New ARM MicroOS snapshot 20240407 released!
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20240407
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa
Mesa-drivers
MicroOS-release (20240402 -> 20240407)
MozillaFirefox (124.0.1 -> 124.0.2)
aaa_base (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1)
apparmor
avahi
avahi-glib2
bash
bubblewrap (0.8.0 -> 0.9.0)
c-ares (1.27.0 -> 1.28.1)
colord
coreutils (9.4 -> 9.5)
coreutils-systemd (9.4 -> 9.5)
cpio
evince
fwupd
gobject-introspection (1.80.0 -> 1.80.1)
gtk4 (4.14.1 -> 4.14.2)
harfbuzz (8.3.0 -> 8.4.0)
installation-images-MicroOS (17.117 -> 17.120)
inxi (3.3.33 -> 3.3.33+3)
kate
kdsoap-qt6 (2.1.1 -> 2.2.0)
kernel-firmware
kernel-source (6.8.1 -> 6.8.4)
kirigami-addons6 (1.0.1 -> 1.1.0)
kmod (31 -> 32)
krb5
libapparmor
libbpf (1.3.0 -> 1.4.0)
libcanberra
libdeflate (1.19 -> 1.20)
libdnf (0.73.0 -> 0.73.1)
libproxy-backend (0.5.3 -> 0.5.4)
libproxy-client (0.5.3 -> 0.5.4)
libsrtp2 (2.5.0 -> 2.6.0)
libssh2_org
liburing (2.4 -> 2.5)
libuv (1.47.0 -> 1.48.0)
libzypp (17.32.0 -> 17.32.2)
llvm18 (18.1.2 -> 18.1.3)
mpg123 (1.32.5 -> 1.32.6)
nghttp2 (1.60.0 -> 1.61.0)
openssh
orca (46.0 -> 46.1)
pango
plasma6-desktop
podman (4.9.3 -> 5.0.1)
python-cryptography (42.0.4 -> 42.0.5)
python-httpcore (1.0.4 -> 1.0.5)
python-numpy
python-pyasn1 (0.5.1 -> 0.6.0)
python-pyzmq
python-typing_extensions (4.10.0 -> 4.11.0)
raspberrypi-firmware (2023.11.21 -> 2024.03.27)
raspberrypi-firmware-config (2023.11.21 -> 2024.03.27)
re2 (20240301 -> 20240401)
runc (1.1.12 -> 1.2.0~rc1)
snowball
sushi (45.0 -> 46.0)
systemd
vim
xdm (1.1.15 -> 1.1.16)
xorg-x11-server (21.1.11 -> 21.1.12)
xwayland (23.2.4 -> 23.2.5)
yast2-storage-ng (5.0.10 -> 5.0.11)
zstd (1.5.5 -> 1.5.6)
=== Details ===
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- fix missing free codecs in builds with non-free codecs enabled
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- fix missing free codecs in builds with non-free codecs enabled
==== MicroOS-release ====
Version update (20240402 -> 20240407)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== MozillaFirefox ====
Version update (124.0.1 -> 124.0.2)
- Mozilla Firefox 124.0.2
https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
* Fixed an issue where users with a large amount of bookmarks would
be unable to restore a bookmarks backup. (bmo#1884308)
* Fixed an issue that would cause open Firefox windows
to go blank or crash during video playback on sites such as
Netflix. (bmo#1883932)
* Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
* Fixed an issue where some users experienced difficulties loading
webpages due to changes made to the default AppArmor configuration
shipping in Ubuntu 24.04. (bmo#1884347)
==== aaa_base ====
Version update (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1)
Subpackages: aaa_base-extras
- Update to version 84.87+git20240402.16596d1:
* add alacritty to DIR_COLORS
* Make sure tput it present before resetting TERM
* Add mc helpers for both tcsh and bash resources
* Do not overwrite escape sequences for xterm like
* Check for valid TERM
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- Use full URLs for source tarball and signature.
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7
- Tag hardening patches as PATCH-FEATURE-OPENSUSE
==== avahi-glib2 ====
- Tag hardening patches as PATCH-FEATURE-OPENSUSE
==== bash ====
Subpackages: bash-doc bash-sh
- Help dependcy resolver to identify package split done with bash-sh
==== bubblewrap ====
Version update (0.8.0 -> 0.9.0)
- update to v0.9.0:
* Build system changed to Meson from Autotools
* Add --argv0
https://github.com/containers/bubblewrap/issues/91
* --symlink is now idempotent, meaning it succeeds if the symlink already
exists and already has the desired target
* Clarify security considerations in documentation
* Clarify documentation for --cap-add
* Report a better error message if mount(2) fails with ENOSPC
* Fix a double-close on error reading from --args, --seccomp or
- -add-seccomp-fd argument
* Improve memory allocation behaviour
==== c-ares ====
Version update (1.27.0 -> 1.28.1)
- c-ares 1.28.1
Features:
* Emit warnings when deprecated c-ares functions are used.
This can be disabled by passing a compiler definition of
`CARES_NO_DEPRECATED`. [PR #732]
* Add function `ares_search_dnsrec()` to search for records
using the new DNS record data structures. [PR #719]
* Rework internals to pass around `ares_dns_record_t` instead of
binary data, this introduces new public functions of
`ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730]
Changes:
* tests: when performing simulated queries, reduce timeouts
to make tests run faster
* Replace configuration file parsers with memory-safe parser. [PR #725]
* Remove `acountry` completely, the manpage might still get
installed otherwise. [Issue #718]
Bugfixes:
* CMake: don't overwrite global required libraries/definitions/includes
which could cause build errors for projects chain building c-ares.
[Issue #729]
* On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
and needs to be included separately. [PR #728]
* Fix a potential memory leak in `ares_init()`. [Issue #724]
* Some platforms don't have the `isascii()` function.
Implement as a macro. [PR #721]
* CMake: Fix Chain building if CMAKE runtime paths not set
* NDots configuration should allow a value of zero. [PR #735]
==== colord ====
Subpackages: colord-color-profiles libcolord2 libcolorhug2
- Tag hardening patch as PATCH-FEATURE-OPENSUSE.
==== coreutils ====
Version update (9.4 -> 9.5)
Subpackages: coreutils-doc
- Update to 9.5:
Bug fixes:
* chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
* cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
* cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
* join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
* numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
* mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
* sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
* split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
* tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
* timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
* timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
* wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
Changes in behavior:
* base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
* base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
* basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
* cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
* ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink
mode.
* numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
* pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
* wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
New features:
* chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
* chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other
systems.
* cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
* cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
* env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
* mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
- -no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
* od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
* tail now supports following multiple processes, with repeated --pid options.
Improvements:
* cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
* env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
* SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
* sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
* wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
- coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch.
- gnulib-readutmp-under-gdm.patch: Likewise.
- gnulib-readutmp.patch: Likewise.
- coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the
upstream version now handles those tests.
Pull in gnulib module mbchar manually, as it is a dependency of mbfile,
but dropped out of the upstream dependency chain.
- coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h.
- coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip
French test if TZ='Europe/Paris' does not work.
==== coreutils-systemd ====
Version update (9.4 -> 9.5)
- Update to 9.5:
Bug fixes:
* chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
* cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
* cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
* join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
* numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
* mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
* sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
* split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
* tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
* timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
* timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
* wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
Changes in behavior:
* base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
* base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
* basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
* cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
* ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink
mode.
* numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
* pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
* wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
New features:
* chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
* chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other
systems.
* cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
* cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
* env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
* mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
- -no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
* od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
* tail now supports following multiple processes, with repeated --pid options.
Improvements:
* cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
* env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
* SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
* sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
* wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
- coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch.
- gnulib-readutmp-under-gdm.patch: Likewise.
- gnulib-readutmp.patch: Likewise.
- coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the
upstream version now handles those tests.
Pull in gnulib module mbchar manually, as it is a dependency of mbfile,
but dropped out of the upstream dependency chain.
- coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h.
- coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip
French test if TZ='Europe/Paris' does not work.
==== cpio ====
Subpackages: cpio-mt
- Fix build with gcc14, bsc#1221712
* fix-gcc14.patch
==== evince ====
Subpackages: evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0
- Properly tag patches as PATCH-FIX-SLE.
==== fwupd ====
Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0
- dbxtool is built unconditionally on all architectures: move it
out of the condition in the files section and also
unconditionally provide/obsolete the old version.
==== gobject-introspection ====
Version update (1.80.0 -> 1.80.1)
Subpackages: girepository-1_0 libgirepository-1_0-1
- Update to version 1.80.1:
+ Require Python 3.8 when running mypy.
+ Ensure that POSIX types follow the target architecture.
+ Look for finish functions inside the list of constructors.
==== gtk4 ====
Version update (4.14.1 -> 4.14.2)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.14.2:
+ GtkScale: Improve positioning of values in some cases.
+ Theme: Make progress in entries visible.
+ Accessibility: Fix text insertion handling.
+ GDK:
- dnd: Use the default cursor durion motion
- dnd: Use a better cursor for indicating the move action
+ GSK:
- gl: Handle offloads in offscreen context better
- Fix text rendering problems with some fonts
+ Wayland:
- Tighten up some protocol version checks
- Use the presentation time protocol
- Fix a crash with subsurfaces
- Improve settings portal handling
+ Debugging: Add font settings in the inspector.
+ Demos:
- Clean up the application demo
- Update cursor images for the cursor demo
+ Updated translations.
==== harfbuzz ====
Version update (8.3.0 -> 8.4.0)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- update to version 8.4.0:
+ When subsetting, place variation store at the end of âGDEFâ
table to fix shaping issues with some versions of Adobe InDesign.
+ Various build fixes
- update to version 8.3.1:
+ Fix hb_style_get_value() in fonts with âSTATâ table
+ Properly handle negative offsets in CFF table
+ Update IANA Language Subtag Registry to 2024-03-07
+ Subsetter now supports subsetting âBASEâ table
+ Subsetter will update âhheaâ font metrics in sync with âOS/2â
ones.
+ â--variationsâ option of âhb-subsetâ now supports leaving out
values that should be unchanged, e.g. âwght=:500:â will change
the default and keep max and min unchanged. It also supports
â*=dropâ to to pin all axes to default location.
+ Fix hb_ot_math_get_glyph_kerning() to match updated âMATHâ
table spec.
+ Support legacy MacRoman encoding in âcmapâ table.
+ Various build fixes.
+ Various subsetting and instancing fixes.
==== installation-images-MicroOS ====
Version update (17.117 -> 17.120)
- merge gh#openSUSE/installation-images#704
- ensure crypto-policies postinstall script is run (bsc#1222235)
- 17.120
- merge gh#openSUSE/installation-images#702
- Require Mesa-dri
- 17.119
- merge gh#openSUSE/installation-images#703
- etc: update module.config to match 6.9
- 17.118
==== inxi ====
Version update (3.3.33 -> 3.3.33+3)
- Updated to version 3.3.33-1+3:
+ A quick point release, one critical bug fix, and a few new
features and enhancements.
+ Code cleanup.
- Add service to pull from git and avoid tarball release.
- Adjust spec file for service use.
==== kate ====
Subpackages: kate-plugins
- Add a couple recommended plugins to preview files in kate
==== kdsoap-qt6 ====
Version update (2.1.1 -> 2.2.0)
- update to 2.2.0:
* buildsystem - Add co-installability of Qt5 and Qt6 headers
back.
Installs Qt6 headers into their own subdirectory so client
code still works, but can be co-installed with Qt5 again.
* Add KDSoapClientInterface::setMessageAddressingProperties()
so that WS-Addressing support can be used with WSDL-generated
services (issue #254)
* Don't require a SOAP action in order to write addressing
properties (also issue #254)
* WSDL parser / code generator changes, applying to both client
and server side
* Improve -import-path
==== kernel-firmware ====
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319)
==== kernel-source ====
Version update (6.8.1 -> 6.8.4)
- Linux 6.8.4-rc1 (bsc#1012628).
- Revert "workqueue.c: Increase workqueue name length"
(bsc#1012628).
- Revert "workqueue: Move pwq->max_active to wq->max_active"
(bsc#1012628).
- Revert "workqueue: Factor out pwq_is_empty()" (bsc#1012628).
- Revert "workqueue: Replace pwq_activate_inactive_work() with
[__]pwq_activate_work()" (bsc#1012628).
- Revert "workqueue: Move nr_active handling into helpers"
(bsc#1012628).
- Revert "workqueue: Make wq_adjust_max_active() round-robin
pwqs while activating" (bsc#1012628).
- Revert "workqueue: RCU protect wq->dfl_pwq and implement
accessors for it" (bsc#1012628).
- Revert "workqueue: Introduce struct wq_node_nr_active"
(bsc#1012628).
- Revert "workqueue: Implement system-wide nr_active enforcement
for unbound workqueues" (bsc#1012628).
- Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU
in wq_update_node_max_active()" (bsc#1012628).
- Revert "workqueue: Shorten events_freezable_power_efficient
name" (bsc#1012628).
- commit 1089550
- Linux 6.8.3 (bsc#1012628).
- drm/vmwgfx: Unmap the surface before resetting it on a plane
state (bsc#1012628).
- wifi: brcmfmac: avoid invalid list operation when vendor attach
fails (bsc#1012628).
- media: staging: ipu3-imgu: Set fields before
media_entity_pads_init() (bsc#1012628).
- arm64: dts: qcom: sc7280: Add additional MSI interrupts
(bsc#1012628).
- remoteproc: virtio: Fix wdg cannot recovery remote processor
(bsc#1012628).
- clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
(bsc#1012628).
- smack: Set SMACK64TRANSMUTE only for dirs in
smack_inode_setxattr() (bsc#1012628).
- smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
(bsc#1012628).
- arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
(bsc#1012628).
- drm/vmwgfx: Fix possible null pointer derefence with invalid
contexts (bsc#1012628).
- arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5
microphones (bsc#1012628).
- serial: max310x: fix NULL pointer dereference in I2C
instantiation (bsc#1012628).
- drm/vmwgfx: Fix the lifetime of the bo cursor memory
(bsc#1012628).
- pci_iounmap(): Fix MMIO mapping leak (bsc#1012628).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
(bsc#1012628).
- media: mc: Add local pad to pipeline regardless of the link
state (bsc#1012628).
- media: mc: Fix flags handling when creating pad links
(bsc#1012628).
- media: nxp: imx8-isi: Check whether crossbar pad is non-NULL
before access (bsc#1012628).
- media: mc: Add num_links flag to media_pad (bsc#1012628).
- media: mc: Rename pad variable to clarify intent (bsc#1012628).
- media: mc: Expand MUST_CONNECT flag to always require an
enabled link (bsc#1012628).
- media: nxp: imx8-isi: Mark all crossbar sink pads as
MUST_CONNECT (bsc#1012628).
- md: use RCU lock to protect traversal in md_spares_need_change()
(bsc#1012628).
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1012628).
- arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping
(bsc#1012628).
- arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping
(bsc#1012628).
- cpufreq: amd-pstate: Fix min_perf assignment in
amd_pstate_adjust_perf() (bsc#1012628).
- thermal/intel: Fix intel_tcc_get_temp() to support negative
CPU temperature (bsc#1012628).
- powercap: intel_rapl: Fix a NULL pointer dereference
(bsc#1012628).
- powercap: intel_rapl: Fix locking in TPMI RAPL (bsc#1012628).
- powercap: intel_rapl_tpmi: Fix a register bug (bsc#1012628).
- powercap: intel_rapl_tpmi: Fix System Domain probing
(bsc#1012628).
- powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
(bsc#1012628).
- powerpc/smp: Increase nr_cpu_ids to include the boot CPU
(bsc#1012628).
- sparc64: NMI watchdog: fix return value of __setup handler
(bsc#1012628).
- sparc: vDSO: fix return value of __setup handler (bsc#1012628).
- crypto: qat - change SLAs cleanup flow at shutdown
(bsc#1012628).
- crypto: qat - resolve race condition during AER recovery
(bsc#1012628).
- selftests/mqueue: Set timeout to 180 seconds (bsc#1012628).
- pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name
(bsc#1012628).
- ext4: correct best extent lstart adjustment logic (bsc#1012628).
- drm/amdgpu/display: Address kdoc for 'is_psr_su' in
... changelog too long, skipping 1837 lines ...
- commit 6a29422
==== kirigami-addons6 ====
Version update (1.0.1 -> 1.1.0)
- Update to 1.1.0
* New FormCard delegate: FormColorDelegate
* New delegate container: FormCardDialog
* Fixed a newline bug in the AboutKDE component
* The default size of MessageDialog was decreased
* Fixed the autoplay of the video delegate for the maximized
album component
==== kmod ====
Version update (31 -> 32)
Subpackages: kmod-bash-completion libkmod2
- Update to release 32
* Drop python bindings
* Remove unmaintained experimental tool
- Drop upstreamed patches
* configure-Detect-openssl-sm3-support.patch
* man-depmod.d-Fix-incorrect-usr-lib-search-path.patch
* usr-lib-modprobe.patch
* kmod-Add-pkgconfig-file-with-kmod-compile-time-confi.patch
* tools-depmod-fix-Walloc-size.patch
* libkmod-remove-pkcs7-obj_to_hash_algo.patch
* usr-lib-modules.patch
* configure-Check-that-provided-paths-are-absolute.patch
- Refresh no-stylesheet-download.patch
==== krb5 ====
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
==== libapparmor ====
- Use full URLs for source tarball and signature.
==== libbpf ====
Version update (1.3.0 -> 1.4.0)
- update to 1.4.0:
* support for BPF token throughout low-level and high-level APIs
(see also LIBBPF_BPF_TOKEN_PATH envvar)
* struct_ops functionality around handling multi-kernel
compatibility using BPF CO-RE principles and approaches
* BPF arena map support
* support __arena tagged global variables, which are automatically
put into BPF arena map
* BPF cookie support for raw tracepoint BPF programs in attach APIs
loaded or created, respectively
* add SEC("sk_skb/verdict") support
* support global subprog argument tagging for for kprobe/uprobe,
and perf_event BPF program with newly added __arg_ctx,
__arg_nonnull, __arg_nullable, __arg_trusted, and __arg_arena
annotations
* add bpf_core_cast() macro, improving ergonomics of
bpf_rdonly_cast() BPF helper
* __long() macro added for specifying 64-bit values when declaring
BTF-defined maps
* better GCC-BPF support in BPF CO-RE macros in bpf_core_read.h header
* show specific error messages when attempting to
use struct bpf_program/bpf_map instances there were not loaded or
created
* fix inner map's max_entries setting logic
* btf_ext__raw_data() and btf__new_split() APIs are added back
* ignore DWARF sections in BPF linker sanity checks, improving
handling of some corner cases
* fix potential NULL dereference when handling corrupted ELF files.
==== libcanberra ====
Subpackages: canberra-gtk-play libcanberra-gtk-module-common libcanberra-gtk0 libcanberra-gtk2-module libcanberra-gtk3-0 libcanberra-gtk3-module libcanberra0
- Don't recommend the gtk modules unconditionally. They already have
conditional supplements.
- Switch from packageand(x:y) to boolean dependencies
- Use %license
==== libdeflate ====
Version update (1.19 -> 1.20)
- update to 1.20:
* Improved CRC-32 performance on recent x86 CPUs by adding
* VPCLMULQDQ-accelerated implementations using 256-bit and
512-bit vectors.
* Improved Adler-32 performance on recent x86 CPUs by adding
* VNNI-accelerated implementations using 256-bit and 512-bit
vectors.
* Improved CRC-32 and Adler-32 performance on short inputs.
* Optimized the portable implementation of Adler-32.
* Added some basic optimizations for RISC-V.
* Dropped support for gcc versions older than v4.9 (released in
2014) and clang versions older than v3.9 (released in 2016).
* Dropped support for CRC-32 acceleration on 32-bit ARM using
the ARMv8 pmull or crc32 instructions.
==== libdnf ====
Version update (0.73.0 -> 0.73.1)
Subpackages: libdnf-repo-config-zypp libdnf2
- version update to 0.73.1
* Bug fixes:
- Fix https://issues.redhat.com/browse/RHEL-27657
- subject-py: Fix memory leak
* Others:
- MergedTransaction: Calculate RPM difference between two same versions as no-op
- Onboard packit tests
- Add virtual destructor to TransactionItem
==== libproxy-backend ====
Version update (0.5.3 -> 0.5.4)
- Update to version 0.5.4:
+ Add golang link to application page.
+ Improve libproxy test coverage.
+ Improve coverage.
+ Specify library version more completely.
+ Use the correct separator character for Windows ProxyOverride.
+ Improve handling of Windows proxy settings.
+ Add curl option to the generated config for backend instead.
+ Set initial state to online.
+ Windows: Detect scheme presence in proxy URLs more robustly.
+ Fix broken WPAD proxy resolution.
==== libproxy-client ====
Version update (0.5.3 -> 0.5.4)
- Update to version 0.5.4:
+ Add golang link to application page.
+ Improve libproxy test coverage.
+ Improve coverage.
+ Specify library version more completely.
+ Use the correct separator character for Windows ProxyOverride.
+ Improve handling of Windows proxy settings.
+ Add curl option to the generated config for backend instead.
+ Set initial state to online.
+ Windows: Detect scheme presence in proxy URLs more robustly.
+ Fix broken WPAD proxy resolution.
==== libsrtp2 ====
Version update (2.5.0 -> 2.6.0)
- version update to 2.6.0
* remove use of pointers to 32bit values
* Cleaning up cmake and enabled more warnings.
* start using const on internal arguments
* Some srtp_driver fixes
* remove travis reference from README.md
* meson.build: implement mbedtls support
* iv length is constant so set only once
* Add x86 SIMD optimizations to crypto datatypes
* Add a missing typedef for stream list ctx
* cmake: Rename TEST_APPS as LIBSRTP_TEST_APPS option
* cmake: Support configuring as subproject
==== libssh2_org ====
- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
* Test the ETM feature in the remote end's configuration when
receiving data. Upstream issue: #1331.
* Add libssh2_org-ETM-remote.patch
- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
* Add libssh2_org-CVE-2023-48795-ext.patch
==== liburing ====
Version update (2.4 -> 2.5)
- Update to 2.5:
* Add support for io_uring_prep_cmd_sock()
* Add support for application allocated ring memory, for placing rings
in huge mem. Available through io_uring_queue_init_mem().
* Add support for registered ring fds
* Various documentation updates
* Various fixes
- Remove (they are upstream)
* test-io_uring_register-fix-errno-confusion-and-new-e.patch
* tests-don-t-expect-multishot-recv-overflow-backloggi.patch
- Add
* test-recv-multishot-wait-for-the-right-amount-of-CQE.patch (to fix test
errors on the 6.8.2 kernel)
* test-no-mmap-inval-0-return-is-fine-too.patch (fix the test)
==== libuv ====
Version update (1.47.0 -> 1.48.0)
- Update to version 1..48.0
* CVE-2024-24806: Improper Domain Lookup that potentially leads
to SSRF attacks (bsc#1219724)
* misc: remove deprecated stalebot file
* misc: ignore libuv-release-tool files
* build,win: remove extraneous -lshell32
* build,win: work around missing uuid.dll on MinGW
* build: disable windows asan buildbot
* build: add .cache clangd folder to .gitignore
* build: re-enable msvc-asan job on CI
* linux: disable io_uring on hppa below kernel 6.1.51
* linux: remove HAVE_IFADDRS_H macro
* linux: fix bind/connect for abstract sockets
* linux: retry fs op if unsupported by io_uring
* linux: disable io_uring on ppc64 and ppc64le
* unix,win: utility for setting priority for thread
* unix,win: fix read past end of pipe name buffer
* unix,win: fix busy loop with zero timeout timers
* unix,win: reset the timer queue on stop
* unix: ignore ifaddrs with NULL ifa_addr
* unix: unbreak macOS < 10.14
* unix: correct pwritev conditional
* unix: support full TCP keep-alive on Solaris
* unix: optimize uv__tcp_keepalive cpp directives
* freebsd: fix F_KINFO file path handling
* freebsd: fix build on non-intel archs
* aix: disable ipv6 link local
* aix,ibmi: use uv_interface_addresses instead of getifaddrs
* win: remove check for UV_PIPE_NO_TRUNCATE
* win: honor NoDefaultCurrentDirectoryInExePath env var
* win: stop using deprecated names
* win: replace c99 comments with c89 comments
* win: fix ESRCH implementation
* win/spawn: optionally run executable paths with no file
extension
* test: don't run tcp_writealot under msan
* test: check if ipv6 link-local traffic is routable
* test: skip tcp-write-in-a-row on IBM i
* test: empty strings are not valid IDNA
* test_fs.c: Fix issue on 32-bit systems using btrfs
* idna: fix compilation warning
* pipe: add back error handling to connect / bind
* fix: always zero-terminate idna output
* fix: reject zero-length idna inputs
* doc: move cjihrig to emeriti
* doc: add very basic Security Policy document
* Merge pull request from GHSA-f74f-cvh7-c6q6
- Remove ppc64-disable-liburing.patch because it was applied
in the current source code
==== libzypp ====
Version update (17.32.0 -> 17.32.2)
- Fixup New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
Fixed the name of the keyword to "support_superseded" as it was
agreed on in jsc#OBS-301.
- version 17.32.2 (32)
- Add resolver option 'removeUnneeded' to file weak remove jobs
for unneeded packages (bsc#1175678)
- version 17.32.1 (32)
==== llvm18 ====
Version update (18.1.2 -> 18.1.3)
- Update to version 18.1.3.
* Fixes ThreadSanitizer failures for glibc's LoongArch and
certain RISC-V ports when fstat is used.
* `transform.structured.convert_to_loops` now properly deletes
its target op.
* Fix a `llvm.usub.with.overflow.i128` wrong code generation
regression that was introduced with LLVM 18.1.0.
* MemorySanitizer on Linux can now run even when maximum-entropy
address-space layout randomization is configured globally (as
is becoming increasingly common). MemorySanitizer can
automatically re-exec ASLR-off for the process if needed,
instead of aborting.
* Fixed a Clang 18.x regression which increased binary size and
stack usage with `-ftrivial-auto-var-init`.
- Set directories for configuration files: /etc/clang for system-
wide configuration and ~/.config/clang for users. For details see
https://clang.llvm.org/docs/UsersManual.html#configuration-files.
- Use old conflicts/provides for python3-clang on Leap.
==== mpg123 ====
Version update (1.32.5 -> 1.32.6)
Subpackages: libmpg123-0 mpg123-openal
- Update to version 1.32.6
build:
* Detect forced 64 bit offsets on a dual-mode system that used
to default to 32 bits and drop ambiguous suffix-less symbols
in that case. This avoids subtle ABI breakage (causing
memory corruption) with existing binaries and instead has
them fail during runtime linking. You trigger that when
having -D_FILE_OFFSET_BITS=64 in your compiler flags during
mpg123 build.
==== nghttp2 ====
Version update (1.60.0 -> 1.61.0)
- version update to 1.61.0
* Fixes CVE-2024-28182 [bsc#1221399]
* nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
* Checkout with submodules by @jonaski in #2093
* Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
* build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
* Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
* docker: Use copy --link by @tatsuhiro-t in #2099
* Nghttpx header idle timeout by @tatsuhiro-t in #2100
* nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
* Rewrite hexdump by @tatsuhiro-t in #2102
* Switch to distroless/base-nossl by @tatsuhiro-t in #2103
* Bump ngtcp2 by @tatsuhiro-t in #2105
* nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
* build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
* autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
* Automate release process by @tatsuhiro-t in #2109
* autotools: Switch to tar-pax by @tatsuhiro-t in #2110
* nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
* nghttpx: Fix port byte order by @tatsuhiro-t in #2112
* h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
* nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
* nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
* Add actions/stale by @tatsuhiro-t in #2116
* nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
* nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
* No rfc7540 priority fix by @tatsuhiro-t in #2120
* Further reduce Stateless reset emission by @tatsuhiro-t in #2122
* nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
* Nghttpx faster worker lookup by @tatsuhiro-t in #2125
* nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
* bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
* cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
* nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
* nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
* Bump munit by @tatsuhiro-t in #2131
* nghttpx: Fix error message by @tatsuhiro-t in #2133
* nghttpd: Fix read stall by @tatsuhiro-t in #2134
- gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206)
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Use %config(noreplace) for sshd_config . In any case, it's
recommended to drop a file in sshd_config.d instead of editing
sshd_config (bsc#1221063)
- Use %{_libexecdir} when removing ssh-keycat instead of the
hardcoded path so it works in TW and SLE.
- Add crypto-policies support [bsc#1211301]
* Add patches:
- openssh-9.6p1-crypto-policies.patch
- openssh-9.6p1-crypto-policies-man.patch
==== orca ====
Version update (46.0 -> 46.1)
- Update to version 46.1:
+ Fix issue causing flat review clicking to fail in some Gtk
apps.
+ Fix regression in SayAll upon page load.
+ Fix presentation of new radio button groups.
+ Avoid triggering crash in Pidgin.
+ Fix issue in which Orca appeared to hang when where am I was
used immediately after page load of a large document.
==== pango ====
Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0
- added GraphicsMagick package as Recommends. The invocation of
pango-view with the ft2 backend requires the gm command found in
that package
==== plasma6-desktop ====
Subpackages: plasma6-desktop-emojier
- Add "-DBUILD_KCM_MOUSE_X11=OFF" for s390x
- Move touchpad and mouse configuration to all (also for s390x)
==== podman ====
Version update (4.9.3 -> 5.0.1)
- update to 5.0.1:
* Bugfixes
- Fixed a bug where rootless containers using the Pasta network
driver did not properly handle localhost DNS resolvers on the
host leading to DNS resolution issues (#22044).
- Fixed a bug where Podman would warn that cgroups v1 systems
were no longer supported on FreeBSD hosts.
- Fixed a bug where HyperV podman machine VMs required an SSH
client be installed on the system (#22075).
- Fixed a bug that prevented the remote Podman client's podman
build command from working properly when connecting from a
rootless client to a rootful server (#22109).
* Misc
- The HyperV driver to podman machine now fails immediately if
admin privileges are not available (previously, it would only
fail when it reached operations that required admin
privileges).
- Refactor network backend dependencies:
* require either cni or netavark for SLE-15-SP5 and lower
* require netavark for all other streams and fresh installations
even on older SLE systems for podman >= 5.0.0
- Drop slirp4netns, require passt instead for rootless networking
- Update to version 5.0.0:
* New release: v5.0.0
* Update RELEASE_NOTES.md with CVE-2024-1753 (bsc#1221677)
* [v5.0] Bump Buildah to v1.35.1
* Adjust to the standard location of gvforwarder used in new images
* Switch to 5.x WSL machine os stream using new automation
* rpm: use macro supported vendoring
* Bump to v5.0.0-dev
* Bump to v5.0.0-RC7
* Add release notes for v5.0.0-rc7
* fix invalid HTTP header values when hijacking a connection
* Use faster gzip for compression for 3x speedup for sending large contexts to remote
* pkg/machine: make checkExclusiveActiveVM race free
* pkg/machine/wsl: remove unused CheckExclusiveActiveVM()
* pkg/machine: CheckExclusiveActiveVM should also check for starting
* pkg/machine: refresh config after we hold lock
* rpm: update containers-common dep on f40+
* Change API socket to be machine name isolated
* Makefile: drop tests-included from validate target
* Add release notes for v5.0.0
* do not require policy.json
* Machine decompress.go refactoring follow-up
* Add target win-gvproxy in winmake.ps1
* Add final machine endpoint
* update API doc version to 5.0.0
* Bump to 5.0.0-dev
* Bump to 5.0.0-rc6
* docs: generate-systemd: add clarification statement
* docs: quadlet: improve docs on root/rootless dirs
* [CI:DOCS] performance: fix URL and kernel version requirement
* [CI:DOCS] Remove outdated references
* Add note for RHEL 8.5
* Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY]
* Update module github.com/go-jose/go-jose/v3 to v3.0.3 [SECURITY]
* Bump to v5.0.0-dev
* Bump to v5.0.0-rc5
* Fix Mac CI
* Complete policy.json inclusion
* Bump Buildah to v1.35.0
* podman compose: enable machine socket connection
* [CI:DOCS] Add farm command to commands list
* podman machine start/stop do not write config unlocked
* [CI:BUILD] Build universal Podman binary for Mac installer
* podman machine init: do not write config unlocked
* Fail on failures to close the file descriptors, and especially the SparseWriter
* Avoid reliance on fs.ErrClosed in SparseWriter users
* Fix the logic for detecting an unexpected close error
* vendor libhvee-0.7.0
* podman machine set: change options only locked
* Remove copySparseFile
* pkg/machine: fix relative DefaultPolicyJSONPath
* Don't read full VM File before decompressing
* [CI:DOCS] Fix windows installer action
* machine: make more use of strongunits
* Fix wrong units size return
* fix(deps): update github.com/containers/libhvee digest to 7cee23c
* [CI:DOCS] Migrate podman container image
* fix(deps): update module google.golang.org/protobuf to v1.33.0
* CI: try to fix more flakes
* [CI:BUILD] rpm: Put the podmansh(1) manual in the podmansh sub-package
* e2e: fix potential race in file-locks test
* Makefile: podman should have correct selinux label
* properly implement pull-error event status
* fix(deps): update module golang.org/x/tools to v0.19.0
* Resurrect auto-port reassignment, but for all providers
* Refactor env dir and port functions into new leaf pkgs
* fix(deps): update module golang.org/x/net to v0.22.0
* Revert "Expose as-tested Mac/Windows repository state"
* fix(deps): update module golang.org/x/term to v0.18.0
* Update podman-for-windows.md
* fix(deps): update github.com/containers/libhvee digest to 0ff33af
* machine init: print output to improve UX
* logformatter: fixes for Macintosh
* test/e2e: check for stderr errors in cleanup()
* Bump to FreeBSD 13.3 (13.2 vanished)
* Bump to v5.0.0-dev
* fix(deps): update module github.com/stretchr/testify to v1.9.0
... changelog too long, skipping 613 lines ...
* Change default QEMU CPU level to `qemu64` on Windows amd64
==== python-cryptography ====
Version update (42.0.4 -> 42.0.5)
- update to 42.0.5:
* Limit the number of name constraint checks that will be
performed in :mod:`X.509 path validation
participants (1)
-
Guillaume Gardet