Packages changed: gnutls (3.7.4 -> 3.7.5) gtk3 (3.24.33+12 -> 3.24.34) haproxy (2.5.6+git0.ba44b4312 -> 2.5.7+git0.2ef551d02) iptables (1.8.7 -> 1.8.8) libxkbcommon (1.4.0 -> 1.4.1) lsof openldap2 patterns-microos === Details === ==== gnutls ==== Version update (3.7.4 -> 3.7.5) - update to 3.7.5: * add options disable session ticket usage in TLS 1.2 because it does not provide forward secrecy * For TLS 1.3 where session tickets do provide forward secrecy, the PFS priority string now only disables session tickets in TLS 1.2. * Future backward incompatibility: in the next major release of GnuTLS those flag and modifier are planned to be removed * gnutls-cli, gnutls-serv: Channel binding for printing information has been changed from tls-unique to tls-exporter as tls-unique is not supported in TLS 1.3. * Certificate sanity checks has been enhanced to make gnutls more RFC 5280 compliant: * Removed 3DES from FIPS approved algorithms * Optimized support for AES-SIV-CMAC algorithms * libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode when used in TLS ==== gtk3 ==== Version update (3.24.33+12 -> 3.24.34) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 - Update to version 3.24.34: + Include legacy hicolor icons. + Fix the build with gcc 12. + X11: Trap errors when getting output properties. + Wayland: Ignore empty preedit updates. This fixes a problem with textview scrolling. + Updated translations. ==== haproxy ==== Version update (2.5.6+git0.ba44b4312 -> 2.5.7+git0.2ef551d02) - Update to version 2.5.7+git0.2ef551d02: * [RELEASE] Released version 2.5.7 * CLEANUP: mux-h1: Fix comments and error messages for global options * MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * CLEANUP: applet: make appctx_new() initialize the whole appctx * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * DOC/MINOR: fix typos in the lua-api document * BUG/MEDIUM: lua: fix argument handling in data removal functions * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * BUG/MINOR: ssl: Fix typos in crl-file related CLI commands * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts * BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts * BUG/MINOR: ssl/cli: fix "show ssl ca-file " not to mix cli+ssl contexts * BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts * BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: startup: usage() when no -cc arguments * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel * MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option * MINOR: connection: Add way to disable active connection closing during soft-stop * BUILD: compiler: properly distinguish weak and global symbols ==== iptables ==== Version update (1.8.7 -> 1.8.8) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Update to release 1.8.8 * Add iptables-translate support for: sctp match's - -chunk-types option, connlimit match, multiport match's - -ports option, and the tcpmss match. * Reject setuid executables in libxtables for safety reasons * Extended arptables-nft with -C, -I, -R, -S cmomands and the "-c N,M" counter syntax. * Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times * Improved performance of iptables-save and -restore ==== libxkbcommon ==== Version update (1.4.0 -> 1.4.1) - Update to release 1.4.1 * Fix compose sequence overriding (common prefix) not working correctly. Regressed in 1.2.0. * Remove various bogus currency sign (particulary Euro and Korean Won) entries from the keysym <-> Unicode mappings. They prevented the real keysyms/codepoints for these from mapping correctly. ==== lsof ==== - Fix hostname in reproducible builds, bsc#1199709 * remove-hostname.patch ==== openldap2 ==== - bsc#1199277 - Resolve segfault when calling new ctx with global ctx * 0017-Resolve-error-handling-in-new-ctx-when-global.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - NetworkManager 1.38.0 is split into different packages and doesn't require the wifi and wwan module, therefore added here as required. added NetworkManager-wifi to common and NetworkManager-wwan to DVD