18871 moderate openSUSE Backports SLE-15-SP6 Update This update adds python3-css-parser for supporting the python 3.6 version of python-css-parser python3-css-parser-1.0.7-bp156.2.1.noarch.rpm python3-css-parser-1.0.7-bp156.2.1.src.rpm 18881 moderate openSUSE Backports SLE-15-SP6 Update This update for obs-service-go_modules fixes the following issues: Packaging improvements: * Fixes boo#1241065: Update Requires: python3-libarchive-c >= 4 adding minimum version to ensure API compatibility new function signature first released in python3-libarchive-c version 4.0: old: new_archive_read_disk(path, **kw) new: with new_archive_read_disk(path, flags, lookup) Runtime error raised: TypeError: new_archive_read_disk() got an unexpected keyword argument 'mtime' Update to version 0.6.6: * Preserve symlinks on shutil.copytree archive to tempdir refs #66 Update to version 0.6.5: * feat: allow `archive` be name of the subdirectory * ignore directories containing '.git' when searching for the basename (#51) * doc(README): osc service disabled has been disabled * Make output archives more reproducible Update go toolchain to Requires: golang(API) >= 1.24 (#1240130): * Recent go toolchain versions enforce use of the minimum toolchain version specified in go.mod * Minimum toolchain requirements are in effect for go commands as well as unit compilation * Users running a version older than specified may see error: go: go.mod requires go >= 1.24.1 (running go 1.22.2; GOTOOLCHAIN=local) * This package and others which call go toolchain commands will need timely updates to the latest version * Closes https://github.com/openSUSE/obs-service-go_modules/issues/62 Update go toolchain to Requires: golang(API) >= 1.22 (boo#1240130): * Recent go toolchain versions enforce use of the minimum toolchain version specified in go.mod * Minimum toolchain requirements are in effect for go commands as well as unit compilation * Users running a version older than specified may see error: go: go.mod requires go >= 1.22 (running go 1.21.10; GOTOOLCHAIN=local) * This package and others which call go toolchain commands will need timely updates to the latest version * Reported by Sheng Huang (psheng) * Closes https://github.com/openSUSE/obs-service-go_modules/issues/49 Update to version 0.6.4: * go_modules: allow globbing in the "archive" name field * Reformat with black 23.x Use BuildRequires: golang(API) >= 1.21 instead of go >= 1.21 * The recommended Go toolchain dependency expression is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go * The go metapackage points to a single go version that increments at a date TBD after each go1.x major release. The expression golang(API) is available immediately upon each go1.x major release and is stable for expressing the minimum version or a temporarily pinned version. * Refs boo#1214933 * Refs https://github.com/openSUSE/obs-service-go_modules/issues/33 - Require go1.21 to make sure it works with go.mod files that contain a three-digit-version (e.g. 1.21.1). Fixes boo#1214933 and https://github.com/openSUSE/obs-service-go_modules/issues/33 obs-service-go_modules-0.6.6-bp156.2.3.1.noarch.rpm obs-service-go_modules-0.6.6-bp156.2.3.1.src.rpm 18886 moderate openSUSE Backports SLE-15-SP6 Update This update for awf-gtk2, awf-gtk3, awf-gtk4, human-theme-gtk fixes the following issues: Changes in awf-gtk2: - New upstream release (3.0.0) * add support for CSD window * add --enable-only-gtkx and --disable-gtkx options * add headerbar for CSD window * stop spinner and remove -n option * add bash autocomplete script Changes in awf-gtk3: - New upstream release (3.0.0) * add support for CSD window * add --enable-only-gtkx and --disable-gtkx options * add headerbar for CSD window * stop spinner and remove -n option * add bash autocomplete script Changes in awf-gtk4: - New upstream release (3.0.0) * add support for CSD window * add --enable-only-gtkx and --disable-gtkx options * add headerbar for CSD window * stop spinner and remove -n option * add bash autocomplete script Changes in human-theme-gtk: - New upstream release (2.4.0) * (gtk 3 and 4) fix/update design of headerbar * (gtk 3 and 4) fix/update design of CSD window * (gtk 3 and 4) fix position of check/radio in menuitem * (gtk 3 and 4) fix rtl menu with only check/radio * (gtk 3) fix/update design for Mate notifications - It works: with or without compositor, with or without CSD windows and with or without gtk3-classic/gtk4-classic - The best with gtk3-classic and gtk4-classic * (gtk 3 and 4) automatic min-width/min-height from text for progressbars, with dual text color, without excessive cpu usage awf-gtk2-3.0.0-bp156.2.9.1.src.rpm awf-gtk2-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk3-3.0.0-bp156.2.9.1.src.rpm awf-gtk3-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk3-debuginfo-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk3-debugsource-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk4-3.0.0-bp156.2.9.1.src.rpm awf-gtk4-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk4-debuginfo-3.0.0-bp156.2.9.1.x86_64.rpm awf-gtk4-debugsource-3.0.0-bp156.2.9.1.x86_64.rpm human-theme-gtk-2.4.0-bp156.2.9.1.noarch.rpm human-theme-gtk-2.4.0-bp156.2.9.1.src.rpm awf-gtk2-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk3-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk3-debuginfo-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk3-debugsource-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk4-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk4-debuginfo-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk4-debugsource-3.0.0-bp156.2.9.1.aarch64.rpm awf-gtk2-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk3-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk3-debuginfo-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk3-debugsource-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk4-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk4-debuginfo-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk4-debugsource-3.0.0-bp156.2.9.1.ppc64le.rpm awf-gtk2-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk3-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk3-debuginfo-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk3-debugsource-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk4-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk4-debuginfo-3.0.0-bp156.2.9.1.s390x.rpm awf-gtk4-debugsource-3.0.0-bp156.2.9.1.s390x.rpm 18887 moderate openSUSE Backports SLE-15-SP6 Update This update for kanidm fixes the following issues: - Update to version 1.6.2~git0.a20663ea8: * Release 1.6.2 * fix: clippy * maint: typo in log message * Set kid manually to prevent divergence * Order keys in application JWKS / Fix rotation bug * Fix toml issues with strings - Update to version 1.6.1~git0.2e4429eca: * Release 1.6.1 * Resolve reload of oauth2 on startup (#3604) - CVE-2025-3416: Fixed openssl use after free (boo#1242642) - Update to version 1.6.0~git0.d7ae0f336: * Release 1.6.0 * Avoid openssl for md4 * Fixes #3586, inverts the navbar button color (#3593) * Release 1.6.0-pre * chore: Release Notes (#3588) * Do not require instances to exist during optional config load (#3591) * Fix std::fmt::Display for some objects (#3587) * Drop fernet in favour of JWE (#3577) * docs: document how to configure oauth2 for opkssh (#3566) * Add kanidm_ssh_authorizedkeys_direct to client deb (#3585) * Bump the all group in /pykanidm with 2 updates (#3581) * Update dependencies, fix a bunch of clippy lints (#3576) * Support spaces in ssh key comments (#3575) * 20250402 3423 proxy protocol (#3542) * fix(web): Preserve SSH key content on form validation error (#3574) * Bump the all group in /pykanidm with 3 updates (#3572) * Bump the all group in /pykanidm with 2 updates (#3564) * Bump crossbeam-channel from 0.5.14 to 0.5.15 in the cargo group (#3560) * Improve token handling (#3553) * Bump tokio from 1.44.1 to 1.44.2 in the cargo group (#3549) * Update fs4 and improve klock handling (#3551) * Less footguns (#3552) * Unify unix config parser (#3533) * Bump openssl from 0.10.71 to 0.10.72 in the cargo group (#3544) * Bump the all group in /pykanidm with 8 updates (#3547) * implement notify-reload protocol (#3540) * Allow versioning of server configs (#3515) * 20250314 remove protected plugin (#3504) * Bump the all group with 10 updates (#3539) * Bump mozilla-actions/sccache-action from 0.0.8 to 0.0.9 in the all group (#3538) * Bump the all group in /pykanidm with 4 updates (#3537) * Add max_ber_size to freeipa sync (#3530) * Bump the all group in /pykanidm with 5 updates (#3524) * Update Concread * Update developer_ethics.md (#3520) * Update examples.md (#3519) * Make schema indexing a boolean instead of index types (#3517) * Add missing lld dependency and fix syntax typo (#3490) * Update shell.nix to work with stable nixpkgs (#3514) * Improve unixd tasks channel comments (#3510) * Update kanidm_ppa_automation reference to latest (#3512) * Add set-description to group tooling (#3511) * packaging: Add kanidmd deb package, update documentation (#3506) * Bump the all group in /pykanidm with 5 updates (#3508) * 20250313 unixd system cache (#3501) * Support rfc2307 memberUid in sync operations. (#3466) * Bump mozilla-actions/sccache-action from 0.0.7 to 0.0.8 in the all group (#3496) * Update Traefik config example to remove invalid label (#3500) * Add uid/gid allocation table (#3498) * 20250225 ldap testing in testkit (#3460) * Bump the all group in /pykanidm with 5 updates (#3494) * Bump ring from 0.17.10 to 0.17.13 in the cargo group (#3491) * Handle form-post as a response mode (#3467) * book: fix english (#3487) * Correct paths with Kanidm Tools Container (#3486) * 20250225 improve test performance (#3459) * Bump the all group in /pykanidm with 8 updates (#3484) * Use lld by default on linux (#3477) * 20250213 patch used wrong acp (#3432) * Android support (#3475) * Changed all CI/CD builds to locked (#3471) * Make it a bit clearer that providers are needed (#3468) * Fix incorrect credential generation in radius docs (#3465) * Add crypt formats for password import (#3458) * build: Create daemon image from scratch (#3452) * address webfinger doc feedbacks (#3446) * Bump the all group across 1 directory with 5 updates (#3453) * [htmx] Admin ui for groups and users management (#3019) * Fixes #3406: add configurable maximum queryable attributes for LDAP (#3431) * Accept invalid certs and fix token_cache_path (#3439) * Accept lowercase ldap pwd hashes (#3444) * TOTP label verification (#3419) * Rewrite WebFinger docs (#3443) * doc: fix formatting of URL table, remove Caddyfile instructions (#3442) * book: add OAuth2 Proxy example (#3434) * Exempt idm_admin and admin from denied names. (#3429) * Book fixes (#3433) * ci: uniform Docker builds (#3430) * 20240213 3413 domain displayname (#3425) * Correct path to kanidm config example in documentation. (#3424) * Support redirect uris with query parameters (#3422) * Update to 1.6.0-dev (#3418) * Remove white background from square logo. (#3417) * feat: Added webfinger implementation (#3410) * Bump the all group in /pykanidm with 7 updates (#3412) - Update to version 1.5.0~git2.21c2a1bd0: * fix: documentation fail (#3555) kanidm-1.6.2~git0.a20663ea8-bp156.29.1.src.rpm kanidm-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-clients-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-clients-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-debugsource-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-docs-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-server-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-server-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-unixd-clients-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-unixd-clients-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.x86_64.rpm kanidm-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-clients-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-clients-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-debugsource-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-docs-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-server-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-server-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-unixd-clients-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm kanidm-unixd-clients-debuginfo-1.6.2~git0.a20663ea8-bp156.29.1.aarch64.rpm 18888 moderate openSUSE Backports SLE-15-SP6 Update This update for git-lfs fixes the following issues: Update to 3.6.1: (boo#1235876): This release introduces a security fix for all platforms, which has been assigned CVE-2024-53263. When requesting credentials from Git for a remote host, prior versions of Git LFS passed portions of the host's URL to the git-credential(1) command without checking for embedded line-ending control characters, and then sent any credentials received back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker might have been able to retrieve a user's Git credentials. Git LFS now prevents bare line feed (LF) characters from being included in the values sent to the git-credential(1) command, and also prevents bare carriage return (CR) characters from being included unless the credential.protectProtocol configuration option is set to a value equivalent to false. * Bugs - Reject bare line-ending control characters in Git credential requests (@chrisd8088) update to version 3.6.0: - https://github.com/git-lfs/git-lfs/releases/tag/v3.6.0 update to 3.5.1: * Build release assets with Go 1.21 #5668 (@bk2204) * script/packagecloud: instantiate distro map properly #5662 (@bk2204) * Install msgfmt on Windows in CI and release workflows #5666 (@chrisd8088) update to version 3.4.1: - https://github.com/git-lfs/git-lfs/releases/tag/v3.4.1 git-lfs-3.6.1-bp156.2.3.1.src.rpm git-lfs-3.6.1-bp156.2.3.1.x86_64.rpm git-lfs-3.6.1-bp156.2.3.1.i586.rpm git-lfs-3.6.1-bp156.2.3.1.aarch64.rpm git-lfs-3.6.1-bp156.2.3.1.ppc64le.rpm git-lfs-3.6.1-bp156.2.3.1.s390x.rpm