Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231101 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: dracut (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac) erofs-utils (1.7 -> 1.7.1) gnome-text-editor (45.0 -> 45.1) gpgme (1.23.0 -> 1.23.1) gpgmeqt (1.23.0 -> 1.23.1) grub2 hxtools (20230411 -> 20231101) libnbd (1.18.0 -> 1.18.1) open-vm-tools (12.3.0 -> 12.3.5) poppler (23.09.0 -> 23.10.0) poppler-qt5 (23.09.0 -> 23.10.0) rubygem-rubocop (1.57.1 -> 1.57.2) selinux-policy (20231012 -> 20231030) sssd wireplumber yast2-trans (84.87.20231004.bd479b5f2d -> 84.87.20231027.a9c9df2125) === Details === ==== dracut ==== Version update (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac) - Update to version 059+suse.511.g0bdb16ac: * fix(pkcs11): delete trailing dot on libcryptsetup-token-systemd-pkcs11.so * fix(systemd-repart): correct undefined $libdir * fix(dracut-systemd): use `DRACUT_VERSION` instead of `VERSION` * fix(dracut.sh): abort if Bash is in POSIX mode * fix(dracut-initramfs-restore.sh): do not set selinux labels if disabled * fix(network): correct network device naming (bsc#1192986) ==== erofs-utils ==== Version update (1.7 -> 1.7.1) - Update to release 1.7.1 * erofs-utils: fix reference leak in function ``erofs_mkfs_build_tree_from_path`` ==== gnome-text-editor ==== Version update (45.0 -> 45.1) Subpackages: gnome-text-editor-lang - Update to version 45.1: + Use proper etag when comparing document for changes after a Save As operation occurs. + Fix row styling in preferences. + Fix memory leak of GtkNativeDialog. + Updated translations. ==== gpgme ==== Version update (1.23.0 -> 1.23.1) Subpackages: libgpgme11 libgpgmepp6 - update to 1.23.1: * fixes for other platforms ==== gpgmeqt ==== Version update (1.23.0 -> 1.23.1) - update to 1.23.1: * fixes for other platforms ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch ==== hxtools ==== Version update (20230411 -> 20231101) Subpackages: fd0ssh ofl - Update to release 20231101 * qtar: add .zst suffix support * sadmin: delete utmp_register * dircolors: reinstate upstream color for BLK/CHR * spec-beautifier: apply transformation logic to preamble as well * spec-beautifier: eliminate BuildRoot/Package/Distribution/Vendor lines * spec-beautifier: delete massaging of BuildRequire lists ==== libnbd ==== Version update (1.18.0 -> 1.18.1) - Update to version 1.18.1: * Version 1.18.1. * rust: Use string_starts_with instead of String.starts_with * rust: Build the examples * rust: Write a custom translator from POD to rustdoc * rust: Add overview documentation * rust: Annotate 'endif' with corresponding label * utils: Slightly simplify human_size() * docs: Assign CVE-2023-5215 to nbd_get_size negative result issue ==== open-vm-tools ==== Version update (12.3.0 -> 12.3.5) Subpackages: libvmtools0 open-vm-tools-desktop - Update to 12.3.5 (build 22544099) (boo#1216670) - There are no new features in the open-vm-tools 12.3.5 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release resolves CVE-2023-34058. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0024.html. - This release resolves CVE-2023-34059 which only affects open-vm-tools. For more information on this vulnerability, please see the Resolved Issues section of the Release Notes. - A GitHub issue has been handled. Please see the Resolved Issues section of the Release Notes. - An update to the deployPkg plugin to coordinate with recent releases of cloud-init for improvement for guest VM customization. - For issues resolved in this release, see the Resolved Issues <https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md#resolved-issues> section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md - The granular changes that have gone into the 12.3.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/Cha... - Drop patch now contained in 12.3.5: - CVE-2023-34058.patch - CVE-2023-34059.patch ==== poppler ==== Version update (23.09.0 -> 23.10.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - Add patch to let it build with the heavily patched tiff 4.0.9 we have in SLE 15: * reduce-libtiff-required-version.patch - version update to 23.10.0 core: * cairo: update type 3 fonts for cairo 1.18 api * Fix crash on malformed files build system: * Make a few more dependencies soft-mandatory * Add more supported gnupg releases * Check if linker supports version scripts - modified patches % reduce-boost-required-version.patch (refreshed) ==== poppler-qt5 ==== Version update (23.09.0 -> 23.10.0) - Add patch to let it build with the heavily patched tiff 4.0.9 we have in SLE 15: * reduce-libtiff-required-version.patch - version update to 23.10.0 core: * cairo: update type 3 fonts for cairo 1.18 api * Fix crash on malformed files build system: * Make a few more dependencies soft-mandatory * Add more supported gnupg releases * Check if linker supports version scripts - modified patches % reduce-boost-required-version.patch (refreshed) ==== rubygem-rubocop ==== Version update (1.57.1 -> 1.57.2) - updated to version 1.57.2 [#]# 1.57.2 (2023-10-26) [#]## Bug fixes * [#12274](https://github.com/rubocop/rubocop/issues/12274): Fix a false positive for `Lint/Void` when `each`'s receiver is an object of `Enumerator` to which `filter` has been applied. ([@koic][]) * [#12291](https://github.com/rubocop/rubocop/issues/12291): Fix a false positive for `Metrics/ClassLength` when a class with a singleton class definition. ([@koic][]) * [#12293](https://github.com/rubocop/rubocop/issues/12293): Fix a false positive for `Style/RedundantDoubleSplatHashBraces` when using double splat hash braces with `merge` and method chain. ([@koic][]) * [#12298](https://github.com/rubocop/rubocop/issues/12298): Fix a false positive for `Style/RedundantParentheses` when using a parenthesized hash literal as the first argument in a method call without parentheses. ([@koic][]) * [#12283](https://github.com/rubocop/rubocop/pull/12283): Fix an error for `Style/SingleLineDoEndBlock` when using single line `do`...`end` with no body. ([@koic][]) * [#12312](https://github.com/rubocop/rubocop/issues/12312): Fix an incorrect autocorrect for `Style/HashSyntax` when braced hash key and value are the same and it is used in `if`...`else`. ([@koic][]) * [#12307](https://github.com/rubocop/rubocop/issues/12307): Fix an infinite loop error for `Layout/EndAlignment` when `EnforcedStyleAlignWith: variable` and using a conditional statement in a method argument on the same line and `end` with method call is not aligned. ([@koic][]) * [#11652](https://github.com/rubocop/rubocop/issues/11652): Make `--auto-gen-config` generate `inherit_from` correctly inside ERB `if`. ([@jonas054][]) * [#12310](https://github.com/rubocop/rubocop/issues/12310): Drop `base64` gem from runtime dependency. ([@koic][]) * [#12300](https://github.com/rubocop/rubocop/issues/12300): Fix an error for `Style/IdenticalConditionalBranches` when `if`...`else` with identical leading lines and using index assign. ([@koic][]) * [#12286](https://github.com/rubocop/rubocop/issues/12286): Fix false positives for `Style/RedundantDoubleSplatHashBraces` when using double splat with a hash literal enclosed in parenthesized ternary operator. ([@koic][]) * [#12279](https://github.com/rubocop/rubocop/issues/12279): Fix false positives for `Lint/EmptyConditionalBody` when missing 2nd `if` body with a comment. ([@koic][]) * [#12275](https://github.com/rubocop/rubocop/issues/12275): Fix a false positive for `Style/RedundantDoubleSplatHashBraces` when using double splat within block argument containing a hash literal in an array literal. ([@koic][]) * [#12284](https://github.com/rubocop/rubocop/issues/12284): Fix false positives for `Style/SingleArgumentDig` when using some anonymous argument syntax. ([@koic][]) * [#12301](https://github.com/rubocop/rubocop/issues/12301): Make `Style/RedundantFilterChain` aware of safe navigation operator. ([@koic][]) ==== selinux-policy ==== Version update (20231012 -> 20231030) Subpackages: selinux-policy-targeted - Update to version 20231030: * Allow system_mail_t manage exim spool files and dirs * Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t * Label /run/pcsd.socket with cluster_var_run_t * ci: Run cockpit tests in PRs * Add map_read map_write to kernel_prog_run_bpf * Allow systemd-fstab-generator read all symlinks * Allow systemd-fstab-generator the dac_override capability * Allow rpcbind read network sysctls * Support using systemd containers * Allow sysadm_t to connect to iscsid using a unix domain stream socket * Add policy for coreos installer * Add policy for nvme-stas * Confine systemd fstab,sysv,rc-local * Label /etc/aliases.lmdb with etc_aliases_t * Create policy for afterburn * Make new virt drivers permissive * Split virt policy, introduce virt_supplementary module * Allow apcupsd cgi scripts read /sys * Allow kernel_t to manage and relabel all files * Add missing optional_policy() to files_relabel_all_files() * Allow named and ndc use the io_uring api * Deprecate common_anon_inode_perms usage * Improve default file context(None) of /var/lib/authselect/backups * Allow udev_t to search all directories with a filesystem type * Implement proper anon_inode support * Allow targetd write to the syslog pid sock_file * Add ipa_pki_retrieve_key_exec() interface * Allow kdumpctl_t to list all directories with a filesystem type * Allow udev additional permissions * Allow udev load kernel module * Allow sysadm_t to mmap modules_object_t files * Add the unconfined_read_files() and unconfined_list_dirs() interfaces * Set default file context of HOME_DIR/tmp/.* to <<none>> * Allow kernel_generic_helper_t to execute mount(1) * Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t * Allow systemd-localed create Xserver config dirs * Allow sssd read symlinks in /etc/sssd * Label /dev/gnss[0-9] with gnss_device_t * Allow systemd-sleep read/write efivarfs variables * ci: Fix version number of packit generated srpms * Dontaudit rhsmcertd write memory device * Allow ssh_agent_type create a sockfile in /run/user/USERID * Set default file context of /var/lib/authselect/backups to <<none>> * Allow prosody read network sysctls * Allow cupsd_t to use bpf capability * Allow sssd domain transition on passkey_child execution conditionally * Allow login_userdomain watch lnk_files in /usr * Allow login_userdomain watch video4linux devices * Change systemd-network-generator transition to include class file * Revert "Change file transition for systemd-network-generator" * Allow nm-dispatcher winbind plugin read/write samba var files * Allow systemd-networkd write to cgroup files * Allow kdump create and use its memfd: objects * Allow fedora-third-party get generic filesystem attributes * Allow sssd use usb devices conditionally * Update policy for qatlib * Allow ssh_agent_type manage generic cache home files * Change file transition for systemd-network-generator * Additional support for gnome-initial-setup * Update gnome-initial-setup policy for geoclue * Allow openconnect vpn open vhost net device * Allow cifs.upcall to connect to SSSD also through the /var/run socket * Grant cifs.upcall more required capabilities * Allow xenstored map xenfs files * Update policy for fdo * Allow keepalived watch var_run dirs * Allow svirt to rw /dev/udmabuf * Allow qatlib to modify hardware state information. * Allow key.dns_resolve connect to avahi over a unix stream socket * Allow key.dns_resolve create and use unix datagram socket * Use quay.io as the container image source for CI * ci: Move srpm/rpm build to packit * .copr: Avoid subshell and changing directory * Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file * Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t * Make insights_client_t an unconfined domain * Allow insights-client manage user temporary files * Allow insights-client create all rpm logs with a correct label * Allow insights-client manage generic logs * Allow cloud_init create dhclient var files and init_t manage net_conf_t * Allow insights-client read and write cluster tmpfs files * Allow ipsec read nsfs files * Make tuned work with mls policy * Remove nsplugin_role from mozilla.if * allow mon_procd_t self:cap_userns sys_ptrace * Allow pdns name_bind and name_connect all ports * Set the MLS range of fsdaemon_t to s0 - mls_systemhigh * ci: Move to actions/checkout@v3 version * .copr: Replace chown call with standard workflow safe.directory setting * .copr: Enable `set -u` for robustness * .copr: Simplify root directory variable * Allow rhsmcertd dbus chat with policykit * Allow polkitd execute pkla-check-authorization with nnp transition * Allow user_u and staff_u get attributes of non-security dirs * Allow unconfined user filetrans chrome_sandbox_home_t * Allow svnserve execute postdrop with a transition * Do not make postfix_postdrop_t type an MTA executable file * Allow samba-dcerpc service manage samba tmp files ... changelog too long, skipping 64 lines ... * Allow sendmail manage its runtime files ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update dependencies to require the same subpackages version and release - Fix /usr/etc migration fragment in wrong "%pre kcm" instead of "%pre" - Move sss_analyze to sssd-tools package - Default config is unworkable, just stop installing it altogether [boo#1216739] ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang - Add patch from upstream that fixes too many matches for property interest: * 0001-object-manager-reduce-the-amount-of-globals-that-initially.patch - Add patch from upstream that fixes an odd failure of a test after applying the previous patch: * 0002-object-manager-use-an-idle-callback-to-expose-tmp-globals.patch - Add patch from upstream that adds ability to hide parent nodes, which is useful to prevent hardware misuse or damage by poorly behaved/configured clients: * 0001-policy-dsp-add-ability-to-hide-parent-nodes.patch ==== yast2-trans ==== Version update (84.87.20231004.bd479b5f2d -> 84.87.20231027.a9c9df2125) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20231027.a9c9df2125: * Translated using Weblate (Galician) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'country'. * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (French) * New POT for text domain 'qt-pkg'.