Packages changed: NetworkManager NetworkManager-openconnect NetworkManager-openvpn cloud-init cnf containerd (1.7.8 -> 1.7.10) crun (1.11.1 -> 1.12) file-roller (43.0 -> 43.1) fwupd (1.9.9 -> 1.9.10) gjs (1.78.0 -> 1.78.1) gnome-shell (45.1 -> 45.2) gnome-shell-extensions (45.1 -> 45.2) graphviz hwdata (0.376 -> 0.377) libadwaita (1.4.1 -> 1.4.2) libcontainers-common (20230913 -> 20231204) libnl3 (3.8.0 -> 3.9.0) mutter nautilus (45.1 -> 45.2) ncurses (6.4.20231125 -> 6.4.20231202) policycoreutils polkit (121 -> 123) python-urllib3 (2.0.7 -> 2.1.0) sqlite3 (3.44.0 -> 3.44.1) sudo (1.9.14p3 -> 1.9.15p2) totem tuned xdg-desktop-portal xmlsec1 zenity (3.99.90 -> 3.99.91) === Details === ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add python3.6-in-sle.patch: SLE still takes python 3.6 as primary system, the patch allows meson to find python 3.6 in SLE. ==== NetworkManager-openconnect ==== - Rename gnome subpackage to NetworkManager-applet-openconnect to more accurately reflect its usage - Add missing supplements: - NM and openconnect - NMA subpackage: Main package and NMA ==== NetworkManager-openvpn ==== - Rename gnome subpackage to NetworkManager-applet-openvpn to more accurately reflect its usage - Add missing supplements: - NM and openvpn - NMA subpackage: Main package and NMA ==== cloud-init ==== - Move fdupes call back to %install ==== cnf ==== Subpackages: cnf-bash - Enable build on riscv64 ==== containerd ==== Version update (1.7.8 -> 1.7.10) - Update to containerd v1.7.10. Upstream release notes: - Rebase patches: * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch ==== crun ==== Version update (1.11.1 -> 1.12) - New upstream release 1.12: * add new WebAssembly handler: spin. * systemd: fallback to system bus if session bus is not available. * configure the cpu rt and cpuset controllers before joining them to avoid running temporarily the workload on the wrong cpus. * preconfigure the cpuset with required resources instead of using the parent's set. This prevents needless churn in the kernel as it tracks which CPUs have load balancing disabled. * try attr//* before the attr/* files. Writes to the attr/* files may fail if apparmor is not the first "major" LSM in the list of loaded LSMs (e.g. lsm=apparmor,bpf vs lsm=bpf,apparmor). - New upstream release 1.11.2: * fix a regression caused by 1.11.1 where the process crashes if there are no CPU limits configured on cgroup v1. (bsc#1217590) * fix error code check for the ptsname_r function. ==== file-roller ==== Version update (43.0 -> 43.1) - Update to version 43.1: + Fixed deb package support. + Fixed wrong filename when opening a files on Google Drive. + Updated README. + Updated translations. ==== fwupd ==== Version update (1.9.9 -> 1.9.10) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.10: + This release adds the following features: - Add support for not_hardware requirements - Add support for loongarch64 - Add support for per-release priority attributes - Make USB claim retry count configurable across devices + This release fixes the following bugs: - Compare the HID report value when checking for duplicates - Consider the component priority when installing composite updates - Deploy the CCGX firmware correctly the first time - Do not export the 'main-system-firmware' and 'cpu' GUIDs - Enforce fwupd version requirements client side - Fix Genesys 'failed to get static tool info from device' error - Fix potential 'dereference before null check' in ccmx-dmc - Fix the 'already registered private FuMmDevice flag with value' warning - Fix the 'assertion backend_id != NULL failed' runtime warning - Fix Wacom USB device emulation by recording the composite phases - Generate generic request message text where possible - Hide HTTP passwords in fwupd debugging logs - Let the client know what interaction is expected - Make all critical warnings into backtraces for non-release builds - Never obsolete the wrong HSI attribute - Never show a HSI index that is impossible - Only apply fastboot plugin to modem devices supporting fastboot - Only send interactive requests when the sender is alive - Remove the now-obsolete Synaptics MST cascade device scanning - Replace the Redfish KCS user if required - Restrict mediatek-scaler devices on specific hardware only - Skip any recovery partitions when detecting ESP ==== gjs ==== Version update (1.78.0 -> 1.78.1) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.78.1: + Gtk template signals cause a reference cycle that is not detected + Modules from resources may get loaded twice + docs: add examples for creating cairo image surfaces + Deadlocks between GJS GC and dconf gsettings when a setting value is changed + Gtk3: Fix leak in GtkBuilder template signal connections - Drop 3cae384aaf15dec6653b1a5400032c2c2e5dc34c.patch: Fixed upstream ==== gnome-shell ==== Version update (45.1 -> 45.2) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 45.2: + Fix performance degradation due to repeated signal leak + Optimize application search + Fix on-screen keyboard backspace getting stuck + Fix arrow navigation in search results + Support async code in Eval() D-Bus method + Fix sliders not requesting any size + Only show prefs dialog after the extension has been loaded + Improve high-contrast styling + Fix mapping of tablet rings/strips + Add support for "version-name" field in extension metainfo + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. ==== gnome-shell-extensions ==== Version update (45.1 -> 45.2) Subpackages: gnome-shell-classic gnome-shell-extensions-common - Update to version 45.2: + window-list: - Fix buttons not being clickable at the screen edge - Really fix initial preview visibility + workspace-indicator: Really fix initial preview visibility + Misc. bug fixes and cleanups ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - Require bitstream-vera-fonts for correct .png rendering by doxygen+dot ==== hwdata ==== Version update (0.376 -> 0.377) - update to 0.377: * Fixed trailing spaces in pnp.ids ==== libadwaita ==== Version update (1.4.1 -> 1.4.2) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.4.2: + Really fix build with libappstream 1.0 ==== libcontainers-common ==== Version update (20230913 -> 20231204) Subpackages: libcontainers-default-policy - New release 20231204 - bump c/common to 0.57.0 * Bump to v0.56.0 by * Fix typo in comment * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * Fix specification of unix:///run * libimage/layer_tree: if parent is empty and a manifest list then ignore check. * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1 * Split up util package into pkg/password, pkg/copy, pkg/version * Remove ActiveDestination method to move into podman * Default machine CPUs to Cores/2 * pkg/config: do NOT set StaticDir and VolumeDir * Implement negated label match function * chore: import packages only once * CoC: fix email link - bump c/storage to 1.51.0 * Bump to v1.50.2 * overlay, composefs: mount loop device RO * Run codespell on code * fix(deps): update module github.com/klauspost/compress to v1.17.0 * store: serialize container deletion * pkg/system: reduce retry timeout for EnsureRemoveAll * overlay, composefs: use data-only lower layers * store: call RecordWrite() before graphDriver Cleanup() * fix(deps): update module golang.org/x/sys to v0.13.0 - bump c/image to 5.29.0 * Bump to v5.28.0 * fix(deps): update module github.com/containers/storage to v1.50.2 * Run codespell on code * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * Use constants and types from opencontainers/image-spec/specs-go/v1 * progress: set Current before Refill * copy: fix nil pointer dereference when checking compression algorithm * fix(deps): update module github.com/klauspost/compress to v1.17.0 * fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0 * ociarchive: Add new ArchiveFileNotFoundError ==== libnl3 ==== Version update (3.8.0 -> 3.9.0) Subpackages: libnl-config libnl3-200 - Update to release 3.9 * route/link: add bonding interface options set rtnl apis * route: fix memleak in rtnl_act_parse() * route/tc: avoid integer overflow in rtnl_tc_calc_cell_log() ==== mutter ==== - Rebase mutter-SLE-bsc984738-grab-display.patch. ==== nautilus ==== Version update (45.1 -> 45.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 45.2: + Don't crash when reconnecting to remove server. + Actually detect unmount on some non-native mounts. + Don't crash on image properties. + Allow types and sizes in Properties to expand. + Don't corrupt toast messages. + Updated translations. ==== ncurses ==== Version update (6.4.20231125 -> 6.4.20231202) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231202 + correct initial alignment of extended capabilities in infocmp, so that the "-u" option can be used for more than two terminal types. + improve formatting/style of manpages, changing environment variables to italics (patches by Branden Robinson). ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - Re-add "Obsoletes: policycoreutils-python <= 2.6" to avoid file conflicts with /usr/share/bash-completion/completions/setsebool of older policycoreutils-python-2.6 ==== polkit ==== Version update (121 -> 123) Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - Update to version 123: + Highlights: - better safety with deeper restriction of the configuration files - better safety with restricting the daemon's owner under systemd - better safety with the systemd unit sandboxing - less thread races during upload of the configuration - Changes from version 122: + Highlights: - new Georgian translation - port to mozjs-102 - daemon-less build (support for e.g. flatpak deps) - re-enable of (API) documentation build - See more detailed changes in the included NEWS.md file. - Change URL and Source to new home, and drop polkit.keyring and tar.gz.sign tarball signature, no longer available. - Drop polkit-fix-pam-prefix.patch: Fixed upstream. - Add /usr/bin/dbus-daemon BuildRequires, needed for tests. Replace the dbus-1 with /usr/bin/dbus-daemon Requires. - change /usr/share/polkit-1/rules.d to 555,root:root. /usr content isn't secret anyway so this avoids non-root owned files in /usr (boo#1215482) - update 50-default.rules to allow adding more admin rules (jsc#PED-260, drop polkit-no-wheel-group.patch) ==== python-urllib3 ==== Version update (2.0.7 -> 2.1.0) - update to 2.1.0: * Removed support for the deprecated urllib3[secure] extra. * Removed support for the deprecated SecureTransport TLS implementation. * Removed support for the end-of-life Python 3.7. * Allowed loading CA certificates from memory for proxies. * Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. ==== sqlite3 ==== Version update (3.44.0 -> 3.44.1) Subpackages: libsqlite3-0 sqlite3-tcl - Update to release 3.44.2 * Fix a mistake in the CLI that was introduced by the fix in 3.44.1. * Fix a problem in FTS5 that was discovered during internal fuzz testing only minutes after the 3.44.1 release was tagged. * Fix incomplete assert() statements that the fuzzer discovered. * Fix a couple of harmless compiler warnings that appeared in debug builds with GCC 16. - Update to release 3.44.1 * Change the CLI so that it uses UTF-16 for console I/O on Windows. * Other obscure bug fixes. ==== sudo ==== Version update (1.9.14p3 -> 1.9.15p2) Subpackages: sudo-plugin-python - Update to 1.9.15p2: * Fixed a bug on BSD systems where sudo would not restore the terminal settings on exit if the terminal had parity enabled. GitHub issue #326. - Update to 1.9.15p1: * Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers from being able to read the ldap.conf file. GitHub issue #325. - Update to 1.9.15: * Fixed an undefined symbol problem on older versions of macOS when "intercept" or "log_subcmds" are enabled in sudoers. GitHub issue #276. * Fixed "make check" failure related to getpwent(3) wrapping on NetBSD. * Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. * Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. * The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes. GitHub issue #294. * The AIX and Solaris sudo packages on www.sudo.ws now support "log_subcmds" and "intercept" with both 32-bit and 64-bit binaries. Previously, they only worked when running binaries with the same word size as the sudo binary. GitHub issue #289. * The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. * Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. For LDAP sudoers, the name of the matching sudoRole is printed instead. * The embedded copy of zlib has been updated to version 1.3. * The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. This addresses CVE-2023-42465. * The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. * A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. * The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. Bug #1058. * Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values. GitHub issue #312. * Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user. GitHub issue #318. * New Indonesian translation from translationproject.org. * The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. * Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. * Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. - Package/ship empty /etc/sudoers.d directory for admins to discover where to put their won config. - Introduce optional wheel and sudo group policies as separate packages (bsc#1203978, jsc#PED-260) - Install config files into /usr/etc and read from both location: /etc and /usr/etc (bsc#1205118) ==== totem ==== - Add upstream bug fix patches: + ac2d02530d3b555e44907162be05536a5927b2a0.patch: gst: Force using newer GStreamer libva plugins + d16d9ad1d2b214996639e4f01c4515b611fb2739.patch: data: Add new canonical mime-type for AVI files ==== tuned ==== - do not package inoperable plugins (bsc#1217758) ==== xdg-desktop-portal ==== - Own the directory which packages will use for portals.conf configuration files ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Make use of openSUSE build flags ==== zenity ==== Version update (3.99.90 -> 3.99.91) - Update to version 3.99.91: + password: - Remove spurious "Warning" heading - Only fetch username buffer if username option specified + build: Add implicit fallthrough warnings + password/msg: Handle ZENITY_TIMEOUT to be in line with other libadwaita-based dialogs + filesel: Fix exit statuses for cancel and timeout + Cleanup 'timeout' and make it work properly for all dialogs + util: Maintain default timeout exit status as 5 for backwards compat; various cleanups + text: webkit2gtk-6.0 fixes + msg: Code cleanups + Updated translations.