Packages changed: 389-ds (2.4.0~git74.4297d88 -> 2.4.0~git113.84a845c) gnu-unifont-fonts google-noto-coloremoji-fonts opensc (0.23.0 -> 0.24.0) python-outcome (1.2.0 -> 1.3.0.post0) === Details === ==== 389-ds ==== Version update (2.4.0~git74.4297d88 -> 2.4.0~git113.84a845c) Subpackages: lib389 libsvrcore0 - Update to support newer obs-service-cargo-vendor - Update to version 2.4.0~git113.84a845c: * Issue 5980 - Improve instance startup failure handling (#5991) * Issue 5976 - Fix freeipa install regression with lmdb (#5977) * Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) * Issue 5984 - Crash when paged result search are abandoned (#5985) * Issue 5947 - CI test_vlv_recreation_reindex fails on LMDB (#5979) * Bump version to 2.5.0 * Issue 5971 - CLI - Fix password prompt for repl status (#5972) * Issue 5973 - Fix fedora cop RawHide builds (#5974) * Revert "Issue 5761 - Worker thread dynamic management (#5796)" (#5970) * Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) * Issue 5786 - Update permissions for Release workflow * Issue 5960 - Subpackages should have more strict interdependencies * Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) * Issue 4843 - Fix dscreate create-template issue (#5950) * bugfix for --passwd-file not working on latest version (#5934) * Issue 5843 - dsconf / dscreate should be able to handle lmdb parameters (#5943) * Bump postcss from 8.4.24 to 8.4.31 in /src/cockpit/389-console (#5945) * Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) * issue 5924 - ASAN server build crash when looping opening/closing connections (#5926) * Issue 1925 - Add a CI test (#5936) * Issue 5732 - Localizing Cockpit's 389ds Plugin using CockpitPoPlugin (#5764) * Issue 1870 - Add a CI test (#5929) * Issue 843 - Add a warning to slapi_valueset_add_value_ext (#5925) * Issue 5761 - Worker thread dynamic management (#5796) * Issue 1802 - Improve ldclt man page (#5928) * Issue 1456 - Add a CI test that verifies there is no issue (#5927) * Issue 1317 - Add a CI test (#5923) * Issue 1081 - CI - Add more tests for overwriting x-origin issue (#5815) * Issue 1115 - Add a CI test (#5913) * Issue 5848 - Fix condition and add a CI test (#5916) * Issue 5848 - Fix condition and add a CI test (#5916) * Issue 5914 - UI - server settings page validation improvements and db index fixes * Issue 5909 - Multi listener hang with 20k connections (#5917) * Issue 5902 - Fix previous commit regression (#5919) * pass instance correctly to ds_is_older (#5903) * Issue 5909 - Multi listener hang with 20k connections (#5910) * Issue 5722 - improve testcase (#5904) * Issue 5203 - outdated version in provided metadata for lib389 * Bug Description: ==== gnu-unifont-fonts ==== - add %reconfigure_fonts_prereq to the subpackages * required by the presence of the macro: %reconfigure_fonts_scriptlets -n ==== google-noto-coloremoji-fonts ==== - add %reconfigure_fonts_prereq * required by the presence of the macro: %reconfigure_fonts_scriptlets ==== opensc ==== Version update (0.23.0 -> 0.24.0) - Update to OpenSC 0.24.0: * Security - CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) - CVE-2023-40661: Important dynamic analyzers reports - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc) * General improvements - Fix compatibility of EAC with OpenSSL 3.0 (#2674) - Enable use_file_cache by default (#2501) - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) - Fix record-based files (#2604) - Fix several race conditions (#2735) - Run tests under Valgrind (#2756) - Test signing of data bigger than 512 bytes (#2789) - Update to OpenPACE 1.1.3 (#2796) - Implement logout for some of the card drivers (#2807) - Fix wrong popup position of opensc-notify (#2901) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * PKCS#11 - Check card presence state in C_GetSessionInfo (#2740) - Remove onepin-opensc-pkcs11 module (#2681) - Do not use colons in the token info label (#2760) - Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) - Use secure memory for PUK (#2906) - Don't logout to preserve concurrent access from different processes (#2907) - Add more examples to manual page (#2936) - Present profile objects in all virtual slots (#2928) - Provide CKA_TOKEN attribute for profile objects (#2924) - Improve --slot parameter documentation (#2951) * PKCS#15 - Honor cache offsets when writing file cache (#2858) - Prevent needless amount of PIN prompts from pkcs15init layer (#2916) - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Minidriver - Fix for private keys that do not need a PIN (#2722) - Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939* * pkcs11-tool - Fix RSA key import with OpenSSL 3.0 (#2656) - Add support for attribute filtering when listing objects (#2687) - Add support for --private flag when writing certificates (#2768) - Add support for non-AEAD ciphers to the test mode (#2780) - Show CKA_SIGN attribute for secret keys (#2862) - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) - Show Sign/VerifyRecover attributes (#2888) - Add option to import generic keys (#2955) * westcos-tool - Generate 2k RSA keys by default (b53fc5c) * pkcs11-register - Disable autostart on Linux by default (#2680) * IDPrime - Add support for IDPrime MD 830, 930 and 940 (#2666) - Add support for SafeNet eToken 5110 token (#2812) - Process index even without keyrefmap and use correct label for second PIN (#2878) - Add support for Gemalto IDPrime 940C (#2941) * EPass2003 - Change of PIN requires verification of the PIN (#2759) - Fix incorrect CMAC computation for subkeys (#2759, issue #2734) - Use true random number for mutual authentication for SM (#2766) - Add verification of data coming from the token in the secure messaging mode (#2772) - Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * OpenPGP - Fix select data command (#2753, issue #2752) - Unbreak ed/curve25519 support (#2892) * eOI - Add support for Slovenian eID card (eOI) (#2646) * Italian CNS - Add support for IDEMIA (Oberthur) tokens (#2483) * PIV - Add support for Swissbit iShield FIDO2 Authenticator (#2671) - Implement PIV secure messaging (#2053) * SkeID - Add support for Slovak eID cards (#2672) * isoApplet - Support ECDSA with off-card hashing (#2642) * MyEID - Fix WRAP operation when using T0 (#2695) - Identify changes on the card and enable use_file_cache (#2798) - Workaround for unwrapping using 2K RSA key (#2921) * SC-HSM - Add support for opensc-tool --serial (#2675) - Fix unwrapping of 4096 keys with handling reader limits (#2682) - Indicate supported hashes and MGF1s (#2827) - Remove patches: * opensc-CVE-2023-40660-1of2.patch * opensc-CVE-2023-40660-2of2.patch * opensc-CVE-2023-40661-1of12.patch * opensc-CVE-2023-40661-2of12.patch * opensc-CVE-2023-40661-3of12.patch * opensc-CVE-2023-40661-4of12.patch ... changelog too long, skipping 10 lines ... * opensc-NULL_pointer_fix.patch ==== python-outcome ==== Version update (1.2.0 -> 1.3.0.post0) - update to 1.3.0.post0: * Added type hints to the package. :py:class:`Value` and :py:class:`Outcome` are now generic. A type alias was also added (:py:data:`Maybe`) for the union of :py:class:`Value` and :py:class:`Error`. (#36)