New MicroOS snapshot 20230823 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20230823 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: gnutls (3.8.0 -> 3.8.1) gpgme (1.21.0 -> 1.22.0) mutter python-pexpect xz === Details === ==== gnutls ==== Version update (3.8.0 -> 3.8.1) - Fix missing GNUTLS_NO_EXTENSIONS compatibility. * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634 * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch - tests: Fix the SRP test that fails with SIGPIPE signal return due to a socket being closed before using it. * Add gnutls-srp-test-SIGPIPE.patch - Update to version 3.8.1: * libgnutls: ClientHello extensions are randomized by default To make fingerprinting harder, TLS extensions in ClientHello messages are shuffled. As this behavior may cause compatibility issue with legacy applications that do not accept the last extension without payload, the behavior can be reverted with the %NO_SHUFFLE_EXTENSIONS priority keyword. * libgnutls: Add support for RFC 9258 external PSK importer. This enables to deploy the same PSK across multiple TLS versions (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application needs to set up a callback that formats the PSK identity using gnutls_psk_format_imported_identity(). * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to %GNUTLS_NO_DEFAULT_EXTENSIONS. * libgnutls: Add additional PBKDF limit checks in FIPS mode as defined in SP 800-132. Minimum salt length is 128 bits and minimum iterations bound is 1000 for PBKDF in FIPS mode. * libgnutls: Add a mechanism to control whether to enforce extended master secret (RFC 7627). FIPS 140-3 mandates the use of TLS session hash (extended master secret, EMS) in TLS 1.2. To enforce this, a new priority keyword %FORCE_SESSION_HASH is added and if it is set and EMS is not set, the peer aborts the connection. This behavior is the default in FIPS mode, though it can be overridden through the configuration file with the "tls-session-hash" option. In either case non-EMS PRF is reported as a non-approved operation through the FIPS service indicator. * New option --attime to specify current time. To make testing with different timestamp to the system easier, the tools doing certificate verification now provide a new option - -attime, which takes an arbitrary time. * API and ABI modifications: gnutls_psk_client_credentials_function3: New typedef gnutls_psk_server_credentials_function3: New typedef gnutls_psk_set_server_credentials_function3: New function gnutls_psk_set_client_credentials_function3: New function gnutls_psk_format_imported_identity: New function GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-jitterentropy.patch * Remove patches merged/fixed upstream: - gnutls-FIPS-PCT-DH.patch - gnutls-FIPS-PCT-ECDH.patch ==== gpgme ==== Version update (1.21.0 -> 1.22.0) Subpackages: libgpgme11 libgpgmepp6 python311-gpg - Fix builds with qt and qt6 [T6673]: * qt,tests: Fix build in source directory. Include Qt binding sources before C++ binding sources and C sources. This fixes the problem that the debug.h in the C sources was found before the one in the Qt bindings. * build: Suggest out-of-source build. Suggest to run configure from a build subdirectory. * Add patches: - gpgme-qt-tests-Fix-build-in-source-directory.patch - gpgme-build-Suggest-out-of-source-build.patch - Update to 1.22.0: * Prevent wrong plaintext when verifying clearsigned signature. * Return bad data error instead of general error on unexpected data. * Take care of offline mode for all operations of gpgsm engine. * Prepare the use of the forthcoming libassuan version 3. * New configure option --with-libtool-modification. * cpp: Expose gpgme_decrypt_result_t.is_mime. * qt: Clean up after failure or cancel of sign/encrypt archive operation. * qt: Add setInputEncoding to QGpgMe::EncryptJob. * qt: Make toLogString helper public. * Interface changes relative to the 1.21.0 release: - qt: EncryptJob::setInputEncoding NEW. - qt: DecryptionResult::isMime NEW. - qt: toLogString NEW. ==== mutter ==== Subpackages: mutter-lang - Add mutter-revert-window_draw_issues.patch: Revert commit 43cee4b6: Do clipped redraws when drawing offscreen (boo#1210744, glgo#GNOME/mutter#2771). ==== python-pexpect ==== - add 31fab7b0edbe9b3401507b5dfa4db6aaf3fabca5.patch dae602d37493bae239e0e8db5b3dabafebfd59db.patch: python 3.12 compat ==== xz ==== Subpackages: liblzma5 xz-lang - xznew: Remove bashsism. - build: pass CONFIG_SHELL=/bin/sh to configure: the posix tools are setting the current SHELL as the shebang, which is overkill: any posix compliant shell, aka /bin/sh, is sufficient.
participants (1)
-
Richard Brown