Packages changed: abseil-cpp (20240722.0 -> 20240722.1) filesystem fwupd (1.9.27 -> 2.0.4+4) gnome-terminal (3.54.2 -> 3.54.3) gtk3 (3.24.43 -> 3.24.48) hicolor-icon-theme (0.17 -> 0.18) keylime (7.11.0 -> 7.12.0) libphonenumber (8.13.40 -> 8.13.53) libpwquality liburing libvpx (1.14.1 -> 1.15.0) osinfo-db (20240701 -> 20250124) python-referencing (0.36.1 -> 0.36.2) qt6-multimedia qt6-shadertools rust-keylime (0.2.6+13 -> 0.2.7+1) serd (0.30.16 -> 0.32.2) sord (0.16.14 -> 0.16.16) vlc vte (0.78.2 -> 0.78.3) wtmpdb (0.13.0+git.20240814 -> 0.70.0+git20250121.3e409b5) === Details === ==== abseil-cpp ==== Version update (20240722.0 -> 20240722.1) Subpackages: libabsl_2407_0_0 libabsl_lite_2407_0_0 - update to 20240722.1 (boo#1236438) * potential integer overflow in hash container create/resize ==== filesystem ==== - add Provides: may-perform-usrmerge (bsc#1236481) - Add support for loongarch64 - Remove /usr/etc/skel/bin/ ==== fwupd ==== Version update (1.9.27 -> 2.0.4+4) Subpackages: typelib-1_0-Fwupd-2_0 - Update to version 2.0.4+4: + dell-kestrel: cleanup the devices when disconnected + Raise authentication requirements for emulation-load + uefi-dbx: Only list the version in the quirk file key - Update to version 2.0.4: + This release adds the following features: - Record the entire USB descriptor in the emulation data - Return defined return code when network metadata refresh fails + This release fixes the following bugs: - Add a new private flag of 'delayed-removal' to remove a footgun - Added a more specific instance ID for qc-s5gen2 USB devices - Add fadvise64 to the systemd syscall allowlist - Add the Unifying bootloader VID/PID as a full instance ID - Allow disabling zero-length packet for modem-manager devices - Allow recovering Logitech Bolt receiver in bootloader mode - Correctly parse CSV streams without trailing NULs - Detect if network is reachable before downloading metadata - Disabling reading the OptionROM device after dumping - Do not claim kernel interface to avoid Parade downstream port resets - Do not save BootOrder when measuring system integrity - Enumerate child nordic-hid devices correctly - Fix a possible critical warning for Mediatek scaler devices - Fix Firehose padding for some modem-manager devices - Fix UEFI capsule updates when using 4096 byte NVME blocksize - Get the Dell dock update package version correctly - Never read more of the composite stream from a partial stream - Notify snapd about DBX updates - Probe sd_mod before starting - Properly handle FU_DEVICE_PRIVATE_FLAG_NO_GENERIC_GUIDS - Remove the test for CSME 18 manufacturing lock - Restore the Logitech compatibility UFY instance IDs - Show the correct version when installing a same-device composite update - Show updates with problems when using 'fwupdmgr get-releases' - Split up the AMD GPU VBIOS P/N for the version - Use attr USB4_TYPE rather than guessing from thunderbolt_domain - Use the ISO date as a dbx version number for the Microsoft KEK - Use the KEK to set the dbx vendor ID ==== gnome-terminal ==== Version update (3.54.2 -> 3.54.3) Subpackages: nautilus-extension-terminal - Update to version 3.54.3: + ci: Add CI. - Drop obsolete and unused update-desktop-files BuildRequires: the corresponding macro is already removed in the past. ==== gtk3 ==== Version update (3.24.43 -> 3.24.48) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.48: + GtkFileChooser: Stop replacing : (colon) with U+2236 (ratio) + GtkEmojiChooser: Update to Unicode 16 / CLDR 46 + GtkSpinButton: - Use semantically appropriate icon names - Make numeric spin buttons always LTR + GtkEntry: - Stop guessing text direction from keyboard layout - Add a shortcut and context menu item to change text direction + GtkEventControllerMotion: Make enter and leave signals work + Accessibility: Use message dialog titles as names + GDK: Fix portal handling of gvfs files + Wayland: - Support the xdg_foreign_v2 protocol - Try to fix monitor geometry on sway - Improve font setting fallback - Use a better default cursor size - Fix a crash during DND + Updated translations. ==== hicolor-icon-theme ==== Version update (0.17 -> 0.18) - Update to version 0.18: * Provide a pkgconfig file * Create HiDPI directories * Port build system to Meson - Create devel subpackage for pkgconfig file - Create all directories under symbolic (needed by budgie-desktop) - Create 1024x1024 HiDPI directories ==== keylime ==== Version update (7.11.0 -> 7.12.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime - Update to version v7.12.0: * Bump version to 7.12.0 * API: Add /version endpoint to registrar * Remove unused registrar_common.py file * scripts: Download coverage data directly from Testing Farm * docs: Add separate documentation for each API version * scripts/create_runtime_policy.sh: fix path for the exclude list * docs: add documentation for keylime-policy * [Automatic] Update Keylime base image 2025-01-02 * templates: Add the new agent.conf option 'api_versions' * Enable autocompletion using argcomplete * build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 * test: remove typed-ast from test-requirements.txt * tests: fix rpm tests to account for older createrepo_c versions * Configure EPEL-10 repo in packit-ci.fmf * packit: Fix typo to run keylime-policy-commands test * build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1 * build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3 * docker/ci: Add xxd to the CI image * docker/ci: Fix CI image build for dnf5 * build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 * build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 * keylime-policy: improve error handling when provided a bad key (sign) * keylime-policy: exit with status 1 when the commands failed * keylime-policy: use Certificate() from models.base to validate certs * keylime-policy: check for valid cert file when using x509 backend (sign) * keylime-policy: fix help for "keylime-policy sign" verb * tenant: Correctly log number of tries when deleting * tests: Use Fedora 41 to generate code coverage * [Automatic] Update Keylime base image 2024-12-02 * update TCTI environment variable usage * build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 * keylime-policy: add `create measured-boot' subcommand * keylime-policy: add `sign runtime' subcommand * keylime-policy: add logger to use with the policy tool * docker/release/build_locally.sh: Fail if skopeo is not installed * installer.sh: Restore execution permission * installer: Fix string comparison * build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0 * build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 * build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0 * build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 * installer.sh: updated EPEL, PEP668 Fix, logic fix * build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 * postgresql support for docker using psycopg2 * [Automatic] Update Keylime base image 2024-11-04 * End of term for @maugustosilva + propose @ansasaki * installer.sh: update package list, add workaround for PEP 668 * build(deps): bump actions/checkout from 4.2.0 to 4.2.1 * keylime.conf: full removal * Drop pending SPDX-License-Identifier headers * create_runtime_policy: Validate algorithm from IMA measurement log * test_create_runtime_policy: Add test for mismatching algorithms * create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity * create_runtime_policy: drop commment with test data * create_runtime_policy: Use a common method to guess algorithm * keylime-policy: rename tool to keylime-policy instead of keylime_policy * keylime_policy: create runtime: remove --use-ima-measurement-list * keylime_policy: use consistent arg names for create_runtime_policy * tests: Add more tests to Packit CI * build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 * build(deps): bump actions/checkout from 4.1.7 to 4.2.0 * [Automatic] Update Keylime base image 2024-10-01 * elchecking/example: workaround empty PK, KEK, db and dbx * elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2 * create_runtime_policy: Fix log level for debug messages * build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 * build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 * pylintrc: Ignore too-many-positional-arguments check * keylime/web/base/controller: Move TypeAlias definition out of class * test_create_runtime_policy: Add tests for algorithm priority * test_create_runtime_policy: Add test case for symbolic links * create_runtime_policy: Calculate digests in multiple threads * create_runtime_policy: Allow rootfs to be in any directory * keylime_policy: Calculate digests from each source separately * create_runtime_policy: Simplify boot_aggregate parsing * ima: Validate JSON when loading IMA Keyring from string * docs: include IDevID page also in the sidebar * docs: point to installation guide from RHEL and SLE Micro * build(deps): bump actions/setup-python from 5.1.1 to 5.2.0 * build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 * change check_tpm_origin_check to a warning that does not prevent registration * docs: Fix Runtime Policy JSON schema to reflect the reality * README: update meeting time to 16:00 UK time * [Automatic] Update Keylime base image 2024-09-11 * Sets absolute path for files inside a rootfs dir * policy/create_runtime_policy: fix handling of empty lines in exclude list * keylime_policy: setting 'log_hash_alg' to 'sha1' (template-hash algo) * tests: apply workarounds to known bugs * codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright) * codestyle: convert bytearrays to bytes to get expected type (pyright) * codestyle: Use new variables after changing datatype (pyright) * Revert "DO NOT MERGE, TEMPORARY COMMIT" * [Automatic] Update Keylime base image 2024-08-16 * Lint: ignore reportArgumentType and reportInvalidTypeForm errors * docker: Install latest Keylime during image build * cert_utils: add description why loading using cryptography might fail * Enable test functional/iak-idevid-persisted-and-protected ... changelog too long, skipping 58 lines ... * verifier, tenant: make payload for agent completely optional ==== libphonenumber ==== Version update (8.13.40 -> 8.13.53) - Update to version 8.13.53: * Fixed a bug where the extension was appended twice in formatOutOfCountryKeepingAlphaChars in the Java version and updated FormatOutOfCountryKeepingAlphaChars in the C++ version to format the extension. * Updated metadata ==== libpwquality ==== Subpackages: libpwquality-tools libpwquality1 pam_pwquality - pwquality.conf moved from /etc/security to /usr/lib/security ==== liburing ==== - disable more tests on s390x ==== libvpx ==== Version update (1.14.1 -> 1.15.0) - Update to version 1.15.0: * Fix to Uninitialized scalar variable in `vp9_rd_pick_inter_mode_sb()` * Fix to Integer-overflow in `resize_multistep` * Fix to Heap-buffer-overflow in `vpx_sad64x64_avx2` * Fix to Crash in `vpx_sad8x8_sse2` * Fix to Assertion in `write_modes` * Support profile guided optimizations * Fix to Integer-overflow in `encode_frame_to_data_rate` * Fix to Integer-overflow in `vp9_svc_check_reset_layer_rc_flag` * Fix to core dump error from /usr/bin/tools/tiny_ssim --help * Fix to use-of-uninitialized-value in `vp9_setup_tpl_stats` * Fix to Undefined-shift in `vp9_cyclic_refresh_setup` * Fix to redundant `&& __GNUC__` preproc check * Fix to valgrind warning in EncodeAPI.OssFuzz69906 * Fix to Index-out-of-bounds in `vp8_rd_pick_inter_mode` * Fix to Integer-overflow in `vp8_pick_frame_size` * Fix to Use-of-uninitialized-value in `vpx_codec_peek_stream_info` * Fix to log clutters with the message "Warning: Desired height too large" * Fix to Integer-overflow in `vp9_svc_adjust_avg_frame_qindex` * Fix to integer overflows caused by huge target bitrate, frame rate, or g_timebase numerator or denominator * Fix to missing license headers * Fix to build failure for Android Armv7 * Fix to integer overflows in image helpers * Fix to Integer-overflow in `vp9_calc_iframe_target_size_one_pass_cbr` * Fix to Heap-buffer-overflow in `vp9_pick_inter_mode` * Fix to Segv in `vp9_multi_thread_tile_init` * Fix to Use-of-uninitialized-value in `vp9_row_mt_sync_mem_dealloc` * Fix to Crash in `mbloop_filter_vertical_edge_c` * Fix to Check failed in CheckUnwind * Fix to Heap-buffer-overflow in `write_modes_b` and `vpx_write` * Fix to Possible signed integer overflow found in `vpx_codec_encode` * Fix to build conflicts between Abseil and libaom/libvpx in Win ARM64 builds * Fix to build failures on aarch64 * Fix to Data race in libvpx ARM NEON * Fix to Heap-buffer-overflow in `scale_plane_1_to_2_phase_0` * Fix to integer overflow in `encode_mb_row` * Fix to Floating-point-exception in `vp8_pick_frame_size` * Fix to Heap-buffer-overflow in `vp9_enc_setup_mi` * Fix to build failure with --target=arm64-win64-vs17 * Fix to heap-buffer-overflow write in `vpx_img_read()` * Fix to C vs armv8-linux-gcc encode mismatches for `y4m_360p_10bit_input` * Fix to Null-dereference READ in `ml_predict_var_rd_partitioning` * Fix to Heap-buffer-overflow in `vpx_scaled_2d_ssse3` * Fix to Crash in `convolve_horiz` * Fix to Ill in `vpx_scaled_2d_ssse3` * Fix to Global-buffer-overflow in `cost_coeffs` ==== osinfo-db ==== Version update (20240701 -> 20250124) - Update to database version 20250124 (jsc#PED-8910) osinfo-db-20250124.tar.xz - Drop patches contained in new tarball add-opensuse-leap-15.6-support.patch add-sle15sp6-support.patch add-slem5.5-support.patch ==== python-referencing ==== Version update (0.36.1 -> 0.36.2) - Update to version 0.36.2: * Release using the newer twine release to preserve PEP 639 license metadata. ==== qt6-multimedia ==== Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports - Fix license. ==== qt6-shadertools ==== - Fix license. ==== rust-keylime ==== Version update (0.2.6+13 -> 0.2.7+1) - Update to version 0.2.7+1: * dist: Enable logging for keylime library in the service * Bump version to 0.2.7 * scripts: Download coverage data from Testing Farm directly * main: Remove unnecessary lifetime * cargo: Bump pretty_env_logger to version 0.5.0 * scripts: Fix regex in download_packit_coverage.sh * cargo: Bump clap crate to version 4.5.23 * cargo: Bump base64 crate to version 0.22.1 * build(deps): bump log from 0.4.22 to 0.4.25 * build(deps): bump serde_json from 1.0.133 to 1.0.135 * cargo: Bump tokio crate to version 1.42.0 * packit: Fix RPM builds on copr * cargo: Bump thiserror crate to version 0.2.9 * cargo: Update reqwest to version 0.12.12 * build(deps): bump libc from 0.2.168 to 0.2.169 * build(deps): bump glob from 0.3.1 to 0.3.2 * version: Implement API version validation and ordering * main: Support using multiple API versions for registration * keylime: Introduce the registrar_client module * Provide endpoints under multiple API versions * Move 'serialization' module to the keylime library * Drop unnecessary dependency on common::API_VERSION * keylime-agent.conf: Bump version to 2.3 * build(deps): bump serde from 1.0.210 to 1.0.217 * build(deps): bump pest_derive from 2.7.14 to 2.7.15 * build(deps): bump pest from 2.7.14 to 2.7.15 * build(deps): bump libc from 0.2.167 to 0.2.168 * config: Make IAK and IDevID certificates optional * Fix warnings reported by clippy * workflows: Run job in the CI container directly * tests: Add unit test for device ID builder * main: Move IAK/IDevID related code to dedicated module * tests: Add script to generate IAK and IDevID certificates * build(deps): bump openssl from 0.10.66 to 0.10.68 * build(deps): bump uuid from 1.10.0 to 1.11.0 * build(deps): bump serde_json from 1.0.128 to 1.0.133 * build(deps): bump actix-web from 4.5.1 to 4.9.0 * build(deps): bump reqwest from 0.12.7 to 0.12.9 * tests/setup_swtpm.sh: Add script to setup temporary TPM * Use a single TPM context and avoid race conditions during tests * config: Enable passing a hostname instead of IP * build(deps): bump clap from 4.3.11 to 4.5.21 * build(deps): bump tempfile from 3.10.1 to 3.14.0 * build(deps): bump pest_derive from 2.7.6 to 2.7.14 * build(deps): bump pest from 2.7.6 to 2.7.14 * build(deps): bump codecov/codecov-action from 4 to 5 * workflows: Submit the coverage for merged PR from Fedora 41 * tests: Use Fedora 41 to generate code coverage * api: Make API configuration modular * agent_handler: Move the /agent scope configuration * notifications_handler: Move the /notifications scope configuration * quotes_handler: Move the /quotes scope configuration to quotes_handler * keys_handler: Move /keys scope configuration to keys_handler * Use ${DESTDIR} for config * Fix showing wrong UUID * build(deps): bump actix-rt from 2.9.0 to 2.10.0 * config: Refactor AgentConfig Source trait implementation * build(deps): bump log from 0.4.21 to 0.4.22 * build(deps): bump serde_json from 1.0.120 to 1.0.128 * tpm: check if EK certificate has valid ASN.1 DER encoding * build(deps): bump futures from 0.3.27 to 0.3.31 * cargo: Bump reqwest to version 0.12.7 * build(deps): bump serde from 1.0.203 to 1.0.210 * tests: Add more tests to Packit CI * build(deps): bump docker/build-push-action from 5 to 6 * tests: apply workarounds to known bugs ==== serd ==== Version update (0.30.16 -> 0.32.2) - Update to 0.32.2 * Enable clang nullability checks * Fix writing empty list objects within blank nodes - Set build docs for TW only as it requires sphixygen since now - Refresh 001-serd-docdir.patch - Update to 0.32.0 * Add Windows path separator support to serd_node_new_file_uri() * Add long "help" and "version" options to serdi * Add options to disable html or singlehtml documentation * Add serd_reader_skip_until_byte() to public API * Allow SERD_API to be defined by the user * Avoid creating test files in the current directory * Avoid using ASCII grave as a quote * Check for POSIX features with the build system * Clean up and improve test suite * Clean up code * Fix crash when trying to read chunks without starting * Fix hang when skipping an error at EOF when lax parsing * Fix incorrect parsing of strange quote escape patterns * Fix possible hang when writing nested Turtle lists * Fix potential memory leaks when a write is aborted * Fix relative URI creation * Gracefully handle bad characters in Turtle blank node syntax * Gracefully handle bad characters in Turtle datatype syntax * Improve TriG pretty-printing and remove trailing newlines * Improve pretty-printing of lists and inline subjects * Improve serdi man page * Improve writer error handling * Make URI writing stricter by default * Make serd_reader_read_chunk() work with NQuads * Override pkg-config dependency within meson * Remove junk files from documentation install * Remove support for writing Turtle named inline nodes extension * Replace duplicated dox_to_sphinx script with sphinxygen dependency * Test header for warnings more strictly * Update standard test suites ==== sord ==== Version update (0.16.14 -> 0.16.16) - remove 67bcd63bda9d7b095489a09b9880aa730ddb5488.patch now upstream - update to 0.16.16 * Allow SORD_API to be defined by the user * Fix command line help interface of sord_validate * Fix dependencies in pkg-config file * Override pkg-config dependency within meson * Port sord_validate to pcre2 * Switch to external zix dependency ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-noX vlc-qt - Drop opencv sub-package, and hence no longer needed pkgconfig(opencv) BuildRequires and various provides, Supplements and Conflicts. ==== vte ==== Version update (0.78.2 -> 0.78.3) - Update to version 0.78.3: + widget: Guard signal disconnect on non-null object + widget: Scroll the alternate screen into the viewport ==== wtmpdb ==== Version update (0.13.0+git.20240814 -> 0.70.0+git20250121.3e409b5) Subpackages: libwtmpdb0 - Update to version 0.70.0+git20250121.3e409b5: * Fix installation of all wtmpdbd man page variants * Release version 0.70.0 * Add wtmpdbd.8 manual page * wtmpdbd: fix printing help text * wtmpdbd: more fine granular log level filtering * wtmpdbd: implement varlink_event_loop_with_idle * wtmpdbd.socket: fix socket descriptor name * meson: no longer check for v258 sd-varlink function - Update to version 0.60.0+git20250120.64d23d8: * Release version 0.60.0 * Merge reader/write socket to one generic one * wtmpdbd: add Ping, SetLogLevel and GetEnvironment - Update to version 0.50.0+git20250117.a9b48cf: * wtmpdbd.service: secure more * wtmpdb: Implement json output for last (#20) - Update to version 0.50.0+git20250110.cbabeb7: * Harden wtmpdbd.service * libwtmpdb: fallback to sqlite if SELinux blocks varlink socket - Update to version 0.50.0+git20250110.12da60f: * Release version 0.50.0 * README: add wtmpdbd * wtmpdbd: Print stopped message * wtmpdbd.service: preset WTMPDBD_OPTS * wtmpdbd: don't call listen if started by a socket * tst-varlink: skip if varlink is not supported * libwtmpdb: set varlink_is_active to 0 without systemd * libwtmpdb: always define varlink checks * wtmpdb: define quiet only if we have systemd * libwtmpdb: return error if varlink support is missing * Send sd_notify(STOPPING=1); * Check if systemd has sd_varlink_server_listen_name() * wtmpdbd.service: optional read /etc/default/wtmpdbd * wtmpdbd: simplify creation of varlink sockets * Set umaks with varlink to 0077, improve error reporting * wtmpdbd: enable to start via sockets * libwtmpdb: handle ECONNRESET as wtmpdbd not running * libwtmpdb: fix crash in varlink if error==NULL * Install daemon in libexec directory * tst-get_id: skip if there is no db file * libwtmpdb: improve error return code * db path "varlink" will enforce varlink interface * Add service and socket files * wmtpdb: call wtmpdb_* functions with NULL as path * wtmpdbd: add socket activation * Implement varlink read_all client side * Make wtmpdbd support compiletime config * Add daemon using varlink for communication * Document that openssh is special * libwtmpdb: create wrapper around sqlite functions * Make mkdir_p more robust