Packages changed: Mesa (23.3.4 -> 23.3.5) Mesa-drivers (23.3.4 -> 23.3.5) apparmor (3.1.6 -> 3.1.7) c-ares (1.20.1 -> 1.26.0) cpio (2.14 -> 2.15) distribution-logos-openSUSE (20230921 -> 20240207) dracut (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) ethtool (6.6 -> 6.7) fwupd (1.9.12 -> 1.9.13) gcc13 (13.2.1+git8250 -> 13.2.1+git8285) glibc grub2 gstreamer-plugins-bad gtk4 (4.12.4 -> 4.12.5) ibus imlib2 (1.12.1 -> 1.12.2) installation-images-MicroOS (17.112 -> 17.114) inxi (3.3.32 -> 3.3.33) kdsoap kernel-source (6.7.2 -> 6.7.4) libXext (1.3.5 -> 1.3.6) libapparmor (3.1.6 -> 3.1.7) libei (1.2.0 -> 1.2.1) libgsf (1.14.51 -> 1.14.52) libidn2 (2.3.4 -> 2.3.7) libjxl (0.9.0 -> 0.9.2) libjxl-gtk (0.9.0 -> 0.9.2) libmemcached libpciaccess (0.17 -> 0.18) libxcb libxkbfile (1.1.2 -> 1.1.3) libzypp (17.31.28 -> 17.31.31) man microos-tools (2.21+git9 -> 2.21+git11) netavark (1.9.0 -> 1.10.2) netpbm numactl (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) openssl-3 pam pam-full-src patterns-microos permissions (1699_20230602 -> 1699_20240206) pipewire (1.0.2 -> 1.0.3) polkit-default-privs (1550+20231213.09963a4 -> 1550+20240207.d833f4b) pulseaudio (16.1 -> 17.0) python-MarkupSafe (2.1.4 -> 2.1.5) python-h11 python-pip python-typing_extensions python311 (3.11.7 -> 3.11.8) python311-core (3.11.7 -> 3.11.8) qemu (8.1.3 -> 8.2.0) rebootmgr (2.1 -> 2.2) rpm (4.19.1 -> 4.19.1.1) selinux-policy (20240116 -> 20240205) shim spectacle systemd webkit2gtk3 (2.42.4 -> 2.42.5) webkit2gtk4 (2.42.4 -> 2.42.5) wireplumber xkbcomp (1.4.6 -> 1.4.7) xprop (1.2.6 -> 1.2.7) yast2-installation (5.0.5 -> 5.0.6) yast2-network (5.0.1 -> 5.0.2) === Details === ==== Mesa ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== Mesa-drivers ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== apparmor ==== Version update (3.1.6 -> 3.1.7) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== c-ares ==== Version update (1.20.1 -> 1.26.0) - Ensure multibuild flavors result in different src names. - c-ares 1.26.0: * Event Thread support. Integrators are no longer required to monitor the file descriptors registered by c-ares for events and call ares_process() when enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to ares_init_options(). * Added flags to are_dns_parse() to force RAW packet parsing * Mark ares_fds() as deprecated * Bug fixes - move tests into a build flavor to avoid gtest/gmock build loop - Update to version 1.25 Changes: o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety reasons. o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6 addresses by default. Bug Fixes: o Tests: Live reverse lookups for Google's public DNS servers no longer return results, replace with CloudFlare pubic DNS servers. o Connection failures should increment the server failure count first or a retry might be enqueued to the same server o On systems that don't implement the ability to enumerate network interfaces the stubs used the wrong prototype. o Fix minor warnings and documentation typos o Fix support for older GoogleTest versions o getrandom() may require sys/random.h on some systems. o Fix building tests with symbol hiding enabled. - 0001-Use-RPM-compiler-options.patch: dropped, obsolete - Update to version 1.24 Features: * Add support for IPv6 link-local DNS servers. Nameserver formats can now accept the 0face suffix, and a new ares_get_servers_csv() function was added to return servers that can contain the link-local interface name. Changes: * Unbundle GoogleTest for test cases. Package maintainers will now need torequire GoogleTest (GMock) as a build dependency if building tests. New GoogleTest versions require C++14 or later. * Replace nameserver parsing code to use new memory-safe functions. * Replace the sortlist parser with new memory-safe functions. * Various warning fixes and dead code removal. Bugfixes: * Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with thread safety support * A non-responsive DNS server that caused timeouts wouldn't increment thefailure count, this would lead to other servers not being tried. Regression introduced in 1.22.0 * Some projects that depend on c-ares expect invalid parameter option valuespassed into ares_init_options() to simply be ignored. This behavior has been restored * getrandom() can fail if the kernel doesn't support the syscall, fall back to another random source * ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo()with AF_UNSPEC, if called after one address class was returned but before the other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED - disable-live-tests.patch: dropped, not needed - Update to version 1.23 Features: Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications. resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options. Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE. Bugfixes: ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept theport in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0. ares_init_options() for ARES_FLAG_NOSEARCH was not being honored forares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0. Autotools MacOS and iOS version check was failing Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0. Spelling fixes as detected by codespell. The timeout returned by ares_timeout() was truncated to milliseconds butvalidated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring. CMake was not honoring CXXFLAGS passed in via the environment which couldcause compile and link errors with distribution hardening flags during packaging. Fix Windows UWP and Cygwin compilation. ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0. Changes in version 1.22.1 Bugfixes: Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time. Fix typos in manpages Fix OpenWatcom building Changes in version 1.22.0 Features: ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility The new DNS message parser and writer functions have now been made public RFC9460 HTTPS and SVCB records are now supported RFC6698 TLSA records are now supported The server list is now internally dynamic and can be changed without impacting existing queries Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files Changes: Internally all DNS messages are now written using the new DNS writing functions EDNS is now enabled by default Internal cleanups in function prototypes Bugfixes: Randomize retry penalties to prevent thundering herd issues when dns servers throttle requests Fix Windows build error for missing if_indextoname() - update to 1.21.0: * Replace multiple DNS hand-made parsers with new memory-safe DNS message parser * developer visible changes and bug fixes ==== cpio ==== Version update (2.14 -> 2.15) Subpackages: cpio-mt - Update to 2.15: * Fix the operation of --no-absolute-filenames --make-directories. * Restore access and modification times of symlinks in copy-in and copy-pass modes. - Remove fix-operation-no-absolute-filenames.patch ==== distribution-logos-openSUSE ==== Version update (20230921 -> 20240207) Subpackages: distribution-logos-openSUSE-MicroOS distribution-logos-openSUSE-icons - switch to a service using zstd - list the source url - Update Leap 15.6 branding poo#131666 ==== dracut ==== Version update (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) Subpackages: dracut-ima - Update to version 059+suse.549.gc9f63878: * fix(overlayfs): split overlayfs mount in two steps (bsc#1219778) * fix(dracut-init.sh): handle decompress with `--sysroot` * fix(i18n): handle keymap includes with `--sysroot` * fix(dracut-systemd): replace `rd.udev.log-priority` with `rd.udev.log_level` * fix(i18n): handle symlinked keymap ==== ethtool ==== Version update (6.6 -> 6.7) Subpackages: ethtool-bash-completion - update to upstream release 6.7 * Feature: support for setting TCP data split * Fix: fix new gcc14 warning * Fix: fix SFF-8472 transceiver module identification (-m) ==== fwupd ==== Version update (1.9.12 -> 1.9.13) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.13: + This release adds the following features: - Add a timer inhibit if the daemon took a long time to startup. - Add a concept of 'Test Mode' rather than enabling specific plugins. - Do not idle-quit the daemon if there is a connected D-Bus client. + This release fixes the following bugs: - Allow plugins to opt-out of the child-device first depsolve. - Allow setting multiple flags in LVFS::DeviceFlags. - Do not migrate config comments for removed keys. - Do not request the Advantech BMC to reboot. - Do not warn the user about ESP when using MBR. - Fix a critical warning when adding a PixArt wireless device. - Fix migration of legacy config files. - Only save config values to the mutable config file. - Parse DS-20 descriptors earlier in device setup. - Store the version format in the history database to fix offline reports. - Use the correct GUID for matching realtek-mst and parade-lspcon. + This release adds support for the following hardware: - GoodWay Acer Dock. ==== gcc13 ==== Version update (13.2.1+git8250 -> 13.2.1+git8285) Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1 - Add gcc13-sanitizer-remove-crypt-interception.patch to remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285 - Add gcc13-pr88345-min-func-alignment.diff to add support for - fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. ==== glibc ==== Subpackages: glibc-extra glibc-locale glibc-locale-base - Add libnsl1 to baselibs.conf (bsc#1219640) - arm-dl-start-user.patch: arm: Remove wrong ldr from _dl_start_user (BZ [#31339]) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix build error on gcc-14 (bsc#1218949) * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Require libvpl only on supported architectures (x86_64 and aarch64) - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) - added support for oneVPL ==== gtk4 ==== Version update (4.12.4 -> 4.12.5) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.5: + GtkColumnView: Fix a crash on dispose. + GtkEmojiChooser: - Update to CLDR v44. - Add more translations. + GtkFileDialog: - Return an error if no file is selected. - Make closing the portal file chooser work. + GtkDropDown: Fix display of the initial checkmark. + GtkShortcutsWindow: Reduce the minimum width. + GDK: Make the png loader safer against overflow. + Wayland: Fix cursor handling with graphics tablets. ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Fix dead keys with non-English keyboard in some applications (MAME, Wine) (boo#1218135) ibus-complete-preedit-signals-for-postprocesskeyevent.patch ibus-enginesimple-dont-commit-any-characters.patch ==== imlib2 ==== Version update (1.12.1 -> 1.12.2) Subpackages: imlib2-loaders libImlib2-1 - update to 1.12.2: * Fixes for Y4M, ANI, PNG and JPG loaders ==== installation-images-MicroOS ==== Version update (17.112 -> 17.114) - merge gh#openSUSE/installation-images#693 - remove explicit dependency on libopenssl*-hmac (bsc#1219762) - 17.114 - merge gh#openSUSE/installation-images#689 - change HMC console name from ttyS1 to ttysclp0 (bsc#1203405) - 17.113 ==== inxi ==== Version update (3.3.32 -> 3.3.33) - Updated to version 3.3.33: + /usr/share/doc/packages/inxi/inxi.changelog. ==== kdsoap ==== - Fix package docs - Fix build to handle changes in (open)SUSE specific cmake macros, no user visible changes ==== kernel-source ==== Version update (6.7.2 -> 6.7.4) - Linux 6.7.4 (bsc#1012628). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (bsc#1012628). - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (bsc#1012628). - arm64: irq: set the correct node for VMAP stack (bsc#1012628). - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (bsc#1012628). - powerpc: Fix build error due to is_valid_bugaddr() (bsc#1012628). - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (bsc#1012628). - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (bsc#1012628). - x86/boot: Ignore NMIs during very early boot (bsc#1012628). - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (bsc#1012628). - powerpc/lib: Validate size for vector operations (bsc#1012628). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (bsc#1012628). - sched/numa: Fix mm numa_scan_seq based unconditional scan (bsc#1012628). - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (bsc#1012628). - debugobjects: Stop accessing objects after releasing hash bucket lock (bsc#1012628). - sched/fair: Fix tg->load when offlining a CPU (bsc#1012628). - regulator: core: Only increment use_count when enable_count changes (bsc#1012628). - audit: Send netlink ACK before setting connection in auditd_set (bsc#1012628). - ACPI: tables: Correct and clean up the logic of acpi_parse_entries_array() (bsc#1012628). - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (bsc#1012628). - PNP: ACPI: fix fortify warning (bsc#1012628). - ACPI: extlog: fix NULL pointer dereference check (bsc#1012628). - selftests/nolibc: fix testcase status alignment (bsc#1012628). - ACPI: NUMA: Fix the logic of getting the fake_pxm value (bsc#1012628). - kunit: tool: fix parsing of test attributes (bsc#1012628). - kunit: Reset test->priv after each param iteration (bsc#1012628). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (bsc#1012628). - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (bsc#1012628). - OPP: The level field is always of unsigned int type (bsc#1012628). - thermal: core: Fix thermal zone suspend-resume synchronization (bsc#1012628). - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (bsc#1012628). - UBSAN: array-index-out-of-bounds in dtSplitRoot (bsc#1012628). - jfs: fix slab-out-of-bounds Read in dtSearch (bsc#1012628). - jfs: fix array-index-out-of-bounds in dbAdjTree (bsc#1012628). - jfs: fix uaf in jfs_evict_inode (bsc#1012628). - hwrng: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings (bsc#1012628). - pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1012628). - erofs: fix up compacted indexes for block size < 4096 (bsc#1012628). - crypto: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: octeontx2 - Fix cptvf driver cleanup (bsc#1012628). - erofs: fix ztailpacking for subpage compressed blocks (bsc#1012628). - crypto: stm32/crc32 - fix parsing list of devices (bsc#1012628). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (bsc#1012628). - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (bsc#1012628). - jfs: fix array-index-out-of-bounds in diNewExt (bsc#1012628). - s390/boot: always align vmalloc area on segment boundary (bsc#1012628). - arch: consolidate arch_irq_work_raise prototypes (bsc#1012628). - arch: fix asm-offsets.c building with -Wmissing-prototypes (bsc#1012628). - s390/vfio-ap: fix sysfs status attribute for AP queue devices (bsc#1012628). - s390/ptrace: handle setting of fpc register correctly (bsc#1012628). - KVM: s390: fix setting of fpc register (bsc#1012628). - sysctl: Fix out of bounds access for empty sysctl registers (bsc#1012628). - SUNRPC: Fix a suspicious RCU usage warning (bsc#1012628). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1012628). - smb: client: fix renaming of reparse points (bsc#1012628). - smb: client: fix hardlinking of reparse points (bsc#1012628). - cifs: fix in logging in cifs_chan_update_iface (bsc#1012628). - ecryptfs: Reject casefold directory inodes (bsc#1012628). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1012628). - ext4: unify the type of flexbg_size to unsigned int (bsc#1012628). - ext4: remove unnecessary check from alloc_flex_gd() (bsc#1012628). ... changelog too long, skipping 1153 lines ... - commit f71b395 ==== libXext ==== Version update (1.3.5 -> 1.3.6) - Update to version 1.3.6 * Wrap Xext*CheckExtension() in do { ... } while(0) * configure: raise minimum autoconf requirement to 2.70 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * _xgeGetExtensionVersion should not free info on failure * Check for malloc failure in _xgeGetExtensionVersion * _xgeDpyClose: handle NULL return from _xgeFindDisplay * XEVI: fix -Walloc-size ==== libapparmor ==== Version update (3.1.6 -> 3.1.7) - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== libei ==== Version update (1.2.0 -> 1.2.1) - Update to release 1.2.1 * Previously, using OEFFIS_DEVICE_ALL_DEVICES in oeffis_create_session() would erroneously result in the portal selecting no devices instead of all. ==== libgsf ==== Version update (1.14.51 -> 1.14.52) Subpackages: gsf-office-thumbnailer libgsf-1-114 - Update to version 1.14.52: + xml: Fix build with libxml2 2.12. ==== libidn2 ==== Version update (2.3.4 -> 2.3.7) - update to 2.3.7: * Un-deprecate idn2_to_ascii_4i and make it NUL terminate output * Export punycode APIs * Developer visible code maintenance ==== libjxl ==== Version update (0.9.0 -> 0.9.2) - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libjxl-gtk ==== Version update (0.9.0 -> 0.9.2) - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libmemcached ==== Subpackages: libmemcached11 libmemcachedutil2 - explicitly set docdir to converge cmake doc macro change between leap and tumbleweed ==== libpciaccess ==== Version update (0.17 -> 0.18) - Update to version 0.18 * Remove "All rights reserved" from Oracle copyright notices * Try fopen(".../pci.ids", "re") on Solarish systems as well * Remove autotools build * gitlab-ci: use `meson setup` * gitlab-ci: don't bother to configure meson for the version check * gitlab-ci: remove unnecessary call to `meson configure` * FreeBSD: Fallback to /usr/share/misc/pci_vendors * FreeBSD: Remove sparc64 code * Fix compilation warnings when building against hurd-amd64. ==== libxcb ==== Subpackages: libxcb-composite0 libxcb-damage0 libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxcb1 - devel package: added missing Requires to libxcb-dbe0 (boo#1219572) ==== libxkbfile ==== Version update (1.1.2 -> 1.1.3) - update to 1.1.3 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * Set close-on-exec when opening files * _XkbMakeAtom: remove check for impossible case * _XkbInitAtoms: check for malloc() failure * XkbChangeAtomDisplay: stop leaking atom name * XkbCFReportError: avoid -Wformat-nonliteral warning * XkbWriteCFile: stop leaking header file ifdef name * DefaultParser: avoid -Wimplicit-fallthrough warnings * xkbtext.c: Add tbGetBufferString helper function * XkbIndentText: Fix -Wsign-compare warning * Fix -Wsign-compare warnings in xkbtext.c & xkmread.c * Add a meson build system - switched to meson build system ==== libzypp ==== Version update (17.31.28 -> 17.31.31) - tui: allow to access the underlying ostream of out::Info. - Add MLSep: Helper to produce not-NL-terminated multi line output. - version 17.31.31 (22) - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514) - Fix problems with EINTR in ExternalDataSource::getline (fixes bsc#1215698) - version 17.31.30 (22) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) - Make Wakeup class EINTR safe. - Add a way to cancel media operations on shutdown (openSUSE/zypper#522) This patch adds a mechanism to signal libzypp that a shutdown was requested, usually when CTRL+C was pressed by the user. Currently only the media backend will utilize this, but can be extended to all code paths that use g_poll() to wait for events. - Manually poll fds for curl in MediaCurl. Using curl_easy_perform does not give us the required control on when we want to cancel a download. Switching to the MultiCurl implementation with a external poll() event loop will give us much more freedom and helps us to improve our Ctrl+C handling. - Move reusable curl poll code to curlhelper.h. - version 17.31.29 (22) ==== man ==== - Make lua scriplets more failsafe (boo#1219370) ==== microos-tools ==== Version update (2.21+git9 -> 2.21+git11) - Update to version 2.21+git11: * Install man-online alias only for bash ==== netavark ==== Version update (1.9.0 -> 1.10.2) - Rely only on . for aardvark-dns requires, even though it is released in sync with netavark, relying on patch version is brittle. - Update to version 1.10.2: * Release v1.10.2 * Release notes for v1.10.2 * [CI:BUILD] Packit/rpm: fix aardvark-dns handling * Do not perform network namespace detection on AV update * Release v1.10.1 * Updated release notes for v1.10.1 * update to nftables release 0.3 from crates.io * DISTRO_PACKAGE: fix incorrect vendored tar archive URL * Bump to 1.11.0-dev * Release 1.10.0 * Release notes for 1.10.0 * RPM: update .cargo/config before building * Add support for isolation to the nftables driver * build(deps): bump h2 from 0.3.22 to 0.3.24 * chore(deps): update rust crate chrono to 0.4.32 * fix(deps): update rust crate env_logger to 0.11.0 * chore(deps): update dependency containers/automation_images to v20240102 * Bump nftables-rs to latest commit * Netavark: nftables support * fix(deps): update rust crate serde_json to 1.0.111 * feat: added the --firewall-driver option * Document how to generate a code coverage report for netavark * fix(deps): update rust crate clap to ~4.4.12 * fix(deps): update rust crate serde_json to 1.0.110 * fix(deps): update rust-futures monorepo to 0.3.30 * fix(deps): update rust crate nispor to 1.2.16 * chore(deps): update rust crate tempfile to 3.9.0 * Use tonic::transport::Uri instead of HTTP * chore(deps): update dependency containers/automation_images to v20231208 * fix(deps): update rust crate tokio to 1.35 * dhcp-proxy: return actual error instead of generic one * dhcp-proxy: skip set gateway if missing * bump netlink-packet-route to 0.18.1 * chore(deps): update rust crate once_cell to 1.19.0 * fix(deps): update rust crate nispor to 1.2.15 * fix(deps): update rust crate serde to 1.0.193 * fix(deps): update rust crate clap to ~4.4.10 * aardvark: show error if process is in wrong netns * aardvark: remove unessesary unlock lockfile calls * fix(deps): update rust crate url to 2.5.0 * Bump working version to v1.10.0-dev ==== netpbm ==== Subpackages: libnetpbm11 - added patches fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + netpbm-use-byrow-when-needed.patch ==== numactl ==== Version update (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) Subpackages: libnuma1 - Update to version 2.0.18.0.g3871b1c: * Increase version number to 2.0.18 * man pages: fix table include preprocessor - Update to version 2.0.17.8.g67984e5: * numastat: Print package version number instead of own. * numastat: Remove commented out perl code * Check for MPOL_PREFERRED_MANY lazily * libnuma: add numa_set_mempolicy_home_node API ==== openssl-3 ==== Subpackages: libopenssl3 - Add migration script to move old files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave They will be later restored by openssl-1_1 package to engines1.1.d and engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch ==== pam ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== pam-full-src ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add "Requires: steam-devices" for both Gnome and KDE * This package is just a small set of udev rules for controller support, and is one of the more common reasons for end users to need to interact with transactional-update, no good reason to not include it in the desktop patterns ==== permissions ==== Version update (1699_20230602 -> 1699_20240206) Subpackages: chkstat permissions-config - Drop superfluous mkdir /usr/share/permissions/permissions.d This is now created by the Makefile. See also commit 5900bc1ffe6275298ded3c96dee03a5c98e4db1c - Update to version 20240206: * Whitelisting libgtop_server2 (bsc#1218921) * Removing bogus whitespaces * chkstat: harmonize and transform to a more compact coding and doc style * gitignore: also ignore hidden ctags * build: Create /usr/share/permissions/permissions.d for packagers * profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory * profiles: drop /etc/ftpusers which is no longer shipped in netcfg ==== pipewire ==== Version update (1.0.2 -> 1.0.3) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.3: * Highlights - Fix ALSA version check. This should allow the alsa plugin to work again. - Some small fixes and improvements. * PipeWire - Escape @DEFAULT_SINK@ in the conf files. * Modules - Improve logging in module-pipe-tunnel. * SPA - Always recheck rate matching in ALSA when moving drivers. This fixes a potential issue where the adaptive resampler would not be activated in some cases. * ALSA - Fix ALSA version check. This should allow the alsa plugin to work again. ==== polkit-default-privs ==== Version update (1550+20231213.09963a4 -> 1550+20240207.d833f4b) - Update to version 1550+20240207.d833f4b: * profiles: remove no longer used device-rebind action ==== pulseaudio ==== Version update (16.1 -> 17.0) Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse - Update to version 17.0: * Updates to ALSA UCM-based setups * Battery level indication to Bluetooth devices * Support for the Bluetooth FastStream codec * webrtc-audio-processing dependency updated * Trigger role groups added to module-role-cork * XDG base directory spec for profile-set loading * PA_RATE_MAX increased * webrtc-audio-processing dependency updated For details, see: https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/17.0/ - Drop obsoleted patches: echo-cancel-add-webrtc-AEC3-support.patch build-sys-Bump-cpp_std-to-c-17.patch build-sys-Bump-webrtc-audio-processing-dependency.patch ==== python-MarkupSafe ==== Version update (2.1.4 -> 2.1.5) - update to 2.1.5: * Fix striptags not collapsing spaces. :issue:`417` ==== python-h11 ==== - spec cleanup ==== python-pip ==== - Fix shebang path for "pip3.XX" binaries ==== python-typing_extensions ==== - Add backport-recent-implementation-of-protocol.patch upstream patch gh#python/typing_extensions@004b893ddce2 ==== python311 ==== Version update (3.11.7 -> 3.11.8) Subpackages: python311-curses python311-dbm - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Apple’s macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value “–” in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the “connected callback” fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but don’t log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== python311-core ==== Version update (3.11.7 -> 3.11.8) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Apple’s macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value “–” in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the “connected callback” fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but don’t log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== qemu ==== Version update (8.1.3 -> 8.2.0) - Fix a build issue of OVMF caused by https://gitlab.com/qemu-project/qemu/-/issues/2064: * target/i386: fix incorrect EIP in PC-relative translation blocks * target/i386: Do not re-compute new pc with CF_PCREL - Update to latest upstream release, 8.2.0: The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2 Highlights include: * New virtio-sound device emulation * New virtio-gpu rutabaga device emulation used by Android emulator * New hv-balloon for dynamic memory protocol device for Hyper-V guests * New Universal Flash Storage device emulation * Network Block Device (NBD) 64-bit offsets for improved performance * dump-guest-memory now supports the standard kdump format * ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device * ARM: CPU emulation support for cortex-a710 and neoverse-n2 * ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC, FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0 * HPPA: CPU emulation support for 64-bit PA-RISC 2.0 * HPPA: machine emulation support for C3700, including Astro memory controller and four Elroy PCI bridges * LoongArch: ISA support for LASX extension and PRELDX instruction * LoongArch: CPU emulation support for la132 * RISC-V: ISA/extension support for AIA virtualization support via KVM, and vector cryptographic instructions * RISC-V: Numerous extension/instruction cleanups, fixes, and reworks * s390x: support for vfio-ap passthrough of crypto adapter for protected virtualization guests * Tricore: support for TC37x CPU which implements ISA v1.6.2 * Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions * x86: Zen support for PV console and network devices - Patch added (from upstream stable tree): * include/ui/rect.h: fix qemu_rect_init() mis-assignment - Some packaging and dependencies fixes: * [openSUSE] rpm: restrict canokey to openSUSE only * [openSUSE] rpm: fix virtiofsd dependency on 32 bit systems * [openSUSE] rpm: add support for canokeys (boo#1217520) - Rearrange dependencies and subpackages and filter features for ALP * [openSUSE] rpm: disable Xen support in ALP-based distros * [openSUSE] rpm: some more refinements of inter-subpackage dependencies - Fix boo#1084909 and create a new qemu-spice metapackage: * [openSUSE] rpm: normalize hostname, for reproducible builds (#44) * [openSUSE] rpm: new subpackage, for SPICE ==== rebootmgr ==== Version update (2.1 -> 2.2) - Update to version 2.2 - Make sure /run/reboot-needed get's deleted after a soft-reboot ==== rpm ==== Version update (4.19.1 -> 4.19.1.1) - update to rpm-4.19.1.1 * don't warn about missing user/group on skipped files * make user/group lookup caching thread-safe * fix regression in Lua scriptlet runaway child detection * restore readline support as an explicit option - refreshed patches: * rpmqpack.diff - fix %_host not containing the abi suffix on arm [bnc#1219627] updated patch: canongnu.diff - Need to mention the changed patches for the python-setuptools to cmake migration: * Drop python_setup.diff * Add cmake_python_version.diff ==== selinux-policy ==== Version update (20240116 -> 20240205) Subpackages: selinux-policy-targeted - Update to version 20240205: * Allow gpg manage rpm cache * Allow login_userdomain name_bind to howl and xmsg udp ports * Allow rules for confined users logged in plasma * Label /dev/iommu with iommu_device_t * Remove duplicate file context entries in /run * Dontaudit getty and plymouth the checkpoint_restore capability * Allow su domains write login records * Revert "Allow su domains write login records" * Allow login_userdomain delete session dbusd tmp socket files * Allow unix dgram sendto between exim processes * Allow su domains write login records * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Allow chronyd-restricted read chronyd key files * Allow conntrackd_t to use bpf capability2 * Allow systemd-networkd manage its runtime socket files * Allow init_t nnp domain transition to colord_t * Allow polkit status systemd services * nova: Fix duplicate declarations * Allow httpd work with PrivateTmp * Add interfaces for watching and reading ifconfig_var_run_t * Allow collectd read raw fixed disk device * Allow collectd read udev pid files * Set correct label on /etc/pki/pki-tomcat/kra * Allow systemd domains watch system dbus pid socket files * Allow certmonger read network sysctls * Allow mdadm list stratisd data directories * Allow syslog to run unconfined scripts conditionally * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t * Allow qatlib set attributes of vfio device files * Allow systemd-sleep set attributes of efivarfs files * Allow samba-dcerpcd read public files * Allow spamd_update_t the sys_ptrace capability in user namespace * Allow bluetooth devices work with alsa * Allow alsa get attributes filesystems with extended attributes * Allow hypervkvp_t write access to NetworkManager_etc_rw_t * Add interface for write-only access to NetworkManager rw conf * Allow systemd-sleep send a message to syslog over a unix dgram socket * Allow init create and use netlink netfilter socket * Allow qatlib load kernel modules * Allow qatlib run lspci * Allow qatlib manage its private runtime socket files * Allow qatlib read/write vfio devices * Label /etc/redis.conf with redis_conf_t * Remove the lockdown-class rules from the policy * Allow init read all non-security socket files * Replace redundant dnsmasq pattern macros * Remove unneeded symlink perms in dnsmasq.if * Add additions to dnsmasq interface * Allow nvme_stas_t create and use netlink kobject uevent socket * Allow collectd connect to statsd port * Allow keepalived_t to use sys_ptrace of cap_userns * Allow dovecot_auth_t connect to postgresql using UNIX socket * Make named_zone_t and named_var_run_t a part of the mountpoint attribute * Allow sysadm execute traceroute in sysadm_t domain using sudo * Allow sysadm execute tcpdump in sysadm_t domain using sudo * Allow opafm search nfs directories * Add support for syslogd unconfined scripts * Allow gpsd use /dev/gnss devices * Allow gpg read rpm cache * Allow virtqemud additional permissions * Allow virtqemud manage its private lock files * Allow virtqemud use the io_uring api * Allow ddclient send e-mail notifications * Allow postfix_master_t map postfix data files * Allow init create and use vsock sockets * Allow thumb_t append to init unix domain stream sockets * Label /dev/vas with vas_device_t * Create interface selinux_watch_config and add it to SELinux users * Update cifs interfaces to include fs_search_auto_mountpoints() * Allow sudodomain read var auth files * Allow spamd_update_t read hardware state information * Allow virtnetworkd domain transition on tc command execution * Allow sendmail MTA connect to sendmail LDA * Allow auditd read all domains process state * Allow rsync read network sysctls * Add dhcpcd bpf capability to run bpf programs * Dontaudit systemd-hwdb dac_override capability * Allow systemd-sleep create efivarfs files * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on * Allow graphical applications work in Wayland * Allow kdump work with PrivateTmp * Allow dovecot-auth work with PrivateTmp * Allow nfsd get attributes of all filesystems * Allow unconfined_domain_type use io_uring cmd on domain * ci: Only run Rawhide revdeps tests on the rawhide branch * Label /var/run/auditd.state as auditd_var_run_t * Allow fido-device-onboard (FDO) read the crack database * Allow ip an explicit domain transition to other domains * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t * Allow winbind_rpcd_t processes access when samba_export_all_* is on * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection * Allow ntp to bind and connect to ntske port. ==== shim ==== - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) ==== spectacle ==== - Drop meanwhile unneeeded BuildReqs on kColorPicker and kImageAnnotator ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev - Drop python3-pefile dependency from the experimental package. MicroOs is fond of the experimental stuff but OTOH it doesn't ship python3. Let's drop the dependency for now, users of ukify are invited to install python3-pe manually. - Move systemd-reboot.service from udev to the main package as this service is useful in containers. ==== webkit2gtk3 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== webkit2gtk4 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio - Add patch to only enable bluetooth when audio support is enabled by installing wireplumber-audio (bsc#1219411): * fix-bsc1219411.patch ==== xkbcomp ==== Version update (1.4.6 -> 1.4.7) - update to 1.4.7 * This release mainly focuses on code cleanup and improving maintainability and making static analysis work better on this code base. It also fixes a bug that could cause build failures with gcc when the -ftracer option was used. ==== xprop ==== Version update (1.2.6 -> 1.2.7) - Update to version 1.2.7 * This release fixes a failure to build with C23 compilers. ==== yast2-installation ==== Version update (5.0.5 -> 5.0.6) - Restore the selected products after reloading the package manager, properly install all products for new modules and extensions when upgrading from SLE12 (bsc#1218391) - 5.0.6 ==== yast2-network ==== Version update (5.0.1 -> 5.0.2) - Consider firmware configured interfaces as non bridgeable (bsc#1218595). - 5.0.2