Packages changed: MicroOS-release (20250117 -> 20250118) gnome-control-center libsoup (3.6.3 -> 3.6.4) llvm19 (19.1.6 -> 19.1.7) python-rpds-py (0.21.0 -> 0.22.3) rsync (3.3.0 -> 3.4.1) skopeo (1.16.1 -> 1.17.0) suse-module-tools (16.0.55 -> 16.0.56) === Details === ==== MicroOS-release ==== Version update (20250117 -> 20250118) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa - Recommend ppd-server instead of power-profiles-daemon: there is also tuned-ppd, which provides the same dbus interface. If the user does not chose between the two, we suggest the original power-profiles-daemon. - Fix escaping of commented out patch: with RPM 4.20, %patch becomes a standard, expandable macro, that can span more than one line. Commenting out with #%patch can thus lead to invalid results. ==== libsoup ==== Version update (3.6.3 -> 3.6.4) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Update to version 3.6.4: + http2: Fix regression on 32bit systems when reading response data. ==== llvm19 ==== Version update (19.1.6 -> 19.1.7) - Update to version 19.1.7. * This release contains bug-fixes for the LLVM 19.1.0 release. This release is API and ABI compatible with 19.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== python-rpds-py ==== Version update (0.21.0 -> 0.22.3) - Update to version 0.22.3: * Properly tag a release fixing the soundness issue. * Bump to PyO3 0.23.3, avoiding 0.23.x's previous soundness issues. * [pre-commit.ci] pre-commit autoupdate - Update to version 0.22.1: * Tag a release for regaining all the Windows wheels. * ci: separate free-threaded and standard 3.13 distribution builds * Bump pyo3 from 0.23.1 to 0.23.2 - Update to version 0.22.0: * Bump to 0.22.0 for a free-threading-supported beta release. * Enable free-threaded wheel builds * [pre-commit.ci] pre-commit autoupdate * [pre-commit.ci] auto fixes from pre-commit.com hooks * revert changes to wheel-building config * work around CPython issue 127065 * declare support for free-threading * [pre-commit.ci] pre-commit autoupdate * Bump pyo3 from 0.23.0 to 0.23.1 * Build on all branches. * Skip zizmor in pre-commit.ci as well. * add 3.13t to CI config * point Cargo.toml at pyo3 0.23 on crates.io * update rpds.py for PyO3 0.23 * [pre-commit.ci] pre-commit autoupdate * Bump the zizmor version. ==== rsync ==== Version update (3.3.0 -> 3.4.1) - Update to 3.4.1 * BUG FIXES: - fixed handling of -⁠H flag with conflict in internal flag values - fixed a user after free in logging of failed rename - fixed build on systems without openat() - removed dependency on alloca() in bundled popt * DEVELOPER RELATED: - fix to permissions handling in the developer release script - Drop 705.patch, because now in upstream. - update to 3.4.1 * fixed handling of -H flag with conflict in internal flag values (replaces 705.patch) * fixed a user after free in logging of failed rename * fixed build on systems without openat() * removed dependency on alloca() in bundled popt - Backport patch from PR 705 to fix broken handling of hashes and hard links: * Add 705.patch - Update to 3.4 * Bump to protocol 32 Drop CVE patches: * Drop rsync-gcc14.patch * Removed rsync-CVE-2024-12084-overflow-01.patch * Removed rsync-CVE-2024-12084-overflow-02.patch * Removed rsync-CVE-2024-12085.patch * Removed rsync-CVE-2024-12086_01.patch * Removed rsync-CVE-2024-12086_02.patch * Removed rsync-CVE-2024-12086_03.patch * Removed rsync-CVE-2024-12086_04.patch * Removed rsync-CVE-2024-12087_01.patch * Removed rsync-CVE-2024-12087_02.patch * Removed rsync-CVE-2024-12088.patch * Removed rsync-CVE-2024-12747.patch - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links * Added rsync-CVE-2024-12747.patch - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass * Added rsync-CVE-2024-12084-overflow-01.patch * Added rsync-CVE-2024-12084-overflow-02.patch * Added rsync-CVE-2024-12085.patch * Added rsync-CVE-2024-12086_01.patch * Added rsync-CVE-2024-12086_02.patch * Added rsync-CVE-2024-12086_03.patch * Added rsync-CVE-2024-12086_04.patch * Added rsync-CVE-2024-12087_01.patch * Added rsync-CVE-2024-12087_02.patch * Added rsync-CVE-2024-12088.patch ==== skopeo ==== Version update (1.16.1 -> 1.17.0) - Update to version 1.17.0: * Bump to c/Skopeo v1.17.0 * Bump c/common to v0.60.0 * fix(deps): update module github.com/containers/image/v5 to v5.33.0 * Trigger a rebuild of the ostree-rs-ext container * Update contrib/cirrus/ostree_ext.dockerfile for DNF 5 * update CI images to f41 * cirrus: use dnf remove over erase * fix(deps): update golang.org/x/exp digest to f66d83c * fix(deps): update module github.com/containers/storage to v1.55.1 (fixes CVE-2024-9676 / bsc#1231698) * Fix format string inconsistency causing a build failure * proxy: Add various debug logging * chore(deps): update dependency containers/automation_images to v20241010 * * Added option to create digest file for syncing images. * Digest file output would have docker reference of source and sha of of the mainfest sync'd with the target. This file would not be created if dry-run flag is enabled * improved the sync document to include the correct output for manifest file. * added new line for the manifest file once all images are sync'd * Ensuring we log on manifest digest if the copy operation was successful. * Check for errors if any once sync process is complete. * Ensure to capture the failure when closing the manifest file. * Ensure we are not writing manifest sha for failed copy of imagesand aborting the process in case write to file fails * Packit: constrain downstream koji job to fedora package * fix(deps): update module golang.org/x/term to v0.25.0 * fix(deps): update module github.com/containers/common to v0.60.4 * fix(deps): update golang.org/x/exp digest to 701f63a * vendor: switch to moby/sys/capability (#2428) * Document that zstd:chunked is downgraded to zstd when encrypting * fix(deps): update module github.com/containers/common to v0.60.3 * Packit: split out ELN jobs and reuse fedora downstream targets * Packit: Enable sidetags for bodhi updates * chore(deps): update dependency golangci/golangci-lint to v1.61.0 * fix(deps): update module golang.org/x/term to v0.24.0 * Use a range expression * Update to Go 1.22 * Restrict Packit targets to those that support Go 1.22 * fix(deps): update golang.org/x/exp digest to 9b4947d * chore(deps): update dependency containers/automation_images to v20240821 * Update skopeo-generate-sigstore-key.1.md * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3 * fix(deps): update module github.com/masterminds/semver/v3 to v3.3.0 * fix(deps): update module github.com/containers/common to v0.60.2 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2 * fix(deps): update module github.com/containers/image/v5 to v5.32.2 * Replace egrep with grep -E * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.1 * fix(deps): update module github.com/containers/common to v0.60.1 * fix(deps): update module github.com/containers/image/v5 to v5.32.1 * fix(deps): update module golang.org/x/term to v0.23.0 * The fakeroot package doesn't exist in RHEL. * Bump Skopeo to v1.17.0-dev - drop merged patch: * 0001-Update-container-storage-to-v1.55.1.patch ==== suse-module-tools ==== Version update (16.0.55 -> 16.0.56) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.56: * rpm-script: create /boot/vmlinuz and /boot/initrd in kiwi environment (bsc#1234275, bsc#1234759)