Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20210328 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: checkpolicy (3.1 -> 3.2) e2fsprogs (1.46.1 -> 1.46.2) elfutils kernel-firmware (20210208 -> 20210315) libnettle (3.7.1 -> 3.7.2) libselinux (3.1 -> 3.2) libselinux-bindings (3.1 -> 3.2) patterns-microos policycoreutils (3.1 -> 3.2) python-semanage (3.1 -> 3.2) selinux-policy (20210223 -> 20210309) setools (4.3.0 -> 4.4.0) snapper (0.8.15 -> 0.8.16) toolbox (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) transactional-update (3.2.2 -> 3.3.0) === Details === ==== checkpolicy ==== Version update (3.1 -> 3.2) - Update to version 3.2 * Fix a memleak and an integer overflow ==== e2fsprogs ==== Version update (1.46.1 -> 1.46.2) Subpackages: libcom_err2 libext2fs2 - e2fsprogs 1.46.2: * tune2fs -c now takes "random" argument * Add support for the FS_NOCOMP_FL flag to chattr and lsattr * Fix warnings when resizing small file systems to a super-large * Fix the debugfs rdump and ls commands so they will work correctly for uid's and gid's => 65536 * Fix the debugfs write and symlink commands so they support targets which contain a pathname * Fix Direct I/O support on block devices where the logical block size is greater 1k * Fix debugfs's logdump so it works on file systems whose block size is greater than 8k * Fix a crash when there is error while e2fsck is trying to open the file system, and e2fsck calls ext2fs_mmp_stop() before MMP has been initialized * Improved error checking in the fast commit replay code in e2fsck * Fix various compiler and Coverity warnings * Update the Spanish translation from the translation project ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ==== kernel-firmware ==== Version update (20210208 -> 20210315) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210315 (git commit 3568f962908c): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtw88: 8822c: Update normal firmware to v9.9.6 * iwlwifi: add new FWs from core59-66 release * iwlwifi: update 9000-family firmwares * iwlwifi: update 7265D firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406 * linux-firmware: add frimware for mediatek bluetooth chip (MT7921) * rtw89: 8852a: add firmware v0.9.12.2 * WHENCE: add missing symlink for BananaPi M3 * Add symlink for BananaPi M2 to brcmfmac43430-sdio config * brcm: Fix Raspberry Pi 4B NVRAM file * silabs: add new firmware for WF200 * amdgpu: add initial firmware for green sardine * rtw88: RTL8822C: Update normal firmware to v9.9.5 - Drop obsoleted patch: Revert-brcm-rpi4-boardflags3-bit.patch - Update topics and aliases ==== libnettle ==== Version update (3.7.1 -> 3.7.2) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (boo#1183835) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger ==== libselinux ==== Version update (3.1 -> 3.2) Subpackages: libselinux1 selinux-tools - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. + Replace pkgconfig(libpcre) Requires in -devel static with pkgconfig(libpcre2-8). - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== libselinux-bindings ==== Version update (3.1 -> 3.2) - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Remove gnome-calculator and add gnome-branding-MicroOS to MicroOS GNOME Desktop - Add gnome-shell-search-provider-nautilus and gnome-color-manager to MicroOS GNOME Desktop - gnome-color-manager needed for Night Light - Use busybox hostname and gzip for MicroOS except for the Desktop - Require util-linux instead of "login" alias - Remove supportutils, we didn't use it and it pulls in more than we want - Ensure that a repository configuration package is installed for Micro DNF or PackageKit patterns - Split base pattern into separate patterns for Zypper, Micro DNF, and PackageKit - Make GNOME and KDE Plasma patterns require PackageKit pattern ==== policycoreutils ==== Version update (3.1 -> 3.2) Subpackages: policycoreutils-python-utils python3-policycoreutils - Update to version 3.2 * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * `setfiles` doesn't abort on labeling errors - Refreshed get_os_version.patch ==== python-semanage ==== Version update (3.1 -> 3.2) - Minor spec file cleanups - Update to version 3.2 * dropped old and deprecated symbols and functions libsemanage version was bumped to libsemanage.so.2 * libsemanage tries to sync data to prevent empty files in SELinux module store ==== selinux-policy ==== Version update (20210223 -> 20210309) Subpackages: selinux-policy-targeted - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177] - Update to version 20210309 - Refreshed * fix_systemd.patch * fix_selinuxutil.patch * fix_iptables.patch * fix_init.patch * fix_logging.patch * fix_nscd.patch * fix_hadoop.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * fix_cron.patch * fix_usermanage.patch * fix_unprivuser.patch * fix_rpm.patch - Ensure that /usr/etc is labeled according to /etc rules ==== setools ==== Version update (4.3.0 -> 4.4.0) - Update to the version 4.4.0: * Added support for old Boolean name substitution in seinfo and sesearch. * Added sechecker tool which is a configuration file driven analysis tool. ==== snapper ==== Version update (0.8.15 -> 0.8.16) Subpackages: libsnapper5 - fixed creating root config (root prefix handling) (gh#openSUSE/snapper#627) ==== toolbox ==== Version update (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) - Update to version 2.1+git20210311.15cb3ad: * Don't check for subuid if root calls toolbox [bsc#1183375] ==== transactional-update ==== Version update (3.2.2 -> 3.3.0) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.3.0 - Add support for more package managers by bind mounting their directories - Support snapshots without dedicated overlay [boo#1183539], [bsc#1183539] - Link RPM database correctly with older zypper versions [boo#1183521] - Don't discard manual changes in fstab [boo#1183856]