.7.9-bp156.2.6.1.ppc64le.rpm keepassxc-2.7.9-bp156.2.6.1.s390x.rpm openSUSE-2024-372 important openSUSE Backports SLE-15-SP6 Update This update for icinga2 fixes the following issues: Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass (bsc#1233310). icinga2-2.13.10-bp156.4.3.1.src.rpm icinga2-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-bin-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-common-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-doc-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.x86_64.rpm nano-icinga2-2.13.10-bp156.4.3.1.x86_64.rpm vim-icinga2-2.13.10-bp156.4.3.1.x86_64.rpm icinga2-2.13.10-bp156.4.3.1.i586.rpm icinga2-bin-2.13.10-bp156.4.3.1.i586.rpm icinga2-common-2.13.10-bp156.4.3.1.i586.rpm icinga2-doc-2.13.10-bp156.4.3.1.i586.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.i586.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.i586.rpm nano-icinga2-2.13.10-bp156.4.3.1.i586.rpm vim-icinga2-2.13.10-bp156.4.3.1.i586.rpm icinga2-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-bin-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-common-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-doc-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.aarch64.rpm nano-icinga2-2.13.10-bp156.4.3.1.aarch64.rpm vim-icinga2-2.13.10-bp156.4.3.1.aarch64.rpm icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-bin-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-common-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-doc-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-ido-mysql-2.13.10-bp156.4.3.1.ppc64le.rpm icinga2-ido-pgsql-2.13.10-bp156.4.3.1.ppc64le.rpm nano-icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm vim-icinga2-2.13.10-bp156.4.3.1.ppc64le.rpm openSUSE-2025-5 moderate openSUSE Backports SLE-15-SP6 Update This update for webcamoid fixes the following issues: - Disable autoupdate (fixes boo#1196225) - Update to version 9.2.3 * Misc non-linux changes version 9.2.0: * Webcamoid ported to Qt6. * Added PipeWire video capture support. * Added Xlib screen capture plugin. * Added desktop capture using FFmpeg. * Added option to show or hide the mouse cursor on screen capture. * Qt screen capture plugin is now using QScreenCapture. * Added ColorKey plugin. * Added support for extended controls in V4L2. * Attend to screen orientation. * Fixed ARM 64 packages. * Fixed saving the selected camera format. * Added a debug log to the preferences dialog. * Added options for enabling/disabling interprocess optimizations. * Do not show the video outputs if the virtual camera is not supported. webcamoid-9.2.3-bp156.2.3.1.src.rpm webcamoid-9.2.3-bp156.2.3.1.x86_64.rpm webcamoid-debuginfo-9.2.3-bp156.2.3.1.x86_64.rpm webcamoid-debugsource-9.2.3-bp156.2.3.1.x86_64.rpm webcamoid-9.2.3-bp156.2.3.1.aarch64.rpm webcamoid-debuginfo-9.2.3-bp156.2.3.1.aarch64.rpm webcamoid-debugsource-9.2.3-bp156.2.3.1.aarch64.rpm webcamoid-9.2.3-bp156.2.3.1.ppc64le.rpm webcamoid-debuginfo-9.2.3-bp156.2.3.1.ppc64le.rpm webcamoid-debugsource-9.2.3-bp156.2.3.1.ppc64le.rpm openSUSE-2024-374 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311) * CVE-2024-11110: Inappropriate implementation in Blink. * CVE-2024-11111: Inappropriate implementation in Autofill. * CVE-2024-11112: Use after free in Media. * CVE-2024-11113: Use after free in Accessibility. * CVE-2024-11114: Inappropriate implementation in Views. * CVE-2024-11115: Insufficient policy enforcement in Navigation. * CVE-2024-11116: Inappropriate implementation in Paint. * CVE-2024-11117: Inappropriate implementation in FileSystem. chromedriver-131.0.6778.69-bp156.2.53.1.x86_64.rpm chromium-131.0.6778.69-bp156.2.53.1.src.rpm chromium-131.0.6778.69-bp156.2.53.1.x86_64.rpm chromedriver-131.0.6778.69-bp156.2.53.1.aarch64.rpm chromium-131.0.6778.69-bp156.2.53.1.aarch64.rpm openSUSE-2024-370 critical openSUSE Backports SLE-15-SP6 Update This update for cobbler fixes the following issues: Update to 3.3.7 * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited cobbler-3.3.7-bp156.2.6.1.noarch.rpm cobbler-3.3.7-bp156.2.6.1.src.rpm cobbler-tests-3.3.7-bp156.2.6.1.noarch.rpm cobbler-tests-containers-3.3.7-bp156.2.6.1.noarch.rpm openSUSE-2024-376 moderate openSUSE Backports SLE-15-SP6 Update This update for OpenBoard fixes the following issues: - update to release version 1.7.2 - switch from Qt5 to Qt6 - compatibility with ffmpeg-7 - compatibility with poppler OpenBoard-1.7.2-bp156.2.3.1.src.rpm OpenBoard-1.7.2-bp156.2.3.1.x86_64.rpm OpenBoard-1.7.2-bp156.2.3.1.aarch64.rpm openSUSE-2024-378 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 131.0.6778.85 (stable released 2024-11-19) (boo#1233534) * CVE-2024-11395: Type Confusion in V8 chromedriver-131.0.6778.85-bp156.2.56.1.x86_64.rpm chromium-131.0.6778.85-bp156.2.56.1.src.rpm chromium-131.0.6778.85-bp156.2.56.1.x86_64.rpm chromedriver-131.0.6778.85-bp156.2.56.1.aarch64.rpm chromium-131.0.6778.85-bp156.2.56.1.aarch64.rpm openSUSE-2024-379 moderate openSUSE Backports SLE-15-SP6 Update This update for iptraf-ng fixes the following issues: - Update to release 1.2.2 * serv.c: validate loading/saving/entry of port ranges * limit interface name lengths to IFNAMSIZ [CVE-2024-52949] iptraf-ng-1.2.2-bp156.4.3.1.src.rpm iptraf-ng-1.2.2-bp156.4.3.1.x86_64.rpm iptraf-ng-1.2.2-bp156.4.3.1.i586.rpm iptraf-ng-1.2.2-bp156.4.3.1.aarch64.rpm iptraf-ng-1.2.2-bp156.4.3.1.ppc64le.rpm iptraf-ng-1.2.2-bp156.4.3.1.s390x.rpm openSUSE-2024-383 moderate openSUSE Backports SLE-15-SP6 Update This update for tesseract-ocr fixes the following issues: Update to 5.5.0 - Fix TARGET_PDB_FILE error for static linking. in #4271 - Make regular usage of CMAKE_INSTALL_LIBDIR and GNUInstallDirs in #4272 - Ignore illegal TESSDATA_PREFIX (not existing filesystem entry, issue #4277) in #4278 - Fix confidence output for the PAGE XML renderer in #4283 - Set hOCR capabilities ocrp_dir and ocrp_lang unconditionally in #4301 - Reduce clock syscalls in #4303 - Calculate row bounding box in single-word mode per #4304 in #4305 - Replace access/_access by std::filesystem::exists in #4307 - Modernize code for list of available models in #4308 - Fix performance and other issues reported by Codacy in #4309 - Remove unnecessary assignment and assertions in #4313 - Update code for tprintf in #4306 - Add C++ stream for log messages and use it in two debug messages in #4314 - cmake: Correctly set the soversion based on SemVer properties in #4319 - Replace deprecated runner macos-12 by macos-latest in GitHub actions in #4326 - Modernize code for renderers and remove filename conversion for Windows in #4330 - Fix some typos and grammer issues in #4337 - Add GitHub action and Makefile target for Windows installer in #4341 - Support symbolic values for --oem and --psm options in #4344 - Replace some tprintf by tesserr stream (fixes Windows compiler warnings) in #4345 - Add RISC-V V support #4346 - Fix and improve Windows installer in #4348 - Remove Tensorflow support in #4350 - Update submodule googletest to release v1.15.2 in #4352 - Update to version 5.4.1: - Avoid FP overflow in NormEvidenceOf (fixes issue #4257) in #4259 - Update deprecated Node.js 16 GitHub actions in #4262 - Fix code style issues which were reported in #4263 - Fix some issues which were reported in #4266 - Fix more Codacy issues in #4267 - Several build fixes - Update to version 5.4.0: * Build fixes, code refactoring and other smaller changes. * Fix grey result of indexed PNG in pdfrenderer. * Rename frk -> deu_latf (ISO 639-3, ISO 15924). * Remove broken Dockerfile. * Fixes for several issues reported by Coverity Scan. * Remove unsupported OpenCL code and related API functions (#4220). * Facilitate vectorization for generic build (#4223). * Add PAGE XML renderer / export (#4214). * Support training without lstmf files. * Improve CCUtil::main_setup (fixes issue #4230 related to Coda). * Allow for text angle/gradient to be retrieved (#4070). * Fix setup of datadir on installations with Conda (issue #4230) (#4240) * Fix FP exception in Wordrec::angle_change (issue #4242) (#4243) * Small build fixes and code improvements - Disable opencl support due to boo#1213370 libtesseract5-5.5.0-bp156.2.3.1.x86_64.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-5.5.0-bp156.2.3.1.src.rpm tesseract-ocr-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.x86_64.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.x86_64.rpm libtesseract5-5.5.0-bp156.2.3.1.aarch64.rpm libtesseract5-64bit-5.5.0-bp156.2.3.1.aarch64_ilp32.rpm libtesseract5-64bit-debuginfo-5.5.0-bp156.2.3.1.aarch64_ilp32.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.aarch64.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.aarch64.rpm libtesseract5-5.5.0-bp156.2.3.1.ppc64le.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.ppc64le.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.ppc64le.rpm libtesseract5-5.5.0-bp156.2.3.1.s390x.rpm libtesseract5-debuginfo-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-debuginfo-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-debugsource-5.5.0-bp156.2.3.1.s390x.rpm tesseract-ocr-devel-5.5.0-bp156.2.3.1.s390x.rpm openSUSE-2024-384 moderate openSUSE Backports SLE-15-SP6 Update This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templates + ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates + ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server + ZBXNEXT-8657 Updated Zabbix health templates with new visualization Templates + ZBXNEXT-9143 Added index on auditlog recordsetid Server + ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type support to Zabbix agent 2 Smart plugin Agent + ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux and Windows templates, removed fuzzytime triggers from active agent templates Templates + ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server + ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server + ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server + ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets Templates - Bug Fixes + BX-24947 Fixed PHP runtime errors while processing frontend notifications Frontend + ZBX-24824 Improved loadable plugin connection broker Agent + ZBX-24583 Fixed inability to export/import web scenario with digest authentication API + ZBX-23905 Fixed double scroll in script dialogs Frontend + ZBX-18767 Fixed word breaks in flexible text input fields and trigger expressions Frontend + ZBX-24909 Fixed resolving of macro functions in the "Item value" widget Frontend + ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates + ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates + ZBX-24524 Fixed "New values per second" statistic to include dependent items in calculation Proxy Server + ZBX-24821 Made 'execute_on' value being recorded in audit only for shell scripts Server + ZBX-23312 Fixed discovery edit form being saved incorrectly after dcheck update Frontend + ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by HTTP template Templates + ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping when database is read-only Proxy Server + ZBX-23936 Fixed state and styling of readonly fields Frontend + ZBX-24520 Fixed an issue with incorrect translations used in several frontend places Frontend + ZBX-21815 Fixed issue with undefined offset for media type when it was deleted before saving the user Frontend + ZBX-24108 Fixed error in dashboard if Map widget contains map element that user doesn't have access to Frontend + ZBX-24569 Fixed old and added new items to Azure Virtual Machine template Templates + ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend + ZBX-24167 Fixed template linkage when item prototype collision is found Server + ZBX-23770 Improved monitoring user permissions documentation for Zabbix agent 2 Oracle plugin and Oracle by ODBC template Documentation + ZBX-24565 Removed redundant kernel header include, fixed musl compatibility issues (thanks to Alpine Linux maintainers for spotting this) + ZBX-24610 Fixed interface field appearance for discovered items without interface set Frontend + ZBX-24562 Fixed incorrect problem order in Problems by severity widget's hintbox Frontend + ZBX-23751 Fixed inability to pass an action filter condition without an "operator" property, implying a default value of "Equal" API + ZBX-21429 Prevented ability to disable all UI element access via role.update API API + ZBX-19271 Fixed inconsistent tag row rendering in different edit forms Frontend + ZBX-24539 Fixed incorrect threshold in trigger expression of Check Point Next Generation Firewall by SNMP template Templates + ZBX-24667 Fixed vm.memory.size[pused] item on Solaris Agent + ZBX-23781 Added storage volumes check in HPE iLO by HTTP template Templates + ZBX-24391 Fixed Zabbix agent to return net.tcp.socket.count result without error if IPv6 is disabled Agent + ZBX-24235 Fixed value misalignment in Item value widget Frontend + ZBX-24352 Fixed custom severity name usage in Geomap widget Frontend + ZBX-24665 Fixed potential problem with deprecated GCE Integrity feature Templates + ZBX-20993 Fixed Zabbix agent 2 MQTT plugin clientID to be generated by strict requirements Agent + ZBX-23426 Added dependent item with JavaScript preprocessing for edges SD-WAN in VMWare SD-WAN VeloCloud by HTTP template Templates + ZBX-24566 Fixed crash when expression macro is used in unsupported location Server + ZBX-24450 Fixed issue where graph could differ for data gathered from PostgreSQL and other databases Frontend + ZBX-24513 Fixed real-time export of rarely updated trends Server + ZBX-24163 Fixed submap addition in Map navigation tree widget to not append same submaps repeatedly Frontend + ZBX-23398 Fixed trigger expression constructor incorrectly showing '<' and '>' operators Frontend + ZBX-23584 Fixed error message being displayed when updating host after changing item status Frontend + ZBX-24635 Fixed datastore triggers in VMware templates Templates Update to 6.0.31: - New Features and Improvements + ZBXNEXT-9140 Added support for custom compartments in Oracle Cloud by HTTP templates Templates + ZBXNEXT-9034 Added Jira Data Center by JMX template Templates + ZBXNEXT-8682 Introduced a length limit of 512KB for item test values that server returns to Zabbix frontend Frontend Server + ZBXNEXT-8248 Added database filter macros to MySQL templates Templates + ZBXNEXT-6698 Removed absolute threshold and timeleft from OS template triggers of filesystem space Templates + ZBXNEXT-7930 Added user macro support for username and password fields in email media type Server + ZBXCTR-22 Refactored JavaScript filter functions for Kubernetes templates Templates + ZBXNEXT-9098 Added AWS ELB Network Load Balancer by HTTP template Templates + ZBXNEXT-6864 Replaced {HOST.CONN} with user macros in templates Templates + ZBXNEXT-9117 Updated max supported MariaDB version to 11.3 Proxy Server + ZBXNEXT-9026 Added Go compiler version to Zabbix agent 2 version output Agent + ZBXNEXT-8786 Changed 'odbc.discovery' keys to 'odbc.get' in MySQL by ODBC and Oracle by ODBC templates Templates + ZBXNEXT-8536 Added cbdhsvc service to macros in Windows agent templates Templates + ZBXNEXT-8861 Made changes and added more metrics to the FortiGate by SNMP template Templates + ZBXNEXT-8240 Added a new set of templates for integration with Oracle Cloud Infrastructure Templates - Bug Fixes + ZBX-24483 Improved memory usage in Zabbix server/proxy trappers and in proxy pollers when sending large configuration Proxy Server + ZBX-23073 Fixed URL widget resizing and dragging Frontend + ZBX-24574 Fixed HA node flipping between standby and active states Server + ZBX-24119 Fixed possible blocking of alert manager when it periodically pings database Server + ZBX-7998 Added VMware service username, password and URL check for empty values Proxy Server + ZBX-24402 Reduced main process connections to database during startup Proxy Server + ZBX-24369 Fixed filter behavior in monitoring pages after deleting filter parameters Frontend + ZBX-24484 Fixed Geomap widget console error when dragging map in widget edit mode Frontend + ZBX-23337 Improved supported version documentation for Oracle Database plugin and both templates Documentation + ZBX-24180 Fixed inability to import existing host or template when its dependent item prototype, which is used in trigger prototypes or graph prototypes, would have a different master item API + ZBX-20871 Fixed inability to use LLD macro functions in Prometheus pattern and labels used in item prototype preprocessing API + ZBX-24527 Fixed unnecessary loading text being displayed in hintbox preloader Frontend + ZBX-24362 Fixed wrong Zabbix agent 2 loadable plugin process handling catching all child process exits Agent + ZBX-24470 Fixed scale of VMware vmware.vm.memory.size.compressed key Proxy Server + ZBX-24415 Added triggers for datastores in VMware templates Templates + ZBX-18094 Fixed multiple pie graph issues related to calculation of item angles Frontend + ZBX-20766 Fixed confusing port binding error message Agent Proxy Server + ZBX-24481 Fixed inability to unset value map from existing item or item prototype by passing a version without valuemap parameter into configuration.import API + ZBX-24531 Fixed compile time data not being set for agent2 Agent + ZBX-24453 Implemented socket file cleanup when shutting down, added blocking of signals during important stages of startup Proxy Server + ZBX-24152 Fixed host form submission with Enter button if the form is opened in a popup and focus is in a flexible text area field Frontend + ZBX-23788 Added SNMP OID ifAlias in Network interfaces discovery Templates + ZBX-24482 Fixed the presence of the http_proxy field in the initial data Installation + ZBX-24210 Improved Zabbix agent 2 loadable plugin capacity code style Agent + ZBX-23951 Fixed issue of incorrect template matching when no UUID exists in export file API + ZBX-23953 Fixed CIDR network mask of VMware HV network interface Proxy Server + ZBX-24195 Fixed host IPMI username and password field max length Frontend + ZBX-24451 Added tags and changed a item in Proxmox template Templates + ZBX-23386 Fixed hintbox sizing to fit screen Frontend + ZBX-24024 Fixed OIDs for external sensors in APC UPC by SNMP templates Templates + ZBX-21751 Fixed node's loadavg item in Proxmox template Templates + ZBX-24315 Fixed linking template to host when some LLD macro paths already exist Server + ZBX-24172 Fixed Zabbix server issue with scheduled intervals on Feb 29th of leap year Server + ZBX-23407 Improved performance of retrieving last history values when primary keys are available API + ZBX-24246 Updated descriptions for family of MySQL and Oracle templates, changed macro in the trigger 'Tablespace utilization is too high' for family of Oracle templates Templates + ZBX-23988 Renamed Agent2 Go module + ZBX-24222 Fixed incorrect item OIDs in the FortiGate by SNMP template Templates + ZBX-24393 Updated README in Redis by Zabbix agent 2 template Templates + ZBX-24298 Allowed any JNDI service providers back in JMX monitoring Java gateway + ZBX-19990 Separated LLD filter macros in Apache Tomcat by JMX template Templates + ZBX-24364 Added preprocessing steps for LLD rules in RabbitMQ templates Templates + ZBX-24368 Improved PostgreSQL autovacuum's count query Templates + ZBX-24282 Fixed Zabbix proxy to report error for not supported items Proxy Server + ZBX-19507 Fixed vmware.eventlog item to recover after event keys are reset Server + ZBX-24241 Fixed Zabbix server issue with random order of host groups for a host during real-time export Server + ZBX-24275 Fixed item prototype JSONPath preprocessing, added missing volume health metric and triggers in HPE MSA templates Templates + ZBX-24316 Fixed username macro in GridGain by JMX template Templates + ZBX-23719 Updated plugin-support to add duplicate flag handling Agent + ZBX-22429 Fixed typo in Zabbix proxy automake file Installation + ZBX-24264 Fixed value cache being filled with values of newly added items with triggers Server + ZBX-24088 Fixed problem filtering in maps with nested maps Frontend + ZBX-24206 Fixed line breaks in JavaScript in Cloudflare template Templates + ZBX-24236 Fixed nested transaction error in LLD when connection is terminated Server + ZBX-24134 Added sensor discovery in VMware Hypervisor template Templates + ZBX-23918 Fixed item pattern select popup to display all available items Frontend + ZBX-24190 Fixed items being updated incorrectly when configuring graph Frontend + ZBX-24289 Fixed issue with interface assignment for items copied from host to host Frontend + ZBX-23032 Added triggers for cluster status in VMware templates Templates + ZBX-23948 Added support for TabularData data when parsing an MBean attribute Java gateway + ZBX-23742 Fixed tag filtering logic for tags with one name and different types of operators API + ZBX-24271 Added delay in JavaScript execution for Azure Cost Management by HTTP template Templates + ZBX-24208 Fixed Oracle, MySQL plugin connection cache blocking Agent + ZBX-24202 Fixed JavaScript in AWS S3 bucket by HTTP template Templates + ZBX-23478 Fixed issue when missing locale error would not be displayed for user under certain conditions Frontend + ZBX-24166 Fixed Zabbix not being able to restart due to RTC and sockets not being closed before stopping Agent Proxy Server + ZBX-23853 Fixed duplicate agent check timestamps when time shifts back due to system clock synchronization Agent system-user-zabbix-6.0.33-bp156.2.3.1.noarch.rpm zabbix-6.0.33-bp156.2.3.1.src.rpm zabbix-agent-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-java-gateway-6.0.33-bp156.2.3.1.noarch.rpm zabbix-proxy-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.x86_64.rpm zabbix-ui-6.0.33-bp156.2.3.1.noarch.rpm zabbix-agent-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.i586.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.i586.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.i586.rpm zabbix-agent-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.aarch64.rpm zabbix-agent-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.ppc64le.rpm zabbix-agent-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-mysql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-postgresql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-proxy-sqlite-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-mysql-6.0.33-bp156.2.3.1.s390x.rpm zabbix-server-postgresql-6.0.33-bp156.2.3.1.s390x.rpm openSUSE-2024-389 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - Update to version 1.4.3~git1.078625c: * Update to latest fido-mds-tool (#3230) - Update to version 1.4.3~git0.fb00176: * Release 1.4.3 * Warn when v2 options are used in v1 unixd config (#3228) * Resolve UI Auth Loop with OAuth2 (#3226) * Harden transport in pam unixd (#3227) * Improve warning around invalid JWT deserialisation (#3224) * Update and fix server config files in examples. (#3225) * Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212) * Add docs on customising Kanidm. (#3209) * Correct spelling of occurred (#3222) * UI/Feature polish (#3191) * Prevent Invalid MFA Reg States (#3194) * Change CSS for applications so SVG scales nicely in Firefox. (#3200) * 20241109 3185 max age (#3196) * Hoist max_age to prevent incorrect deserialisation (#3190) * Release 1.4.2 * Re-migrate all acps to force updating (#3184) * security - low - fault in migrations (#3182) - Update to version 1.4.1~git0.ad93202: * Release 1.4.1 * Correct missing CSP header (#3177) * Resolve pam services not always having a tty (#3176) kanidm-1.4.3~git1.078625c-bp156.10.1.src.rpm kanidm-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-clients-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-docs-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-server-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-unixd-clients-1.4.3~git1.078625c-bp156.10.1.x86_64.rpm kanidm-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-clients-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-docs-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-server-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm kanidm-unixd-clients-1.4.3~git1.078625c-bp156.10.1.aarch64.rpm openSUSE-2024-385 moderate openSUSE Backports SLE-15-SP6 Update This update for lxd fixes the following issues: - Change license to AGPL-3.0-only AND Apache-2.0: + All Canonical contributions have been relicensed and are now under AGPLv3. Community contributions remain under Apache 2.0. - update to 5.21.1: + Restricted metrics client certificate security regression fix + New image server remote for non-Ubuntu images + List all storage volumes API and CLI support Highlights 5.21.0: + Change of version numbering scheme + Fine grained authorization for OIDC users + Optimized block volume refresh for Ceph RBD + Device config override when importing instance backups Highlights 5.20.0: + LXD change to AGPLv3 + Create metadata and data OSD pools as part of creating a cephfs storage pool + Debug mode for EDK2 UEFI firmware + Authorization restructure + Shiftfs support has been removed - add attr as dependency for setfattr (boo#1190416) - update to 5.19: Highlights: + Add support for per-NIC device limits.priority option + Instance volume configuration through disk device - update to 5.18: Highlights 5.18: + Receive OVN logs into LXD and Loki Highlights 5.17: + ZFS 2.2 delegation support + Add remote copy support for custom volume snapshots + Allow recovery of empty storage pools lxd-5.21.1-bp156.3.3.1.src.rpm lxd-5.21.1-bp156.3.3.1.x86_64.rpm lxd-bash-completion-5.21.1-bp156.3.3.1.noarch.rpm lxd-5.21.1-bp156.3.3.1.i586.rpm lxd-5.21.1-bp156.3.3.1.aarch64.rpm lxd-5.21.1-bp156.3.3.1.ppc64le.rpm lxd-5.21.1-bp156.3.3.1.s390x.rpm openSUSE-2024-386 moderate openSUSE Backports SLE-15-SP6 Update This update for fwts fixes the following issues: - Update to version 24.11.00: * lib: fwts_version.h - update to V24.11.00 * hdaaudio: fix the the build errors under plucky amd64 * auto-packager: mkpackage.sh: add plucky * dmicheck: add more types for version length test. * dmicheck: update for supporting DMI version to 3.8.0 * acpi: iort: memory access flag update. * src/acpi: Fix a few spelling mistakes * acpi/wmi: Warn if WMI GUIDs from the Windows driver samples are found * lib: fwts_acpi_object_eval: Do not return FWTS_OK if method lookup fails * script: fix bash-completion-with-hashbang lintian warning * dmicheck: update for supporting DMI version to 3.7.1 * tpmevlog: Ensure the event log matches the actual TPM PCRs - Update to version 24.09.00: * lib: fwts_version.h - update to V24.09.00 * klog.json: Add the missing processor error message to klog database * klog.json: Add the missing exreqion error message to klog database * klog.json: Add the missing exserial error message to klog database * klog.json: Add the missing exoparg2 error message to klog database * klog.json: Add the missing dswload2 error message to klog database * klog.json: Add the missing nsinit error message to klog database * klog.json: Add the missing exstore error message to klog database * klog.json: Add more nsxfeval error messages to klog database * klog.json: Add more utobject error messages to klog database * klog.json: Add more uttrack error messages to klog database * klog.json: Add the missing srat error message to klog database * klog.json: Add more error messages for battery to klog database * klog.json: Add the missing scan error messages to klog database * klog.json: Add the missing prmt error messages to klog database * klog.json: Add the missing viot error messages to klog database * klog.json: Add the missing ipmi error messages to klog database * klog.json: Add the missing fan_core error message to klog database * klog.json: Add more missing acpi pcc kernel messages to klog database * klog.json: Add more missing osl kernel messages to klog database * fwts-test: slic: sync test results with fixes to ACPICA SLIC dumping * ACPICA: Update to version 20240827 * lib: modprobe: add checking the compressed zst module format * klog.json: Add more missing iort kernel messages to klog database * klog.json: Add some missing gtdt kernel messages to klog database * klog.json: Add some missing ghes kernel messages to klog database * klog.json: Add some missing agdi kernel messages to klog database * klog: fix the pattern errors for einj trigger table entry - Update to version 24.07.00: * acpi: acpipld: downgrade the severity for PLD on the not connected port * configure.ac: fix the autoreconf AC_PROG_LEX warning * configure.ac: fix the autoreconf AC_PROG_LIBTOOL warning * lib: fwts_version.h - update to V24.07.00 * auto-packager: mkpackage.sh: remove mantic * acpi: acpipld: modify the test description to aviod misunderstanding * fwts-test: add regression tests for S3PT * acpi: s3pt: add tests for ACPI S3PT table * aspm: Only require ASPM for devices with an actual link * fwts-test: cedt: sync up with adding raw data dump * fwts-test: cedt: fix the wrong value of ENIW * acpi: cedt: add raw data dump for interleave target list * libfwtsiasl: fix parallel build with GNU Make >= 4.4 * tpmevlog: Ensure EV_SEPARATOR recorded for PCRs 0-7 * efi_runtime: don't build dkms module for those kernels with efi_test * auto-packer: mkpackage.sh: add oracular * lib: fwts_log_html: fix the invalid printf format string * autopackager: mkpackage.sh: remove lunar - Update to version 24.03.00: * lib: fwts_version.h - update to V24.03.00 * lib: fwts_acpi_tables: fix the build fail on armhf * ACPICA: Update to version 20240322 - Update to version 24.01.00: * acpi: acpipld: add tests to check _PLD methods only on the connectable ports * opal: fix the resource leak for cpus * opal: fix the resource leak for process_dimm and process_mba * acpi: srat: fix the untrusted loop bound warning - Update to version 24.01.00: * opal: fix the resource leak for get_linux_mem_devices * dmicheck: Don't check firmware version on anything but NVDIMM devices - Update to version 24.11.00: * lib: fwts_version.h - update to V24.11.00 * hdaaudio: fix the the build errors under plucky amd64 * auto-packager: mkpackage.sh: add plucky * dmicheck: add more types for version length test. * dmicheck: update for supporting DMI version to 3.8.0 * acpi: iort: memory access flag update. * src/acpi: Fix a few spelling mistakes * acpi/wmi: Warn if WMI GUIDs from the Windows driver samples are found * lib: fwts_acpi_object_eval: Do not return FWTS_OK if method lookup fails * script: fix bash-completion-with-hashbang lintian warning * dmicheck: update for supporting DMI version to 3.7.1 * tpmevlog: Ensure the event log matches the actual TPM PCRs - Update to version 24.09.00: * lib: fwts_version.h - update to V24.09.00 * debian: update changelog * klog.json: Add the missing processor error message to klog database * klog.json: Add the missing exreqion error message to klog database * klog.json: Add the missing exserial error message to klog database * klog.json: Add the missing exoparg2 error message to klog database * klog.json: Add the missing dswload2 error message to klog database * klog.json: Add the missing nsinit error message to klog database * klog.json: Add the missing exstore error message to klog database * klog.json: Add more nsxfeval error messages to klog database * klog.json: Add more utobject error messages to klog database * klog.json: Add more uttrack error messages to klog database * klog.json: Add the missing srat error message to klog database * klog.json: Add more error messages for battery to klog database * klog.json: Add the missing scan error messages to klog database * klog.json: Add the missing prmt error messages to klog database * klog.json: Add the missing viot error messages to klog database * klog.json: Add the missing ipmi error messages to klog database * klog.json: Add the missing fan_core error message to klog database * klog.json: Add more missing acpi pcc kernel messages to klog database * klog.json: Add more missing osl kernel messages to klog database * fwts-test: slic: sync test results with fixes to ACPICA SLIC dumping * ACPICA: Update to version 20240827 * lib: modprobe: add checking the compressed zst module format * klog.json: Add more missing iort kernel messages to klog database * klog.json: Add some missing gtdt kernel messages to klog database * klog.json: Add some missing ghes kernel messages to klog database * klog.json: Add some missing agdi kernel messages to klog database * klog: fix the pattern errors for einj trigger table entry - Update to version 24.07.00: * acpi: acpipld: downgrade the severity for PLD on the not connected port * configure.ac: fix the autoreconf AC_PROG_LEX warning * configure.ac: fix the autoreconf AC_PROG_LIBTOOL warning * lib: fwts_version.h - update to V24.07.00 * debian: update changelog * auto-packager: mkpackage.sh: remove mantic * acpi: acpipld: modify the test description to aviod misunderstanding * fwts-test: add regression tests for S3PT * acpi: s3pt: add tests for ACPI S3PT table * aspm: Only require ASPM for devices with an actual link * fwts-test: cedt: sync up with adding raw data dump * fwts-test: cedt: fix the wrong value of ENIW * acpi: cedt: add raw data dump for interleave target list * libfwtsiasl: fix parallel build with GNU Make >= 4.4 * tpmevlog: Ensure EV_SEPARATOR recorded for PCRs 0-7 * efi_runtime: don't build dkms module for those kernels with efi_test * auto-packer: mkpackage.sh: add oracular * lib: fwts_log_html: fix the invalid printf format string * autopackager: mkpackage.sh: remove lunar - Update to version 24.03.00: * lib: fwts_version.h - update to V24.03.00 * debian: update changelog * lib: fwts_acpi_tables: fix the build fail on armhf * ACPICA: Update to version 20240322 - Update to version 24.01.00: * acpi: acpipld: add tests to check _PLD methods only on the connectable ports * opal: fix the resource leak for cpus * opal: fix the resource leak for process_dimm and process_mba * acpi: srat: fix the untrusted loop bound warning - Update to version 24.01.00: * opal: fix the resource leak for get_linux_mem_devices * dmicheck: Don't check firmware version on anything but NVDIMM devices fwts-24.11.00-bp156.2.3.1.src.rpm fwts-24.11.00-bp156.2.3.1.x86_64.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.x86_64.rpm fwts-debugsource-24.11.00-bp156.2.3.1.x86_64.rpm fwts-24.11.00-bp156.2.3.1.i586.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.i586.rpm fwts-debugsource-24.11.00-bp156.2.3.1.i586.rpm fwts-24.11.00-bp156.2.3.1.aarch64.rpm fwts-debuginfo-24.11.00-bp156.2.3.1.aarch64.rpm fwts-debugsource-24.11.00-bp156.2.3.1.aarch64.rpm openSUSE-2024-388 moderate openSUSE Backports SLE-15-SP6 Update This update for incus fixes the following issues: - Remove the incus.sysctl drop-in file. This setting file overlaps with lxd's sysctl settings, and setting these sysctls on boot even if you aren't running containers is suboptimal. We could come up with a complicated scheme for loading the rules once Incus starts, as suggested in boo#1233410, but ultimately these settings are only really useful for production servers with >100 containers, at which point admins are expected to tune their servers anyway. So we can just remove it. - Backport patches to fix encrypted ZFS datasets having their keys be unloaded on Incus daemon restarts. - Fix secureboot VMs by switching to passing the correct environment variable (INCUS_EDK2_PATH) and updating the ovmf symlinks to point to the correct blobs. There is an upstream bug here, so we will need to fix this again later. - Update to version 6.7: * fix live update VM's limits.memory configuration when use a percentage value #1287 * fix: fix slice init length #1285 * incusd/instance/lxc: Remove restrictions on /run #1288 * Correct macvlan mode names #1284 * Translations update from Hosted Weblate #1290 * Translations update from Hosted Weblate #1295 * Translations update from Hosted Weblate #1304 * incus-simplestreams: Fix list -f json #1310 * Profile performance improvements #1314 * incus-agent: Add timeout for DNS query #1313 * incusd/instance/qemu: Don't fail on console retrival issue #1316 * Allow changing the parent value on physical networks #1317 * incus: Fix display of current project in projects list #1318 * Add --format to incus admin sql #1319 * incusd/internal/server/instance/drivers: support for Chimera Linux (qemu/edk2) pkg layout #1298 * incusd/instance/common: Cleanup volatile on device add failure #1323 * incusd/network/bgp: Only advertise networks with BGP configuration #1325 * Make revert library shared #1326 * Fix to the cluster resources caching mechanism #1324 * Fix idmap issues #1327 * Make ask library shared #1329 * doc/network/resolved: Add disabling DNSSEC and DNSOverTLS #1328 * Add some application container documentation #1331 * incusd/device/nic/bridged: Handle invalid configuration #1330 * Fix handling of custom volume snapshot patterns #1333 * Add OCI DHCP renewal #1334 * doc/installing: Update for Chimera Linux #1335 * shared/cgo: Don't use strlcpy #1337 * Implement incus webui #1338 * incusd/scriptlet: Make set_target fail with invalid members #1339 * Export QMP functions #1340 * incusd/network/ovn: Add support to ipv4.dhcp.ranges #1341 * internal/server: Log QMP interaction to a file #1345 * incusd/instance/qemu: Log QEMU command line #1346 * Improve cluster instance placement #1344 * incusd/instance_logs: Update log file list #1347 * Add infrastructure for OVN events #1349 * Fix QEMU feature checks during startup #1350 * incusd/instance/lxc: Fix LXCFS per-instance path #1352 * doc/idmap: Clarify subuid/subgid configuration #1353 * incusd/instance/qmp: Fix logging with no log file #1355 * Add a GetOIDCTokens() method #1357 * Add get-current to show current project #1356 * incus/file/create: Use SFTP client instead of file API #1354 * internal/instance: Allow 0 as value to limits.cpu.nodes #1358 * Translations update from Hosted Weblate #1361 * Translations update from Hosted Weblate #1362 * Translations update from Hosted Weblate #1368 * Improve agent interface listing performance #1367 * Make incus top output configurable through options #1370 * Automatic live-migration to balance load on cluster #1369 * gomod: Update dependencies #1372 * Add refresh-exclude-older flag to only transfer new snapshots during instance/volume refresh #1365 * incusd/instances/publish: Fix base metadata #1374 * Fix TPM with long instance names #1377 * Don't BGP advertise OVN load-balancers when all backends are offline #1376 * incusd/instance/qemu: Don't take over operations on console retrieval #1379 * Tweak to cluster internal relocation #1378 - Package Incus 6.6, based on the LXD 5.21 package. The primary differences are that we no longer need to do ELF patching to work around having a custom sqlite fork (instead we can use libcowsql, which is packaged for openSUSE already). incus-6.7-bp156.2.1.src.rpm incus-6.7-bp156.2.1.x86_64.rpm incus-bash-completion-6.7-bp156.2.1.noarch.rpm incus-fish-completion-6.7-bp156.2.1.noarch.rpm incus-tools-6.7-bp156.2.1.x86_64.rpm incus-zsh-completion-6.7-bp156.2.1.noarch.rpm incus-6.7-bp156.2.1.aarch64.rpm incus-tools-6.7-bp156.2.1.aarch64.rpm incus-6.7-bp156.2.1.ppc64le.rpm incus-tools-6.7-bp156.2.1.ppc64le.rpm incus-6.7-bp156.2.1.s390x.rpm incus-tools-6.7-bp156.2.1.s390x.rpm openSUSE-2024-391 moderate openSUSE Backports SLE-15-SP6 Update This update for sops fixes the following issues: - fix broken sops executable sops-3.8.0-bp156.2.3.1.src.rpm sops-3.8.0-bp156.2.3.1.x86_64.rpm sops-3.8.0-bp156.2.3.1.i586.rpm sops-3.8.0-bp156.2.3.1.aarch64.rpm sops-3.8.0-bp156.2.3.1.ppc64le.rpm sops-3.8.0-bp156.2.3.1.s390x.rpm openSUSE-2024-392 moderate openSUSE Backports SLE-15-SP6 Update This update for sane-airscan fixes the following issues: Ship sane-airscan in version 0.99.30: * WSD: sca:ScannerDescription requested in sca:GetScannerElementsRequest * WSD: Ricoh Aficio MP 201: fixed detection of "ADF empty" state * HTTP: logged "end of input" event * test-decode: more informative usage when invoked without args * test-devcaps: stub implementation * test-devcaps: works for WSD * WSD: fixed ADF duplex on Epson Workforce WF-3520 * test-devcaps: works for eSCL too * Device model name propagated from zeroconf to proto handlers, for quirks * WSD: fix for ADF scan on RICOH Aficio MP 201 * WSD: more information requested in sca:GetScannerElementsRequest * Some devices don't behave if sca:ImagesToTransfer isn't set as expected. * README: fixed OKI supported table entries * OKI-MB471/OKI-MC332dn/OKI-MC362dn marked as not supporting eSCL * Dell E514dw added to the list * Kyocera TASKalfa 3051ci added to the list * doc: add Epson ET-2650 series * Add EPSON WF-2760 Series * WSD: Add content type selection * eSCL: Add scan intent selection * Fixed logging of supported/chosen scan intent * eSCL: fixed parsing of the supported scan intents in the device capabilities * ID_SCANINTENT better documented * Tweaked a textual description of the scan-intent option * SANE name for ID_SCANINTENT_DOCUMENT now "Document" (was "Text") * Added ID_SCANINTENT_UNSET value for the 'sane-intent' * Setting "scan-intent" now requires a precise match. * eSCL: delay between subsequent loads made Brother-specific * WSD: cosmetic * WSD: workaround for ADF Duplex on Brother MFC-9370CDW * The "sane-intent" option cannot be SANE_CAP_INACTIVE sane-airscan-0.99.30-bp156.2.1.src.rpm sane-airscan-0.99.30-bp156.2.1.x86_64.rpm sane-airscan-0.99.30-bp156.2.1.i586.rpm sane-airscan-0.99.30-bp156.2.1.aarch64.rpm sane-airscan-0.99.30-bp156.2.1.ppc64le.rpm sane-airscan-0.99.30-bp156.2.1.s390x.rpm openSUSE-2024-393 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account_invoice_stock, trytond_party, trytond_purchase, trytond_stock, trytond_stock_supply fixes the following issues: Changes in tryton: - Version 6.0.46 - Bugfix Release Changes in trytond: - Version 6.0.55 - Bugfix Release - Version 6.0.53 - Bugfix Release Changes in trytond_account_invoice_stock: - Version 6.0.4 - Bugfix Release - sources are not signed anymore Changes in trytond_stock_supply: - Version 6.0.10 - Bugfix Release Changes in trytond_stock: - Version 6.0.30 - Bugfix Release - Version 6.0.29 - Bugfix Release Changes in trytond_party: - Version 6.0.7 - Bugfix Release Changes in trytond_purchase: - Version 6.0.19 - Bugfix Release - Version 6.0.18 - Bugfix Release tryton-6.0.46-bp156.2.12.1.noarch.rpm tryton-6.0.46-bp156.2.12.1.src.rpm trytond-6.0.55-bp156.2.12.1.noarch.rpm trytond-6.0.55-bp156.2.12.1.src.rpm trytond_account_invoice_stock-6.0.4-bp156.2.3.1.noarch.rpm trytond_account_invoice_stock-6.0.4-bp156.2.3.1.src.rpm trytond_party-6.0.7-bp156.2.3.1.noarch.rpm trytond_party-6.0.7-bp156.2.3.1.src.rpm trytond_purchase-6.0.19-bp156.2.9.1.noarch.rpm trytond_purchase-6.0.19-bp156.2.9.1.src.rpm trytond_stock-6.0.30-bp156.2.6.1.noarch.rpm trytond_stock-6.0.30-bp156.2.6.1.src.rpm trytond_stock_supply-6.0.10-bp156.2.6.1.noarch.rpm trytond_stock_supply-6.0.10-bp156.2.6.1.src.rpm openSUSE-2024-395 moderate openSUSE Backports SLE-15-SP6 Update This update for gede fixes the following issues: - New upstream version 2.21.1 * Add Qt6 port - New upstream version 2.20.2 * Fixed incorrect cursor position in console output - New upstream release 2.20.1 * Added support for entering gdb commands manually - Do not force a ctags vendor on users gede-2.21.1-bp156.2.3.1.src.rpm gede-2.21.1-bp156.2.3.1.x86_64.rpm gede-qt6-2.21.1-bp156.2.3.1.src.rpm gede-qt6-2.21.1-bp156.2.3.1.x86_64.rpm gede-2.21.1-bp156.2.3.1.aarch64.rpm gede-qt6-2.21.1-bp156.2.3.1.aarch64.rpm gede-2.21.1-bp156.2.3.1.ppc64le.rpm gede-qt6-2.21.1-bp156.2.3.1.ppc64le.rpm gede-2.21.1-bp156.2.3.1.s390x.rpm gede-qt6-2.21.1-bp156.2.3.1.s390x.rpm openSUSE-2024-398 moderate openSUSE Backports SLE-15-SP6 Update This update for libcpuid fixes the following issues: - Update to version 0.7.1: * Fix cpuid kernel module build on ARM * Return ERR_NO_CPUID when cpuid kernel module cannot be used on AArch32 * state * Refactor the build of the bindings (#203) * Fix build error on AArch64 when HWCAP_CPUID is not defined (#205) * Fix build on Windows ARM with MSVC (206) * Fix detection of Intel Meteor Lake * Support for Intel Arrow Lake * Support for AMD Turin - update to 0.7.0: * Version 0.7.0 (2024-08-26): * Fix handle leaks in rdmsr.c (#199) * Fix cpuid_get_hypervisor when NULL data is provided (#199) * Prevent intel_fn11 array overruns (#199) * Support for AMD Hawk Point * Support for more AMD Phoenix (8000 series) * Add cpu_clock_by_tsc() function to the library (#124) * Check x86 CPUs MSR support (#185) * Add support for ARM CPUs (AArch32 + AArch64) (#200) * Add cpu_feature_level_t enumerated values for x86 CPUs (#177) * Support up to 4 subleaf entries for CPUID leaf 0x80000026 (#189) * Support for Extended CPU topology subleaf in cpuid_identify_purpose_amd() (#189) * Support CPU purpose for AMD x86 CPUs (#189) * Add cpuid Linux and FreeBSD kernel modules for ARM CPUs * Improve errors handling in cpuid_get_all_raw_data() and cpuid_get_raw_data_core() (#202) * Support get_total_cpus() on DragonFly BSD * Improve set_cpu_affinity() on NetBSD * Fix build on OpenBSD * Improve behavior when CPU affinity cannot be set * Fix a regression in cpuid_tool about arguments doing nothing (like --rdmsr or --cpuid) * Fix a segmentation fault when using --quiet in cpuid_tool * Improve error handling in cpu_identify_all() * Add Python bindings (#197) * Support for AMD Granite Ridge * Support for AMD Strix Point * Detect x2APIC and AVX512 features for AMD x86 CPUs - update to release 0.6.5 * Support for Intel Bay Trail-M * Support for Intel Bay Trail-T * Support for Intel Bay Trail-D * Support for AMD Storm Peak * Support for Intel Raport Lake Refresh * Support heterogeneous RAW dumps in cpu_identify_all() * Support for Intel Meteor Lake, including detection of LP E-Cores * Support for Intel Emerald Rapids-SP * Support for more AMD Van Gogh - Update to release 0.6.4 * Support for AMD Genoa, Phoenix, Dragon Range, Ryzen Z1 * Support for Intel Sapphire Rapids-WS, Skylake (server), Cascade Lake, Ice-Lake (server), Sapphire Rapids-SP, Raptor Lake-H/HX, Apollo lake * Improve support for Arrandale, Alder-Lake and Raptor-Lake P/U * Initial support for Centaur CPUs (VIA and Zhaoxin) libcpuid-0.7.1-bp156.2.3.1.src.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-devel-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-tools-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid17-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.x86_64.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.i586.rpm libcpuid-devel-0.7.1-bp156.2.3.1.i586.rpm libcpuid-tools-0.7.1-bp156.2.3.1.i586.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid17-0.7.1-bp156.2.3.1.i586.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.i586.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-devel-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-tools-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid17-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.aarch64.rpm libcpuid-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-debugsource-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-devel-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-tools-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid-tools-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid17-0.7.1-bp156.2.3.1.ppc64le.rpm libcpuid17-debuginfo-0.7.1-bp156.2.3.1.ppc64le.rpm openSUSE-2024-403 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: Update to version 1.4.4~git0.c3dbf83: - Check DNS on replication loop start not at task start (#3243) - Work around systemd race condition (#3262) - Clear invalid tokens from unix resolver (#3256) - Allow OAuth2 loopback redirects if the path matches (#3252) - Correctly display domain name on login (#3254) - Display account_id during success/deny paths in unixd (#3253) - s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250) - handle missing map_group setting in config (#3242) - owncloud: Add SameSite=Lax config for cross-domain auth (#3245) - Yaleman/issue3229 (#3239) kanidm-1.4.4~git0.c3dbf83-bp156.13.1.src.rpm kanidm-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-clients-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-docs-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-server-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-unixd-clients-1.4.4~git0.c3dbf83-bp156.13.1.x86_64.rpm kanidm-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-clients-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-docs-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-server-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm kanidm-unixd-clients-1.4.4~git0.c3dbf83-bp156.13.1.aarch64.rpm openSUSE-2024-399 moderate openSUSE Backports SLE-15-SP6 Update This update for minikube fixes the following issues: - update to 1.34.0 (boo#1227017 boo#1227049 boo#1227005): For a more detailed changelog, including changes occurring in pre-release versions, see CHANGELOG.md. https://github.com/kubernetes/minikube/blob/master/CHANGELOG.md * Breaking Changes: - Bump minimum podman version to 4.9.0 #19457 - Disallow using Docker Desktop 4.34.0 #19576 * Features: - Bump default Kubernetes version to v1.31.0 #19435 - Add new driver for macOS: vfkit #19423 - Add Parallels driver support for darwin/arm64 #19373 - Add new volcano addon #18602 - Addons ingress-dns: Added support for all architectures #19198 - Support privileged ports on WSL #19370 - VM drivers with docker container-runtime now use docker-buildx for image building #19339 - Support running x86 QEMU on arm64 #19228 - Add -o json option for addon images command #19364 * Improvements: - add -d shorthand for --driver #19356 - add -c shorthand for --container-runtime #19217 - kvm2: Don't delete the "default" libvirt network #18920 - Update MINIKUBE_HOME usage #18648 - CNI: Updated permissions to support network policies on kindnet #19360 - GPU: Set NVIDIA_DRIVER_CAPABILITIES to all when GPU is enabled #19345 - Improved error message when trying to use mount on system missing 9P #18995 - Improved error message when enabling KVM addons on non-KVM cluster #19195 - Added warning when loading image with wrong arch #19229 - profile list --output json handle empty config folder #16900 - Check connectivity outside minikube when connectivity issuse #18859 * Bugs: - Fix not creating API server tunnel for QEMU w/ builtin network #19191 - Fix waiting for user input on firewall unblock when --interactive=false #19531 - Fix network retry check when subnet already in use for podman #17779 - Fix empty tarball when generating image save #19312 - Fix missing permission for kong-serviceaccount #19002 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.17 to 1.5.23 #19341 #19501 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.2 to v0.25.0 #18992 #19152 #19349 - Addon kong: Update kong image from 3.6.1 to 3.7.1 #19046 #19124 - Addon kubevirt: Update bitnami/kubectl image from 1.30.0 to 1.31.0 #18929 #19087 #19313 #19479 - Addon ingress: Update ingress-nginx/controller image from v1.10.1 to v1.11.2 #19302 #19461 - Addon inspektor-gadget: Update inspektor-gadget image from v0.27.0 to v0.32.0 #18872 #18931 #19011 #19166 #19411 #19554 - Addon istio-provisioner: Update istio/operator image from 1.21.2 to 1.23.0 #18932 #19052 #19167 #19283 #19450 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.15.0 to v0.16.2 #19162 #19266 #19336 #19409 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.1 to v0.7.2 #19529 - Addon YAKD: bump marcnuri/yakd image from 0.0.4 to 0.0.5 #19145 - CNI: Update calico from v3.27.3 to v3.28.1 #18870 #19377 - CNI: Update cilium from v1.15.3 to v1.16.1 #18925 #19084 #19247 #19337 #19476 - CNI: Update kindnetd from v20240202-8f1494ea to v20240813-c6f155d6 #18933 #19252 #19265 #19307 #19378 #19446 - CNI: Update flannel from v0.25.1 to v0.25.6 #18966 #19008 #19085 #19297 #19522 - Kicbase: Update nerdctld from 0.6.0 to 0.6.1 #19282 - Kicbase: Bump ubuntu:jammy from 20240427 to 20240808 #19068 #19184 #19478 - Kicbase/ISO: Update buildkit from v0.13.1 to v0.15.2 #19024 #19116 #19264 #19355 #19452 - Kicbase/ISO: Update cni-plugins from v1.4.1 to v1.5.1 #19044 #19128 - Kicbase/ISO: Update containerd from v1.7.15 to v1.7.21 #18934 #19106 #19186 #19298 #19521 - Kicbase/ISO: Update cri-dockerd from v0.3.12 to v0.3.15 #19199 #19249 - Kicbase/ISO: Update crun from 1.14.4 to 1.16.1 #19112 #19389 #19443 - Kicbase/ISO: Update docker from 26.0.2 to 27.2.0 #18993 #19038 #19142 #19153 #19175 #19319 #19326 #19429 #19530 - Kicbase/ISO: Update nerdctl from 1.7.5 to 1.7.6 #18869 - Kicbase/ISO: Update runc from v1.1.12 to v1.1.13 #19104 - update to 1.33.1: * Bugs: - Fix DNSSEC validation failed errors #18830 - Fix too many open files errors #18832 - CNI cilium: Fix cilium pods failing to start-up #18846 - Addon ingress: Fix enable failing on arm64 machines using VM driver #18779 - Addon kubeflow: Fix some components missing arm64 images #18765 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.15 to 1.5.17 #18773 #18811 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.1 to v0.23.2 #18793 - Addon ingress: Update ingress-nginx/controller image from v1.10.0 to v1.10.1 #18756 - Addon istio-provisioner: Update istio/operator image from 1.21.1 to 1.21.2 #18757 - Addon kubevirt: Update bitnami/kubectl image from 1.29.3 to 1.30.0 #18711 #18771 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.14.5 to v0.15.0 #18703 - CNI cilium: Update from v1.15.1 to v1.15.3 #18846 - High Availability: Update kube-vip from 0.7.1 to v0.8.0 #18774 - Kicbase/ISO: Update docker from 26.0.1 to 26.0.2 #18706 - Kicbase: Bump ubuntu:jammy from 20240227 to 20240427 #18702 #18769 #18804 - update to 1.33.0: * Features: - Support multi-control plane - HA clusters --ha #17909 Tutorial - Add support for Kubernetes v1.30 #18669 - Support exposing clusterIP services via minikube service #17877 - Addon gvisor: Add arm64 support #18063 #18453 - New Addon: YAKD - Kubernetes Dashboard addon #17775 * Minor Improvements: - Add active kubecontext to minikube profile list output #17735 - CNI calico: support kubeadm.pod-network-cidr #18233 - CNI bridge: Ensure pod communications are allowed #16143 - Addon auto-pause: Remove memory leak & add configurable interval #17936 - image build: Add docker.io/library to image short names #16214 - cp: Create directory if not present #17715 - Move errors getting logs into log output itself #18007 - Add default sysctls to allow privileged ports with no capabilities #18421 - Include extended attributes in preload tarballs #17829 - Apply kubeadm.applyNodeLabels label to all nodes #16416 - Limit driver status check to 20s #17553 - Include journalctl logs if systemd service fails to start #17659 - Fix "Failed to enable container runtime: sudo systemctl restart cri-docker" #17907 - Fix containerd redownloading existing images on start #17671 - Fix kvm2 not detecting containerd preload #17658 - Fix modifying Docker binfmt config #17830 - Fix auto-pause addon #17866 - Fix not using preload with overlayfs storage driver #18333 - Fix image repositories not allowing subdomains with numbers #17496 - Fix stopping cluster when using kvm2 with containerd #17967 - Fix starting more than one cluster on kvm2 arm64 #18241 - Fix starting kvm2 clusters using Linux on arm64 Mac #18239 - Fix displaying error when deleting non-existing cluster #17713 - Fix no-limit not being respected on restart #17598 - Fix not applying kubeadm.applyNodeLabels label to nodes added after inital start #16416 - Fix logs delimiter output #17734 * Bugs: - Fix unescaped local host regex #18617 - Fix regex on validateNetwork to support special characters #18158 * Version Upgrades: - Bump Kubernetes version default: v1.30.0 and latest: v1.30.0 #18669 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.0 to 0.23.1 #18517 - Addon inspektor-gadget: Update inspektor-gadget image from v0.26.0 to v0.27.0 #18588 - Addon istio-provisioner: Update istio/operator image from 1.21.0 to 1.21.1 #18644 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.0 to v0.7.1 #18551 - CNI: Update calico from v3.27.0 to v3.27.3 #18206 - CNI: Update flannel from v0.24.4 to v0.25.1 #18641 - Kicbase/ISO: Update buildkit from v0.13.0 to v0.13.1 #18566 - Kicbase/ISO: Update containerd from v1.7.14 to v1.7.15 #18621 - Kicbase/ISO: Update cri-dockerd from v0.3.3 to v0.3.12 #18585 - Kicbase/ISO: Update crun from 1.14 to 1.14.4 #18610 - Kicbase/ISO: Update docker from 25.0.4 to 26.0.1 #18485 #18649 - Kicbase/ISO: Update nerdctl from 1.7.4 to 1.7.5 #18634 - Kicbase: Update nerdctld from 0.5.1 to 0.6.0 #18647 - update to 1.32.0: * rootless: support `--container-runtime=docker` #17520 * Install NVIDIA container toolkit during image build (offline support) * Fix no-limit option for config validation #17530 * NVIDIA GPU support with new `--gpus=nvidia` flag for docker driver #15927 #17314 #17488 * New `kubeflow` addon #17114 * New `local-path-provisioner` addon #15062 * Kicbase: Add `no-limit` option to `--cpus` & `--memory` flags #17491 * Hyper-V: Add memory validation for odd numbers #17325 * QEMU: Improve cpu type and IP detection #17217 * Mask http(s)_proxy password from startup output #17116 * `--delete-on-faliure` also recreates cluster for kubeadm failures #16890 * Addon auto-pause: Configure intervals using `--auto-pause- interval` #17070 * `--kubernetes-version` checks GitHub for version validation and improved error output for invalid versions #16865 * Bugs: * QEMU: Fix addons failing to enable #17402 * Fix downloading the wrong kubeadm images for k8s versions after minikube release #17373 * Fix enabling & disabling addons with non-existing cluster #17324 * Fix delete if container-runtime doesn't exist #17347 * Fix network not found not being detected on new Docker versions #17323 * Fix addon registry doesn't follow Minikube DNS domain name configuration (--dns-domain) #15585 * Version Upgrades: * Bump Kubernetes version default: v1.28.3 and latest: v1.28.3 * Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.9 to 1.5.11 #17225 #17259 * Addon headlamp: Update headlamp-k8s/headlamp image from v0.19.0 to v0.20.1 #17135 #17365 * Addon ingress: Update ingress-nginx/controller image from v1.8.1 to v1.9.3 #17223 #17297 #17348 #17421 * Addon inspektor-gadget: Update inspektor-gadget image from v0.19.0 to v0.21.0 #17176 #17340 * Addon istio-provisioner: Update istio/operator image from 1.12.2 to 1.19.3 #17383 #17436 * Addon kong: Update kong image from 3.2 to 3.4.2 #17485 * Addon registry: Update registry image from 2.8.1 to 2.8.3 #17382 #17467 * CNI: Update calico from v3.26.1 to v3.26.3 #17363 #17375 * CNI: Update flannel from v0.22.1 to v0.22.3 #17102 #17263 * CNI: Update kindnetd from v20230511-dc714da8 to v20230809-80a64d96 #17233 * Kicbase/ISO: Update buildkit from v0.11.6 to v0.12.2 #17194 * Kicbase/ISO: Update containerd from v1.7.3 to v1.7.7 #17243 #17466 * Kicbase/ISO: Update crictl from v1.21.0 to v1.28.0 #17240 * Kicbase/ISO: Update docker from 24.0.4 to 24.0.6 #17120 #17207 * Kicbase/ISO: Update nerdctl from 1.0.0 to 1.6.2 #17145 #17339 #17434 * Kicbase/ISO: Update runc from v1.1.7 to v1.1.9 #17250 * Kicbase: Bump ubuntu:jammy from 20230624 to 20231004 #17086 #17174 #17345 #17423 - update to 1.31.2: * docker-env Regression: * Create `~/.ssh` directory if missing #16934 * Fix adding guest to `~/.ssh/known_hosts` when not needed #17030 * Verify containerd storage separately from docker #16972 * cni: Fix regression in auto selection #16912 docker-machine-driver-kvm2-1.34.0-bp156.2.3.1.x86_64.rpm minikube-1.34.0-bp156.2.3.1.src.rpm minikube-1.34.0-bp156.2.3.1.x86_64.rpm minikube-bash-completion-1.34.0-bp156.2.3.1.noarch.rpm minikube-1.34.0-bp156.2.3.1.i586.rpm docker-machine-driver-kvm2-1.34.0-bp156.2.3.1.aarch64.rpm minikube-1.34.0-bp156.2.3.1.aarch64.rpm openSUSE-2024-397 important openSUSE Backports SLE-15-SP6 Update This update for radare2 fixes the following issues: Update to version 5.9.8: - CVE-2024-29645: buffer overflow vulnerability allows an attacker to execute arbitrary code via the parse_die function (boo#1234065). - For more details, check full release notes: https://github.com/radareorg/radare2/releases/tag/5.9.8 https://github.com/radareorg/radare2/releases/tag/5.9.6 https://github.com/radareorg/radare2/releases/tag/5.9.4 https://github.com/radareorg/radare2/releases/tag/5.9.2 https://github.com/radareorg/radare2/releases/tag/5.9.0 https://github.com/radareorg/radare2/releases/tag/5.8.8 radare2-5.9.8-bp156.4.3.1.src.rpm radare2-5.9.8-bp156.4.3.1.x86_64.rpm radare2-devel-5.9.8-bp156.4.3.1.x86_64.rpm radare2-zsh-completion-5.9.8-bp156.4.3.1.noarch.rpm radare2-5.9.8-bp156.4.3.1.aarch64.rpm radare2-devel-5.9.8-bp156.4.3.1.aarch64.rpm radare2-5.9.8-bp156.4.3.1.ppc64le.rpm radare2-devel-5.9.8-bp156.4.3.1.ppc64le.rpm radare2-5.9.8-bp156.4.3.1.s390x.rpm radare2-devel-5.9.8-bp156.4.3.1.s390x.rpm openSUSE-2024-400 low openSUSE Backports SLE-15-SP6 Update This update for nanopb fixes the following issues: - CVE-2024-53984: Fix memory not released on error return (boo#1234088) libprotobuf-nanopb0-0.4.6-bp156.4.3.1.x86_64.rpm nanopb-0.4.6-bp156.4.3.1.src.rpm nanopb-devel-0.4.6-bp156.4.3.1.x86_64.rpm nanopb-source-0.4.6-bp156.4.3.1.noarch.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.i586.rpm nanopb-devel-0.4.6-bp156.4.3.1.i586.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.aarch64.rpm nanopb-devel-0.4.6-bp156.4.3.1.aarch64.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.ppc64le.rpm nanopb-devel-0.4.6-bp156.4.3.1.ppc64le.rpm libprotobuf-nanopb0-0.4.6-bp156.4.3.1.s390x.rpm nanopb-devel-0.4.6-bp156.4.3.1.s390x.rpm openSUSE-2024-401 moderate openSUSE Backports SLE-15-SP6 Update This update for arch-install-scripts fixes the following issues: - New upstream release 29 * arch-chroot: fix unshare chroot /dev symlinks * arch-chroot: bind mount over a /etc/resolv.conf symlink (requires mount >= 2.39) * arch-chroot: add option to preserve the chroot resolv.conf * arch-chroot: ensure /run is mounted with --make-private * genfstab: ensure swap devices adhere to -f * genfstab: remove atgc mount option arch-install-scripts-29-bp156.3.3.1.noarch.rpm arch-install-scripts-29-bp156.3.3.1.src.rpm openSUSE-2024-407 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-ohif fixes the following issues: Version 1.4: * Updated OHIF to 3.9.1 * The default value for the "DataSource" configuration is now "dicom-web" instead of "dicom-json" since "dicom-web" is usually more optimized. orthanc-ohif-1.4-bp156.2.6.1.src.rpm orthanc-ohif-1.4-bp156.2.6.1.x86_64.rpm orthanc-ohif-1.4-bp156.2.6.1.aarch64.rpm orthanc-ohif-1.4-bp156.2.6.1.ppc64le.rpm orthanc-ohif-1.4-bp156.2.6.1.s390x.rpm openSUSE-2025-42 moderate openSUSE Backports SLE-15-SP6 Update This update for libXISF fixes the following issues: - Update to 0.2.12+git5.d00de20: * Add new XISFModify class to edit FITSKeywords * Make compression level 0-100 * Fix calculation of compression level for ZSTD - Update to 0.2.12: * Don't use replace to update attachement position * Add support for subblocks to handle +2GiB compressed images * Fix bug with writing ICCProfile * Add F32Matrix and F64Matrix into toString - Update to 0.2.11: * Convert aperture and focal length from mm to meters. * Fix not loading String properties. - Update to 0.2.10: * Fix incorrect header size. libXISF-0.2.12+git5.d00de20-bp156.2.3.1.src.rpm libXISF-devel-0.2.12+git5.d00de20-bp156.2.3.1.x86_64.rpm libXISF0-0.2.12+git5.d00de20-bp156.2.3.1.x86_64.rpm libXISF-devel-0.2.12+git5.d00de20-bp156.2.3.1.aarch64.rpm libXISF0-0.2.12+git5.d00de20-bp156.2.3.1.aarch64.rpm libXISF-devel-0.2.12+git5.d00de20-bp156.2.3.1.ppc64le.rpm libXISF0-0.2.12+git5.d00de20-bp156.2.3.1.ppc64le.rpm libXISF-devel-0.2.12+git5.d00de20-bp156.2.3.1.s390x.rpm libXISF0-0.2.12+git5.d00de20-bp156.2.3.1.s390x.rpm openSUSE-2024-405 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: Chromium 131.0.6778.108 (stable released 2024-12-04) (boo#1234118) - CVE-2024-12053: Type Confusion in V8 chromedriver-131.0.6778.108-bp156.2.59.1.x86_64.rpm chromium-131.0.6778.108-bp156.2.59.1.src.rpm chromium-131.0.6778.108-bp156.2.59.1.x86_64.rpm chromedriver-131.0.6778.108-bp156.2.59.1.aarch64.rpm chromium-131.0.6778.108-bp156.2.59.1.aarch64.rpm openSUSE-2024-409 important openSUSE Backports SLE-15-SP6 Update Chromium was updated to version 131.0.6778.139 (boo#1234361) * CVE-2024-12381: Type Confusion in V8 * CVE-2024-12382: Use after free in Translate * Various fixes from internal audits, fuzzing and other initiatives chromedriver-131.0.6778.139-bp156.2.62.1.x86_64.rpm chromedriver-debuginfo-131.0.6778.139-bp156.2.62.1.x86_64.rpm chromium-131.0.6778.139-bp156.2.62.1.src.rpm chromium-131.0.6778.139-bp156.2.62.1.x86_64.rpm chromium-debuginfo-131.0.6778.139-bp156.2.62.1.x86_64.rpm chromedriver-131.0.6778.139-bp156.2.62.1.aarch64.rpm chromedriver-debuginfo-131.0.6778.139-bp156.2.62.1.aarch64.rpm chromium-131.0.6778.139-bp156.2.62.1.aarch64.rpm chromium-debuginfo-131.0.6778.139-bp156.2.62.1.aarch64.rpm openSUSE-2024-410 moderate openSUSE Backports SLE-15-SP6 Update This update for zypper-keys-plugin fixes the following issues: zypper-keys-plugin: - Version 0.5.0 - Relicense to GPL3 - Add release script - Require pytz - Version 0.4.0 - Better doc in --help - Show help and list keys if no args are given zyppkeys: - Version 0.5.0 - Relicense to GPL3 - Add release script - Require pytz - Version 0.4.0 - Switch to setuptools - Show key help and list keys when called without args - Add some more documentation via argparse - Handle http errors when downloading keys - Add readme examples zypper-keys-plugin-0.5.0-bp156.3.3.1.noarch.rpm zypper-keys-plugin-0.5.0-bp156.3.3.1.src.rpm openSUSE-2024-413 moderate openSUSE Backports SLE-15-SP6 Update This update for python-python-sql fixes the following issues: - CVE-2024-9774: Fixed that unary operators does not escape non-Expression (boo#1234653). python-python-sql-1.5.1-bp156.2.6.1.src.rpm python311-python-sql-1.5.1-bp156.2.6.1.noarch.rpm openSUSE-2024-414 moderate openSUSE Backports SLE-15-SP6 Update This update for python-xhtml2pdf fixes the following issues: - CVE-2024-25885: Fixed denial of service through regular expression in utils.py:getColor() (boo#1231408) python-xhtml2pdf-0.2.4-bp156.4.3.1.src.rpm python3-xhtml2pdf-0.2.4-bp156.4.3.1.noarch.rpm openSUSE-2024-417 important openSUSE Backports SLE-15-SP6 Update This security update for Chromium to version 131.0.6778.204 (boo#1234704) fixes: * CVE-2024-12692: Type Confusion in V8 * CVE-2024-12693: Out of bounds memory access in V8 * CVE-2024-12694: Use after free in Compositing * CVE-2024-12695: Out of bounds write in V8 * Various fixes from internal audits, fuzzing and other initiatives chromedriver-131.0.6778.204-bp156.2.65.1.x86_64.rpm chromedriver-debuginfo-131.0.6778.204-bp156.2.65.1.x86_64.rpm chromium-131.0.6778.204-bp156.2.65.1.src.rpm chromium-131.0.6778.204-bp156.2.65.1.x86_64.rpm chromium-debuginfo-131.0.6778.204-bp156.2.65.1.x86_64.rpm chromedriver-131.0.6778.204-bp156.2.65.1.aarch64.rpm chromedriver-debuginfo-131.0.6778.204-bp156.2.65.1.aarch64.rpm chromium-131.0.6778.204-bp156.2.65.1.aarch64.rpm chromium-debuginfo-131.0.6778.204-bp156.2.65.1.aarch64.rpm openSUSE-2024-416 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: Release 1.4.5: * nss/pam resolver should reauth faster (#3309) * Further SCIM sync testing, minor fixes (#3305) * Automatically trigger passkeys on login view (#3307) * Re-add enrol another device flow * Improved Cookie Removal * Allow reseting account policy values to defaults (#3306) * Incorrect member name in groups (#3302) * SCIM Sync Missing Annotation (#3300) * Ignore system users for UPG synthesiseation (#3297) * Limit OAuth2 resumption to session (#3296) * Use specific errors for intent token revoked (#3291) * Autocomplete password during reauth with TOTP (#3290) * Add CORS headers to jwks and userinfo (#3283) - Require system-user-nobody to prevent install ordering issue with invalid rpc/statd users kanidm-1.4.5~git0.a7fabde-bp156.18.1.src.rpm kanidm-1.4.5~git0.a7fabde-bp156.18.1.x86_64.rpm kanidm-clients-1.4.5~git0.a7fabde-bp156.18.1.x86_64.rpm kanidm-docs-1.4.5~git0.a7fabde-bp156.18.1.x86_64.rpm kanidm-server-1.4.5~git0.a7fabde-bp156.18.1.x86_64.rpm kanidm-unixd-clients-1.4.5~git0.a7fabde-bp156.18.1.x86_64.rpm kanidm-1.4.5~git0.a7fabde-bp156.18.1.aarch64.rpm kanidm-clients-1.4.5~git0.a7fabde-bp156.18.1.aarch64.rpm kanidm-docs-1.4.5~git0.a7fabde-bp156.18.1.aarch64.rpm kanidm-server-1.4.5~git0.a7fabde-bp156.18.1.aarch64.rpm kanidm-unixd-clients-1.4.5~git0.a7fabde-bp156.18.1.aarch64.rpm openSUSE-2024-418 moderate openSUSE Backports SLE-15-SP6 Update This update for OpenBoard fixes the following issues: - update to release version 1.7.3 OpenBoard-1.7.3-bp156.2.6.1.src.rpm OpenBoard-1.7.3-bp156.2.6.1.x86_64.rpm OpenBoard-1.7.3-bp156.2.6.1.aarch64.rpm openSUSE-2025-1 low openSUSE Backports SLE-15-SP6 Update dunst was updated to 1.9.2: * Fixed various documentation issues * Fixed high cpu when `show_age_treshold` = -1 * High cpu usage in some situation, often correlated with being idle dunst-1.9.2-bp156.2.3.1.src.rpm dunst-1.9.2-bp156.2.3.1.x86_64.rpm dunst-1.9.2-bp156.2.3.1.i586.rpm dunst-1.9.2-bp156.2.3.1.aarch64.rpm dunst-1.9.2-bp156.2.3.1.ppc64le.rpm dunst-1.9.2-bp156.2.3.1.s390x.rpm openSUSE-2025-25 moderate openSUSE Backports SLE-15-SP6 Update This update for cheat fixes the following issues: - Update to 4.4.2: * Bump chroma to newest version * Remove plan9 support due to build failure * Upgrade to yaml.v3 - Update to 4.4.1: * Update dependencies * Make minor changes to appease revive (linter) cheat-4.4.2-bp156.3.3.1.src.rpm cheat-4.4.2-bp156.3.3.1.x86_64.rpm cheat-4.4.2-bp156.3.3.1.i586.rpm cheat-4.4.2-bp156.3.3.1.aarch64.rpm cheat-4.4.2-bp156.3.3.1.ppc64le.rpm cheat-4.4.2-bp156.3.3.1.s390x.rpm openSUSE-2025-21 important openSUSE Backports SLE-15-SP6 Update This update for gh fixes the following issues: - Update to version 2.65.0: * Bump cli/go-gh for indirect security vulnerability * Panic mustParseTrackingRef if format is incorrect * Move trackingRef into pr create package * Make tryDetermineTrackingRef tests more respective of reality * Rework tryDetermineTrackingRef tests * Avoid pointer return from determineTrackingBranch * Doc determineTrackingBranch * Don't use pointer for determineTrackingBranch branchConfig * Panic if tracking ref can't be reconstructed * Document and rework pr create tracking branch lookup * Upgrade generated workflows * Fixed test for stdout in non-tty use case of repo fork * Fix test * Alternative: remove LocalBranch from BranchConfig * Set LocalBranch even if the git config fails * Add test for permissions check for security and analysis edits (#1) * print repo url to stdout * Update pkg/cmd/auth/login/login.go * Move mention of classic token to correct line * Separate type decrarations * Add mention of classic token in gh auth login docs * Update pkg/cmd/repo/create/create.go * docs(repo): make explicit which branch is used when creating a repo * fix(repo fork): add non-TTY output when fork is newly created * Move api call to editRun * Complete get -> list renaming * Better error testing for autolink TestListRun * Decode instead of unmarshal * Use 'list' instead of 'get' for autolink list type and method * Remove NewAutolinkClient * Break out autolink list json fields test * PR nits * Refactor autolink subcommands into their own packages * Whitespace * Refactor out early return in test code * Add testing for AutoLinkGetter * Refactor autolink list and test to use http interface for simpler testing * Apply PR comment changes * Introduce repo autolinks list commands * Remove release discussion posts and clean up related block in deployment yml * Extract logic into helper function * add pending status for workflow runs * Feat: Allow setting security_and_analysis settings in gh repo edit * Upgrade golang.org/x/net to v0.33.0 * Document SmartBaseRepoFunc * Document BaseRepoFunc * Update releasing.md * Document how to set gh-merge-base - Update to version 2.64.0: * add test for different SAN and SourceRepositoryURI values * add test for signerRepo and tenant * add some more fields to test that san, sanregex are set properly * Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 * update san and sanregex configuration for readability * reduce duplication when creating policy content * tweak output of build policy info * Name conditionals in PR finder * Support pr view for intra-org forks * Return err instead of silentError in merge queue check * linting pointed out this var is no longer used * Removed fun, but inaccessible ASCII header * further tweaks to the long description * Exit on pr merge with `-d` and merge queue * Addressed PR review feedback; expanded Long command help string, used ghrepo, clarified some abbreviations * Update pkg/cmd/attestation/inspect/inspect.go * Update gh auth commands to point to GitHub Docs * Reformat ext install long * Mention Windows quirk in ext install help text * Fix error mishandling in local ext install * Assert on err msg directly in ext install tests * Clarify hosts in ext install help text * Bump golang.org/x/crypto from 0.29.0 to 0.31.0 * Removed now redundant file * minor tweak to language * go mod tidy * Deleted no-longer-used code. * deleted now-invalid tests, added a tiny patina of new testing. * Tightened up docs, deleted dead code, improved printing * fix file name creation on windows * wording * hard code expected digest * fix download test * use bash shell with integration tests * simplify var creation * update integration test scripts * fix: list branches in square brackets in gh codespace * try nesting scripts * run all tests in a single script * windows for loop syntax * use replaceAll * update expected file path on windows * run integration tests with windows specific syntax * run all attestation cmd integration tests automatically * Bump actions/attest-build-provenance from 1.4.4 to 2.1.0 * Improve error handling in apt setup script * use different file name for attestation files on windows * test(gh run): assert branch names are enclosed in square brackets * docs: enhance help text and prompt for rename command * Revert "Confirm auto-detected base branch" * Confirm auto-detected base branch * Merge changes from #10004 * Set gh-merge-base from `issue develop` * Open PR against gh-merge-base * Refactor extension executable error handling * fix: list branches in square brackets in gh run view (#10038) * docs: update description of command * style: reformat files * docs: update sentence case * use github owned oci image * docs: add mention of scopes help topic in `auth refresh` command help * docs: add mention of scopes help topic in `auth login` command help * docs: add help topic for auth scopes * docs: improve help for browse command * docs: improve docs for browse command as of #5352 * fix package reference * add gh attestation verify integration test for oci bundles * add integration test for bundle-from-oci option * update tests * update tests * move content of veriy policy options function into enforcement criteria * comment * try switch statement * remove duplicate err checking * get bundle issuer in another func * more logic updating to remove nesting * inverse logic for less nesting * remove unneeded nesting * wip, linting, getting tests to pass * wording * var naming * drop table view * order policy info so relevant info is printed next to each other * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * wip: added new printSummaryInspection * Improve error handling for missing executable * experiment with table output * Assert stderr is empty in manager_test.go * Update error message wording * Change: exit zero, still print warning to stderr * wording * Improve docs on installing extensions * Update language for missing extension executable * Update test comments about Windows behavior * wording * wording * wording * add newlines for additional policy info * Document requirements for local extensions * Warn when installing local ext with no executable * wording * formatting * print policy information before verifying * add initial policy info method * more wip poking around, now with table printing * wip, gh at inspect will check the signature on the bundle * wip: inspect now prints various bundle fields in a nice json - Update to version 2.63.2: * include alg with digest when fetching bundles from OCI * Error for mutually exclusive json and watch flags * Use safepaths for run download * Use consistent slice ordering in run download tests * Consolidate logic for isolating artifacts * Fix PR checkout panic when base repo is not in remotes * When renaming an existing remote in `gh repo fork`, log the change * Improve DNF version clarity in install steps * Fix formatting in client_test.go comments for linter * Expand logic and tests to handle edge cases * Refactor download testing, simpler file descends * Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 * Improve test names so there is no repetition * Second attempt to address exploit - Update to version 2.63.0: * Add checkout test that uses ssh git remote url * Rename backwards compatible credentials pattern * Fix CredentialPattern doc typos * Remove TODOs * Fix typos and add tests for CredentialPatternFrom* functions * Add SSH remote todo * General cleanup and docs * Allow repo sync fetch to use insecure credentials pattern * Allow client fetch to use insecure credentials pattern * Allow client push to use insecure credential pattern * Allow client pull to use insecure credential pattern * Allow opt-in to insecure pattern * Support secure credential pattern * Refactor error handling for missing "workflow" scope in createRelease * ScopesResponder wraps StatusScopesResponder * Refactor `workflow` scope checking * pr feedback * pr feedback * Update pkg/cmd/attestation/verify/attestation_integration_test.go * Apply suggestions from code review * Refactor command documentation to use heredoc * pr feedback * remove unused test file * undo change * add more testing testing fixtures * update test with new test bundle * naming * update test * update test * Fix README.md code block formatting * clean up * wrap sigstore and cert ext verification into a single function * Adding option to return `baseRefOid` in `pr view` * verify cert extensions function should return filtered result list * pr feedback * Update pkg/cmd/attestation/download/download.go * fix function param calls * Update pkg/cmd/attestation/verification/extensions.go * Formatting fix * Updated formatting to be more clear * Updated markdown syntax for a `note`. * Added a section on manual verification of the relases. * Handle missing "workflow" scope in createRelease * Modify push prompt on repo create when bare * Doc push behaviour for bare repo create * Push --mirror on bare repo create * Add acceptance test for bare repo create * Doc isLocalRepo and git.Client IsLocalRepo differences * Use errWithExitCode interface in repo create isLocalRepo * Backfill repo creation failure tests * Support bare repo creation * use logger println method * simplify verifyCertExtensions * rename type * refactor fetch attestations funcs - Update to version 2.62.0 * CVE-2024-52308: remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands (boo#1233387, GHSA-p2h2-3vg9-4p87) * Check extension for latest version when executed * Shorten extension release checking from 3s to 1s - includes changes from 2.61.0: * Enhance gh repo edit command to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes - Update to version 2.60.1: * Note token redaction in Acceptance test README * Refactor gpg-key delete to align with ssh-key delete * Add acceptance tests for org command * Adjust environment help for host and tokens (#9809) * Add SSH Key Acceptance test * Add Acceptance test for label command * Add acceptance test for gpg-key * Update go-internal to redact more token types in Acceptance tests * Address PR feedback * Clarify `gh` is available for GitHub Enterprise Cloud * Remove comment from gh auth logout * Add acceptance tests for auth-setup-git and formattedStringToEnv helper func * Use forked testscript for token redaction * Use new GitHub preview terms in working-with-us.md * Use new GitHub previews terminology in attestation * Test json flags for repo view and list * Clean up auth-login-logout acceptance test with native functionality * Add --token flag to `gh auth login` to accept a PAT as a flag * Setup acceptance testing for auth and tests for auth-token and auth-status * Update variable testscripts based on secret * Check extOwner for no value instead * Fix tests for invalid extension name * Refactor to remove code duplication * Linting: now that mockDataGenerator has an embedded mock, we ought to have pointer receivers in its funcs. * Minor tweaks, added backoff to getTrustDomain * added test for verifying we do 3 retries when fetching attestations. * Fix single quote not expanding vars * Added constant backoff retry to getAttestations. * Address @williammartin PR feedback * wip: added test that fails in the absence of a backoff. * add validation for local ext install * feat: add ArchivedAt field to Repository struct * Refactor `gh secret` testscript * Wrap true in '' in repo-fork-sync * Rename acceptance test directory from repos to repo * Remove unnecessary flags from repo-delete testscript * Replace LICENSE Makefile README.md acceptance api bin build cmd context docs git go.mod go.sum internal pkg script share test utils commands with * Wrap boolean strings in '' so it is clear they are strings * Remove unnecessary gh auth setup-git steps * Cleanup some inconsistencies and improve collapse some functionality * Add acceptance tests for repo deploy-key add/list/delete * Add acceptance tests for repo-fork and repo-sync * Add acceptance test for repo-set-default * Add acceptance test for repo-edit * Add acceptance tests for repo-list and repo-rename * Acceptance testing for repo-archive and repo-unarchive * Add acceptance test for repo-clone * Added acceptance test for repo-delete * Added test function for repos and repo-create test * Implement acceptance tests for search commands * Remove . from test case for TestTitleSurvey * Clean up Title Survey empty title message code * Add missing test to trigger acceptance tests * Add acceptance tests for `gh variable` * Minor polish / consistency * Fix typo in custom command doc * Refactor env2upper, env2lower; add docs * Update secret note about potential failure * Add testscripts for `gh secret`, helper cmds * Remove stdout assertion from release * Rename test files * Add acceptance tests for `release` commands * Implement basic API acceptance test * Remove unnecesary mkdir from download Acceptance test * Remove empty stdout checks * Adjust sleeps to echos in Acceptance workflows * Use regex assert for enable disable workflow Acceptance test * Watch for run to end for cancel Acceptance test * Include startedAt, completedAt in run steps data * Rewrite a sentence in CONTRIBUTING.md * Add filtered content output to docs * sleep 10s before checking for workflow run * Update run-rerun.txtar * Create cache-list-delete.txtar * Create run-view.txtar * Create run-rerun.txtar * Create run-download.txtar * Create run-delete.txtar * Remove IsTenancy and relevant tests from gists as they are unsupported * Remove unnecessary code branches * Add ghe.com to tests describing ghec data residency * Remove comment * auth: Removed redundant ghauth.IsTenancy(host) check * Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname * Upgrade go-gh version to 2.11.0 * Add test coverage to places where IsEnterprise incorrectly covers Tenancy * Fix issue creation with metadata regex * Create run-cancel.txtar * Create workflow-run.txtar * Create workflow-view.txtar * implement workflow enable/disable acceptance test * implement base workflow list acceptance test * Add comment to acceptance make target * Resolve PR feedback * Acceptance test issue command * Support GH_ACCEPTANCE_SCRIPT * Ensure Acceptance defer failures are debuggable * Add acceptance task to makefile * build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 * Ensure pr create with metadata has assignment * Document sharedCmds func in acceptance tests * Correct testscript description in Acceptance readme * Add link to testscript pkg documentation * Add VSCode extension links to Acceptance README * Fix GH_HOST / GH_ACCEPTANCE_HOST misuse * Acceptance test PR list * Support skipping Acceptance test cleanup * Acceptance test PR creation with metadata * Suggest using legacy PAT for acceptance tests * Add host recommendation to Acceptance test docs * Don't append remaining text if more matches * Highlight matches in table and content * Split all newlines, and output no-color to non-TTY * Print filtered gists similar to code search * Show progress when filtering * Simplify description * Disallow use of --include-content without --filter * Improve help docs * Refactor filtering into existing `gist list` * Improve performance * Add `gist search` command * Fix api tests after function signature changes * Return nil instead of empty objects when err * Fix license list and view tests * Validate required env vars not-empty for Acceptance tests * Add go to test instructions in Acceptance README * Apply suggestions from code review * Error if acceptance tests are targeting github or cli orgs * Add codecoverage to Acceptance README * Isolate acceptance env vars * Add Writing Tests section to Acceptance README * Add Debug and Authoring sections to Acceptance README * Acceptance test PR comment * Acceptance test PR merge and rebase * Note syntax highlighting support for txtar files * Refactor acceptance test environment handling * Add initial acceptance test README * Use txtar extension for testscripts * Support targeting other hosts in acceptance tests * Use stdout2env in PR acceptance tests * Acceptance test PR checkout * Add pr view test script * Initial testscript introduction * While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way. * Add examples for creating `.gitignore` files * Update help for license view * Refactor http error handling * implement `--web` flag for license view * Fix license view help doc, add LICENSE.md example * Update help and fix heredoc indentation * Add SPDX ID to license list output * Fix ExactArgs invocation * Add `Long` for license list indicating limitations * Update function names * Reverse repo/shared package name change * If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error. * Bump cli/oauth to 1.1.1 * Add test coverage for TitleSurvey change * Fix failing test for pr and issue create * Make the X in the error message red and print with io writer * Handle errors from parsing hostname in auth flow * Apply suggestions from code review * Refactor tests and add new tests * Move API calls to queries_repo.go * Allow user to override markdown wrap width via $GH_MDWIDTH from environment * Add handling of empty titles for Issues and PRs * Print the login URL even when opening a browser * Apply suggestions from code review * Update SECURITY.md * Fix typo and wordsmithing * fix typo * Remove trailing space from heading * Revise wording * Update docs to allow community submitted designs * Implement license view * Implement gitignore view * implement gitignore list * Update license table headings and tests * Fix ListLicenseTemplates doc * fix output capitalization * Cleanup rendering and tests * Remove json output option * Divide shared repo package and add queries tests * First pass at implementing `gh repo license list` * Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS machine - Update to version 2.58.0: * build(deps): bump github.com/theupdateframework/go-tuf/v2 * Include `dnf5` commands * Add GPG key instructions to appropriate sections * Update docs language to remove possible confusion around 'where you log in' * Change conditional in promptForHostname to better reflect prompter changes * Shorten language on Authenticate with a GitHub host. * Update language on docstring for `gh auth login` * Change prompts for `gh auth login` to reflect change from GHE to Other * Sentence case 'Other' option in hostname prompt * build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4 * Add documentation explaining how to use `hostname` for `gh auth login` * Replace "GitHub Enterprise Server" with "other" in `gh auth login` prompt * fix tenant-awareness for trusted-root command * Fix test * Update pkg/cmd/extension/manager.go * Update comment formatting * Use new HasActiveToken method in trustedroot.go * Add HasActiveToken method to AuthConfig interface * Add HasActiveToken to AuthConfig. * Improve error presentation * Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform * Update pkg/cmd/attestation/trustedroot/trustedroot_test.go * build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5 * enforce auth for tenancy * disable auth check for att trusted-root cmd * better error for att verify custom issuer mismatch * Enhance gh repo create docs, fix random cmd link gh-2.65.0-bp156.2.17.1.src.rpm gh-2.65.0-bp156.2.17.1.x86_64.rpm gh-bash-completion-2.65.0-bp156.2.17.1.noarch.rpm gh-debuginfo-2.65.0-bp156.2.17.1.x86_64.rpm gh-fish-completion-2.65.0-bp156.2.17.1.noarch.rpm gh-zsh-completion-2.65.0-bp156.2.17.1.noarch.rpm gh-2.65.0-bp156.2.17.1.i586.rpm gh-debuginfo-2.65.0-bp156.2.17.1.i586.rpm gh-2.65.0-bp156.2.17.1.aarch64.rpm gh-debuginfo-2.65.0-bp156.2.17.1.aarch64.rpm gh-2.65.0-bp156.2.17.1.ppc64le.rpm gh-debuginfo-2.65.0-bp156.2.17.1.ppc64le.rpm gh-2.65.0-bp156.2.17.1.s390x.rpm gh-debuginfo-2.65.0-bp156.2.17.1.s390x.rpm openSUSE-2025-26 moderate openSUSE Backports SLE-15-SP6 Update This update for dkimproxy fixes the following issues: - Fix possible symlink attack in /run/dkimproxy/sysconfig (boo#1217173) Remove environment variables DKIMPROXY_USER DKIMPROXY_GROUP. These are hardcoded anyway in dkimproxy-tmpfiles. Changing these would only lead to trouble. Now User and Group in dkimproxy-in.service are set to dkim to avoid the mentioned security issue. ExecStart got a '+' to execute it by root rights. - Fix ExecStartPre path. This changes depending on %_libexecdir macro. Problem was mentioned in (boo#1217173) - Follow-up fix for boo#1216919 * make sure dkimproxy-in works even when the dynamically-created config file under /run does not exist - Fix boo#1216919 * use the correct env var for the hostname dkimproxy-1.4.1-bp156.6.3.1.noarch.rpm dkimproxy-1.4.1-bp156.6.3.1.src.rpm openSUSE-2025-27 moderate openSUSE Backports SLE-15-SP6 Update This update for kstars fixes the following issues: - Update to 3.7.4: * https://invent.kde.org/education/kstars/-/blob/master/ChangeLog - Update to 3.7.3: * https://invent.kde.org/education/kstars/-/blob/master/ChangeLog - Update to 3.7.2: * Multi-camera support. * Focus Advisor v4 * Lots of fixes. Full changelog: https://invent.kde.org/education/kstars/-/blob/master/ChangeLog - Update to 3.7.1: * New mount panel * Add support to obtain all object names * Multiple cameras support (still ongoing) * Various bugs fixed * Full changelog: https://invent.kde.org/education/kstars/-/blob/master/ChangeLog - Update to version 3.7.0: * Fix satellites loading error thanks to updated list by Own. * Fix rare crash when opening search dialog due to unused AsyncDBManager in FindDialog * Fix focus profile index bug * Fix crash if sequence file was loaded with filter selection but active train does not have a filter wheel * Separating Business Logic from UI in Scheduler * Add blinking capabilities to FITS Viewer and Analyze. * Focus 2 Tick Bugfix * Use correct state after PHD2 complete dithering * Adding the delay to the first image in the sequence * Overhaul "differential slewing" * Allow the user to mirror the sky map * Add option for shoting skyflats * Add edit profile button in FITS Viewer Solver and in Image Overlays * Add option to render image overlays below catalogs. * In Sequence Focus Phase 2 * Introduce Views: A way to quickly reorient the sky-map to match the view through an instrument] - Update to version 3.6.9: * Bug fix for unknown camera temperature, gain or offset * Focus UI Refactor * Always show and edit scheduler job properties * Allow deleting of scheduler jobs and appending to scheduler queue while running other jobs. * In Sequence HFR Check Refactor * Add capture time delay estimate for rotator movements * Various fixes - Update to 3.6.8: * Added Aberration Inspector. * Improved Sub-exposure Calculator. * Added FITSViewer Solver. * Make "Set Coordinates Manually" dialog more intuitive. * Telescope name specified in the optical trains are now saved in the FITS header (the mount name was saved before). * New placeholders for ISO, binning and pure exposure time added. * Add a new not-default scheduler option to disable greedy scheduling. * Reduce latency between captures, especially when guiding / dithering. * Fix issue with differential slewing. * Separate Business Logic from UI in Scheduler. * Fix bug in estimating job time, capture delays were misinterpreted. * Fixed guide start deviation was not saved properly in esq file. * Bugfix in one-pulse dither. Dither pulses were going the wrong way. * Fix Scheduler hangs when Focus does not signal Autofocus start failure. * Focus Guide Settle Bug. - Update to 3.6.7: * Added custom image overlays support * Rotator dialog improvements * More file placeholders * Lots of bugs fixed * Docs updated kstars-3.7.4-bp156.2.3.1.src.rpm kstars-3.7.4-bp156.2.3.1.x86_64.rpm kstars-lang-3.7.4-bp156.2.3.1.noarch.rpm kstars-3.7.4-bp156.2.3.1.aarch64.rpm kstars-3.7.4-bp156.2.3.1.ppc64le.rpm kstars-3.7.4-bp156.2.3.1.s390x.rpm openSUSE-2025-28 moderate openSUSE Backports SLE-15-SP6 Update This update for strawberry fixes the following issues: - Update to version 1.2.3 + Bugfixes: + Fixed libcdio NULL related compilation error on FreeBSD (#1610). + Fixed missing seek when starting playback of a CUE song (#1568). + Fixed "QDBusObjectPath: invalid path" error. - Update to version 1.2.2 + Bugfixes: + Fixed crash when creating a new smart playlist (#1609). + Fixed last playlist column being added when dragging a song and switching playlists. - Update to version 1.2.1 + Bugfixes: + Fixed playback of CUE continuing to play from the same file after the song has finished playing (#1568). + Fixed updating collection song sort text when disc is changed. + Fixed current playing file left open when the next track errored (#1582). + Fixed filter search not finding song containing uppercase "A" (#1599). + Fixed crash when removing album from playlist when using shuffle albums (#1588). + Fixed IDv3 MBID's tags with multiple entries being ignored. + Fixed crash when enabling Tidal, Spotify, Qobuz or Subsonic services. + Fixed passing filenames to strawberry on command line not resolving to absolute paths. + Enhancements: + Resolve symbolic links when dragging files to the playlist to match collection song. + Replaced Spotify username/password with access token. + Require Qt 6.4 or higher and drop support for Qt 5. + Require TagLib 1.12 or higher. + Use Qt stringliterals. + Move gstfastspectrum to src. + Use standard user temp location for current album cover. + Removed old MacFSListener. + Removed external tagreader and protobuf dependency. + Removed VLC support. + Ported to Qt translation (.ts) files and removed gettext dependency. + Removed deprecated Gnome/Mate SettingsDaemon global shortcuts. - Update to version 1.1.3 + Bugfixes: + Fixed gstreamer registry lookup leak in Spotify settings. + Fixed all songs in a CUE sheet starting playback at the zero position (#1549). + Fixed playback going to pause and back to play on song change. + Fixed Genius Lyrics login not working (#1554). + Fixed slow collection filter search. - Update to version 1.1.2 + Bugfixes: + Fixed Tidal Open API cover provider to only login when needed instead of on startup. + Fixed KDE added keyboard accelerator characters (ampersands) appearing in sidebar (#1400, #1389, #1476). + Fixed KDE added keyboard accelerator characters (ampersands) appearing when editing playlist name (#1499). + Fixed collection "Search for this" adding prefix without value (#1510). + Fixed play (-p) command line option not working on startup (#1465). + Fixed scan transaction being started when "Update the collection when Strawberry starts" option is unchecked (#1469) + Fixed Spotify bitrate being limited 128kbit/s. + Fixed Spotify returning too many artists and albums. + Fixed manually switching Spotify songs blocking UI. + Fixed analyzer not being set. + Fixed context top text being updated causing selected text to be unselected. + Fixed filter search to use filename for songs with empty title. + Fixed missing developer in Appstream appdata file. + Fixed MPRIS2 DesktopEntry to return desktop file entry without ".desktop" (#1516) + Fixed WavPack .wvc accepted as valid audio files (#1525). + Fixed dynamic playlist controls not following system colors (#1483). + Fixed freeze on playlist right click (#1478). + Fixed copying songs to a iPod device keeping too many files open (#1527). + Fixed MBIDs from MP4 being parsed incorrectly causing ListenBrainz errors (#1531). + Fixed playlist sorting after filename (#1538). + Enhancements: + Improved volume adjustment and track seeking using touchpad (#1498). + Use own thread for lyrics parsing. + Added url and filename columns to collection and playlist filter search. - Update to version 1.1.1 + Bugfixes: + Fixed compilation songs being split into different albums when using album grouping. + Fixed adding playlist columns not working when stretch mode is disabled (#1085). + Fixed resetting playlist columns. + Fixed adding songs to playlist adding all songs instead of filtered songs. + Fixed collection filter matching entire text instead of individual words. + Enhancements: + Use same code for collection and playlist filter search. - Update to version 1.1.0 + Bugfixes: + Fixed crash when pressing CTRL + C (#1359). + Pass on scroll events to page in settings to avoid changing settings when scrolling with mouse (#1380). + Fixed misredered playlist search field with Wayland using scaling (#1255). + Fixed Azlyrics lyrics provider because of website changes. + Fixed Musixmatch lyrics provider because of website changes. + Fixed application exiting when closing file dialog (#1401). + Fixed playlist shuffle randomness (#707). + Fixed playlist shuffle order always the same when restarting playback (#1381). + Fixed dynamic random mix not always ignoring shuffle and repeat mode (#1366). + Fixed manual shuffle while playing not setting current song to new index (##1353). + Fixed volume sync with PA when output is set to auto (#1123). + Fixed mpris:trackid type with KDE 6 (#1397). + Fixed open in file manager feature not handling missing XDG_DATA_DIRS variable. + Fixed collection pixmap disk cache and moodbar cache with newer Qt versions. + Fixed reading common metadata CUE's with multiple files (#1463). + Fixed playlist header stretch mode to only resize the right column of the column being resized. + Fixed adding columns to playlist header not working when not using stretch mode (#1085). + Fixed severe memory leak (!) in context album cover fading (#1464). + Separate albums by different artist in album groupings (#1276). + Removed -new-window parameter from dolphin command for open in file manager (#1412). + Only use playbin3 with GStreamer 1.24 and higher, not with GStreamer 1.22 or lower. + Enhancements: + Improve error messages when connecting and copying to devices. + Allow enter to be used with multiselection to add songs to playlist (#1360) + Add song progress to taskbar using D-Bus. + Use API to receive Radio Paradise channels. + Added button for fetching lyrics to tag editor (#1391). + Added option not to skip "A", "An" and "The” when sorting artist names in collection (#1393). + Improved album and title disc, remastered, etc matching and stripping (#1387). + Save volume to settings when adjusting (#1272). + Resolve song from collection using track with Cue in XSPF (#1181). + Added background image to sidebar. + Read metadata from RIFF WAV files (#1424). + Use original path instead of canonical path when adding directories to the collection. + Only apply added/removed collection directories when settings are saved. + Detect and handle different text encodings when reading CUE files (#1429). + The collection has been rewritten and improved (model/filter/search) (#392). + Improve error messages from tag reader. + (Unix) Add experimental GStreamer pipewire support. + New features: + Letras lyrics provider. + Open Tidal API (openapi.tidal.com) cover provider. + Turbine analyzer. + WaveRubber analyzer. + Spotify streaming support. + Removed features: + Removed now broken lyricsmode.com lyrics provider because of website changes. strawberry-1.2.3-bp156.2.3.1.src.rpm strawberry-1.2.3-bp156.2.3.1.x86_64.rpm strawberry-1.2.3-bp156.2.3.1.aarch64.rpm strawberry-1.2.3-bp156.2.3.1.ppc64le.rpm strawberry-1.2.3-bp156.2.3.1.s390x.rpm openSUSE-2025-29 moderate openSUSE Backports SLE-15-SP6 Update This update for incus fixes the following issues: Update to 6.8: * exec: Consume websocket pings for stderr by @stefanor in #1380 * incus-simplestreams: Add prune command by @presztak in #1381 * internal/instance: Fix validation of volatile.cpu.nodes by @stgraber in #1394 * Add a function to clone map and use it where appropriate by @montag451 in #1397 * cgo/process_utils: fix 32bit builds by @brauner in #1398 * Start using goimports by @stgraber in #1399 * instance/config: Mark user keys as live updatable by @stgraber in #1404 * incus/internal/server/instance/drivers/: Fix incorrect Vars file mapping in edk2 driver by @cmspam in #1406 * zfs: load keys for encrypted datasets during pool import by @cyphar in #1384 * incusd/instance: Lock image access by @stgraber in #1408 * incus/image: Make use of server-side alias handling by @stgraber in #1409 * incusd/cluster: Validate cluster HTTPS address on join too by @stgraber in #1411 * Remove metadata info from space usage calculation by @presztak in #1417 * Add ability to set the initial owner of a custom volume by @presztak in #1415 * Allow local live-migration between storage pools by @presztak in #1410 * incus: Add aliases completion by @montag451 in #1385 * golangci: Add local prefixes for goimports by @breml in #1401 * client: invalidate simple streams cache by @breml in #1424 * incusd/instances_post: Fix cluster internal migrations by @stgraber in #1427 * Fix DHCP client keeping container up by @stgraber in #1430 * Add support for VGA console screenshots by @breml in #1431 * Add --reuse to incus image import by @presztak in #1428 * Fix random ETag values due to map ordering by @stgraber in #1432 * incusd/task: Fix wait group logic (more entries than running tasks) by @stgraber in #1433 * Allow setting aliases during raw image upload by @stgraber in #1434 * Fixes an issue when copying a custom volume using the --refresh flag by @presztak in #1437 * Openfga improvements by @stgraber in #1435 * doc/instance/properties: Add missing instance properties by @stgraber in #1439 * incusd/daemon_storage: Ensure corect symlinks for images/backups by @stgraber in #1441 * incusd/storage/lvm: Handle newer LVM by @stgraber in #1442 * Tweak rendering of manpage in doc by @stgraber in #1443 * incusd/storage/lvm: Require 512-bytes physical block size for VM images by @stgraber in #1444 * incusd: Fill ExpiryDate and remove LastUsedDate in volumeSnapshotToProtobuf by @presztak in #1448 * incusd/device/tpm: Wait for swtpm to be ready by @stgraber in #1447 * incus: Improve completion for file push and file pull by @montag451 in #1445 * incusd/auth/tls: Restrict config access to non-admin by @stgraber in #1451 * incusd/storage: Handle default disk size in GetInstanceUsage by @stgraber in #1452 * incus: Improve completion for some file sub-commmands by @montag451 in #1453 * incus: Fix completion for profile copy by @montag451 in #1454 * incus: Add completion for image alias subcommands by @montag451 in #1457 * doc/installing: Update Fedora instructions by @stgraber in #1456 * Fix gap in validation of pre-existing certificates when switching to PKI mode by @stgraber in #1458 * doc/network_forwards: Split configuration into own table by @stgraber in #1460 * chore: Happy path on the left, early return by @breml in #1461 * incus: Fix completion for image alias create by @montag451 in #1459 * incus/top: Ignore CPU idle time by @stgraber in #1462 * incus: Display the alias expansion when execution of an alias fails by @montag451 in #1464 * lint: disallow restricted licenses in go-licenses by @breml in #1466 * chore: code structure, Go identifier shaddowing by @breml in #1465 * incus: Fix alias arguments handling by @montag451 in #1463 * incus/file/push Use SFTP client instead of file API by @HassanAlsamahi in #1468 * Fix TPM fd leaks and OpenFGA patching issue by @stgraber in #1469 * Clarify device override syntax by @stgraber in #1471 * incusd/auth/openfga: refresh model before applying patches by @stgraber in #1472 * Add authorization scriptlet by @bensmrs in #1412 * doc: add openSUSE installation instructions by @cyphar in #1475 * OCI image debugging improvements by @danbiagini in #1478 * Add function checks to scriptlet validation by @bensmrs in #1484 * incus/project: Fix handling of default (unset) project in get-current by @irhndt in #1476 * Translations update from Hosted Weblate by @weblate in #1492 * Add --force flag to the console command by @presztak in #1491 * Accept io.Writer in RenderTable by @breml in #1490 * doc/network_bridge: Fix missing escaping around variable by @irhndt in #1493 * incusd/cluster: Skip project restrictions during join by @stgraber in #1497 * incusd/instance/lxc: Skip instances without idmap allocation yet by @stgraber in #1495 * incusd/storage/drivers/common: Truncate/Discard ahead of sparse write by @stgraber in #1496 * Add AskPassword/AskPasswordOnce to Asker by @breml in #1499 * Add additional check to Cancel method for ConsoleShow operation by @presztak in #1500 * Improve console disconnections by @stgraber in #1501 * Fix duplicate OVN load-balancer entries by @stgraber in #1502 * Improve SFTP performance by @stgraber in #1503 * incusd/instance_post: Expand profiles in scriptlet context by @stgraber in #1504 incus-6.8-bp156.5.1.src.rpm incus-6.8-bp156.5.1.x86_64.rpm incus-bash-completion-6.8-bp156.5.1.noarch.rpm incus-fish-completion-6.8-bp156.5.1.noarch.rpm incus-tools-6.8-bp156.5.1.x86_64.rpm incus-zsh-completion-6.8-bp156.5.1.noarch.rpm incus-6.8-bp156.5.1.aarch64.rpm incus-tools-6.8-bp156.5.1.aarch64.rpm incus-6.8-bp156.5.1.ppc64le.rpm incus-tools-6.8-bp156.5.1.ppc64le.rpm incus-6.8-bp156.5.1.s390x.rpm incus-tools-6.8-bp156.5.1.s390x.rpm openSUSE-2025-30 moderate openSUSE Backports SLE-15-SP6 Update This update for dante fixes the following issues: - Update to version 1.4.4 * Fixed incorrect access control for some sockd.conf configurations involving socksmethod (boo#1234688, CVE-2024-54662). dante-1.4.4-bp156.4.3.1.src.rpm dante-1.4.4-bp156.4.3.1.x86_64.rpm dante-devel-1.4.4-bp156.4.3.1.x86_64.rpm dante-server-1.4.4-bp156.4.3.1.x86_64.rpm libsocks0-1.4.4-bp156.4.3.1.x86_64.rpm dante-1.4.4-bp156.4.3.1.aarch64.rpm dante-devel-1.4.4-bp156.4.3.1.aarch64.rpm dante-devel-64bit-1.4.4-bp156.4.3.1.aarch64_ilp32.rpm dante-server-1.4.4-bp156.4.3.1.aarch64.rpm libsocks0-1.4.4-bp156.4.3.1.aarch64.rpm libsocks0-64bit-1.4.4-bp156.4.3.1.aarch64_ilp32.rpm dante-1.4.4-bp156.4.3.1.ppc64le.rpm dante-devel-1.4.4-bp156.4.3.1.ppc64le.rpm dante-server-1.4.4-bp156.4.3.1.ppc64le.rpm libsocks0-1.4.4-bp156.4.3.1.ppc64le.rpm dante-1.4.4-bp156.4.3.1.s390x.rpm dante-devel-1.4.4-bp156.4.3.1.s390x.rpm dante-server-1.4.4-bp156.4.3.1.s390x.rpm libsocks0-1.4.4-bp156.4.3.1.s390x.rpm openSUSE-2025-24 important openSUSE Backports SLE-15-SP6 Update This update for qt6-webengine fixes the following issues: - CVE-2024-40896: Fixed a XML external entity vulnerability related to libxml2 (boo#1234820) libQt6Pdf6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6PdfQuick6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6PdfWidgets6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6WebEngineCore6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6WebEngineQuick6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6WebEngineWidgets6-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdf-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdf-imports-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdf-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdfquick-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdfquick-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdfwidgets-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-pdfwidgets-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webengine-6.6.3-bp156.2.3.1.src.rpm qt6-webengine-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webengine-examples-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webengine-imports-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginecore-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginecore-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginequick-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginequick-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginewidgets-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webenginewidgets-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webengine-docs-6.6.3-bp156.2.3.1.src.rpm qt6-webengine-docs-html-6.6.3-bp156.2.3.1.x86_64.rpm qt6-webengine-docs-qch-6.6.3-bp156.2.3.1.x86_64.rpm libQt6Pdf6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6PdfQuick6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6PdfWidgets6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6WebEngineCore6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6WebEngineQuick6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6WebEngineWidgets6-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdf-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdf-imports-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdf-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdfquick-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdfquick-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdfwidgets-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-pdfwidgets-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webengine-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webengine-examples-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webengine-imports-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginecore-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginecore-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginequick-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginequick-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginewidgets-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webenginewidgets-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webengine-docs-html-6.6.3-bp156.2.3.1.aarch64.rpm qt6-webengine-docs-qch-6.6.3-bp156.2.3.1.aarch64.rpm openSUSE-2025-16 moderate openSUSE Backports SLE-15-SP6 Update This update for neatvnc fixes the following issues: - Update to 0.9.2: * This patch release adds missing bounds checks. Two buffer overflow vulnerabilities were reported by Frederik Reiter who also provided patches to fix them. There are potential security implications, but only authenticated clients would be able to exploit these vulnerabilities, if at all. Nevertheless, it is prudent to update as soon as possible. - Update to 0.9.1: * Fix a data type mismatch in the clipboard code that caused the build to fail for 32 bit architectures. - Update to 0.9.0: Highlights: * A v4l2m2m based H.264 encoder that works on Raspberry Pi 1 to 4, sponsored by Raspberry Pi Ltd. * Extended clipboard for UTF-8 text was implemented by Attila Fidan. * Listening on a pre-bound file descriptor, implemented by Attila Fidan. * The continuous updates extension was implemented by Philipp Zabel. * We now have simple bandwidth estimation and improved frame pacing. * Methods for rating pixel formats and modifiers have according to Neat VNC's preferences have been added. * The Qemu/VMWare LED state extensions have been implemented. * H.264 encoders will now encode the correct colour space into the elementary stream. Bug fixes: * Some memory leaks and reference counting errors have been eradicated. * A race between resizing events and framebuffer updates that would cause a buffer with the previous size to be sent after a resize event has been fixed. * Buffers with 24 bits per pixel will now result in 32 bpp being reported to the client because 24 bpp is not allowed by the protocol. Nvidia users should now be able to use a wider selection of clients as a result of this change. - boo#1228777 (CVE-2024-42458) Update to 0.8.1: * Add sanity check for chosen security type - Update to 0.8.0: Highlights: * The colour map pixel format as described in RFC 6143 has been implemented. Before, the client would just get disconnected if they requested it. Now they get a map that emulates RGB332. * Momentary interception of log messages. The user can now set a thread-local log hander and then set it back to the default. * Philip Zabel made the code more consistent with the style guide. Breaking Changes: * nvnc_client_get_hostname has been replaced with nvnc_client_get_address Bugfixes: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup. - Update to 0.7.2: * Clients are now allowed to request more than 32 encodings (#108) * Zlib streams are now preserved when a client switches between encodings (#109) - Update to 0.7.1: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup. - Update to 0.7.0: * Desktop resizing * Software pixel buffers with less than 32 bits per pixel are now supported * The server may now choose to open a websocket instead of a regular TCP socket * The RSA-AES and RSA-AES-256 security types have now been implemented * A Diffie-Hellman based security type frame Apple is also implemented, although not recommended * Murmurhash in the damage refinery has been replaced with xxHash, which performs much better in my tests so far * Users should now get proper feedback when authentication fails libneatvnc0-0.9.2-bp156.3.3.1.x86_64.rpm neatvnc-0.9.2-bp156.3.3.1.src.rpm neatvnc-devel-0.9.2-bp156.3.3.1.x86_64.rpm libneatvnc0-0.9.2-bp156.3.3.1.aarch64.rpm neatvnc-devel-0.9.2-bp156.3.3.1.aarch64.rpm libneatvnc0-0.9.2-bp156.3.3.1.ppc64le.rpm neatvnc-devel-0.9.2-bp156.3.3.1.ppc64le.rpm libneatvnc0-0.9.2-bp156.3.3.1.s390x.rpm neatvnc-devel-0.9.2-bp156.3.3.1.s390x.rpm openSUSE-2025-22 moderate openSUSE Backports SLE-15-SP6 Update This update for wayvnc fixes the following issues: - Update to 0.9.1: * Fix buffer allocation on FreeBSD. - Update to 0.9.0: * The new ext-image-copy-capture-v1 protocol has been implemented for output capturing. * A file descriptor created by a parent process can be used for listening for new connections, thanks to Attila Fidan. * Clipboard handling has been made more robust, thanks again to Attila Fidan. * WayVNC can now allocate CMA backed pixel buffers. They are required for hardware encoding on Raspberry Pi. * Keyboard LED state can be passed to clients. * Output power management is now only enabled while capturing. - Update to 0.8.0: Highlights: * Transient seats via the new ext-transient-seat-v1 protocol. These are not implemented in any compositor yet, but will hopefully be a part of sway 0.10 * Automatic server-side resizing of headless outputs, by courtesy of Consolatis * Detached mode, which allows wayvnc to attach to and detach from a running compositor Bugfixes: * A crash when trying to attach to a non-wlroots compositor has been fixed. Attaching fails, but it doesn't crash. - Update to 0.7.2: * Missing documentation for the websocket flag * Null-dereferencing when input is disabled * Out-of-bounds memory access when compositors submit out-of-bounds damage * Too strict authentication related config parameter sanitation - Update to 0.7.1: * Fix version requirement for Neat VNC - Update to 0.7.0: * Each client can now have its own seat, i.e. it's own cursor and separate keyboard focus * A new option to create a websocket instead of a regular TCP socket * Software pixel buffers with fewer bits per pixel than 32 are now supported * A new RSA based authentication method with encryption has been added * A config file can now reference files relative to the directory in which it resides * The unix-socket option is fixed * Various kinks in wayvncctl have been ironed out wayvnc-0.9.1-bp156.2.3.1.src.rpm wayvnc-0.9.1-bp156.2.3.1.x86_64.rpm wayvnc-0.9.1-bp156.2.3.1.aarch64.rpm wayvnc-0.9.1-bp156.2.3.1.ppc64le.rpm wayvnc-0.9.1-bp156.2.3.1.s390x.rpm openSUSE-2025-17 moderate openSUSE Backports SLE-15-SP6 Update This update for timescaledb, orafce rebuilds them against current postgresql. - orafce was updated to 4.14.1. - timescaledb was updated to 2.17.1. postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.src.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.x86_64.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.src.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.x86_64.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.src.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.x86_64.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.src.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.x86_64.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.src.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.x86_64.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.i586.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.i586.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.i586.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.i586.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.i586.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.aarch64.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.aarch64.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.aarch64.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.aarch64.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.aarch64.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.ppc64le.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.ppc64le.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.ppc64le.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.ppc64le.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.ppc64le.rpm postgresql12-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql12-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql12-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql13-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql13-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql13-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql14-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql14-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql14-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql15-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql15-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql15-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql16-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql16-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql16-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql17-orafce-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql17-orafce-debuginfo-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql17-orafce-debugsource-4.14.1+git0.48e67e7-bp156.4.7.1.s390x.rpm postgresql14-timescaledb-2.17.1-bp156.2.6.1.s390x.rpm postgresql15-timescaledb-2.17.1-bp156.2.6.1.s390x.rpm postgresql16-timescaledb-2.17.1-bp156.2.6.1.s390x.rpm postgresql17-timescaledb-2.17.1-bp156.2.6.1.s390x.rpm openSUSE-2025-15 important openSUSE Backports SLE-15-SP6 Update This update for proftpd fixes the following issues: Update to 1.3.8c: - CVE-2024-48651: supplemental group inheritance grants unintended access to GID 0 (boo#1233997) proftpd-1.3.8c-bp156.2.3.1.src.rpm proftpd-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-devel-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-doc-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-lang-1.3.8c-bp156.2.3.1.noarch.rpm proftpd-ldap-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-mysql-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-pgsql-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-radius-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-sqlite-1.3.8c-bp156.2.3.1.x86_64.rpm proftpd-1.3.8c-bp156.2.3.1.i586.rpm proftpd-devel-1.3.8c-bp156.2.3.1.i586.rpm proftpd-doc-1.3.8c-bp156.2.3.1.i586.rpm proftpd-ldap-1.3.8c-bp156.2.3.1.i586.rpm proftpd-mysql-1.3.8c-bp156.2.3.1.i586.rpm proftpd-pgsql-1.3.8c-bp156.2.3.1.i586.rpm proftpd-radius-1.3.8c-bp156.2.3.1.i586.rpm proftpd-sqlite-1.3.8c-bp156.2.3.1.i586.rpm proftpd-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-devel-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-doc-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-ldap-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-mysql-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-pgsql-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-radius-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-sqlite-1.3.8c-bp156.2.3.1.aarch64.rpm proftpd-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-devel-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-doc-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-ldap-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-mysql-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-pgsql-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-radius-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-sqlite-1.3.8c-bp156.2.3.1.ppc64le.rpm proftpd-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-devel-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-doc-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-ldap-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-mysql-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-pgsql-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-radius-1.3.8c-bp156.2.3.1.s390x.rpm proftpd-sqlite-1.3.8c-bp156.2.3.1.s390x.rpm openSUSE-2025-13 moderate openSUSE Backports SLE-15-SP6 Update This update for tryton, trytond, trytond_account, trytond_company, trytond_stock fixes the following issues: Changes in tryton: - Version 6.0.48 - Bugfix Release Changes in trytond: - Version 6.0.57 - Bugfix Release Changes in trytond_account: - Version 6.0.28 - Bugfix Release Changes in trytond_company: - Version 6.0.8 - Bugfix Release Changes in trytond_stock: - Version 6.0.31 - Bugfix Release tryton-6.0.48-bp156.2.15.1.noarch.rpm tryton-6.0.48-bp156.2.15.1.src.rpm trytond-6.0.57-bp156.2.15.1.noarch.rpm trytond-6.0.57-bp156.2.15.1.src.rpm trytond_account-6.0.28-bp156.2.9.1.noarch.rpm trytond_account-6.0.28-bp156.2.9.1.src.rpm trytond_company-6.0.8-bp156.2.3.1.noarch.rpm trytond_company-6.0.8-bp156.2.3.1.src.rpm trytond_stock-6.0.31-bp156.2.9.1.noarch.rpm trytond_stock-6.0.31-bp156.2.9.1.src.rpm openSUSE-2025-23 moderate openSUSE Backports SLE-15-SP6 Update This update for seamonkey fixes the following issues: - update to SeaMonkey 2.53.20 * Use Services.focus for bookmarking from mailnews in SeaMonkey bug 1925033. * Replace the Bookmark Manager with the Firefox Library in SeaMonkey: Another followup bug bug 1932731. * Port bug 1458385 - Update SeaMonkey's confvars.sh bug 1913633. * Tidy up channels code in cZ bug 1920565. * Sometimes tag data from an IRC server doesn't contain a pair bug 1923211. * Fix call to updateUsers in network onAway in cZbug 1923213. * Remove unused XTLabelRecord from tree-utils.js in cZbug 1923215. * Remove unused code from connection-xpcom.js in cZbug 1923219. * Remove unusued code from utils.js in cZbug 1923221. * Switch from using arrayContains helper to using JS Array includes method in cZ bug 1923224. * Switch from using arrayIndexOf helper to using JS Array includes and indexOf methods in cZ bug 1923225. * Switch from using arrayRemoveAt and arrayInsertAt helpers to using JS Array splice and unshift methods in cZbug 1923227. * Switch from using stringTrim helper to using JS string trim method in cZ bug 1923229. * Inline newObject function in cZ bug 1924338. * Remove getWindowByType function from cZ bug 1924586. * Inline viewCert function in cZ bug 1924587. * Remove getSpecialDirectory function and use Services.dirsvc in cZ bug 1924588. * Remove getNSSErrorClass function and tidy up NSS related code in cZ bug 1924589. * Tidy message manager code in cZ bug 1924592. * Remove getService helper and tidy up code around its callers in cZ bug 1924595. * Remove use of NSGetModule in cZ bug 1925871. * Tidy up chatzilla-service.js bug 1926406. * Use Intl.DateTimeFormat in cZ's strftime function bug 1927348. * Remove unused code from pref-manager.js in cZ bug 1927370. * Use Services.scriptloader in cZ bug 1927374. * Use more Services in cZ bug 1927376. * Tidy up some Components.* code in static.js in cZ bug 1927377. * Switch to using listbox instead of tree for cZ chat window bug 1927582. * Away status isn't reflected correctly in channel userlist in cZ bug 1928749. * Fix too much recursion and missing variable in cmdSave in cZ bug 1930391. * Replace confirm helper with Services.prompt.confirm in cZ bug 1930396. * Use Services.prompt in confirmEx, prompt and promptPassword helpers in cZ bug 1930540. * Use Services.prompt.alert and remove alert helper in cZ bug 1931705. * Simplify getListFIle in cZ bug 1931707. * Remove various const from file-utils.js in cZ bug 1931708. * Remove unused 2nd argument from mkdir helper in file-utils.js in cZ bug 1931709. * Use LocalFile directly rather via helper fopen in cZ bug 1931710. * Tidy up picker code in file-utils.js in cZ bug 1931712. * Remove unnecessary type attributes in cZ bug 1933043. * Clean up Components usage in cZ bug 1933081. * Remove unused encodeForXMLAttribute function for cZ utils.js bug 1933083. * Move renameProperty helper into lib/irc.js for cZ bug 1933084. * Move formatDateOffset helper into handlers.js in cZ bug 1933085. * Move objectContains helper into command-manager.js in cZ bug 1933086. * Move splitLongWord helper into mungers.js in cZ bug 1933087. * Move randomString helper into commands.js in cZ bug 1933089. * Move Clone helper into commands.js in cZ bug 1933090. * Move equalsObject helper into channels.js in cZ bug 1933092. * Move matchEntry helper into static.js in cZ bug 1933093. * Move getCommonPfx helper to handlers.js in cZ bug 1933342. * Remove some code duplication in getSISize and getSISpeed helpers and improve coding in scaleNumbersBy1024 in cZ bug 1933346. * UI: Link for download of Themes leads to Themes for Thunderbird bug 1656564. * Add ESR 128 links to debugQA bug 1909855. * Port changes needed from |Bug 1476333 - Consolidate the ways that we reference "browser.xul" across the tree| to SeaMonkey bug 1911841. * Switch from boxObject to getBoundingClientRect in utilityOverlay bug 1911844. * Align the SeaMonkey switchToTabHavingURI() call syntax with Firefox and toolkit bug 1925037. * Empty out SeaMonkey's removed-files.in (port bug 1392913) bug 1913579. * Update SeaMonkey installer to register as handler for media types bug 1925023. * Remove obsolete chat services from SeaMonkey address book part2 bug 1909853. * Add UI for browser.display.prefers_color_scheme to the SeaMonkey colors prefpane bug 1909743. * Update SeaMonkey wikipedia icon bug 1925021. * Show specific placeholders for bookmarks and history in SeaMonkey sidebar search bug 1925025. * Adjust dragOver method of tabbrowser.xml to be closer to Firefox version bug 1911845. * Avoid boxObject where appropriate in tabbrowser bug 1911847. * Simplify tab drop indicator code and styling bug 1911848. * SeaMonkey 2.53.20 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.20 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.19 and Thunderbird 115.19 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. - Remove .mozconfig options no longer recognized in SeaMonkey 2.53.20 seamonkey-2.53.20-bp156.2.6.1.src.rpm seamonkey-2.53.20-bp156.2.6.1.x86_64.rpm seamonkey-dom-inspector-2.53.20-bp156.2.6.1.x86_64.rpm seamonkey-irc-2.53.20-bp156.2.6.1.x86_64.rpm seamonkey-2.53.20-bp156.2.6.1.i586.rpm seamonkey-dom-inspector-2.53.20-bp156.2.6.1.i586.rpm seamonkey-irc-2.53.20-bp156.2.6.1.i586.rpm openSUSE-2025-14 important openSUSE Backports SLE-15-SP6 Update This update for python-Django fixes the following issues: - CVE-2024-56374: Fixed a denial of service when performing IPv6 validation (boo#1235856). python-Django-2.2.28-bp156.6.1.src.rpm python3-Django-2.2.28-bp156.6.1.noarch.rpm openSUSE-2025-18 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 132.0.6834.83 (stable released 2024-01-14) (boo#1235892) * CVE-2025-0434: Out of bounds memory access in V8 * CVE-2025-0435: Inappropriate implementation in Navigation * CVE-2025-0436: Integer overflow in Skia * CVE-2025-0437: Out of bounds read in Metrics * CVE-2025-0438: Stack buffer overflow in Tracing * CVE-2025-0439: Race in Frames * CVE-2025-0440: Inappropriate implementation in Fullscreen * CVE-2025-0441: Inappropriate implementation in Fenced Frames * CVE-2025-0442: Inappropriate implementation in Payments * CVE-2025-0443: Insufficient data validation in Extensions * CVE-2025-0446: Inappropriate implementation in Extensions * CVE-2025-0447: Inappropriate implementation in Navigation * CVE-2025-0448: Inappropriate implementation in Compositing - update esbuild to 0.24.0 - drop old tarball - use upstream release tarball for 0.24.0 - add vendor tarball for golang.org/x/sys - add to keeplibs: third_party/libtess2 third_party/devtools-frontend/src/node_modules/fast-glob chromedriver-132.0.6834.83-bp156.2.69.1.x86_64.rpm chromium-132.0.6834.83-bp156.2.69.1.src.rpm chromium-132.0.6834.83-bp156.2.69.1.x86_64.rpm chromedriver-132.0.6834.83-bp156.2.69.1.aarch64.rpm chromium-132.0.6834.83-bp156.2.69.1.aarch64.rpm openSUSE-2025-19 moderate openSUSE Backports SLE-15-SP6 Update This update for dnscrypt-proxy fixes the following issues: - Update to version 2.1.7 * Reintroduces support for XSalsa20 enryption in DNSCrypt, which was removed in 2.1.6. Unfortunately, a bunch of servers still only support that encryption system. * Added check for lying resolvers was added for DNSCrypt, similar to the one that was already present for DoH and ODoH. - Update to version 2.1.6 * Forwarding: in the list of servers for a zone, the `$BOOTSTRAP` keyword can be included as a shortcut to forward to the bootstrap servers. And the `$DHCP` keyword can be included to forward to the DNS resolvers provided by the local DHCP server. Based on work by YX Hao, thanks! DHCP forwarding should be considered experimental and my not work on all operating systems. A rule for a zone can mix and match multiple forwarder types, such as `10.0.0.1,10.0.0.254,$DHCP, 192.168.1.1,$BOOTSTRAP`. Note that this is not implemented for captive portals yet. * Lying resolvers are now skipped, instead of just printing an error. This doesn't apply to captive portal and forwarding entries, which are the only reasonable use case for lying resolvers. * Support for XSalsa20 in DNSCrypt has been removed. This was not documented, and was supserseded by XChaCha20 in 2016. * Source files are now fetched with compression. * DNS64: compatibility has been improved. * Forwarding: the root domain (`.`) can now be forwarded. * The ARC caching algorithm has been replaced by the SIEVE algorithm. * Properties of multiple servers are now updated simultaneously. The concurrency level can be adjusted with the new `cert_refresh_concurrency` setting. Contributed by YX Hao. * MSI packages for DNSCrypt can now easily be built. * New command-line flag: `-include-relays` to include relays in `-list` and `-list-all`. * Support for DNS extended error codes has been added. * Documentation updates, bug fixes, dependency updates. dnscrypt-proxy-2.1.7-bp156.2.3.1.src.rpm dnscrypt-proxy-2.1.7-bp156.2.3.1.x86_64.rpm dnscrypt-proxy-2.1.7-bp156.2.3.1.i586.rpm dnscrypt-proxy-2.1.7-bp156.2.3.1.aarch64.rpm dnscrypt-proxy-2.1.7-bp156.2.3.1.ppc64le.rpm dnscrypt-proxy-2.1.7-bp156.2.3.1.s390x.rpm openSUSE-2025-20 moderate openSUSE Backports SLE-15-SP6 Update This update for retry fixes the following issues: - Update to version 1737025645.819c129: * Fix shellcheck reported issue SC2317 * count-fail-ratio: Fix commands with quoted arguments retry-1737025645.819c129-bp156.2.6.1.noarch.rpm retry-1737025645.819c129-bp156.2.6.1.src.rpm openSUSE-2025-31 moderate openSUSE Backports SLE-15-SP6 Update This update for velociraptor fixes the following issues: - Use llvm17 for Leap - Update to version 0.7.0.4.git142.862ef23: * github: fix deprecated upload artifact again * Update npm packages Includes fixes for the following vulnerabilities: CVE-2023-45133 CVE-2023-46234 CVE-2024-55565 CVE-2024-45296 CVE-2023-44270 CVE-2024-47068 CVE-2024-23331 CVE-2024-31207 CVE-2024-45812 CVE-2024-45811 * Update go dependencies Includes fixes for the following vulnerabilities: CVE-2024-45338 CVE-2024-37298 CVE-2024-24786 CVE-2023-45683 (boo#1216310) CVE-2023-1732 * Update jwt to 4.5.1 Fixes CVE-2024-51744 (boo#1232944) * Update go-retryablehttp to 0.7.7 Fixes CVE-2024-6104 (boo#1227061) * Update go-oidc and go-jose Fixes CVE-2024-28180 (boo#1235168) * Update dompurify to 3.1.3 Fixes CVE-2024-47875 (boo#1231574) * Update package-lock.json * Update micromatch to 4.0.8 Partial fix for CVE-2024-4067 (boo#1224367) Partial fix for CVE-2024-4068 (boo#1224296) * Update axios to 1.7.9 Fixes CVE-2024-39338 (boo#1229424) * Update cross-spawn to 7.0.6 Fixes CVE-2024-21538 (boo#1233845) * Update elliptic to 6.6.1 Update contains fixes for: CVE-2024-48949 (boo#1231558) CVE-2024-48948 (boo#1231685) CVE-2024-42459 (boo#1232543) CVE-2024-42460 (boo#1232543) CVE-2024-42461 (boo#1232543) * Update follow-redirects to 1.15.6 Fixes CVE-2024-28849 (boo#1221456) * fix: gui/velociraptor/package.json to reduce vulnerabilities Fixes CVE-2022-25883 (boo#1212572) * and many more changes - Update node modules with security fixes. * Fixes CVE-2024-39338 (boo#1229424) * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch as the update is included. - Obsolete old velociraptor-kafka-humio-gateway package - Update to version 0.6.7.5~git81.01be570: * libbpfgo: pull fix for double-free * logscale: add documentation for plugin * bpf: fix path to vmlinux.h * file_store/test_utils/server_config.go: update test certificate * Update bluemonday dependency. * vql/functions/hash: cache results on Linux * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0 * logscale/backport: don't use networking.GetHttpTransport * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint * file_store/directory: add ability to report pending size * libbpfgo: update submodule to require libzstd for newer libelf * utils/time.js: fix handling of nanosecond-resolution timestamps * libbpfgo: switch to using regular static builds * Create a new 0.6.7-5 release (#2385) - Verify FILESYSTEM_WRITE permission on copy() function (#2384) (boo#1207936, CVE-2023-0242) - Also ensure client id is considered unsafe (boo#1207937, CVE-2023-0290) * github/workflows/linux: do apt-get update to refresh package lists - Tightening the security of the services a bit: - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp from /tmp - run velociraptor server as user velociraptor instead of root we do not really need root permissions here - introduce /var/lib/velociraptor/filestore to make it easier to split out large file upload - change permissions for the data directory and subdirectories to /var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor /var/lib/velociraptor-client/ u=rwX,go= root:root - change permissions of config directory to: /etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor /etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor /etc/velociraptor/client.config u=rw,go= root:root velociraptor-0.7.0.4.git142.862ef23-bp156.3.3.1.src.rpm velociraptor-0.7.0.4.git142.862ef23-bp156.3.3.1.x86_64.rpm system-user-velociraptor-1.0.0-bp156.3.3.1.noarch.rpm velociraptor-client-0.7.0.4.git142.862ef23-bp156.3.3.1.src.rpm velociraptor-client-0.7.0.4.git142.862ef23-bp156.3.3.1.x86_64.rpm velociraptor-client-0.7.0.4.git142.862ef23-bp156.3.3.1.aarch64.rpm velociraptor-client-0.7.0.4.git142.862ef23-bp156.3.3.1.ppc64le.rpm velociraptor-client-0.7.0.4.git142.862ef23-bp156.3.3.1.s390x.rpm openSUSE-2025-33 moderate openSUSE Backports SLE-15-SP6 Update This update for qt6-connectivity fixes the following issues: - CVE-2025-23050: Fixed buffer over-read and division by zero (boo#1236237) libQt6Bluetooth6-6.6.3-bp156.2.3.1.x86_64.rpm libQt6Nfc6-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-6.6.3-bp156.2.3.1.src.rpm qt6-connectivity-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-examples-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-private-devel-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-docs-6.6.3-bp156.2.3.1.src.rpm qt6-connectivity-docs-html-6.6.3-bp156.2.3.1.x86_64.rpm qt6-connectivity-docs-qch-6.6.3-bp156.2.3.1.x86_64.rpm libQt6Bluetooth6-6.6.3-bp156.2.3.1.i586.rpm libQt6Nfc6-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-devel-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-examples-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-private-devel-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-docs-html-6.6.3-bp156.2.3.1.i586.rpm qt6-connectivity-docs-qch-6.6.3-bp156.2.3.1.i586.rpm libQt6Bluetooth6-6.6.3-bp156.2.3.1.aarch64.rpm libQt6Nfc6-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-examples-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-private-devel-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-docs-html-6.6.3-bp156.2.3.1.aarch64.rpm qt6-connectivity-docs-qch-6.6.3-bp156.2.3.1.aarch64.rpm libQt6Bluetooth6-6.6.3-bp156.2.3.1.ppc64le.rpm libQt6Nfc6-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-devel-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-examples-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-private-devel-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-docs-html-6.6.3-bp156.2.3.1.ppc64le.rpm qt6-connectivity-docs-qch-6.6.3-bp156.2.3.1.ppc64le.rpm libQt6Bluetooth6-6.6.3-bp156.2.3.1.s390x.rpm libQt6Nfc6-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-devel-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-examples-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-private-devel-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-docs-html-6.6.3-bp156.2.3.1.s390x.rpm qt6-connectivity-docs-qch-6.6.3-bp156.2.3.1.s390x.rpm openSUSE-2025-32 moderate openSUSE Backports SLE-15-SP6 Update This update for orthanc-ohif, orthanc-volview fixes the following issues: Changes in orthanc-volview: - version 1.2 * Upgrade to VolView tag 4.3.0 (commit a76e8fb). Note that the VolView "About" box still displays version 4.2.0. * Patch to make the build of static assets reproducible, following a suggestion by Bernhard M. Wiedemann (bwiedemann@suse.de) Changes in orthanc-ohif: - version 1.5 * Updated OHIF to 3.9.2 * In "dicom-web" data source, fixed the default "app-config.js" configuration to enable display of PDFs. * Updated cached "dicom-json" version to 2. This implies that, when using the "dicom-json" source, the cached metadata will have to be recomputed the first time you open a study. orthanc-ohif-1.5-bp156.2.9.1.src.rpm orthanc-ohif-1.5-bp156.2.9.1.x86_64.rpm orthanc-ohif-debuginfo-1.5-bp156.2.9.1.x86_64.rpm orthanc-ohif-debugsource-1.5-bp156.2.9.1.x86_64.rpm orthanc-volview-1.2-bp156.3.3.1.src.rpm orthanc-volview-1.2-bp156.3.3.1.x86_64.rpm orthanc-ohif-1.5-bp156.2.9.1.aarch64.rpm orthanc-ohif-debuginfo-1.5-bp156.2.9.1.aarch64.rpm orthanc-ohif-debugsource-1.5-bp156.2.9.1.aarch64.rpm orthanc-volview-1.2-bp156.3.3.1.aarch64.rpm orthanc-ohif-1.5-bp156.2.9.1.ppc64le.rpm orthanc-ohif-debuginfo-1.5-bp156.2.9.1.ppc64le.rpm orthanc-ohif-debugsource-1.5-bp156.2.9.1.ppc64le.rpm orthanc-volview-1.2-bp156.3.3.1.ppc64le.rpm orthanc-ohif-1.5-bp156.2.9.1.s390x.rpm orthanc-ohif-debuginfo-1.5-bp156.2.9.1.s390x.rpm orthanc-ohif-debugsource-1.5-bp156.2.9.1.s390x.rpm orthanc-volview-1.2-bp156.3.3.1.s390x.rpm openSUSE-2025-43 moderate openSUSE Backports SLE-15-SP6 Update This update for emptyepsilon fixes the following issues: - Version 2024.12.08 * Remove 'f' suffix from numbers in lua (#2164) * Some minor de updates * fix minor typo * more minor de updates emptyepsilon-2024.12.08-bp156.3.6.1.src.rpm emptyepsilon-2024.12.08-bp156.3.6.1.x86_64.rpm emptyepsilon-2024.12.08-bp156.3.6.1.aarch64.rpm emptyepsilon-2024.12.08-bp156.3.6.1.s390x.rpm openSUSE-2025-55 moderate openSUSE Backports SLE-15-SP6 Update This update for llvm19 fixes the following issues: This update ships llvm 19.1.7. clang19-19.1.7-bp156.2.1.x86_64.rpm clang19-devel-19.1.7-bp156.2.1.x86_64.rpm clang19-doc-19.1.7-bp156.2.1.noarch.rpm libLLVM19-19.1.7-bp156.2.1.x86_64.rpm libLTO19-19.1.7-bp156.2.1.x86_64.rpm libclang-cpp19-19.1.7-bp156.2.1.x86_64.rpm libclang_rt19-19.1.7-bp156.2.1.x86_64.rpm liblldb19-19.1.7-bp156.2.1.x86_64.rpm libomp19-devel-19.1.7-bp156.2.1.x86_64.rpm lld19-19.1.7-bp156.2.1.x86_64.rpm lldb19-19.1.7-bp156.2.1.x86_64.rpm lldb19-devel-19.1.7-bp156.2.1.x86_64.rpm llvm19-19.1.7-bp156.2.1.src.rpm llvm19-19.1.7-bp156.2.1.x86_64.rpm llvm19-devel-19.1.7-bp156.2.1.x86_64.rpm llvm19-doc-19.1.7-bp156.2.1.noarch.rpm llvm19-gold-19.1.7-bp156.2.1.x86_64.rpm llvm19-libc++-devel-19.1.7-bp156.2.1.x86_64.rpm llvm19-libc++1-19.1.7-bp156.2.1.x86_64.rpm llvm19-libc++abi-devel-19.1.7-bp156.2.1.x86_64.rpm llvm19-libc++abi1-19.1.7-bp156.2.1.x86_64.rpm llvm19-libclang13-19.1.7-bp156.2.1.x86_64.rpm llvm19-opt-viewer-19.1.7-bp156.2.1.noarch.rpm llvm19-polly-19.1.7-bp156.2.1.x86_64.rpm llvm19-polly-devel-19.1.7-bp156.2.1.x86_64.rpm llvm19-vim-plugins-19.1.7-bp156.2.1.noarch.rpm python3-clang19-19.1.7-bp156.2.1.noarch.rpm clang19-19.1.7-bp156.2.1.i586.rpm clang19-devel-19.1.7-bp156.2.1.i586.rpm libLLVM19-19.1.7-bp156.2.1.i586.rpm libLLVM19-32bit-19.1.7-bp156.2.1.x86_64.rpm libLTO19-19.1.7-bp156.2.1.i586.rpm libclang-cpp19-19.1.7-bp156.2.1.i586.rpm libclang-cpp19-32bit-19.1.7-bp156.2.1.x86_64.rpm libclang_rt19-19.1.7-bp156.2.1.i586.rpm libomp19-devel-19.1.7-bp156.2.1.i586.rpm lld19-19.1.7-bp156.2.1.i586.rpm llvm19-19.1.7-bp156.2.1.i586.rpm llvm19-devel-19.1.7-bp156.2.1.i586.rpm llvm19-gold-19.1.7-bp156.2.1.i586.rpm llvm19-libclang13-19.1.7-bp156.2.1.i586.rpm llvm19-polly-19.1.7-bp156.2.1.i586.rpm llvm19-polly-devel-19.1.7-bp156.2.1.i586.rpm clang19-19.1.7-bp156.2.1.aarch64.rpm clang19-devel-19.1.7-bp156.2.1.aarch64.rpm libLLVM19-19.1.7-bp156.2.1.aarch64.rpm libLLVM19-64bit-19.1.7-bp156.2.1.aarch64_ilp32.rpm libLTO19-19.1.7-bp156.2.1.aarch64.rpm libclang-cpp19-19.1.7-bp156.2.1.aarch64.rpm libclang-cpp19-64bit-19.1.7-bp156.2.1.aarch64_ilp32.rpm libclang_rt19-19.1.7-bp156.2.1.aarch64.rpm liblldb19-19.1.7-bp156.2.1.aarch64.rpm libomp19-devel-19.1.7-bp156.2.1.aarch64.rpm lld19-19.1.7-bp156.2.1.aarch64.rpm lldb19-19.1.7-bp156.2.1.aarch64.rpm lldb19-devel-19.1.7-bp156.2.1.aarch64.rpm llvm19-19.1.7-bp156.2.1.aarch64.rpm llvm19-devel-19.1.7-bp156.2.1.aarch64.rpm llvm19-gold-19.1.7-bp156.2.1.aarch64.rpm llvm19-libc++-devel-19.1.7-bp156.2.1.aarch64.rpm llvm19-libc++1-19.1.7-bp156.2.1.aarch64.rpm llvm19-libc++abi-devel-19.1.7-bp156.2.1.aarch64.rpm llvm19-libc++abi1-19.1.7-bp156.2.1.aarch64.rpm llvm19-libclang13-19.1.7-bp156.2.1.aarch64.rpm llvm19-polly-19.1.7-bp156.2.1.aarch64.rpm llvm19-polly-devel-19.1.7-bp156.2.1.aarch64.rpm clang19-19.1.7-bp156.2.1.ppc64le.rpm clang19-devel-19.1.7-bp156.2.1.ppc64le.rpm libLLVM19-19.1.7-bp156.2.1.ppc64le.rpm libLTO19-19.1.7-bp156.2.1.ppc64le.rpm libclang-cpp19-19.1.7-bp156.2.1.ppc64le.rpm libclang_rt19-19.1.7-bp156.2.1.ppc64le.rpm liblldb19-19.1.7-bp156.2.1.ppc64le.rpm libomp19-devel-19.1.7-bp156.2.1.ppc64le.rpm lld19-19.1.7-bp156.2.1.ppc64le.rpm lldb19-19.1.7-bp156.2.1.ppc64le.rpm lldb19-devel-19.1.7-bp156.2.1.ppc64le.rpm llvm19-19.1.7-bp156.2.1.ppc64le.rpm llvm19-devel-19.1.7-bp156.2.1.ppc64le.rpm llvm19-gold-19.1.7-bp156.2.1.ppc64le.rpm llvm19-libclang13-19.1.7-bp156.2.1.ppc64le.rpm llvm19-polly-19.1.7-bp156.2.1.ppc64le.rpm llvm19-polly-devel-19.1.7-bp156.2.1.ppc64le.rpm openSUSE-2025-34 important openSUSE Backports SLE-15-SP6 Update This update for chromium fixes the following issues: - Chromium 132.0.6834.110 (boo#1236306) * CVE-2025-0611: Object corruption in V8 * CVE-2025-0612: Out of bounds memory access in V8 chromedriver-132.0.6834.110-bp156.2.72.1.x86_64.rpm chromium-132.0.6834.110-bp156.2.72.1.src.rpm chromium-132.0.6834.110-bp156.2.72.1.x86_64.rpm chromedriver-132.0.6834.110-bp156.2.72.1.aarch64.rpm chromium-132.0.6834.110-bp156.2.72.1.aarch64.rpm openSUSE-2025-35 moderate openSUSE Backports SLE-15-SP6 Update This update for easy-rsa fixes the following issues: - update to 3.2.1: * inline: Add decimal value for cert. serial * Always exit with error for unknown command options * ntegrate Easy-RSA TLS-Key for use with 'init-pki soft' * easyrsa-tools.lib, show-expire: Add CA certificate to report * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 * easyrsa-tools.lib: expire_status_v2() (show-expire version 2) * sign-req: Require 128bit serial number * Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut * Windows secure_session(): Ensure $secured_session dir is created * Switch to '-f' for file existence * inline: Move auto-inline from build_full() to sign_req() * gen-crl: Create additional CRL in DER format * self-sign: Allow Edwards Curve based keys * Re-enable command 'renew' (version 2): Requires EasyRSA Tools * bug-fix: revoke: Pass the correct certificate location * vars.example: Add flags for auto-SAN and X509 critical attribute * Global option --eku-crit: Mark X509 extendedKeyUsage as critical * sign-req: Add critical and pathlen details to confirmation * export-p12: Automatically generate inline file * Introduce global option --auto-san, use commonName as SAN * Introduce global option --san-crit, mark SAN critical * Introduce new global options: --ku-crit and --bc-crit * gen-req: Always check for existing request file * revoke/revoke-expired/-renewed: Keep duplicate certificate * revoke-expired/-renewed: Keep req/key files for resigning * revoke: Add abbreviations for optional 'reason' * build-ca: Allow use of --req-cn without batch mode * gen-req: Re-enable use of --req-cn * write: Change syntax, target as file, not directory - update to 3.2.0: * Revert ca76697: Restore escape_hazard() * New X509 Type: 'selfsign' Internal only * New commands: self-sign-server and self-sign-client * build-ca: Command 'req', remove SSL option '-keyout' * Remove escape_hazard(), obsolete * Remove command and function display_cn(), unused * docs: Update EasyRSA-Renew-and-Revoke.md * Remove all 'renew' code; replaced by 'expire' code * Introduce commands: 'expire' and 'revoke-expired' * Keep request files [CSR] when revoking certificates * Restrict use of --req-cn to build-ca * Remove command 'display-san' (Code removed in 5a06f94) * Move Status Reports to 'easyrsa-tools.lib' * export-p12, OpenSSL v1.x: Upgrade PBE and MAC options * LibreSSL: Add fix for missing 'x509' option '-ext' * Variable heredoc expansion for SSL/Safe Config file * Always use here-doc version of openssl-easyrsa.cnf * export-p12: New command option 'legacy'. OpenSSL V3 Only * export-p12: Always set 'friendlyName' to file-name-base * As of Easy-RSA version 3.2.0-beta1, the configuration files vars.example, openssl-eayrsa.cnf and all files in x509-types directory are no longer required * Rename X509-type file code-signing to codeSigning * init-pki: Always write vars.example file to fresh PKI * New command 'write': Write 'legacy' files to stdout or files * Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf' * New Command 'rand': Expose easyrsa_random() to the command line * Remove function 'set_pass_legacy()' * Remove command 'rewind-renew' * Remove command 'rebuild' * Remove command 'upgrade' * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file * New diagnostic command 'display-cn' * Expand renewable certificate types to include code-signing - Update to 3.1.7: * Completely Remove Upgrade Functionality * Expand help to include undocumented commands * Forbid "default vars in the default PKI" for all commands * show-expire: Calculate certificate expire seconds from Database date * Expand help to include undocumented commands * New command: make-vars - Print vars.example (here-doc) to stdout * gen-crl: preserve existing crl.pem ownership+mode by @Tabiskabis in #1020 * Improve vars auto load * Replace santize_path() and ignore Windows "security" warning * Improve select_vars() and source_vars() * sign-req: Allow the CSR DN-field order to be preserved * vars-file: Warn about EASYRSA_NO_VARS disabling vars-file use * Expand default status to include vars-file and CA status * verify_ssl_lib(): Minor style improvements * cleanup: Rename $easyrsa_error_exit to $easyrsa_exit_with_error easy-rsa-3.2.1-bp156.2.3.1.noarch.rpm easy-rsa-3.2.1-bp156.2.3.1.src.rpm openSUSE-2025-36 important openSUSE Backports SLE-15-SP6 Update Chromium was update to version 132.0.6834.159 (boo#1236586): * CVE-2025-0762: Use after free in DevTools chromedriver-132.0.6834.159-bp156.2.75.1.x86_64.rpm chromium-132.0.6834.159-bp156.2.75.1.src.rpm chromium-132.0.6834.159-bp156.2.75.1.x86_64.rpm chromedriver-132.0.6834.159-bp156.2.75.1.aarch64.rpm chromium-132.0.6834.159-bp156.2.75.1.aarch64.rpm openSUSE-2025-44 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: Update to version 1.4.6~git0.3ce4e0f: * Small UI updates. (#3361) * Allow modification of password minimum length (#3345) * Ignore anonymous in oauth2 read allow access (#3336) * Resolve passkey regression (#3343) * Renaming "TOTP" in the login flow (#3338) * cookies don't clear unless you set domain (#3332) kanidm-1.4.6~git0.3ce4e0f-bp156.21.1.src.rpm kanidm-1.4.6~git0.3ce4e0f-bp156.21.1.x86_64.rpm kanidm-clients-1.4.6~git0.3ce4e0f-bp156.21.1.x86_64.rpm kanidm-docs-1.4.6~git0.3ce4e0f-bp156.21.1.x86_64.rpm kanidm-server-1.4.6~git0.3ce4e0f-bp156.21.1.x86_64.rpm kanidm-unixd-clients-1.4.6~git0.3ce4e0f-bp156.21.1.x86_64.rpm kanidm-1.4.6~git0.3ce4e0f-bp156.21.1.aarch64.rpm kanidm-clients-1.4.6~git0.3ce4e0f-bp156.21.1.aarch64.rpm kanidm-docs-1.4.6~git0.3ce4e0f-bp156.21.1.aarch64.rpm kanidm-server-1.4.6~git0.3ce4e0f-bp156.21.1.aarch64.rpm kanidm-unixd-clients-1.4.6~git0.3ce4e0f-bp156.21.1.aarch64.rpm openSUSE-2025-45 moderate openSUSE Backports SLE-15-SP6 Update This update for go-sendxmpp fixes the following issues: Update to 0.14.0: Added: * Add --fast-invalidate to allow invalidating the FAST token. Changed: * Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys. * Delete legacy Ox private key directory if it's empty. * Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9). * Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9). * Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9). * Delete stored fast token if --fast-invalidate and --fast-off are set. * Show error when FAST creds are stored but non-FAST mechanism is requested. - Update to 0.13.0: Added: * Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8). * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8). * Add support for see-other-host stream error (requires go-xmpp >= 0.2.8). Changed: * Don't automatically try other auth mechanisms if FAST authentication fails. - Update to 0.12.1: Changed: * Print error instead of quitting if a message of type error is received. * Allow upload of multiple files. Added: * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user. - Update to 0.12.0: Added: * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3). * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5). Changed: * Disable PLAIN authentication per default. * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires go-xmpp >= 0.2.5). - Update to 0.11.4: * Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4). - Update to 0.11.3: * Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2). * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3). * [gocritic]: Improve code quality. - Update to 0.11.2: * Add Gopenpgp and Xmppsrv version to --version output. * Improve selection between StartTLS and DirectTLS. - Update to 0.11.1: * Fix Ox encryption in interactive mode (do not add the same recipient key to the keyring over and over again). * Exit with error code if Ox encryption for one recipient fails. * Improved handling of perl sendxmpp config files. - Update to 0.11.0: Changed: * Move private Ox key into JID folder in ~/.local/share/go-sendxmpp. * Use fmt.Errorf() instead of errors.New() to create new error messages. Added: * Add new parameter --subject. * Added flag --fast-off to disable XEP-0484: Fast Authentication Streamlining Tokens (requires go-xmpp >= 0.2.1) - Update to 0.10.0: * Fixed a race condition in receiving stanzas (requires go-xmpp >= v0.1.5). * Add support for SASL2 and BIND2 (via go-xmpp >= v0.2.0). * Add support for FAST authentication (via go-xmpp >= v0.2.0). * Add a warning when run by the user root. - Update to 0.9.0: Changed: * Properly close stream if Ctrl+C is pressed in interactive mode. * Properly close stream if Ctrl+C is pressed in listening mode. * Print OS, architecture and go version for flag --version. * Improve closing of connection (via go-xmpp v0.1.4). * Don't send stanzas that exceed the size limit provided by XEP-0478 (requires go-xmpp >= v0.1.4). * Fixed hanging forever in stream close if the server doesn't reply with a closing stream element (via go-xmpp >= v0.1.4). Added: * New command line flag ssdp-off to disable XEP-0474: SASL SCRAM Downgrade Protection (requires go-xmpp >= v0.1.4). - Update to 0.8.4: * Properly handle lost connection. * Better compatibility with perl sendxmpp config files. * Improve file name for private Ox keys. * Improve fallback behavior if no SRV records are provided. * Remove 100ms sleep before closing the connection. This should be no more needed since go-xmpp commit 9684a8ff690f0d75e284f8845696c5057926d276. * Return an error if there is no answer to an IQ within 60s. * Check for errors after sending the auth message during SCRAM authentication (via go-xmpp v0.1.2). - Update to 0.8.3: * Use a human readable file name for private Ox keys. * Fix specifying a message via command line flag -m. - Update to 0.8.2: * Fix an issue in look up of SRV records (via xmppsrv v0.2.6) - Update to 0.8.1: * Add support for tls-server-end-point channel binding * Add experimental support for SOCKS5 proxies using the HTTP_PROXY environment variable * http-upload: Improved error handling. - Update to 0.8.0: Added: * Add no parameter --scram-mech-pinning. Changed: * Refuse to upload a file if upload slot doesn't provide https. * Use XEP-0474 instead of SCRAM mechanism pinning to prevent downgrade attacks - Update to 0.7.0: * Reply to XEP-0092 software version requests. * Add support for PLUS variants of SCRAM authentification mechanisms (requires go-xmpp commit 4c385a334c606e8bc387f0a3d4d84975802b3984). * Add pinning of last used authentification mechanism if a SCRAM mechanism was used. * Print every stanza in a new line (requires go-xmpp commit 31c7eb6919b67b18e901dc45a8e5681040ea7f31). - Update to 0.6.2: * Properly close connection to server if ^C is pressed in interactive mode. * Replace invalid characters by UTF8 replacement char. * Add warning that there is no Ox support for messages of type headline. * Suppress warnings about reading from closed connection if go-sendxmpp closes the connection before exiting. * Remove unnecessary newlines after stanzas. * Fix segfault when authentication fails due to invalid username or password. go-sendxmpp-0.14.0-bp156.2.3.1.src.rpm go-sendxmpp-0.14.0-bp156.2.3.1.x86_64.rpm go-sendxmpp-0.14.0-bp156.2.3.1.i586.rpm go-sendxmpp-0.14.0-bp156.2.3.1.aarch64.rpm go-sendxmpp-0.14.0-bp156.2.3.1.ppc64le.rpm go-sendxmpp-0.14.0-bp156.2.3.1.s390x.rpm openSUSE-2025-38 important openSUSE Backports SLE-15-SP6 Update This update for assimp fixes the following issues: - CVE-2024-45679: Fixed a heap-based buffer overflow (boo#1230679) assimp-5.3.1-bp156.3.6.1.src.rpm assimp-devel-5.3.1-bp156.3.6.1.x86_64.rpm libassimp5-5.3.1-bp156.3.6.1.x86_64.rpm assimp-devel-5.3.1-bp156.3.6.1.aarch64.rpm libassimp5-5.3.1-bp156.3.6.1.aarch64.rpm assimp-devel-5.3.1-bp156.3.6.1.ppc64le.rpm libassimp5-5.3.1-bp156.3.6.1.ppc64le.rpm assimp-devel-5.3.1-bp156.3.6.1.s390x.rpm libassimp5-5.3.1-bp156.3.6.1.s390x.rpm openSUSE-2025-46 moderate openSUSE Backports SLE-15-SP6 Update This update for ollama fixes the following issues: Introduce version 0.5.1. ollama-0.5.1-bp156.2.1.src.rpm ollama-0.5.1-bp156.2.1.x86_64.rpm ollama-0.5.1-bp156.2.1.aarch64.rpm ollama-0.5.1-bp156.2.1.ppc64le.rpm ollama-0.5.1-bp156.2.1.s390x.rpm openSUSE-2025-47 moderate openSUSE Backports SLE-15-SP6 Update This update for python-py2pack fixes the following issues: - Fixed an AttributeError (boo#1236107) python-py2pack-0.8.6-bp156.4.3.1.src.rpm python-py2pack-doc-0.8.6-bp156.4.3.1.noarch.rpm python3-py2pack-0.8.6-bp156.4.3.1.noarch.rpm openSUSE-2025-50 moderate openSUSE Backports SLE-15-SP6 Update This update for python-terminado fixes the following issues: - Build for more python versions (boo#1236620) python-terminado-0.8.3-bp156.4.3.1.src.rpm python3-terminado-0.8.3-bp156.4.3.1.noarch.rpm python311-terminado-0.8.3-bp156.4.3.1.noarch.rpm openSUSE-2025-48 moderate openSUSE Backports SLE-15-SP6 Update This update for python-mysql-connector-python fixes the following issues: - Keep compatibility with python 3.6 (boo#1236566) python-mysql-connector-python-9.1.0-bp156.4.6.1.src.rpm python3-mysql-connector-python-9.1.0-bp156.4.6.1.x86_64.rpm python3-mysql-connector-python-9.1.0-bp156.4.6.1.i586.rpm python3-mysql-connector-python-9.1.0-bp156.4.6.1.aarch64.rpm python3-mysql-connector-python-9.1.0-bp156.4.6.1.ppc64le.rpm python3-mysql-connector-python-9.1.0-bp156.4.6.1.s390x.rpm openSUSE-2025-49 moderate openSUSE Backports SLE-15-SP6 Update This update for abcde fixes the following issues: - Replace freedb by gnudb for cddb search (boo#1233688) abcde-2.9.3-bp156.5.6.1.noarch.rpm abcde-2.9.3-bp156.5.6.1.src.rpm openSUSE-2025-37 important openSUSE Backports SLE-15-SP6 Update This update for SDL2_sound fixes the following issues: - Update to release 2.0.4: * Update bundled stb_vorbis to address CVE-2023-45676, CVE-2023-45677, CVE-2023-45679, CVE-2023-45680, CVE-2023-45681, CVE-2023-45682. - Update to release 2.0.2 * No further changes from the last snapshot 2.0.1+g60 SDL2_sound-2.0.4-bp156.2.3.1.src.rpm SDL2_sound-devel-2.0.4-bp156.2.3.1.x86_64.rpm libSDL2_sound2-2.0.4-bp156.2.3.1.x86_64.rpm SDL2_sound-devel-2.0.4-bp156.2.3.1.i586.rpm libSDL2_sound2-2.0.4-bp156.2.3.1.i586.rpm SDL2_sound-devel-2.0.4-bp156.2.3.1.aarch64.rpm libSDL2_sound2-2.0.4-bp156.2.3.1.aarch64.rpm SDL2_sound-devel-2.0.4-bp156.2.3.1.ppc64le.rpm libSDL2_sound2-2.0.4-bp156.2.3.1.ppc64le.rpm SDL2_sound-devel-2.0.4-bp156.2.3.1.s390x.rpm libSDL2_sound2-2.0.4-bp156.2.3.1.s390x.rpm openSUSE-2025-39 important openSUSE Backports SLE-15-SP6 Update This update for stb fixes the following issues: Addressing the follow security issues (boo#1216478): * CVE-2019-13217: heap buffer overflow in start_decoder() * CVE-2019-13218: stack buffer overflow in compute_codewords() * CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest() * CVE-2019-13220: out-of-range read in draw_line() * CVE-2019-13221: issue with large 1D codebooks in lookup1_values() * CVE-2019-13222: unchecked NULL returned by get_window() * CVE-2019-13223: division by zero in predict_point() stb-20240910-bp156.2.3.1.src.rpm stb-devel-20240910-bp156.2.3.1.noarch.rpm openSUSE-2025-51 moderate openSUSE Backports SLE-15-SP6 Update This update for kubo fixes the following issues: Update to 0.32.1: * https://github.com/ipfs/kubo/releases/tag/v0.32.1 * AutoTLS: Automatic Certificates for libp2p WebSockets via libp2p.direct * Dependency updates + ipfs-webui to v4.4.0 + boxo to v0.24.3 + go-libp2p to v0.37.0 + go-libp2p-kad-dht to v0.28.1 + go-libp2p-pubsub to v0.12.0 + p2p-forge/client to v0.0.2 - Update to 0.31.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.31.0 * Experimental Pebble Datastore * New metrics * lowpower profile no longer breaks DHT announcements * go 1.23, boxo 0.24 and go-libp2p 0.36.5 - Update to 0.30.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.30.0 * Improved P2P connectivity * Refactored Bitswap and dag-pb chunker * WebRTC-Direct Transport enabled by default * UnixFS 1.5: Mode and Modification Time Support * AutoNAT V2 Service Introduced Alongside V1 * Automated ipfs version check * Version Suffix Configuration * /unix/ socket support in Addresses.API * Cleaned Up ipfs daemon Startup Log * Commands Preserve Specified Hostname - Update to 0.29.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.29.0 * Add search functionality for pin names * Customizing ipfs add defaults - drop upstream 10243.patch - drop upstream kubo-0.27.0-CVE-2024-22189.patch - Add kubo-0.27.0-CVE-2024-22189.patch to avoid quic-go memory exhaustion attack (boo#1222479, CVE-2024-22189) - Update to 0.27.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.27.0 * Gateway: support for /api/v0 is deprecated * IPNS resolver cache's TTL can now be configured via Ipns.MaxCacheTTL * RPC client: deprecated DHT API, added Routing API * Deprecated DHT commands removed from /api/v0/dht * Repository migrations are now trustless - Let .service files wait for network-online.target (boo#1222194) - Update to 0.26.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.26.0 * Removed several deprecated commands * Support optional pin names * jaeger trace exporter has been removed * fix quic-go memory exhaustion attack (boo#1235162, CVE-2023-49295) - Update to 0.25.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.25.0 * WebUI: Updated Peers View * Kubo RPC API now supports optional HTTP Authorization. * MPLEX Removal * Graphsync Experiment Removal * Commands ipfs key sign and ipfs key verify - Add 10243.patch to fix FUSE mounts - Update to 0.24.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.24.0 * Support for content blocking * Gateway: the root of the CARs are no longer meaningful * IPNS: improved publishing defaults * IPNS: record TTL is used for caching * Experimental Transport: WebRTC Direct kubo-0.32.1-bp156.2.3.1.src.rpm kubo-0.32.1-bp156.2.3.1.x86_64.rpm kubo-0.32.1-bp156.2.3.1.i586.rpm kubo-0.32.1-bp156.2.3.1.aarch64.rpm kubo-0.32.1-bp156.2.3.1.ppc64le.rpm kubo-0.32.1-bp156.2.3.1.s390x.rpm openSUSE-2025-52 moderate openSUSE Backports SLE-15-SP6 Update This update for python-asteval fixes the following issues: Update to 1.0.6: * drop testing and support for Python3.8, add Python 3.13, change document to reflect this. * implement safe_getattr and safe_format functions; fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405, CVE-2025-24359) * make all procedure attributes private to curb access to AST nodes, which can be exploited * improvements to error messages, including use ast functions to construct better error messages * remove import of numpy.linalg, as documented * update doc description for security advisory Update to 1.0.5: * more work on handling errors, including fixing #133 and adding more comprehensive tests for #129 and #132 Update to 1.0.4: * fix error handling that might result in null exception Update to 1.0.3: * functions ("Procedures") defined within asteval have a ` _signature()` method, now use in repr * add support for deleting subscript * nested symbol tables now have a Group() function * update coverage config * cleanups of exception handling : errors must now have an exception * several related fixes to suppress repeated exceptions: see GH #132 and #129 * make non-boolean return values from comparison operators behave like Python - not immediately testing as bool - update to 1.0.2: * fix NameError handling in expression code * make exception messages more Python-like - update to 1.0.1: * security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division * remove numpy modules polynomial, fft, linalg by default for security concerns * disallow string.format(), improve security of f-string evaluation - update to 1.0.0: * fix (again) nested list comprehension (Issues #127 and #126). * add more testing of multiple list comprehensions. * more complete support for Numpy 2, and removal of many Numpy symbols that have been long deprecated. * remove AST nodes deprecated in Python 3.8. * clean up build files and outdated tests. * fixes to codecov configuration. * update docs. - update to 0.9.33: * fixes for multiple list comprehensions (addressing #126) * add testing with optionally installed numpy_financial to CI * test existence of all numpy imports to better safeguard against missing functions (for safer numpy 2 transition) * update rendered doc to include PDF and zipped HTML - update to 0.9.32: * add deprecations message for numpy functions to be removed in numpy 2.0 * comparison operations use try/except for short-circuiting instead of checking for numpy arrays (addressing #123) * add Python 3.12 to testing * move repository from "newville" to "lmfit" organization * update doc theme, GitHub locations pointed to by docs, other doc tweaks. - Update to 0.9.31: * cleanup numpy imports to avoid deprecated functions, add financial functions from numpy_financial module, if installed. * prefer 'user_symbols' when initializing Interpreter, but still support 'usersyms' argument. Will deprecate and remove eventually. * add support of optional (off-by default) "nested symbol table". * update tests to run most tests with symbol tables of dict and nested group type. * general code and testing cleanup. * add config argument to Interpreter to more fully control which nodes are supported * add support for import and importfrom -- off by default * add support for with blocks * add support for f-strings * add support of set and dict comprehension * fix bug with 'int**int' not returning a float. - update to 0.9.29: * bug fixes - Update to 0.9.28 * add support for Python 3.11 * add support for multiple list comprehensions * improve performance of making the initial symbol table, and Interpreter creation, including better checking for index_tricks attributes - update to 0.9.27: * more cleanups - update to 0.9.26: * fix setup.py again - update to 0.9.25: * fixes import errors for Py3.6 and 3.7, setting version with importlib_metadata.version if available. * use setuptools_scm and importlib for version * treat all __dunder__ attributes of all objects as inherently unsafe. - Update to 0.9.22 * another important but small fix for Python 3.9 * Merge branch 'nested_interrupts_returns' - Drop hard numpy requirement, don't test on python36 - update to 0.9.18 * drop python2 * few fixes python-asteval-1.0.6-bp156.4.3.1.src.rpm python311-asteval-1.0.6-bp156.4.3.1.noarch.rpm openSUSE-2025-54 moderate openSUSE Backports SLE-15-SP6 Update This update for pdns-common fixes the following issues: - fix typo in user creation (boo#1234463) pdns-common-4.0-bp156.6.3.1.noarch.rpm pdns-common-4.0-bp156.6.3.1.src.rpm openSUSE-2025-56 moderate openSUSE Backports SLE-15-SP6 Update This update for trivy fixes the following issues: Update to version 0.58.2 ( boo#1234512, CVE-2024-45337, boo#1235265, CVE-2024-45338): * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119) * release: v0.58.0 [main] (#7874) * fix(misconf): wrap AWS EnvVar to iac types (#7407) * chore(deps): Upgrade trivy-checks (#8018) * refactor(misconf): Remove unused options (#7896) * docs: add terminology page to explain Trivy concepts (#7996) * feat: add `workspaceRelationship` (#7889) * refactor(sbom): simplify relationship generation (#7985) * docs: improve databases documentation (#7732) * refactor: remove support for custom Terraform checks (#7901) * docs: drop AWS account scanning (#7997) * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) * fix(cli): Handle empty ignore files more gracefully (#7962) * fix(misconf): load full Terraform module (#7925) * fix(misconf): properly resolve local Terraform cache (#7983) * refactor(k8s): add v prefix for Go packages (#7839) * test: replace Go checks with Rego (#7867) * feat(misconf): log causes of HCL file parsing errors (#7634) * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) * chore: downgrade the failed block expand message to debug (#7964) * fix(misconf): do not erase variable type for child modules (#7941) * feat(go): construct dependencies of `go.mod` main module in the parser (#7977) * feat(go): construct dependencies in the parser (#7973) * feat: add cvss v4 score and vector in scan response (#7968) * docs: add `overview` page for `others` (#7972) * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965) * chore(deps): bump the common group with 4 updates (#7949) * feat(oracle): add `flavors` support (#7858) * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953) * chore(deps): Bump up trivy-checks to v1.3.0 (#7959) * fix(k8s): check all results for vulnerabilities (#7946) * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945) * feat(secret): Add built-in secrets rules for Private Packagist (#7826) * docs: Fix broken links (#7900) * docs: fix mistakes/typos (#7942) * feat: Update registry fallbacks (#7679) * fix(alpine): add `UID` for removed packages (#7887) * chore(deps): bump the aws group with 6 updates (#7902) * chore(deps): bump the common group with 6 updates (#7904) * fix(debian): infinite loop (#7928) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912) * docs: add note about temporary podman socket (#7921) * docs: combine trivy.dev into trivy docs (#7884) * test: change branch in spdx schema link to check in integration tests (#7935) * docs: add Headlamp to the Trivy Ecosystem page (#7916) * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898) * chore(k8s): enhance k8s scan log (#6997) * fix(terraform): set null value as fallback for missing variables (#7669) * fix(misconf): handle null properties in CloudFormation templates (#7813) * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882) * chore(deps): bump the common group across 1 directory with 20 updates (#7876) * chore: bump containerd to v2.0.0 (#7875) * fix: Improve version comparisons when build identifiers are present (#7873) * feat(k8s): add default commands for unknown platform (#7863) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868) * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862) * test: save `containerd` image into archive and use in tests (#7816) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854) * chore: bump golangci-lint to v1.61.0 (#7853) - Update to version 0.57.1: * release: v0.57.1 [release/v0.57] (#7943) * feat: Update registry fallbacks [backport: release/v0.57] (#7944) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939) * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940) * release: v0.57.0 [main] (#7710) * chore: lint `errors.Join` (#7845) * feat(db): append errors (#7843) * docs(java): add info about supported scopes (#7842) * docs: add example of creating whitelist of checks (#7821) * chore(deps): Bump trivy-checks (#7819) * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733) * fix(k8s): skip resources without misconfigs (#7797) * fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811) * fix(cli): add config name to skip-policy-update alias (#7820) * fix(helm): properly handle multiple archived dependencies (#7782) * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776) * fix(k8s)!: support k8s multi container (#7444) * fix(k8s): support kubernetes v1.31 (#7810) * docs: add Windows install instructions (#7800) * ci(helm): auto public Helm chart after PR merged (#7526) * feat: add end of life date for Ubuntu 24.10 (#7787) * feat(report): update gitlab template to populate operating_system value (#7735) * feat(misconf): Show misconfig ID in output (#7762) * feat(misconf): export unresolvable field of IaC types to Rego (#7765) * refactor(k8s): scan config files as a folder (#7690) * fix(license): fix license normalization for Universal Permissive License (#7766) * fix: enable usestdlibvars linter (#7770) * fix(misconf): properly expand dynamic blocks (#7612) * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507) * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602) * refactor(misconf): simplify k8s scanner (#7717) * feat(parser): ignore white space in pom.xml files (#7747) * test: use forked images (#7755) * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541) * fix(misconf): check if property is not nil before conversion (#7578) * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577) * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564) * test: define constants for test images (#7739) * docs: add note about disabled DS016 check (#7724) * feat(misconf): public network support for Azure Storage Account (#7601) * feat(cli): rename `trivy auth` to `trivy registry` (#7727) * docs: apt-transport-https is a transitional package (#7678) * refactor(misconf): introduce generic scanner (#7515) * fix(cli): `clean --all` deletes only relevant dirs (#7704) * feat(cli): add `trivy auth` (#7664) * fix(sbom): add options for DBs in private registries (#7660) * docs(report): fix reporting doc format (#7671) * fix(repo): `git clone` output to Stderr (#7561) * fix(redhat): include arch in PURL qualifiers (#7654) * fix(report): Fix invalid URI in SARIF report (#7645) * docs(report): Improve SARIF reporting doc (#7655) * fix(db): fix javadb downloading error handling (#7642) * feat(cli): error out when ignore file cannot be found (#7624) - Update to version 0.56.2: * release: v0.56.2 [release/v0.56] (#7694) * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702) * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691) - Update to version 0.56.1: * release: v0.56.1 [release/v0.56] (#7648) * fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646) * release: v0.56.0 [main] (#7447) * fix(misconf): not to warn about missing selectors of libraries (#7638) * feat: support RPM archives (#7628) * fix(secret): change grafana token regex to find them without unquoted (#7627) * fix(misconf): Disable deprecated checks by default (#7632) * chore: add prefixes to log messages (#7625) * feat(misconf): Support `--skip-*` for all included modules (#7579) * feat: support multiple DB repositories for vulnerability and Java DB (#7605) * ci: don't use cache for `setup-go` (#7622) * test: use loaded image names (#7617) * feat(java): add empty versions if `pom.xml` dependency versions can't be detected (#7520) * feat(secret): enhance secret scanning for python binary files (#7223) * refactor: fix auth error handling (#7615) * ci: split `save` and `restore` cache actions (#7614) * fix(misconf): disable DS016 check for image history analyzer (#7540) * feat(suse): added SUSE Linux Enterprise Micro support (#7294) * feat(misconf): add ability to disable checks by ID (#7536) * fix(misconf): escape all special sequences (#7558) * test: use a local registry for remote scanning (#7607) * fix: allow access to '..' in mapfs (#7575) * fix(db): check `DownloadedAt` for `trivy-java-db` (#7592) * chore(deps): bump the common group across 1 directory with 20 updates (#7604) * ci: add `workflow_dispatch` trigger for test workflow. (#7606) * ci: cache test images for `integration`, `VM` and `module` tests (#7599) * chore(deps): remove broken replaces for opa and discovery (#7600) * docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458) * fix(misconf): Fixed scope for China Cloud (#7560) * perf(misconf): use port ranges instead of enumeration (#7549) * fix(sbom): export bom-ref when converting a package to a component (#7340) * refactor(misconf): pass options to Rego scanner as is (#7529) * fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527) * chore(deps): bump go-ebs-file (#7513) * fix(misconf): Fix logging typo (#7473) * feat(misconf): Register checks only when needed (#7435) * refactor: split `.egg` and `packaging` analyzers (#7514) * fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (#7497) * chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (#7510) * chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508) * chore(vex): suppress openssl vulnerabilities (#7500) * revert(java): stop supporting of `test` scope for `pom.xml` files (#7488) * docs(db): add a manifest example (#7485) * feat(license): improve license normalization (#7131) * docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449) * fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (#7463) * fix(report): change a receiver of MarshalJSON (#7483) * fix(oracle): Update EOL date for Oracle 7 (#7480) * chore(deps): bump the aws group with 6 updates (#7468) * chore(deps): bump the common group across 1 directory with 19 updates (#7436) * chore(helm): bump up Trivy Helm chart (#7441) * refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451) * fix(license): stop spliting a long license text (#7336) * release: v0.55.0 [main] (#7271) * feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163) * fix(license): add license handling to JUnit template (#7409) * feat(java): add `test` scope support for `pom.xml` files (#7414) * chore(deps): Bump trivy-checks and pin OPA (#7427) * fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (#7362) * feat(sbom): set User-Agent header on requests to Rekor (#7396) * test: add integration plugin tests (#7299) * fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (#7387) * fix: logger initialization before flags parsing (#7372) * fix(aws): handle ECR repositories in different regions (#6217) * fix(misconf): fix infer type for null value (#7424) * fix(secret): use `.eyJ` keyword for JWT secret (#7410) * fix(misconf): do not recreate filesystem map (#7416) * chore(deps): Bump trivy-checks (#7417) * fix(misconf): do not register Rego libs in checks registry (#7420) * fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403) * feat(report): export modified findings in JSON (#7383) * feat(server): Make Trivy Server Multiplexer Exported (#7389) * chore: update CODEOWNERS (#7398) * fix(secret): use only line with secret for long secret lines (#7412) * chore: fix allow rule of ignoring test files to make it case insensitive (#7415) * feat(misconf): port and protocol support for EC2 networks (#7146) * fix(misconf): do not filter Terraform plan JSON by name (#7406) * feat(misconf): support for ignore by nested attributes (#7205) * fix(misconf): use module to log when metadata retrieval fails (#7405) * fix(report): escape `Message` field in `asff.tpl` template (#7401) * feat(misconf): Add support for using spec from on-disk bundle (#7179) * docs: add pkg flags to config file page (#7370) * feat(python): use minimum version for pip packages (#7348) * fix(misconf): support deprecating for Go checks (#7377) * fix(misconf): init frameworks before updating them (#7376) * feat(misconf): ignore duplicate checks (#7317) * refactor(misconf): use slog (#7295) * chore(deps): bump trivy-checks (#7350) * feat(server): add internal `--path-prefix` flag for client/server mode (#7321) * chore(deps): bump the aws group across 1 directory with 7 updates (#7358) * fix: safely check if the directory exists (#7353) * feat(misconf): variable support for Terraform Plan (#7228) * feat(misconf): scanning support for YAML and JSON (#7311) * fix(misconf): wrap Azure PortRange in iac types (#7357) * refactor(misconf): highlight only affected rows (#7310) * fix(misconf): change default TLS values for the Azure storage account (#7345) * chore(deps): bump the common group with 9 updates (#7333) * docs(misconf): Update callsites to use correct naming (#7335) * docs: update air-gapped docs (#7160) * refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323) * perf(misconf): optimize work with context (#6968) * docs: update links to packaging.python.org (#7318) * docs: update client/server docs for misconf and license scanning (#7277) * chore(deps): bump the common group across 1 directory with 7 updates (#7305) * feat(misconf): iterator argument support for dynamic blocks (#7236) * fix(misconf): do not set default value for default_cache_behavior (#7234) * feat(misconf): support for policy and bucket grants (#7284) * fix(misconf): load only submodule if it is specified in source (#7112) * perf(misconf): use json.Valid to check validity of JSON (#7308) * refactor(misconf): remove unused universal scanner (#7293) * perf(misconf): do not convert contents of a YAML file to string (#7292) * fix(terraform): add aws_region name to presets (#7184) * docs: add auto-generated config (#7261) * feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288) * refactor(misconf): remove file filtering from parsers (#7289) * fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281) * fix(java): Return error when trying to find a remote pom to avoid segfault (#7275) * fix(plugin): do not call GitHub content API for releases and tags (#7274) * feat(vm): support the Ext2/Ext3 filesystems (#6983) * feat(cli)!: delete deprecated SBOM flags (#7266) * feat(vm): Support direct filesystem (#7058) - Update to version 0.51.1 (boo#1227010, CVE-2024-3817): trivy-0.58.2-bp156.2.6.1.src.rpm trivy-0.58.2-bp156.2.6.1.x86_64.rpm trivy-0.58.2-bp156.2.6.1.i586.rpm trivy-0.58.2-bp156.2.6.1.aarch64.rpm trivy-0.58.2-bp156.2.6.1.ppc64le.rpm trivy-0.58.2-bp156.2.6.1.s390x.rpm openSUSE-2025-53 important openSUSE Backports SLE-15-SP6 Update This update for dcmtk fixes the following issues: Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes Security issues fixed: - CVE-2024-27628: Fixed buffer overflow via the EctEnhancedCT method (boo#1227235) - CVE-2024-34508: Fixed a segmentation fault via an invalid DIMSE message (boo#1223925) - CVE-2024-34509: Fixed segmentation fault via an invalid DIMSE message (boo#1223943) - CVE-2024-47796: Fixed out-of-bounds write due to improper array index validation in the nowindow functionality (boo#1235810) - CVE-2024-52333: Fixed out-of-bounds write due to improper array index validation in the determineMinMax functionality (boo#1235811) dcmtk-3.6.9-bp156.4.3.1.src.rpm dcmtk-3.6.9-bp156.4.3.1.x86_64.rpm dcmtk-devel-3.6.9-bp156.4.3.1.x86_64.rpm libdcmtk19-3.6.9-bp156.4.3.1.x86_64.rpm dcmtk-3.6.9-bp156.4.3.1.i586.rpm dcmtk-devel-3.6.9-bp156.4.3.1.i586.rpm libdcmtk19-3.6.9-bp156.4.3.1.i586.rpm dcmtk-3.6.9-bp156.4.3.1.aarch64.rpm dcmtk-devel-3.6.9-bp156.4.3.1.aarch64.rpm libdcmtk19-3.6.9-bp156.4.3.1.aarch64.rpm dcmtk-3.6.9-bp156.4.3.1.ppc64le.rpm dcmtk-devel-3.6.9-bp156.4.3.1.ppc64le.rpm libdcmtk19-3.6.9-bp156.4.3.1.ppc64le.rpm dcmtk-3.6.9-bp156.4.3.1.s390x.rpm dcmtk-devel-3.6.9-bp156.4.3.1.s390x.rpm libdcmtk19-3.6.9-bp156.4.3.1.s390x.rpm