Packages changed: ibus-table (1.17.0 -> 1.17.1) keylime (7.2.5 -> 7.3.0) libnftnl (1.2.5 -> 1.2.6) python-jsonschema (4.18.0 -> 4.18.3) redis (7.0.11 -> 7.0.12) rust-keylime (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627) snapper === Details === ==== ibus-table ==== Version update (1.17.0 -> 1.17.1) - Update version to 1.17.1 * Fix mypy warnings * Return empty program_name and window_title in get_active_window_xprop() when xprop results are unexpected (Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2215466) * Translation update from Weblate ==== keylime ==== Version update (7.2.5 -> 7.3.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime - Drop migrations_use_sa_text_for_raw_SQL.patch, merged upstream - Update to version v7.3.0: * Monthly release (7.3.0) * tenant: log cleanup and output improvements * mba: moving the boot event log parsing to the MBA subdirectory * Add secure mount sanity test to packit testing * templates: Set empty string as default value for tpm_ownerpassword * migrations: use sa.text for raw SQL * ima: only log the accept list on validation failure * ima: remove code used for reading the IMA log from disk * tpm: Move functions from tpm_astract.py to tpm_util.py * tpm: Move splitting of quote string into reusable function * tpm: Change default value of Hash parameter to Hash.SHA256 from None * [tests] Enable basic allowlist/excludelist test * installer.sh: update TPM2TOOLS_VER to 5.5 and cherry-pick patches to fix the bug of parsing for most newer logs with the tpm2_eventlog command. * web_util: Remove check for code being 'None' since it is always an int * verifier: Remove possibility for agent to be None and remove error case * verifier: Remove conversion of agent to dict * verifier: Remove possibility for agent to be None and remove error case * verifier: Remove check for agent is None since it cannot be None - Add migrations_use_sa_text_for_raw_SQL.patch to fix migrations in new SQLAlchemy versions ==== libnftnl ==== Version update (1.2.5 -> 1.2.6) - Update to release 1.2.6 * expr: meta: introduce broute meta expression ==== python-jsonschema ==== Version update (4.18.0 -> 4.18.3) - upgrade to 4.18.3: no changelog available, only a diff: https://github.com/python-jsonschema/jsonschema/compare/v4.18.2...v4.18.3 - upgrade to 4.18.2: * Fix an additional regression with the deprecated jsonschema.RefResolver and pointer resolution. - upgrade to 4.18.1: * Fix a regression with jsonschema.RefResolver based resolution when used in combination with a custom validation dialect (via jsonschema.validators.create). ==== redis ==== Version update (7.0.11 -> 7.0.12) - redis 7.0.12: * (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (bsc#1213193) * (CVE-2023-36824) Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249) * Re-enable downscale rehashing while there is a fork child * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction * Fix WAIT to be effective after a blocked module command being unblocked * Avoid unnecessary full sync after master restart in a rare case ==== rust-keylime ==== Version update (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627) Subpackages: keylime-ima-policy - Update to version 0.2.2+git.1689256829.3d2b627: * Bump version to 0.2.2 * build(deps): bump tempfile from 3.5.0 to 3.6.0 * removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal - Update to version 0.2.1+git.1689167094.67ce0cf: * cargo: Bump serde to version 1.0.166 * build(deps): bump libc from 0.2.142 to 0.2.147 * adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi * hash: add more configurable hash algorithm for public key digest * cargo: Update clap to version 4.3.11 * cargo: Bump tokio crate version to 1.28.2 * Add an example of IMA policy * main: Gracefully shutdown on SIGTERM or SIGINT * cargo: Bump proc-macro2 crate version * revocation: Parse revocation actions flexibly * crypto: Add unit tests for x509 functions * crypto: Make internal functions private * config: Add unit test for the list to files mapping * config: Make trusted_client_ca to accept lists * lib: Implement parser for lists from config file * build(deps): bump openssl from 0.10.48 to 0.10.55 * Add secure mount sanity test to packit testing. * [packit] Do not let COPR project expire ==== snapper ==== Subpackages: libsnapper7 snapper-zypp-plugin - document disadvantage of using network users and order services after nss-user-lookup (gh#openSUSE/snapper#823)