Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
libheif (1.17.1 -> 1.17.3)
libvisual
openblas_pthreads
python-Pygments
python-anyio
sdbootutil (1+git20231026.f43c33c -> 1+git20231102.beb4c19)
=== Details ===
==== libheif ====
Version update (1.17.1 -> 1.17.3)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif1
- update to 1.17.3
* Bug fix #1026: corrected transform box generation for
heif_orientation_flip_vertically and
heif_orientation_rotate_90_cw_then_flip_vertically
- update to 1.17.2:
* #1010 loading of HEIF files with extra zero bytes at the end
* #1015 / #1017 default nclx values now match sRGB
* support JPEG2000 images with alpha channel
* various smaller fixes
==== libvisual ====
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
==== openblas_pthreads ====
- Propagate the correct CPU count to the pkgconfig file, see
gh#OpenMathLib/OpenBLAS#4275.
- Delete build machine cpu count
==== python-Pygments ====
- Add skip-wcag-contrast-ratio.patch to make
python-wcag-contrast-ratio just optional dependency
(gh#pygments/pygments!2564).
==== python-anyio ====
- add tests-test_fileio.py-don-t-follow-symlinks-in-dev.patch (kernel
6.6 fix)
==== sdbootutil ====
Version update (1+git20231026.f43c33c -> 1+git20231102.beb4c19)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20231102.beb4c19:
* Update sdboot in snapper hook
* Install command with specific snapshot
* Install sdbootutil marker next to loader
* In t-u mode, don't call sdbootutil in rpm scriptlets
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
libheif (1.17.1 -> 1.17.3)
libvisual
openblas_pthreads
python-Pygments
python-anyio
sdbootutil (1+git20231026.f43c33c -> 1+git20231102.beb4c19)
yast2-trans (84.87.20231027.a9c9df2125 -> 84.87.20231104.b73ad6fbc9)
=== Details ===
==== libheif ====
Version update (1.17.1 -> 1.17.3)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1
- update to 1.17.3
* Bug fix #1026: corrected transform box generation for
heif_orientation_flip_vertically and
heif_orientation_rotate_90_cw_then_flip_vertically
- update to 1.17.2:
* #1010 loading of HEIF files with extra zero bytes at the end
* #1015 / #1017 default nclx values now match sRGB
* support JPEG2000 images with alpha channel
* various smaller fixes
==== libvisual ====
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
==== openblas_pthreads ====
- Propagate the correct CPU count to the pkgconfig file, see
gh#OpenMathLib/OpenBLAS#4275.
- Delete build machine cpu count
==== python-Pygments ====
- Add skip-wcag-contrast-ratio.patch to make
python-wcag-contrast-ratio just optional dependency
(gh#pygments/pygments!2564).
==== python-anyio ====
- add tests-test_fileio.py-don-t-follow-symlinks-in-dev.patch (kernel
6.6 fix)
==== sdbootutil ====
Version update (1+git20231026.f43c33c -> 1+git20231102.beb4c19)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20231102.beb4c19:
* Update sdboot in snapper hook
* Install command with specific snapshot
* Install sdbootutil marker next to loader
* In t-u mode, don't call sdbootutil in rpm scriptlets
==== yast2-trans ====
Version update (84.87.20231027.a9c9df2125 -> 84.87.20231104.b73ad6fbc9)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW
- Update to version 84.87.20231104.b73ad6fbc9:
* Translated using Weblate (Slovak)
* Translated using Weblate (Czech)
* Translated using Weblate (Dutch)
* Translated using Weblate (Catalan)
* Translated using Weblate (Japanese)
* Translated using Weblate (Japanese)
* New POT for text domain 'storage'.
* New POT for text domain 'installation'.
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* New POT for text domain 'update'.
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SVT-AV1 (1.6.0 -> 1.7.0)
dnf (4.14.0 -> 4.18.0)
fwupd (1.8.17 -> 1.9.7)
gdm
git (2.42.0 -> 2.42.1)
installation-images-MicroOS (17.100 -> 17.103)
json-c (0.16 -> 0.17)
keylime (7.6.0 -> 7.7.0)
libdnf (0.70.2 -> 0.72.0)
libmodulemd (2.14.0 -> 2.15.0)
librepo (1.15.1 -> 1.17.0)
openldap2 (2.6.4 -> 2.6.6)
openldap2-contrib-src (2.6.4 -> 2.6.6)
p11-kit (0.25.1 -> 0.25.2)
polkit-default-privs (1550+20231006.28f05f1 -> 1550+20231103.3b4a82f)
redis (7.2.2 -> 7.2.3)
rust-keylime (0.2.2+git.1689256829.3d2b627 -> 0.2.2+git.1697658634.9c7c6fa)
webkit2gtk3
webkit2gtk4
=== Details ===
==== SVT-AV1 ====
Version update (1.6.0 -> 1.7.0)
- Update to release 1.7.0
* Encoder:
* Improve the tradeoffs for the random access mode across
presets MR-M13
* Quality improvements across all presets and metrics ranging
from 0.3% to 4.5% in BD-rate
* Added an experimental tune SSIM mode yielding ~3-4%
additional SSIM BD-rate gains
==== dnf ====
Version update (4.14.0 -> 4.18.0)
- Update to 4.18.0
+ Add reboot option to DNF Automatic (rh#2124793)
+ Add support for rollback of group upgrade rollback (rh#2016070)
+ Omit src RPMs from check-update (rh#2151910)
+ repoquery: Properly sanitize queryformat strings (rh#2140884)
+ Don't double-encode RPM URLs passed on CLI (rh#2103015)
+ Allow passing CLI options when loading remote cfg (rh#2060127)
+ Ignore processing variable files with unsupported encoding (rh#2141215)
+ Fix AttributeError when IO busy and press ctrl+c (rh#2172433)
+ cli: Allow = in setopt values
+ Mark strftime format specifiers for translation
+ Unload plugins upon their deletion
+ Fixes in docs and help command
+ Fix plugins unit tests
+ Add unit tests for dnf mark
+ smtplib: catch OSError, not SMTPException
+ automatic: Fix online detection with proxy (rh#2022440)
+ automatic: Return an error when transaction fails (rh#2170093)
+ repoquery: Allow uppercased query tags (rh#2185239)
+ Update repo metadata cache pattern to include zstd
+ Add provide exception handling
+ When parsing over a KVP list, do not return till the whole list is parsed
+ Provide /usr/bin/dnf4 symlink to /usr/bin/dnf-3
+ Document the symbols in the output of `dnf history list` (rh#2172067)
+ crypto: Use libdnf crypto API instead of using GnuPG/GpgME
+ Block signals during RPM transaction processing (rh#2133398)
+ Fix bash completion due to sqlite changes (rh#2232052)
+ automatic: allow use of STARTTLS/TLS
+ automatic: use email_port specified in config
+ base: Add obsoleters of only latest versions (rh#2183279, rh#2176263)
+ comps: Fix marking a group package as installed (rh#2066638)
+ distro-sync: Print better info message when no match (rh#2011850)
+ Include dist-info for python3-dnf (rh#2239323)
+ Revert "Block signals during RPM transaction processing" (rh#2133398)
+ Do not print details of verifying (rh#1908253)
+ conf: Split $releasever to $releasever_major and $releasever_minor (rh#1789346)
+ Update translations
==== fwupd ====
Version update (1.8.17 -> 1.9.7)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0
- Disable passim support for now. For openSUSE users this is likely
less intereting that it would be for enterprise customers.
- Update to versrion 1.9.7:
+ This release adds the following features:
- Add support for child device requirements in metadata.
- Allow to have more than one host BKC.
- Delete BootNext as a post-reboot action to work around broken
firmware.
- Parse cabinet archives internally without libgcab.
- Use close-ended mode for eMMC FFU to speed up firmware
updates.
+ This release adds support for the following hardware:
- Logitech Rally System devices.
- More PixartRF HPAC devices.
- More Synaptics Prometheus fingerprint readers.
- Some Western Digital eMMC devices.
- VIA VL830 and VL832.
- Update to version 1.9.6:
+ This release adds the following features:
- Add a launchd agent for macOS.
- Add a new security attribute for BIOS capsule updates to be
enabled.
- Add functionality to fix specific host security attributes.
- Add global information from the context into the report data.
- Add support for coSWID payload sections.
- Add support for parsing the EDID.
- Allow adding only-quirk instance IDs from quirk files.
- Install a sysusers.d systemd file when using
- Dsystemd_unit_user.
+ For The changes of 1.9.0â¦1.9.5, please consult
https://github.com/fwupd/fwupd/releases
- Add pkgconfig(passim) BuildRequires: new dependency.
- Pass -Dplugin_amdgpu=disabled to meson: not buildable just yet.
- Pass -Dlaunchd=disabled to meson: launched is MacOS only.
- Drop -Dplugin_dell=enabled meson parameter: no longer supported.
- Drop fwupd-bsc1130056-change-shim-path.patch: no longer
applicable.
==== gdm ====
Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Rebase patches for SLE-15-SP6 (bsc#216595):
+ Rebase gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+ Rebase gdm-disable-gnome-initial-setup.patch
+ Rebase gdm-restart-session-when-X-server-restart.patch
==== git ====
Version update (2.42.0 -> 2.42.1)
- git 2.24.1:
* The usual number of bug fixes, including
* Fix "git diff" exit code handling
* Various fixes to the behavior of "rebase -i" when the command
got interrupted by conflicting changes
==== installation-images-MicroOS ====
Version update (17.100 -> 17.103)
- merge gh#openSUSE/installation-images#673
- fix another symlink warning
- 17.103
- merge gh#openSUSE/installation-images#672
- fix dangling symlink detection
- update symlink config
- add missing tpm packages to spec file
- fix typo in early_setup script
- 17.102
==== json-c ====
Version update (0.16 -> 0.17)
- Update to 0.17:
+ New features:
* json_patch: add first implementation only with patch application
* Add --disable-static and --disable-dynamic options to the cmake-configure script.
* Add -DBUILD_APPS=NO option to disable app build
* Minimum cmake version is now 3.9
+ Significant changes and bug fixes:
* When serializing with JSON_C_TO_STRING_PRETTY set, keep the opening and
closing curly or square braces on same line for empty objects or arrays.
* Disable locale handling when targeting a uClibc system due to problems
with its duplocale() function.
* When parsing with JSON_TOKENER_STRICT set, integer overflow/underflow
now result in a json_tokener_error_parse_number. Without that flag
values are capped at INT64_MIN/UINT64_MAX.
* Fix memory leak with emtpy strings in json_object_set_string
* json_object_from_fd_ex: fail if file is too large (>=INT_MAX bytes)
* Add back json_number_chars, but only because it's part of the public API.
* Entirely drop mode bits from open(O_RDONLY) to avoid warnings on certain
platforms.
* Specify dependent libraries, including -lbsd, in a more consistent way so
linking against a static json-c works better
* Fix a variety of build problems and add & improve tests
* Update RFC reference to https://www.rfc-editor.org/rfc/rfc8259
- Remove deprecated suse_version checks
==== keylime ====
Version update (7.6.0 -> 7.7.0)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime
- Update to version v7.7.0:
* Monthly release (7.7.0)
* tpm_cert_store: add the Nationz TPM EK x509 cert
* codestyle: Have mypy ignore import of PoolManager
* codestyle: Suppress pyright errors on methods that do exist
* codestyle: Annotate some string constances (pyright)
* types: Fix a deprecation warning from recent cryptography
* create_policy: Set the generator value to LegacyAllowList
* verifier: Compare generator against enum rather than magic '1'
* Fix pylint C0103 (naming) errors in some files
* crypto: Fix a pyright issue
* test: Fix a pyright issue
==== libdnf ====
Version update (0.70.2 -> 0.72.0)
Subpackages: libdnf-repo-config-zypp libdnf2
- Update to 0.72.0
+ PGP: Use new librepo PGP API, remove gpgme dependency
+ API: Basic support for OpenPGP public keys
+ Avoid using GNU extensions in the dependency splitter regex
+ filterAdvisory: match installed_solvables sort with lower_bound (rh#2212838)
+ Make code C++20 compatible
+ Avoid reinstalling installonly packages marked for ERASE (rh#2163474)
+ transaction: Save the reason for installing (rh#1733274)
+ hawkey.subject: get_best_selectors only obsoleters of latest (rh#2183279, rh#2176263)
+ conf: Add limited shell-style variable expansion (rh#1789346)
+ conf: Add support for $releasever_major, $releasever_minor (rh#1789346)
+ repo: Don't download the repository if the local cache is up to date
+ Allow DNF to be removed by DNF 5 (rh#2221907)
+ Include dist-info for python3-libdnf
+ bindings: Load all modules with RTLD_GLOBAL
+ Update translations
- Fix RHBZ references
- Refresh patch to link with static libsolvext
+ Remove patch: libdnf-0.48.0-with-static-libsolvext.patch
+ Add patch: libdnf-0.72.0-with-static-libsolvext.patch
==== libmodulemd ====
Version update (2.14.0 -> 2.15.0)
- Update to 2.15.0
+ Add support for decompressing Zstandard-compressed YAML files
+ Remove a dependency on "file" library (libmagic)
+ Add a XML specification for in-YUM-repository metadata
+ Deprecate intents in modulemd-defaults specification
+ Fix a crash when converting a modulemd-packager object with a default
profile and without a module name or stream to a module index
+ Fix parsing empty profiles
+ A specification for modulemd-v2 format was corrected to require a "content"
license subtree only if the module build contains artifacts.
+ Double-quote strings in scalar YAML values when they look like a number
+ Warnings from g_str_equal() macro of glib2 about passing an unsigned
char * to strcmp() were fixed
==== librepo ====
Version update (1.15.1 -> 1.17.0)
- Update to 1.17.0
* lr_gpg_check_signature: Forward PGP error messages from RPM
* PGP: fix: Support importing binary public keys in librpm backend
* PGP: Enable creating a UID directory for GnuGP agent socket
in /run/gnupg/user
* PGP: Set a default creation SELinux labels on GnuPG directories
* Update PGP test vectors
* Implement OpenPGP using librpm API
* Fixes and optimizations in header files
* Fix lr_gpg_list_keys function when keys are empty
* Fix CMake warnings
* Bump glib version
==== openldap2 ====
Version update (2.6.4 -> 2.6.6)
Subpackages: libldap-data libldap2 openldap2-client
- Update to release 2.6.6
* Fixed libldap handling of TCP KEEPALIVE options
* Fixed slapd callback handling with overlays that do extended
operations
==== openldap2-contrib-src ====
Version update (2.6.4 -> 2.6.6)
- Update to release 2.6.6
* Fixed libldap handling of TCP KEEPALIVE options
* Fixed slapd callback handling with overlays that do extended
operations
==== p11-kit ====
Version update (0.25.1 -> 0.25.2)
Subpackages: libp11-kit0 p11-kit-tools
- Update to 0.25.2:
* fix error code checking of readpassphrase for --login option [#595]
* build fixes [#594]
* test fixes [#596]
==== polkit-default-privs ====
Version update (1550+20231006.28f05f1 -> 1550+20231103.3b4a82f)
- Update to version 1550+20231103.3b4a82f:
* profiles: fwupd: add host-security-attr actions (bsc#1216832)
* profiles: remove outdates sysprof2 actions
* profiles: drop obsolete udisks2 bcache and zram actions
==== redis ====
Version update (7.2.2 -> 7.2.3)
- redis 7.2.3:
- Fix file descriptor leak preventing deleted files from freeing
disk space on replicas (#12693)
- Fix a possible crash after cluster node removal (#12702)
==== rust-keylime ====
Version update (0.2.2+git.1689256829.3d2b627 -> 0.2.2+git.1697658634.9c7c6fa)
Subpackages: keylime-ima-policy
- Update to version 0.2.2+git.1697658634.9c7c6fa:
* build(deps): bump rustix from 0.37.11 to 0.37.25
* build(deps): bump tempfile from 3.6.0 to 3.8.0
* build(deps): bump base64 from 0.21.0 to 0.21.4
* build(deps): bump serde_json from 1.0.96 to 1.0.107
* build(deps): bump openssl from 0.10.55 to 0.10.57
* cargo: Bump serde to version 1.0.188
* tests: Fix tarpaulin issues with dropped -v option
* build(deps): bump signal-hook from 0.3.15 to 0.3.17
* build(deps): bump actix-web from 4.3.1 to 4.4.0
* build(deps): bump thiserror from 1.0.40 to 1.0.48
* Remove private_in_public
* Initial PR to add support for IDevID and IAK
* build(deps): bump uuid from 1.3.1 to 1.4.1
* build(deps): bump log from 0.4.17 to 0.4.20
* build(deps): bump reqwest from 0.11.16 to 0.11.20
* Do not use too specific version on cargo audit workflow
* Add workflow to run cargo-audit security audit
* README: update dependencies for Debian and Ubuntu
* Use latest versions of checkout/upload-artifacts
* docker: Add 'keylime' system user
* Use "currently" for swtpm emulator warning (#632)
* Update container workflow actions versions
* Build container image and push to quay.io
* README: update requirements
==== webkit2gtk3 ====
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Add webkit2gtk3-disable-dmabuf-nvidia.patch: disable DMABuf
renderer for NVIDIA proprietary drivers (boo#1216778).
==== webkit2gtk4 ====
Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Add webkit2gtk3-disable-dmabuf-nvidia.patch: disable DMABuf
renderer for NVIDIA proprietary drivers (boo#1216778).
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
avahi
avahi-glib2
dnf (4.14.0 -> 4.18.0)
ell (0.58 -> 0.59)
fde-tools (0.7.1 -> 0.7.2)
fwupd (1.8.17 -> 1.9.7)
gdm
git (2.42.0 -> 2.42.1)
gjs
glslang
gnome-control-center
gnome-shell (45.0 -> 45.1)
gnome-shell-extensions (45.0 -> 45.1)
gpg2
installation-images-MicroOS (17.98 -> 17.103)
json-c (0.16 -> 0.17)
kdump (1.9.7 -> 1.9.8)
keylime (7.6.0 -> 7.7.0)
kio-fuse
ksystemstats5 (5.27.8 -> 5.27.9)
libdnf (0.70.2 -> 0.72.0)
libmodulemd (2.14.0 -> 2.15.0)
libostree (2023.6 -> 2023.7)
librepo (1.15.1 -> 1.17.0)
libxml2 (2.10.4 -> 2.11.5)
mutter (45.0+45 -> 45.1)
openldap2 (2.6.4 -> 2.6.6)
openldap2-contrib-src (2.6.4 -> 2.6.6)
p11-kit (0.25.1 -> 0.25.2)
patterns-base
pipewire (0.3.83 -> 0.3.84)
podman (4.7.1 -> 4.7.2)
polkit-default-privs (1550+20231006.28f05f1 -> 1550+20231103.3b4a82f)
publicsuffix (20230930 -> 20231028)
python-httpx
raptor (2.0.15 -> 2.0.16)
redis (7.2.2 -> 7.2.3)
rubygem-ruby-dbus
rust-keylime (0.2.2+git.1689256829.3d2b627 -> 0.2.2+git.1697658634.9c7c6fa)
samba (4.19.2+git.322.7e9201cef5 -> 4.19.2+git.324.fa0b54b91b)
sdbootutil (1+git20231023.873adb9 -> 1+git20231026.f43c33c)
shaderc
sssd
systemd
tracker-miners (3.6.1 -> 3.6.2)
util-linux
util-linux-systemd
webkit2gtk3
webkit2gtk4
yast2 (5.0.2 -> 5.0.3)
yast2-installation (5.0.1 -> 5.0.2)
yast2-storage-ng (5.0.3 -> 5.0.4)
yast2-update (5.0.0 -> 5.0.1)
=== Details ===
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
==== avahi-glib2 ====
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
==== dnf ====
Version update (4.14.0 -> 4.18.0)
- Update to 4.18.0
+ Add reboot option to DNF Automatic (rh#2124793)
+ Add support for rollback of group upgrade rollback (rh#2016070)
+ Omit src RPMs from check-update (rh#2151910)
+ repoquery: Properly sanitize queryformat strings (rh#2140884)
+ Don't double-encode RPM URLs passed on CLI (rh#2103015)
+ Allow passing CLI options when loading remote cfg (rh#2060127)
+ Ignore processing variable files with unsupported encoding (rh#2141215)
+ Fix AttributeError when IO busy and press ctrl+c (rh#2172433)
+ cli: Allow = in setopt values
+ Mark strftime format specifiers for translation
+ Unload plugins upon their deletion
+ Fixes in docs and help command
+ Fix plugins unit tests
+ Add unit tests for dnf mark
+ smtplib: catch OSError, not SMTPException
+ automatic: Fix online detection with proxy (rh#2022440)
+ automatic: Return an error when transaction fails (rh#2170093)
+ repoquery: Allow uppercased query tags (rh#2185239)
+ Update repo metadata cache pattern to include zstd
+ Add provide exception handling
+ When parsing over a KVP list, do not return till the whole list is parsed
+ Provide /usr/bin/dnf4 symlink to /usr/bin/dnf-3
+ Document the symbols in the output of `dnf history list` (rh#2172067)
+ crypto: Use libdnf crypto API instead of using GnuPG/GpgME
+ Block signals during RPM transaction processing (rh#2133398)
+ Fix bash completion due to sqlite changes (rh#2232052)
+ automatic: allow use of STARTTLS/TLS
+ automatic: use email_port specified in config
+ base: Add obsoleters of only latest versions (rh#2183279, rh#2176263)
+ comps: Fix marking a group package as installed (rh#2066638)
+ distro-sync: Print better info message when no match (rh#2011850)
+ Include dist-info for python3-dnf (rh#2239323)
+ Revert "Block signals during RPM transaction processing" (rh#2133398)
+ Do not print details of verifying (rh#1908253)
+ conf: Split $releasever to $releasever_major and $releasever_minor (rh#1789346)
+ Update translations
==== ell ====
Version update (0.58 -> 0.59)
- Update to release 0.59
* Add l_safe_ato* functions to the exported symbol list.
==== fde-tools ====
Version update (0.7.1 -> 0.7.2)
- Update to version 0.7.2
+ Add help output for the command tpm-authorize
+ Improve the multi-devices support
==== fwupd ====
Version update (1.8.17 -> 1.9.7)
Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0
- Disable passim support for now. For openSUSE users this is likely
less intereting that it would be for enterprise customers.
- Update to versrion 1.9.7:
+ This release adds the following features:
- Add support for child device requirements in metadata.
- Allow to have more than one host BKC.
- Delete BootNext as a post-reboot action to work around broken
firmware.
- Parse cabinet archives internally without libgcab.
- Use close-ended mode for eMMC FFU to speed up firmware
updates.
+ This release adds support for the following hardware:
- Logitech Rally System devices.
- More PixartRF HPAC devices.
- More Synaptics Prometheus fingerprint readers.
- Some Western Digital eMMC devices.
- VIA VL830 and VL832.
- Update to version 1.9.6:
+ This release adds the following features:
- Add a launchd agent for macOS.
- Add a new security attribute for BIOS capsule updates to be
enabled.
- Add functionality to fix specific host security attributes.
- Add global information from the context into the report data.
- Add support for coSWID payload sections.
- Add support for parsing the EDID.
- Allow adding only-quirk instance IDs from quirk files.
- Install a sysusers.d systemd file when using
- Dsystemd_unit_user.
+ For The changes of 1.9.0â¦1.9.5, please consult
https://github.com/fwupd/fwupd/releases
- Add pkgconfig(passim) BuildRequires: new dependency.
- Pass -Dplugin_amdgpu=disabled to meson: not buildable just yet.
- Pass -Dlaunchd=disabled to meson: launched is MacOS only.
- Drop -Dplugin_dell=enabled meson parameter: no longer supported.
- Drop fwupd-bsc1130056-change-shim-path.patch: no longer
applicable.
==== gdm ====
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Rebase patches for SLE-15-SP6 (bsc#216595):
+ Rebase gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+ Rebase gdm-disable-gnome-initial-setup.patch
+ Rebase gdm-restart-session-when-X-server-restart.patch
==== git ====
Version update (2.42.0 -> 2.42.1)
- git 2.24.1:
* The usual number of bug fixes, including
* Fix "git diff" exit code handling
* Various fixes to the behavior of "rebase -i" when the command
got interrupted by conflicting changes
==== gjs ====
Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0
- Add 3cae384aaf15dec6653b1a5400032c2c2e5dc34c.patch: module:
Canonicalize import specifier before inserting it in registry.
- Explicitly BuildRequire /usr/bin/dbus-run-session: needed by the
test suite.
==== glslang ====
- Fix include dirs for headers of SPIRV and StandAlone. According to the setting
in %{_libdir}/cmake/glslang/glslang-targets.cmake, headers of SPIRV and
StandAlone should be installed in %{_includedir}/External
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces
- Rebase gnome-control-center-disable-error-message-for-NM.patch,
gnome-control-center-info-never-use-gnome-software.patch,
gnome-control-center-more-power-button-actions.patch and
gnome-control-center-bring-back-firewall-zone.patch(bsc#1216601).
==== gnome-shell ====
Version update (45.0 -> 45.1)
Subpackages: gnome-extensions gnome-shell-calendar
- Update to version 45.1:
+ Fix scroll handling on sliders
+ overview: Handle unredirection as part of the state transition
+ Handle DESKTOP windows during workspace animations
+ Fix unexpected focus changes with multi-window apps
+ Improve recording indicator in light style
+ Fix calendar popup shrinking on date changes
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Update to version 45.0+20:
+ workspaceAnimation: Handle DESKTOP windows
+ st/scroll-view: Use clutter_actor_get_effect() to get fade effect
+ overview: Handle unredirection in OverviewShown state machine
+ status/system: Use Intl to format battery percentage
+ slider:
- Ignore left/right scroll directions
- Fix check for emulated scroll events
+ Updated translations.
- Add gnome-shell_nb_fix_trans.patch: Fix typo in translation
breaking gnome-shell calendar overview.
==== gnome-shell-extensions ====
Version update (45.0 -> 45.1)
Subpackages: gnome-shell-classic gnome-shell-extensions-common
- Update to version 45.1:
+ workspace-indicator: Fix initial preview visibility
+ screenshot-window-sizer: Fix cycling between sizes backwards
+ Misc. bug fixes and cleanups
+ Updated translations.
==== gpg2 ====
Subpackages: dirmngr
- Fix the build in SLE and Leap by adding an exclude in the files
section for the dirmngr's systemd user units. [jsc#PED-7093]
==== installation-images-MicroOS ====
Version update (17.98 -> 17.103)
- merge gh#openSUSE/installation-images#673
- fix another symlink warning
- 17.103
- merge gh#openSUSE/installation-images#672
- fix dangling symlink detection
- update symlink config
- add missing tpm packages to spec file
- fix typo in early_setup script
- 17.102
- merge gh#openSUSE/installation-images#670
- add TPM support (bsc#1216835)
- 17.101
- merge gh#openSUSE/installation-images#669
- add spmi-mtk-pmif kernel module (bsc#1216767)
- 17.100
- merge gh#openSUSE/installation-images#667
- Add DTB installation support for Lenovo X13s (bsc#1215647)
- Add lenovo-x13s-firmware-dt BuildRequires to the spec file
(bsc#1215647)
- 17.99
==== json-c ====
Version update (0.16 -> 0.17)
- Update to 0.17:
+ New features:
* json_patch: add first implementation only with patch application
* Add --disable-static and --disable-dynamic options to the cmake-configure script.
* Add -DBUILD_APPS=NO option to disable app build
* Minimum cmake version is now 3.9
+ Significant changes and bug fixes:
* When serializing with JSON_C_TO_STRING_PRETTY set, keep the opening and
closing curly or square braces on same line for empty objects or arrays.
* Disable locale handling when targeting a uClibc system due to problems
with its duplocale() function.
* When parsing with JSON_TOKENER_STRICT set, integer overflow/underflow
now result in a json_tokener_error_parse_number. Without that flag
values are capped at INT64_MIN/UINT64_MAX.
* Fix memory leak with emtpy strings in json_object_set_string
* json_object_from_fd_ex: fail if file is too large (>=INT_MAX bytes)
* Add back json_number_chars, but only because it's part of the public API.
* Entirely drop mode bits from open(O_RDONLY) to avoid warnings on certain
platforms.
* Specify dependent libraries, including -lbsd, in a more consistent way so
linking against a static json-c works better
* Fix a variety of build problems and add & improve tests
* Update RFC reference to https://www.rfc-editor.org/rfc/rfc8259
- Remove deprecated suse_version checks
==== kdump ====
Version update (1.9.7 -> 1.9.8)
- upgrade to version 1.9.8
* drop obsolete dependency on systemd-sysvinit (bsc#1216745)
==== keylime ====
Version update (7.6.0 -> 7.7.0)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime
- Update to version v7.7.0:
* Monthly release (7.7.0)
* tpm_cert_store: add the Nationz TPM EK x509 cert
* codestyle: Have mypy ignore import of PoolManager
* codestyle: Suppress pyright errors on methods that do exist
* codestyle: Annotate some string constances (pyright)
* types: Fix a deprecation warning from recent cryptography
* create_policy: Set the generator value to LegacyAllowList
* verifier: Compare generator against enum rather than magic '1'
* Fix pylint C0103 (naming) errors in some files
* crypto: Fix a pyright issue
* test: Fix a pyright issue
==== kio-fuse ====
- dbus-run-session now needs to be explicitly required for the
test suite.
==== ksystemstats5 ====
Version update (5.27.8 -> 5.27.9)
- Update to 5.27.9
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.9
- No code changes since 5.27.8
- dbus-1 no longer provides dbus-run-session, so BuildRequire
it explicitly
==== libdnf ====
Version update (0.70.2 -> 0.72.0)
Subpackages: libdnf-repo-config-zypp libdnf2
- Update to 0.72.0
+ PGP: Use new librepo PGP API, remove gpgme dependency
+ API: Basic support for OpenPGP public keys
+ Avoid using GNU extensions in the dependency splitter regex
+ filterAdvisory: match installed_solvables sort with lower_bound (rh#2212838)
+ Make code C++20 compatible
+ Avoid reinstalling installonly packages marked for ERASE (rh#2163474)
+ transaction: Save the reason for installing (rh#1733274)
+ hawkey.subject: get_best_selectors only obsoleters of latest (rh#2183279, rh#2176263)
+ conf: Add limited shell-style variable expansion (rh#1789346)
+ conf: Add support for $releasever_major, $releasever_minor (rh#1789346)
+ repo: Don't download the repository if the local cache is up to date
+ Allow DNF to be removed by DNF 5 (rh#2221907)
+ Include dist-info for python3-libdnf
+ bindings: Load all modules with RTLD_GLOBAL
+ Update translations
- Fix RHBZ references
- Refresh patch to link with static libsolvext
+ Remove patch: libdnf-0.48.0-with-static-libsolvext.patch
+ Add patch: libdnf-0.72.0-with-static-libsolvext.patch
==== libmodulemd ====
Version update (2.14.0 -> 2.15.0)
- Update to 2.15.0
+ Add support for decompressing Zstandard-compressed YAML files
+ Remove a dependency on "file" library (libmagic)
+ Add a XML specification for in-YUM-repository metadata
+ Deprecate intents in modulemd-defaults specification
+ Fix a crash when converting a modulemd-packager object with a default
profile and without a module name or stream to a module index
+ Fix parsing empty profiles
+ A specification for modulemd-v2 format was corrected to require a "content"
license subtree only if the module build contains artifacts.
+ Double-quote strings in scalar YAML values when they look like a number
+ Warnings from g_str_equal() macro of glib2 about passing an unsigned
char * to strcmp() were fixed
==== libostree ====
Version update (2023.6 -> 2023.7)
Subpackages: libostree-1-1
- Update to version 2023.7:
+ support for a "transient etc"
+ HTTP layer now retries requests by default
+ a longstanding bug was fixed where ostree would still try to
fetch "loose" objects even when we were doing a delta pull
+ Fix variety of clang-analyzer fixes (some false positives, some
real memory leaks, etc)
==== librepo ====
Version update (1.15.1 -> 1.17.0)
- Update to 1.17.0
* lr_gpg_check_signature: Forward PGP error messages from RPM
* PGP: fix: Support importing binary public keys in librpm backend
* PGP: Enable creating a UID directory for GnuGP agent socket
in /run/gnupg/user
* PGP: Set a default creation SELinux labels on GnuPG directories
* Update PGP test vectors
* Implement OpenPGP using librpm API
* Fixes and optimizations in header files
* Fix lr_gpg_list_keys function when keys are empty
* Fix CMake warnings
* Bump glib version
==== libxml2 ====
Version update (2.10.4 -> 2.11.5)
Subpackages: libxml2-2 libxml2-tools
- Add python312.patch to make it compatible with python 3.12
https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226
- Use pyproject_wheel and pyproject_install macros instead of
python_build, python_install
==== mutter ====
Version update (45.0+45 -> 45.1)
- Update to version 45.1:
+ Fix filtering keybinding events in presence of grabs
+ Fix direct scanout support when using integer scaling
+ Fix capitalization of some keys when caps lock is on
+ Fix vsync regression
+ Fix visibility of software cursors when using direct scanout
+ Fix artifacts at the bottom of some surfaces
+ Discard monitor configs with fractional scale when unusable
+ Apply track point settings
+ xwayland: Enable XDG portal only when not nested
+ Inhibit real-time scheduling when mode setting
+ Don't delay frame updates after idle period
+ Fix running Xwayland in headless setup with nvidia driver
+ wayland: Send keyboard modifiers after the enter event
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Update to version 45.0+61:
+ backend:
- Introduce helpers for turning from/to clutter/evdev buttons
- Use helper to translate from/to clutter/evdev button codes
+ clutter/frame-clock:
- Simplify next_presentation_time_us calculation
- Start next update ASAP after idle period
+ cogl/onscreen: Add missing error untrap calls
+ input-capture:
- Check barriers don't extend into nonexisting monitors
- Fix off-by-one for barrier validation
+ renderer/native:
- Add a new has_addfb2 property
- Send modifiers even without AddFb2
+ screen-cast/stream-src:
- Assert that dmabuf handle lookup succeeds
- Calculate stride after adding handle to hash table
+ tests/clutter/event-delivery: Avoid race with stage update
+ tests/clutter/frame-clock*: Use
clutter_frame_get_target_presentation_time
+ wayland/dma-buf: Advertise INVALID modifier without AddFb2
+ wayland: Send keyboard modifiers after the enter event
+ input-capture: Add more barrier tests, mostly for invalid
barriers
==== openldap2 ====
Version update (2.6.4 -> 2.6.6)
Subpackages: libldap-data libldap2 openldap2-client
- Update to release 2.6.6
* Fixed libldap handling of TCP KEEPALIVE options
* Fixed slapd callback handling with overlays that do extended
operations
==== openldap2-contrib-src ====
Version update (2.6.4 -> 2.6.6)
- Update to release 2.6.6
* Fixed libldap handling of TCP KEEPALIVE options
* Fixed slapd callback handling with overlays that do extended
operations
==== p11-kit ====
Version update (0.25.1 -> 0.25.2)
Subpackages: libp11-kit0 p11-kit-tools
- Update to 0.25.2:
* fix error code checking of readpassphrase for --login option [#595]
* build fixes [#594]
* test fixes [#596]
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced
- Do not recommend nscd anymore. NIS is being phased out and modern
technologies like sssd are not compatible with it anyway.
==== pipewire ====
Version update (0.3.83 -> 0.3.84)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.84 (1.0RC4):
* Highlights
- Fix a regression with openal because the queued buffers in
the stream were not reported correctly.
- Fix a bug in port busy counters that could cause random
silent links.
- Fix a regression in echo-cancel because it was not reporting
its streams as ASYNC.
- Fix a JACK regression where not all ports were enumerated in
all cases.
- Many more fixes and improvements.
* PipeWire
- pw_stream now reports the queued buffers more accurately.
This fixes a regression when using openal. (#3592)
- The port busy counters were not updated correctly in some
cases. This could lead to negotiation errors and silent
links. (#3547)
- Ignore latency maximum when forcing rate/quantum. (#3613)
- Nodes can now be added to multiple groups and link-groups.
(#3612)
* Modules
- The filter-chain now also handles notify port dependencies
correctly. (#3596)
- Filter-chain has support for new linear, clamp, recip, exp,
log, mult, sine builtin plugins.
- The echo-cancel module now correctly reports its playback and
capture streams as ASYNC to avoid running out of buffers.
(#3593)
- It is now possible to specify an array of remote names to
connect to with the native protocol.
- module-rtp-sap and module-rtp-sink now try to bind to the
specified interface.
* SPA
- The alsa plugin now removes the runtime properties such as
period-num, period-size and max-latency when suspended.
(#3613)
* Bluetooth
- BAP Locations/Context is now set on endpoints as required by
new bluez.
- Improve selection of BAP leader.
* JACK
- Add a jack_set_sample_rate() extension function.
- Make sure we get the info of all nodes/ports before
completing the jack_client_open() operation so that we can
enumerate the ports correctly in all cases. (#3618)
* GStreamer
- Fix types of metadata in pipewiresink.
- Also copy metadata in buffers in all cases.
- Fix size allocation in bufferpool for compressed formats.
- Don't stop streaming thread when unlinked. (#3620)
* ALSA
- The ALSA plugin now handles NULL values from mmap_areas.
(#3600)
- Disable the WebRTC-based echo canceller in big endian
architectures since webrtc-audio-processing is not available
there.
==== podman ====
Version update (4.7.1 -> 4.7.2)
- Update to version 4.7.2:
* v4.7.2
* Update RELEASE_NOTES.md for v4.7.2
* compose: try all possible providers before throwing an error
* Mask /sys/devices/virtual/powercap
* fix: check wsl npipe when executing podman compose
* rtd: implement v2 build file
* Adjust to path name change for resolved unit
* Switch version to 4.7.2-dev
- crun is not available for armv6 (because of criu), so use runc
on armv6
==== polkit-default-privs ====
Version update (1550+20231006.28f05f1 -> 1550+20231103.3b4a82f)
- Update to version 1550+20231103.3b4a82f:
* profiles: fwupd: add host-security-attr actions (bsc#1216832)
* profiles: remove outdates sysprof2 actions
* profiles: drop obsolete udisks2 bcache and zram actions
==== publicsuffix ====
Version update (20230930 -> 20231028)
- Update to version 20231028:
* util: gTLD data autopull updates for 2023-10-28
* AWS Submissions to the Public Suffix List - Q3 2023
* Add <4-8>.azurestaticapps.net DNS suffix
==== python-httpx ====
- Add upstream newer-httpcore.patch
* it only allows httpcore 1.0.0 in the pyproject.toml, no code changes
==== raptor ====
Version update (2.0.15 -> 2.0.16)
- Add support for libxml 2.11.0+
* Added patch raptor-libxml2-2.11-support.patch
- update to 2.0.16:
* long list of accumulated bug, security and portability fixes
* see https://librdf.org/raptor/RELEASE.html#rel2_0_16
- drop
0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1:
obsolete/upstream
- ubsan.patch: refresh
==== redis ====
Version update (7.2.2 -> 7.2.3)
- redis 7.2.3:
- Fix file descriptor leak preventing deleted files from freeing
disk space on replicas (#12693)
- Fix a possible crash after cluster node removal (#12702)
==== rubygem-ruby-dbus ====
- Testsuite requires dbus-daemon and dbus-send which are now
separate packages
==== rust-keylime ====
Version update (0.2.2+git.1689256829.3d2b627 -> 0.2.2+git.1697658634.9c7c6fa)
Subpackages: keylime-ima-policy
- Update to version 0.2.2+git.1697658634.9c7c6fa:
* build(deps): bump rustix from 0.37.11 to 0.37.25
* build(deps): bump tempfile from 3.6.0 to 3.8.0
* build(deps): bump base64 from 0.21.0 to 0.21.4
* build(deps): bump serde_json from 1.0.96 to 1.0.107
* build(deps): bump openssl from 0.10.55 to 0.10.57
* cargo: Bump serde to version 1.0.188
* tests: Fix tarpaulin issues with dropped -v option
* build(deps): bump signal-hook from 0.3.15 to 0.3.17
* build(deps): bump actix-web from 4.3.1 to 4.4.0
* build(deps): bump thiserror from 1.0.40 to 1.0.48
* Remove private_in_public
* Initial PR to add support for IDevID and IAK
* build(deps): bump uuid from 1.3.1 to 1.4.1
* build(deps): bump log from 0.4.17 to 0.4.20
* build(deps): bump reqwest from 0.11.16 to 0.11.20
* Do not use too specific version on cargo audit workflow
* Add workflow to run cargo-audit security audit
* README: update dependencies for Debian and Ubuntu
* Use latest versions of checkout/upload-artifacts
* docker: Add 'keylime' system user
* Use "currently" for swtpm emulator warning (#632)
* Update container workflow actions versions
* Build container image and push to quay.io
* README: update requirements
==== samba ====
Version update (4.19.2+git.322.7e9201cef5 -> 4.19.2+git.324.fa0b54b91b)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3
- packaging: samba-tool domain provision requires python3-Markdown;
(bsc#1216519).
==== sdbootutil ====
Version update (1+git20231023.873adb9 -> 1+git20231026.f43c33c)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20231026.f43c33c:
* Fix generating initrd for random snapshots
==== shaderc ====
- Adjust for glslang-nonstd-devel switching paths
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Offer the sssd.conf template as %doc (for examples, do actually
see the "Examples" section of the sssd.conf(5) manpage)
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev
- Disable utmp support
The announcement can be found at:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/…
The user visible consequence of it is that /run/utmp file is no more created.
systemd itself doesn't depend on utmp anymore since "shared/wall: use logind
if build without utmp support" has been backported.
==== tracker-miners ====
Version update (3.6.1 -> 3.6.2)
Subpackages: tracker-miner-files
- Update to version 3.6.2:
+ Improvements to the seccomp jail, and fixes for spurious SIGSYS
positives.
+ Use GDateTime to handle dates.
+ Updated translations.
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Add patch:
* setterm-resize-uninit-flags.patch
==== util-linux-systemd ====
- Add patch:
* setterm-resize-uninit-flags.patch
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Add webkit2gtk3-disable-dmabuf-nvidia.patch: disable DMABuf
renderer for NVIDIA proprietary drivers (boo#1216778).
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Add webkit2gtk3-disable-dmabuf-nvidia.patch: disable DMABuf
renderer for NVIDIA proprietary drivers (boo#1216778).
==== yast2 ====
Version update (5.0.2 -> 5.0.3)
Subpackages: yast2-logs
- Added Repository#refresh method (related to bsc#1215884)
- 5.0.3
==== yast2-installation ====
Version update (5.0.1 -> 5.0.2)
- Refresh repositories with changed URL and reload them again
to activate the changes (related to bsc#1215884)
- 5.0.2
==== yast2-storage-ng ====
Version update (5.0.3 -> 5.0.4)
- Encryption method TpmFde to be used by Agama (and later by YaST)
for setting up LUKS2 devices that are unlocked during boot using
a TPM chip (gh#yast/yast-storage-ng#1088, related to bsc#1210512)
- 5.0.4
==== yast2-update ====
Version update (5.0.0 -> 5.0.1)
- Drop the previously used repositories when going back to the
partition selection at upgrade, this ensures the repositories
are correctly reinitialized later (bsc#1215884)
- 5.0.1
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SDL2 (2.28.4 -> 2.28.5)
glslang
qt6-base
shaderc
sssd
yast2-storage-ng (5.0.3 -> 5.0.4)
=== Details ===
==== SDL2 ====
Version update (2.28.4 -> 2.28.5)
- Update to release 2.28.5
* Added support for the HP HyperX Clutch Gladiate controller
* Fixed a crash if a controller is disconnected while SDL is
opening it
* Fixed a crash on Linux if XInput2 isn't available at runtime
==== glslang ====
- Fix include dirs for headers of SPIRV and StandAlone. According to the setting
in %{_libdir}/cmake/glslang/glslang-targets.cmake, headers of SPIRV and
StandAlone should be installed in %{_includedir}/External
==== qt6-base ====
Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3
- Add upstream changes:
* 0001-xcb-replace-a-warning-with-debug-info-in-qxcbconnect.patch (QTBUG-117820)
* 0001-a11y-fix-race-condition-on-atspi-startup-on-Wayland.patch
- Turn FEATURE_forkfd_pidfd off until QTBUG-117954 gets fixed
==== shaderc ====
- Adjust for glslang-nonstd-devel switching paths
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Offer the sssd.conf template as %doc (for examples, do actually
see the "Examples" section of the sssd.conf(5) manpage)
==== yast2-storage-ng ====
Version update (5.0.3 -> 5.0.4)
- Encryption method TpmFde to be used by Agama (and later by YaST)
for setting up LUKS2 devices that are unlocked during boot using
a TPM chip (gh#yast/yast-storage-ng#1088, related to bsc#1210512)
- 5.0.4
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
avahi
avahi-glib2
ell (0.58 -> 0.59)
fde-tools (0.7.1 -> 0.7.2)
gjs
gnome-control-center
gnome-shell (45.0 -> 45.1)
gnome-shell-extensions (45.0 -> 45.1)
gpg2
installation-images-MicroOS (17.98 -> 17.100)
kdump (1.9.7 -> 1.9.8)
kio-fuse
ksystemstats5 (5.27.8 -> 5.27.9)
libostree (2023.6 -> 2023.7)
libxml2 (2.10.4 -> 2.11.5)
mutter (45.0+45 -> 45.1)
patterns-base
pipewire (0.3.83 -> 0.3.84)
podman (4.7.1 -> 4.7.2)
publicsuffix (20230930 -> 20231028)
python-httpx
raptor (2.0.15 -> 2.0.16)
redland
rubygem-ruby-dbus
samba (4.19.2+git.322.7e9201cef5 -> 4.19.2+git.324.fa0b54b91b)
sdbootutil (1+git20231023.873adb9 -> 1+git20231026.f43c33c)
systemd
tracker-miners (3.6.1 -> 3.6.2)
util-linux
util-linux-systemd
yast2 (5.0.2 -> 5.0.3)
yast2-installation (5.0.1 -> 5.0.2)
yast2-update (5.0.0 -> 5.0.1)
=== Details ===
==== avahi ====
Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
==== avahi-glib2 ====
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
byte long (bsc#1215947, CVE-2023-38470).
==== ell ====
Version update (0.58 -> 0.59)
- Update to release 0.59
* Add l_safe_ato* functions to the exported symbol list.
==== fde-tools ====
Version update (0.7.1 -> 0.7.2)
- Update to version 0.7.2
+ Add help output for the command tpm-authorize
+ Improve the multi-devices support
==== gjs ====
Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0
- Add 3cae384aaf15dec6653b1a5400032c2c2e5dc34c.patch: module:
Canonicalize import specifier before inserting it in registry.
- Explicitly BuildRequire /usr/bin/dbus-run-session: needed by the
test suite.
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces
- Rebase gnome-control-center-disable-error-message-for-NM.patch,
gnome-control-center-info-never-use-gnome-software.patch,
gnome-control-center-more-power-button-actions.patch and
gnome-control-center-bring-back-firewall-zone.patch(bsc#1216601).
==== gnome-shell ====
Version update (45.0 -> 45.1)
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang
- Update to version 45.1:
+ Fix scroll handling on sliders
+ overview: Handle unredirection as part of the state transition
+ Handle DESKTOP windows during workspace animations
+ Fix unexpected focus changes with multi-window apps
+ Improve recording indicator in light style
+ Fix calendar popup shrinking on date changes
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Update to version 45.0+20:
+ workspaceAnimation: Handle DESKTOP windows
+ st/scroll-view: Use clutter_actor_get_effect() to get fade effect
+ overview: Handle unredirection in OverviewShown state machine
+ status/system: Use Intl to format battery percentage
+ slider:
- Ignore left/right scroll directions
- Fix check for emulated scroll events
+ Updated translations.
- Add gnome-shell_nb_fix_trans.patch: Fix typo in translation
breaking gnome-shell calendar overview.
==== gnome-shell-extensions ====
Version update (45.0 -> 45.1)
Subpackages: gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang
- Update to version 45.1:
+ workspace-indicator: Fix initial preview visibility
+ screenshot-window-sizer: Fix cycling between sizes backwards
+ Misc. bug fixes and cleanups
+ Updated translations.
==== gpg2 ====
Subpackages: dirmngr gpg2-lang
- Fix the build in SLE and Leap by adding an exclude in the files
section for the dirmngr's systemd user units. [jsc#PED-7093]
==== installation-images-MicroOS ====
Version update (17.98 -> 17.100)
- merge gh#openSUSE/installation-images#669
- add spmi-mtk-pmif kernel module (bsc#1216767)
- 17.100
- merge gh#openSUSE/installation-images#667
- Add DTB installation support for Lenovo X13s (bsc#1215647)
- Add lenovo-x13s-firmware-dt BuildRequires to the spec file
(bsc#1215647)
- 17.99
==== kdump ====
Version update (1.9.7 -> 1.9.8)
- upgrade to version 1.9.8
* drop obsolete dependency on systemd-sysvinit (bsc#1216745)
==== kio-fuse ====
- dbus-run-session now needs to be explicitly required for the
test suite.
==== ksystemstats5 ====
Version update (5.27.8 -> 5.27.9)
Subpackages: ksystemstats5-lang
- Update to 5.27.9
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.9
- No code changes since 5.27.8
- dbus-1 no longer provides dbus-run-session, so BuildRequire
it explicitly
==== libostree ====
Version update (2023.6 -> 2023.7)
Subpackages: libostree-1-1
- Update to version 2023.7:
+ support for a "transient etc"
+ HTTP layer now retries requests by default
+ a longstanding bug was fixed where ostree would still try to
fetch "loose" objects even when we were doing a delta pull
+ Fix variety of clang-analyzer fixes (some false positives, some
real memory leaks, etc)
==== libxml2 ====
Version update (2.10.4 -> 2.11.5)
Subpackages: libxml2-2 libxml2-tools
- Add python312.patch to make it compatible with python 3.12
https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/226
- Use pyproject_wheel and pyproject_install macros instead of
python_build, python_install
==== mutter ====
Version update (45.0+45 -> 45.1)
Subpackages: mutter-lang
- Update to version 45.1:
+ Fix filtering keybinding events in presence of grabs
+ Fix direct scanout support when using integer scaling
+ Fix capitalization of some keys when caps lock is on
+ Fix vsync regression
+ Fix visibility of software cursors when using direct scanout
+ Fix artifacts at the bottom of some surfaces
+ Discard monitor configs with fractional scale when unusable
+ Apply track point settings
+ xwayland: Enable XDG portal only when not nested
+ Inhibit real-time scheduling when mode setting
+ Don't delay frame updates after idle period
+ Fix running Xwayland in headless setup with nvidia driver
+ wayland: Send keyboard modifiers after the enter event
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Update to version 45.0+61:
+ backend:
- Introduce helpers for turning from/to clutter/evdev buttons
- Use helper to translate from/to clutter/evdev button codes
+ clutter/frame-clock:
- Simplify next_presentation_time_us calculation
- Start next update ASAP after idle period
+ cogl/onscreen: Add missing error untrap calls
+ input-capture:
- Check barriers don't extend into nonexisting monitors
- Fix off-by-one for barrier validation
+ renderer/native:
- Add a new has_addfb2 property
- Send modifiers even without AddFb2
+ screen-cast/stream-src:
- Assert that dmabuf handle lookup succeeds
- Calculate stride after adding handle to hash table
+ tests/clutter/event-delivery: Avoid race with stage update
+ tests/clutter/frame-clock*: Use
clutter_frame_get_target_presentation_time
+ wayland/dma-buf: Advertise INVALID modifier without AddFb2
+ wayland: Send keyboard modifiers after the enter event
+ input-capture: Add more barrier tests, mostly for invalid
barriers
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced
- Do not recommend nscd anymore. NIS is being phased out and modern
technologies like sssd are not compatible with it anyway.
==== pipewire ====
Version update (0.3.83 -> 0.3.84)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.84 (1.0RC4):
* Highlights
- Fix a regression with openal because the queued buffers in
the stream were not reported correctly.
- Fix a bug in port busy counters that could cause random
silent links.
- Fix a regression in echo-cancel because it was not reporting
its streams as ASYNC.
- Fix a JACK regression where not all ports were enumerated in
all cases.
- Many more fixes and improvements.
* PipeWire
- pw_stream now reports the queued buffers more accurately.
This fixes a regression when using openal. (#3592)
- The port busy counters were not updated correctly in some
cases. This could lead to negotiation errors and silent
links. (#3547)
- Ignore latency maximum when forcing rate/quantum. (#3613)
- Nodes can now be added to multiple groups and link-groups.
(#3612)
* Modules
- The filter-chain now also handles notify port dependencies
correctly. (#3596)
- Filter-chain has support for new linear, clamp, recip, exp,
log, mult, sine builtin plugins.
- The echo-cancel module now correctly reports its playback and
capture streams as ASYNC to avoid running out of buffers.
(#3593)
- It is now possible to specify an array of remote names to
connect to with the native protocol.
- module-rtp-sap and module-rtp-sink now try to bind to the
specified interface.
* SPA
- The alsa plugin now removes the runtime properties such as
period-num, period-size and max-latency when suspended.
(#3613)
* Bluetooth
- BAP Locations/Context is now set on endpoints as required by
new bluez.
- Improve selection of BAP leader.
* JACK
- Add a jack_set_sample_rate() extension function.
- Make sure we get the info of all nodes/ports before
completing the jack_client_open() operation so that we can
enumerate the ports correctly in all cases. (#3618)
* GStreamer
- Fix types of metadata in pipewiresink.
- Also copy metadata in buffers in all cases.
- Fix size allocation in bufferpool for compressed formats.
- Don't stop streaming thread when unlinked. (#3620)
* ALSA
- The ALSA plugin now handles NULL values from mmap_areas.
(#3600)
- Disable the WebRTC-based echo canceller in big endian
architectures since webrtc-audio-processing is not available
there.
==== podman ====
Version update (4.7.1 -> 4.7.2)
- Update to version 4.7.2:
* v4.7.2
* Update RELEASE_NOTES.md for v4.7.2
* compose: try all possible providers before throwing an error
* Mask /sys/devices/virtual/powercap
* fix: check wsl npipe when executing podman compose
* rtd: implement v2 build file
* Adjust to path name change for resolved unit
* Switch version to 4.7.2-dev
- crun is not available for armv6 (because of criu), so use runc
on armv6
==== publicsuffix ====
Version update (20230930 -> 20231028)
- Update to version 20231028:
* util: gTLD data autopull updates for 2023-10-28
* AWS Submissions to the Public Suffix List - Q3 2023
* Add <4-8>.azurestaticapps.net DNS suffix
==== python-httpx ====
- Add upstream newer-httpcore.patch
* it only allows httpcore 1.0.0 in the pyproject.toml, no code changes
==== raptor ====
Version update (2.0.15 -> 2.0.16)
- Add support for libxml 2.11.0+
* Added patch raptor-libxml2-2.11-support.patch
- update to 2.0.16:
* long list of accumulated bug, security and portability fixes
* see https://librdf.org/raptor/RELEASE.html#rel2_0_16
- drop
0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1:
obsolete/upstream
- ubsan.patch: refresh
==== redland ====
- Fix tests against latest raptor by cleaning up parser in each iteration.
* Added patch redland-fix-tests.patch
==== rubygem-ruby-dbus ====
- Testsuite requires dbus-daemon and dbus-send which are now
separate packages
==== samba ====
Version update (4.19.2+git.322.7e9201cef5 -> 4.19.2+git.324.fa0b54b91b)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3
- packaging: samba-tool domain provision requires python3-Markdown;
(bsc#1216519).
==== sdbootutil ====
Version update (1+git20231023.873adb9 -> 1+git20231026.f43c33c)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20231026.f43c33c:
* Fix generating initrd for random snapshots
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev
- Disable utmp support
The announcement can be found at:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/…
The user visible consequence of it is that /run/utmp file is no more created.
systemd itself doesn't depend on utmp anymore since "shared/wall: use logind
if build without utmp support" has been backported.
==== tracker-miners ====
Version update (3.6.1 -> 3.6.2)
Subpackages: tracker-miner-files tracker-miners-lang
- Update to version 3.6.2:
+ Improvements to the seccomp jail, and fixes for spurious SIGSYS
positives.
+ Use GDateTime to handle dates.
+ Updated translations.
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang
- Add patch:
* setterm-resize-uninit-flags.patch
==== util-linux-systemd ====
- Add patch:
* setterm-resize-uninit-flags.patch
==== yast2 ====
Version update (5.0.2 -> 5.0.3)
Subpackages: yast2-logs
- Added Repository#refresh method (related to bsc#1215884)
- 5.0.3
==== yast2-installation ====
Version update (5.0.1 -> 5.0.2)
- Refresh repositories with changed URL and reload them again
to activate the changes (related to bsc#1215884)
- 5.0.2
==== yast2-update ====
Version update (5.0.0 -> 5.0.1)
- Drop the previously used repositories when going back to the
partition selection at upgrade, this ensures the repositories
are correctly reinitialized later (bsc#1215884)
- 5.0.1
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
dracut (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac)
gnome-text-editor (45.0 -> 45.1)
gpgme (1.23.0 -> 1.23.1)
grub2
kernel-default-base
open-vm-tools (12.3.0 -> 12.3.5)
poppler (23.09.0 -> 23.10.0)
poppler-qt5 (23.09.0 -> 23.10.0)
selinux-policy (20231012 -> 20231030)
sssd
wireplumber
yast2-trans (84.87.20231004.bd479b5f2d -> 84.87.20231027.a9c9df2125)
=== Details ===
==== dracut ====
Version update (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac)
Subpackages: dracut-ima
- Update to version 059+suse.511.g0bdb16ac:
* fix(pkcs11): delete trailing dot on libcryptsetup-token-systemd-pkcs11.so
* fix(systemd-repart): correct undefined $libdir
* fix(dracut-systemd): use `DRACUT_VERSION` instead of `VERSION`
* fix(dracut.sh): abort if Bash is in POSIX mode
* fix(dracut-initramfs-restore.sh): do not set selinux labels if disabled
* fix(network): correct network device naming (bsc#1192986)
==== gnome-text-editor ====
Version update (45.0 -> 45.1)
Subpackages: gnome-text-editor-lang
- Update to version 45.1:
+ Use proper etag when comparing document for changes after a
Save As operation occurs.
+ Fix row styling in preferences.
+ Fix memory leak of GtkNativeDialog.
+ Updated translations.
==== gpgme ====
Version update (1.23.0 -> 1.23.1)
Subpackages: libgpgme11 libgpgmepp6 python311-gpg
- update to 1.23.1:
* fixes for other platforms
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi
- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
* 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
==== kernel-default-base ====
- Add dummy (boo#1216647)
==== open-vm-tools ====
Version update (12.3.0 -> 12.3.5)
Subpackages: libvmtools0 open-vm-tools-desktop
- Update to 12.3.5 (build 22544099) (boo#1216670)
- There are no new features in the open-vm-tools 12.3.5 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release resolves CVE-2023-34058. For more information on this
vulnerability and its impact on VMware products, see
https://www.vmware.com/security/advisories/VMSA-2023-0024.html.
- This release resolves CVE-2023-34059 which only affects open-vm-tools.
For more information on this vulnerability, please see the Resolved
Issues section of the Release Notes.
- A GitHub issue has been handled. Please see the Resolved Issues section
of the Release Notes.
- An update to the deployPkg plugin to coordinate with recent releases
of cloud-init for improvement for guest VM customization.
- For issues resolved in this release, see the Resolved Issues
<https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md#…>
section of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md
- The granular changes that have gone into the 12.3.5 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/Ch…
- Drop patch now contained in 12.3.5:
- CVE-2023-34058.patch
- CVE-2023-34059.patch
==== poppler ====
Version update (23.09.0 -> 23.10.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- Add patch to let it build with the heavily patched tiff 4.0.9
we have in SLE 15:
* reduce-libtiff-required-version.patch
- version update to 23.10.0
core:
* cairo: update type 3 fonts for cairo 1.18 api
* Fix crash on malformed files
build system:
* Make a few more dependencies soft-mandatory
* Add more supported gnupg releases
* Check if linker supports version scripts
- modified patches
% reduce-boost-required-version.patch (refreshed)
==== poppler-qt5 ====
Version update (23.09.0 -> 23.10.0)
- Add patch to let it build with the heavily patched tiff 4.0.9
we have in SLE 15:
* reduce-libtiff-required-version.patch
- version update to 23.10.0
core:
* cairo: update type 3 fonts for cairo 1.18 api
* Fix crash on malformed files
build system:
* Make a few more dependencies soft-mandatory
* Add more supported gnupg releases
* Check if linker supports version scripts
- modified patches
% reduce-boost-required-version.patch (refreshed)
==== selinux-policy ====
Version update (20231012 -> 20231030)
Subpackages: selinux-policy-targeted
- Update to version 20231030:
* Allow system_mail_t manage exim spool files and dirs
* Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t
* Label /run/pcsd.socket with cluster_var_run_t
* ci: Run cockpit tests in PRs
* Add map_read map_write to kernel_prog_run_bpf
* Allow systemd-fstab-generator read all symlinks
* Allow systemd-fstab-generator the dac_override capability
* Allow rpcbind read network sysctls
* Support using systemd containers
* Allow sysadm_t to connect to iscsid using a unix domain stream socket
* Add policy for coreos installer
* Add policy for nvme-stas
* Confine systemd fstab,sysv,rc-local
* Label /etc/aliases.lmdb with etc_aliases_t
* Create policy for afterburn
* Make new virt drivers permissive
* Split virt policy, introduce virt_supplementary module
* Allow apcupsd cgi scripts read /sys
* Allow kernel_t to manage and relabel all files
* Add missing optional_policy() to files_relabel_all_files()
* Allow named and ndc use the io_uring api
* Deprecate common_anon_inode_perms usage
* Improve default file context(None) of /var/lib/authselect/backups
* Allow udev_t to search all directories with a filesystem type
* Implement proper anon_inode support
* Allow targetd write to the syslog pid sock_file
* Add ipa_pki_retrieve_key_exec() interface
* Allow kdumpctl_t to list all directories with a filesystem type
* Allow udev additional permissions
* Allow udev load kernel module
* Allow sysadm_t to mmap modules_object_t files
* Add the unconfined_read_files() and unconfined_list_dirs() interfaces
* Set default file context of HOME_DIR/tmp/.* to <<none>>
* Allow kernel_generic_helper_t to execute mount(1)
* Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t
* Allow systemd-localed create Xserver config dirs
* Allow sssd read symlinks in /etc/sssd
* Label /dev/gnss[0-9] with gnss_device_t
* Allow systemd-sleep read/write efivarfs variables
* ci: Fix version number of packit generated srpms
* Dontaudit rhsmcertd write memory device
* Allow ssh_agent_type create a sockfile in /run/user/USERID
* Set default file context of /var/lib/authselect/backups to <<none>>
* Allow prosody read network sysctls
* Allow cupsd_t to use bpf capability
* Allow sssd domain transition on passkey_child execution conditionally
* Allow login_userdomain watch lnk_files in /usr
* Allow login_userdomain watch video4linux devices
* Change systemd-network-generator transition to include class file
* Revert "Change file transition for systemd-network-generator"
* Allow nm-dispatcher winbind plugin read/write samba var files
* Allow systemd-networkd write to cgroup files
* Allow kdump create and use its memfd: objects
* Allow fedora-third-party get generic filesystem attributes
* Allow sssd use usb devices conditionally
* Update policy for qatlib
* Allow ssh_agent_type manage generic cache home files
* Change file transition for systemd-network-generator
* Additional support for gnome-initial-setup
* Update gnome-initial-setup policy for geoclue
* Allow openconnect vpn open vhost net device
* Allow cifs.upcall to connect to SSSD also through the /var/run socket
* Grant cifs.upcall more required capabilities
* Allow xenstored map xenfs files
* Update policy for fdo
* Allow keepalived watch var_run dirs
* Allow svirt to rw /dev/udmabuf
* Allow qatlib to modify hardware state information.
* Allow key.dns_resolve connect to avahi over a unix stream socket
* Allow key.dns_resolve create and use unix datagram socket
* Use quay.io as the container image source for CI
* ci: Move srpm/rpm build to packit
* .copr: Avoid subshell and changing directory
* Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file
* Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
* Make insights_client_t an unconfined domain
* Allow insights-client manage user temporary files
* Allow insights-client create all rpm logs with a correct label
* Allow insights-client manage generic logs
* Allow cloud_init create dhclient var files and init_t manage net_conf_t
* Allow insights-client read and write cluster tmpfs files
* Allow ipsec read nsfs files
* Make tuned work with mls policy
* Remove nsplugin_role from mozilla.if
* allow mon_procd_t self:cap_userns sys_ptrace
* Allow pdns name_bind and name_connect all ports
* Set the MLS range of fsdaemon_t to s0 - mls_systemhigh
* ci: Move to actions/checkout@v3 version
* .copr: Replace chown call with standard workflow safe.directory setting
* .copr: Enable `set -u` for robustness
* .copr: Simplify root directory variable
* Allow rhsmcertd dbus chat with policykit
* Allow polkitd execute pkla-check-authorization with nnp transition
* Allow user_u and staff_u get attributes of non-security dirs
* Allow unconfined user filetrans chrome_sandbox_home_t
* Allow svnserve execute postdrop with a transition
* Do not make postfix_postdrop_t type an MTA executable file
* Allow samba-dcerpc service manage samba tmp files
... changelog too long, skipping 64 lines ...
* Allow sendmail manage its runtime files
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update dependencies to require the same subpackages version and
release
- Fix /usr/etc migration fragment in wrong "%pre kcm" instead of
"%pre"
- Move sss_analyze to sssd-tools package
- Default config is unworkable, just stop installing it altogether
[boo#1216739]
==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang
- Add patch from upstream that fixes too many matches for property
interest:
* 0001-object-manager-reduce-the-amount-of-globals-that-initially.patch
- Add patch from upstream that fixes an odd failure of a test after
applying the previous patch:
* 0002-object-manager-use-an-idle-callback-to-expose-tmp-globals.patch
- Add patch from upstream that adds ability to hide parent nodes,
which is useful to prevent hardware misuse or damage by poorly
behaved/configured clients:
* 0001-policy-dsp-add-ability-to-hide-parent-nodes.patch
==== yast2-trans ====
Version update (84.87.20231004.bd479b5f2d -> 84.87.20231027.a9c9df2125)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW
- Update to version 84.87.20231027.a9c9df2125:
* Translated using Weblate (Galician)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Macedonian)
* Translated using Weblate (Italian)
* Translated using Weblate (Catalan)
* Translated using Weblate (Czech)
* Translated using Weblate (Czech)
* Translated using Weblate (Slovak)
* Translated using Weblate (Slovak)
* Translated using Weblate (Dutch)
* Translated using Weblate (Japanese)
* New POT for text domain 'storage'.
* New POT for text domain 'country'.
* Translated using Weblate (Dutch)
* Translated using Weblate (Catalan)
* Translated using Weblate (Japanese)
* Translated using Weblate (French)
* New POT for text domain 'qt-pkg'.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (118.0.1 -> 119.0)
dracut (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac)
glibc
glslang (13.0.0 -> 13.1.1)
gnome-text-editor (45.0 -> 45.1)
gpgme (1.23.0 -> 1.23.1)
grub2
hiredis (1.1.0 -> 1.2.0)
kernel-default-base
libbluray
ncurses (6.4.20231007 -> 6.4.20231021)
open-lldp (1.1+58.8ca361bab766 -> 1.1+77.75e83b6fb98e)
open-vm-tools (12.3.0 -> 12.3.5)
podman
poppler (23.09.0 -> 23.10.0)
poppler-qt5 (23.09.0 -> 23.10.0)
protobuf
python-jsonschema (4.19.1 -> 4.19.2)
python-pyudev
qpdf (11.6.2 -> 11.6.3)
selinux-policy (20231012 -> 20231030)
shadow (4.14.1 -> 4.14.2)
sssd
strace (6.5 -> 6.6)
suse-module-tools (16.0.37 -> 16.0.38)
systemd
toolbox (2.3+git20220622.32785f7 -> 2.3+git20231030.3a6ef35)
vulkan-loader (1.3.261.0 -> 1.3.268.0)
vulkan-tools (1.3.261.0 -> 1.3.268.0)
webrtc-audio-processing
wireplumber
=== Details ===
==== MozillaFirefox ====
Version update (118.0.1 -> 119.0)
- Mozilla Firefox 119.0
https://www.mozilla.org/en-US/firefox/119.0/releasenotes
MFSA 2023-45 (bsc#1216338)
* CVE-2023-5721 (bmo#1830820)
Queued up rendering could have allowed websites to clickjack
* CVE-2023-5722 (bmo#1738426)
Cross-Origin size and header leakage
* CVE-2023-5723 (bmo#1802057)
Invalid cookie characters could have led to unexpected errors
* CVE-2023-5724 (bmo#1836705)
Large WebGL draw could have led to a crash
* CVE-2023-5725 (bmo#1845739)
WebExtensions could open arbitrary URLs
* CVE-2023-5726 (bmo#1846205)
Full screen notification obscured by file open dialog on macOS
* CVE-2023-5727 (bmo#1847180)
Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
* CVE-2023-5728 (bmo#1852729)
Improper object tracking during GC in the JavaScript engine
could have led to a crash.
* CVE-2023-5729 (bmo#1823720)
Fullscreen notification dialog could have been obscured by
WebAuthn prompts
* CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
bmo#1855306, bmo#1855640, bmo#1856695)
Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
and Thunderbird 115.4.1
* CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
Memory safety bugs fixed in Firefox 119
- requires NSS 3.94
- Mozilla Firefox 118.0.2
* Fix games not loading on betsoft.com (bmo#1856145)
* Fix printing issues for some SVG images (bmo#1853727)
* Fix CORS XHR with authentication no longer working (bmo#1855650)
* Fix h264 WebRTC video not working in some contexts (bmo#1855636)
* Fix Firefox Translations not working on some pages
(bmo#1841656, bmo#1855307)
* Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637)
- Activate KDE integration again, included rebased and updated
patches, firefox-kde.patch and mozilla-kde.patch, (upstream
removed special files handling for preferences but that has no
effect since we haven't shipped obsolete kde.js for a while)
(boo#1216027)
==== dracut ====
Version update (059+suse.503.g41e99e72 -> 059+suse.511.g0bdb16ac)
Subpackages: dracut-ima
- Update to version 059+suse.511.g0bdb16ac:
* fix(pkcs11): delete trailing dot on libcryptsetup-token-systemd-pkcs11.so
* fix(systemd-repart): correct undefined $libdir
* fix(dracut-systemd): use `DRACUT_VERSION` instead of `VERSION`
* fix(dracut.sh): abort if Bash is in POSIX mode
* fix(dracut-initramfs-restore.sh): do not set selinux labels if disabled
* fix(network): correct network device naming (bsc#1192986)
==== glibc ====
Subpackages: glibc-extra glibc-locale glibc-locale-base nscd
- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
==== glslang ====
Version update (13.0.0 -> 13.1.1)
- Update to release 13.1.1
* Support GL_EXT_texture_shadow_lod, GL_NV_displacement_micromap
* Add --no-link option
- Drop merged
0001-Revert-CMake-Make-glslang-default-resource-limits-ST.patch
==== gnome-text-editor ====
Version update (45.0 -> 45.1)
- Update to version 45.1:
+ Use proper etag when comparing document for changes after a
Save As operation occurs.
+ Fix row styling in preferences.
+ Fix memory leak of GtkNativeDialog.
+ Updated translations.
==== gpgme ====
Version update (1.23.0 -> 1.23.1)
Subpackages: libgpgme11 libgpgmepp6 python311-gpg
- update to 1.23.1:
* fixes for other platforms
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
* 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch
==== hiredis ====
Version update (1.1.0 -> 1.2.0)
- hiredis 1.2.0:
* Add sdevent adapter
* Allow specifying the keepalive interval
* Add RedisModule adapter
* Helper for setting TCP_USER_TIMEOUT socket option
* bug fixes
==== kernel-default-base ====
- Add dummy (boo#1216647)
==== libbluray ====
- Added patch:
* libbluray-java18plus.patch
+ allow building with JDK 18 and newer (using source/target
levels 8)
+ fixes build with the new OpenJDK 21 LTSS
==== ncurses ====
Version update (6.4.20231007 -> 6.4.20231021)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20231021
+ use oldxterm+sm+1006 in vte-2014 (report by Benno Schulenberg) -TD
+ add ansi+apparrows -TD
+ change defaults for configure opaque and widec options (prompted by
discussion with Branden Robinson).
+ minor cleanup of compiler- and manpage-warnings.
- Correct offsets off some hunks in patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.4.dif
- Add ncurses patch 20231016
+ make the recent change to setupterm optional "--enable-check-size"
(Debian #1054022).
- Add ncurses patch 20231014
+ improve formatting/style of manpages (patches by Branden Robinson).
+ updated configure script macro CF_XOPEN_SOURCE, for uClibc-ng
+ update config.guess, config.sub
==== open-lldp ====
Version update (1.1+58.8ca361bab766 -> 1.1+77.75e83b6fb98e)
Subpackages: liblldp_clif1
- Update to version latest Intel upstream (v1.1+77.75e83b6fb98e, jsc#PED-6852):
* lldpad: dcbx: prevent null dereference in dcbx_free_data
* dcbx: Fix use-after-free
* dcbx: Fix NULL pointer dereference
* dcbx: Fix leak when receiving legacy TLVs with mismatched mode
* lldp: Reject frames with duplicate TLVs
* dcbx: Free manifest in rchange callback
* dcbx: Avoid memory leak if ifup is called twice
* ctrl_iface: Fix a memory leak in ctrl_iface_deinit
* lldp: Avoid sending uninitialized data
* lldptool: fix null pointer deference
* Revert "Use interface index instead of name in libconfig"
* Avoiding null pointer dereference
* agent: reset frame status on message delete
* basman: use return address when pulling address
* 8021Qaz: check for rx block validity
* 8021qaz: squelch initialization errors
* macvtap: fix error condition
* vdp22: convert command parsing to null term
==== open-vm-tools ====
Version update (12.3.0 -> 12.3.5)
Subpackages: libvmtools0 open-vm-tools-desktop
- Update to 12.3.5 (build 22544099) (boo#1216670)
- There are no new features in the open-vm-tools 12.3.5 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release resolves CVE-2023-34058. For more information on this
vulnerability and its impact on VMware products, see
https://www.vmware.com/security/advisories/VMSA-2023-0024.html.
- This release resolves CVE-2023-34059 which only affects open-vm-tools.
For more information on this vulnerability, please see the Resolved
Issues section of the Release Notes.
- A GitHub issue has been handled. Please see the Resolved Issues section
of the Release Notes.
- An update to the deployPkg plugin to coordinate with recent releases
of cloud-init for improvement for guest VM customization.
- For issues resolved in this release, see the Resolved Issues
<https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md#…>
section of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md
- The granular changes that have gone into the 12.3.5 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/Ch…
- Drop patch now contained in 12.3.5:
- CVE-2023-34058.patch
- CVE-2023-34059.patch
==== podman ====
- Use crun on Tumbleweed & ALP for WASM support
==== poppler ====
Version update (23.09.0 -> 23.10.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- Add patch to let it build with the heavily patched tiff 4.0.9
we have in SLE 15:
* reduce-libtiff-required-version.patch
- version update to 23.10.0
core:
* cairo: update type 3 fonts for cairo 1.18 api
* Fix crash on malformed files
build system:
* Make a few more dependencies soft-mandatory
* Add more supported gnupg releases
* Check if linker supports version scripts
- modified patches
% reduce-boost-required-version.patch (refreshed)
==== poppler-qt5 ====
Version update (23.09.0 -> 23.10.0)
- Add patch to let it build with the heavily patched tiff 4.0.9
we have in SLE 15:
* reduce-libtiff-required-version.patch
- version update to 23.10.0
core:
* cairo: update type 3 fonts for cairo 1.18 api
* Fix crash on malformed files
build system:
* Make a few more dependencies soft-mandatory
* Add more supported gnupg releases
* Check if linker supports version scripts
- modified patches
% reduce-boost-required-version.patch (refreshed)
==== protobuf ====
Subpackages: libprotobuf-lite23_4_0 libprotobuf23_4_0 python311-protobuf
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
==== python-jsonschema ====
Version update (4.19.1 -> 4.19.2)
- update tp 4.19.2:
* Fix the error message for additional items when used with
heterogeneous arrays.
* Don't leak the additionalItems keyword into JSON Schema draft
2020-12, where it was replaced by items.
==== python-pyudev ====
- update hypothesis_settings.patch:
* Extend deadline for test_child_of_parents that fails on ppc64le (bsc#1216607)
==== qpdf ====
Version update (11.6.2 -> 11.6.3)
- update to 11.6.3:
* Tweak linearization code to better handle files between 2 GB
and 4 GB in size. Fixes #1023.
* Fix data loss bug: qpdf could discard a the character after
an escaped octal string consisting of less than three
digits. For content, this would only happen with QDF or when
normalizing content. Outside of content, it could have happened
in any binary string, such as /ID, if the encoding software used
octal escape strings with less than three digits. This bug was
introduced between 10.6.3 and 11.0.0.
==== selinux-policy ====
Version update (20231012 -> 20231030)
Subpackages: selinux-policy-targeted
- Update to version 20231030:
* Allow system_mail_t manage exim spool files and dirs
* Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t
* Label /run/pcsd.socket with cluster_var_run_t
* ci: Run cockpit tests in PRs
* Add map_read map_write to kernel_prog_run_bpf
* Allow systemd-fstab-generator read all symlinks
* Allow systemd-fstab-generator the dac_override capability
* Allow rpcbind read network sysctls
* Support using systemd containers
* Allow sysadm_t to connect to iscsid using a unix domain stream socket
* Add policy for coreos installer
* Add policy for nvme-stas
* Confine systemd fstab,sysv,rc-local
* Label /etc/aliases.lmdb with etc_aliases_t
* Create policy for afterburn
* Make new virt drivers permissive
* Split virt policy, introduce virt_supplementary module
* Allow apcupsd cgi scripts read /sys
* Allow kernel_t to manage and relabel all files
* Add missing optional_policy() to files_relabel_all_files()
* Allow named and ndc use the io_uring api
* Deprecate common_anon_inode_perms usage
* Improve default file context(None) of /var/lib/authselect/backups
* Allow udev_t to search all directories with a filesystem type
* Implement proper anon_inode support
* Allow targetd write to the syslog pid sock_file
* Add ipa_pki_retrieve_key_exec() interface
* Allow kdumpctl_t to list all directories with a filesystem type
* Allow udev additional permissions
* Allow udev load kernel module
* Allow sysadm_t to mmap modules_object_t files
* Add the unconfined_read_files() and unconfined_list_dirs() interfaces
* Set default file context of HOME_DIR/tmp/.* to <<none>>
* Allow kernel_generic_helper_t to execute mount(1)
* Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t
* Allow systemd-localed create Xserver config dirs
* Allow sssd read symlinks in /etc/sssd
* Label /dev/gnss[0-9] with gnss_device_t
* Allow systemd-sleep read/write efivarfs variables
* ci: Fix version number of packit generated srpms
* Dontaudit rhsmcertd write memory device
* Allow ssh_agent_type create a sockfile in /run/user/USERID
* Set default file context of /var/lib/authselect/backups to <<none>>
* Allow prosody read network sysctls
* Allow cupsd_t to use bpf capability
* Allow sssd domain transition on passkey_child execution conditionally
* Allow login_userdomain watch lnk_files in /usr
* Allow login_userdomain watch video4linux devices
* Change systemd-network-generator transition to include class file
* Revert "Change file transition for systemd-network-generator"
* Allow nm-dispatcher winbind plugin read/write samba var files
* Allow systemd-networkd write to cgroup files
* Allow kdump create and use its memfd: objects
* Allow fedora-third-party get generic filesystem attributes
* Allow sssd use usb devices conditionally
* Update policy for qatlib
* Allow ssh_agent_type manage generic cache home files
* Change file transition for systemd-network-generator
* Additional support for gnome-initial-setup
* Update gnome-initial-setup policy for geoclue
* Allow openconnect vpn open vhost net device
* Allow cifs.upcall to connect to SSSD also through the /var/run socket
* Grant cifs.upcall more required capabilities
* Allow xenstored map xenfs files
* Update policy for fdo
* Allow keepalived watch var_run dirs
* Allow svirt to rw /dev/udmabuf
* Allow qatlib to modify hardware state information.
* Allow key.dns_resolve connect to avahi over a unix stream socket
* Allow key.dns_resolve create and use unix datagram socket
* Use quay.io as the container image source for CI
* ci: Move srpm/rpm build to packit
* .copr: Avoid subshell and changing directory
* Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file
* Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
* Make insights_client_t an unconfined domain
* Allow insights-client manage user temporary files
* Allow insights-client create all rpm logs with a correct label
* Allow insights-client manage generic logs
* Allow cloud_init create dhclient var files and init_t manage net_conf_t
* Allow insights-client read and write cluster tmpfs files
* Allow ipsec read nsfs files
* Make tuned work with mls policy
* Remove nsplugin_role from mozilla.if
* allow mon_procd_t self:cap_userns sys_ptrace
* Allow pdns name_bind and name_connect all ports
* Set the MLS range of fsdaemon_t to s0 - mls_systemhigh
* ci: Move to actions/checkout@v3 version
* .copr: Replace chown call with standard workflow safe.directory setting
* .copr: Enable `set -u` for robustness
* .copr: Simplify root directory variable
* Allow rhsmcertd dbus chat with policykit
* Allow polkitd execute pkla-check-authorization with nnp transition
* Allow user_u and staff_u get attributes of non-security dirs
* Allow unconfined user filetrans chrome_sandbox_home_t
* Allow svnserve execute postdrop with a transition
* Do not make postfix_postdrop_t type an MTA executable file
* Allow samba-dcerpc service manage samba tmp files
... changelog too long, skipping 64 lines ...
* Allow sendmail manage its runtime files
==== shadow ====
Version update (4.14.1 -> 4.14.2)
Subpackages: libsubid4 login_defs
- Update to 4.14.2:
* libshadow:
+ Fix build with musl libc.
+ Avoid NULL dereference.
+ Update utmp at an initial login
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
* Manual:
+ Document --prefix in chage(1), chpasswd(8), and passwd(1)
- Drop upstreamed shadow-4.14.0-selinux-labels.patch
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update dependencies to require the same subpackages version and
release
- Fix /usr/etc migration fragment in wrong "%pre kcm" instead of
"%pre"
- Move sss_analyze to sssd-tools package
- Default config is unworkable, just stop installing it altogether
[boo#1216739]
==== strace ====
Version update (6.5 -> 6.6)
- Update to strace 6.6
* Implemented --kill-on-exit option that instructs the tracer to set
PTRACE_O_EXITKILL option to all tracee processes and not to detach them
on cleanup so they will not be left running after the tracer exit.
* Implemented automatic activation of --kill-on-exit option when
- -seccomp-bpf is enabled and -p/--attach option is not used.
* Implemented decoding of map_shadow_stack syscall.
* Implemented decoding of FSCONFIG_CMD_CREATE_EXCL fsconfig command.
* Implemented decoding of IFLA_BRPORT_BACKUP_NHID netlink attribute.
* Implemented decoding of SECCOMP_IOCTL_NOTIF_SET_FLAGS ioctl.
* Implemented decoding of UFFDIO_CONTINUE, UFFDIO_POISON, and
UFFDIO_WRITEPROTECT ioctls.
* Updated lists of ARCH_*, BPF_*, DEVCONF_*, IORING_*, KEXEC_*, MAP_*, NT_*,
PTRACE_*, QFMT_*, SEGV_*, UFFD_*, V4L2_*, and XDP_* constants.
* Updated lists of ioctl commands from Linux 6.6.
- Remove haveged build requirement and usage in test suite as it is
not needed anymore (jsc#PED-6184).
==== suse-module-tools ====
Version update (16.0.37 -> 16.0.38)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.38:
* modprobe.d: use softdep to load sd_mod and sg (boo#1216070)
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev
- Fix typo in /etc/systemd/user.confd.d (bsc#1216676)
==== toolbox ====
Version update (2.3+git20220622.32785f7 -> 2.3+git20231030.3a6ef35)
- Update to version 2.3+git20231030.3a6ef35:
* Mount /dev/pts as mount type=devpts instead of --volume
* fix typo creat -> create
* Remove trailing whitespace
* Fix bash error when container cannot be pulled
==== vulkan-loader ====
Version update (1.3.261.0 -> 1.3.268.0)
- Update to release SDK-1.3.268.0
* Add VK_LOADER_LAYERS_ALLOW environment variable.
* Add Debug extension support to test layer
==== vulkan-tools ====
Version update (1.3.261.0 -> 1.3.268.0)
- Update to release SDK-1.3.268.0
* icd: Add VkSurfacePresentModeCompatibilityEXT support
* icd: Add second VkCooperativeMatrixPropertiesKHR field
* vulkaninfo: Support VK_EXT_surface_maintenance1 properly
* icd: Add VkPhysicalDeviceDriverProperties
==== webrtc-audio-processing ====
- ExcludeArch s390, s390x and ppc64 since big endian support is
not implemented.
==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio
- Add patch from upstream that fixes too many matches for property
interest:
* 0001-object-manager-reduce-the-amount-of-globals-that-initially.patch
- Add patch from upstream that fixes an odd failure of a test after
applying the previous patch:
* 0002-object-manager-use-an-idle-callback-to-expose-tmp-globals.patch
- Add patch from upstream that adds ability to hide parent nodes,
which is useful to prevent hardware misuse or damage by poorly
behaved/configured clients:
* 0001-policy-dsp-add-ability-to-hide-parent-nodes.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (118.0.1 -> 119.0)
glibc
java-21-openjdk
libbluray
ncurses (6.4.20231007 -> 6.4.20231021)
open-lldp (1.1+58.8ca361bab766 -> 1.1+77.75e83b6fb98e)
protobuf
python-jsonschema (4.19.1 -> 4.19.2)
python-pyudev
qpdf (11.6.2 -> 11.6.3)
shadow (4.14.1 -> 4.14.2)
strace (6.5 -> 6.6)
suse-module-tools (16.0.37 -> 16.0.38)
systemd
webrtc-audio-processing
=== Details ===
==== MozillaFirefox ====
Version update (118.0.1 -> 119.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 119.0
https://www.mozilla.org/en-US/firefox/119.0/releasenotes
MFSA 2023-45 (bsc#1216338)
* CVE-2023-5721 (bmo#1830820)
Queued up rendering could have allowed websites to clickjack
* CVE-2023-5722 (bmo#1738426)
Cross-Origin size and header leakage
* CVE-2023-5723 (bmo#1802057)
Invalid cookie characters could have led to unexpected errors
* CVE-2023-5724 (bmo#1836705)
Large WebGL draw could have led to a crash
* CVE-2023-5725 (bmo#1845739)
WebExtensions could open arbitrary URLs
* CVE-2023-5726 (bmo#1846205)
Full screen notification obscured by file open dialog on macOS
* CVE-2023-5727 (bmo#1847180)
Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
* CVE-2023-5728 (bmo#1852729)
Improper object tracking during GC in the JavaScript engine
could have led to a crash.
* CVE-2023-5729 (bmo#1823720)
Fullscreen notification dialog could have been obscured by
WebAuthn prompts
* CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
bmo#1855306, bmo#1855640, bmo#1856695)
Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
and Thunderbird 115.4.1
* CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
Memory safety bugs fixed in Firefox 119
- requires NSS 3.94
- Mozilla Firefox 118.0.2
* Fix games not loading on betsoft.com (bmo#1856145)
* Fix printing issues for some SVG images (bmo#1853727)
* Fix CORS XHR with authentication no longer working (bmo#1855650)
* Fix h264 WebRTC video not working in some contexts (bmo#1855636)
* Fix Firefox Translations not working on some pages
(bmo#1841656, bmo#1855307)
* Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637)
- Activate KDE integration again, included rebased and updated
patches, firefox-kde.patch and mozilla-kde.patch, (upstream
removed special files handling for preferences but that has no
effect since we haven't shipped obsolete kde.js for a while)
(boo#1216027)
==== glibc ====
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
==== java-21-openjdk ====
Subpackages: java-21-openjdk-headless
- Set priority and make it the preferred JDK
==== libbluray ====
- Added patch:
* libbluray-java18plus.patch
+ allow building with JDK 18 and newer (using source/target
levels 8)
+ fixes build with the new OpenJDK 21 LTSS
==== ncurses ====
Version update (6.4.20231007 -> 6.4.20231021)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20231021
+ use oldxterm+sm+1006 in vte-2014 (report by Benno Schulenberg) -TD
+ add ansi+apparrows -TD
+ change defaults for configure opaque and widec options (prompted by
discussion with Branden Robinson).
+ minor cleanup of compiler- and manpage-warnings.
- Correct offsets off some hunks in patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.4.dif
- Add ncurses patch 20231016
+ make the recent change to setupterm optional "--enable-check-size"
(Debian #1054022).
- Add ncurses patch 20231014
+ improve formatting/style of manpages (patches by Branden Robinson).
+ updated configure script macro CF_XOPEN_SOURCE, for uClibc-ng
+ update config.guess, config.sub
==== open-lldp ====
Version update (1.1+58.8ca361bab766 -> 1.1+77.75e83b6fb98e)
Subpackages: liblldp_clif1
- Update to version latest Intel upstream (v1.1+77.75e83b6fb98e, jsc#PED-6852):
* lldpad: dcbx: prevent null dereference in dcbx_free_data
* dcbx: Fix use-after-free
* dcbx: Fix NULL pointer dereference
* dcbx: Fix leak when receiving legacy TLVs with mismatched mode
* lldp: Reject frames with duplicate TLVs
* dcbx: Free manifest in rchange callback
* dcbx: Avoid memory leak if ifup is called twice
* ctrl_iface: Fix a memory leak in ctrl_iface_deinit
* lldp: Avoid sending uninitialized data
* lldptool: fix null pointer deference
* Revert "Use interface index instead of name in libconfig"
* Avoiding null pointer dereference
* agent: reset frame status on message delete
* basman: use return address when pulling address
* 8021Qaz: check for rx block validity
* 8021qaz: squelch initialization errors
* macvtap: fix error condition
* vdp22: convert command parsing to null term
==== protobuf ====
Subpackages: libprotobuf-lite23_4_0 libprotobuf23_4_0 python311-protobuf
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
==== python-jsonschema ====
Version update (4.19.1 -> 4.19.2)
- update tp 4.19.2:
* Fix the error message for additional items when used with
heterogeneous arrays.
* Don't leak the additionalItems keyword into JSON Schema draft
2020-12, where it was replaced by items.
==== python-pyudev ====
- update hypothesis_settings.patch:
* Extend deadline for test_child_of_parents that fails on ppc64le (bsc#1216607)
==== qpdf ====
Version update (11.6.2 -> 11.6.3)
- update to 11.6.3:
* Tweak linearization code to better handle files between 2 GB
and 4 GB in size. Fixes #1023.
* Fix data loss bug: qpdf could discard a the character after
an escaped octal string consisting of less than three
digits. For content, this would only happen with QDF or when
normalizing content. Outside of content, it could have happened
in any binary string, such as /ID, if the encoding software used
octal escape strings with less than three digits. This bug was
introduced between 10.6.3 and 11.0.0.
==== shadow ====
Version update (4.14.1 -> 4.14.2)
Subpackages: libsubid4 login_defs
- Update to 4.14.2:
* libshadow:
+ Fix build with musl libc.
+ Avoid NULL dereference.
+ Update utmp at an initial login
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
* Manual:
+ Document --prefix in chage(1), chpasswd(8), and passwd(1)
- Drop upstreamed shadow-4.14.0-selinux-labels.patch
==== strace ====
Version update (6.5 -> 6.6)
- Update to strace 6.6
* Implemented --kill-on-exit option that instructs the tracer to set
PTRACE_O_EXITKILL option to all tracee processes and not to detach them
on cleanup so they will not be left running after the tracer exit.
* Implemented automatic activation of --kill-on-exit option when
- -seccomp-bpf is enabled and -p/--attach option is not used.
* Implemented decoding of map_shadow_stack syscall.
* Implemented decoding of FSCONFIG_CMD_CREATE_EXCL fsconfig command.
* Implemented decoding of IFLA_BRPORT_BACKUP_NHID netlink attribute.
* Implemented decoding of SECCOMP_IOCTL_NOTIF_SET_FLAGS ioctl.
* Implemented decoding of UFFDIO_CONTINUE, UFFDIO_POISON, and
UFFDIO_WRITEPROTECT ioctls.
* Updated lists of ARCH_*, BPF_*, DEVCONF_*, IORING_*, KEXEC_*, MAP_*, NT_*,
PTRACE_*, QFMT_*, SEGV_*, UFFD_*, V4L2_*, and XDP_* constants.
* Updated lists of ioctl commands from Linux 6.6.
- Remove haveged build requirement and usage in test suite as it is
not needed anymore (jsc#PED-6184).
==== suse-module-tools ====
Version update (16.0.37 -> 16.0.38)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.38:
* modprobe.d: use softdep to load sd_mod and sg (boo#1216070)
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev
- Fix typo in /etc/systemd/user.confd.d (bsc#1216676)
==== webrtc-audio-processing ====
- ExcludeArch s390, s390x and ppc64 since big endian support is
not implemented.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
glslang (13.0.0 -> 13.1.1)
hiredis (1.1.0 -> 1.2.0)
podman
toolbox (2.3+git20220622.32785f7 -> 2.3+git20231030.3a6ef35)
vulkan-loader (1.3.261.0 -> 1.3.268.0)
vulkan-tools (1.3.261.0 -> 1.3.268.0)
=== Details ===
==== glslang ====
Version update (13.0.0 -> 13.1.1)
- Update to release 13.1.1
* Support GL_EXT_texture_shadow_lod, GL_NV_displacement_micromap
* Add --no-link option
- Drop merged
0001-Revert-CMake-Make-glslang-default-resource-limits-ST.patch
==== hiredis ====
Version update (1.1.0 -> 1.2.0)
- hiredis 1.2.0:
* Add sdevent adapter
* Allow specifying the keepalive interval
* Add RedisModule adapter
* Helper for setting TCP_USER_TIMEOUT socket option
* bug fixes
==== podman ====
- Use crun on Tumbleweed & ALP for WASM support
==== toolbox ====
Version update (2.3+git20220622.32785f7 -> 2.3+git20231030.3a6ef35)
- Update to version 2.3+git20231030.3a6ef35:
* Mount /dev/pts as mount type=devpts instead of --volume
* fix typo creat -> create
* Remove trailing whitespace
* Fix bash error when container cannot be pulled
==== vulkan-loader ====
Version update (1.3.261.0 -> 1.3.268.0)
- Update to release SDK-1.3.268.0
* Add VK_LOADER_LAYERS_ALLOW environment variable.
* Add Debug extension support to test layer
==== vulkan-tools ====
Version update (1.3.261.0 -> 1.3.268.0)
- Update to release SDK-1.3.268.0
* icd: Add VkSurfacePresentModeCompatibilityEXT support
* icd: Add second VkCooperativeMatrixPropertiesKHR field
* vulkaninfo: Support VK_EXT_surface_maintenance1 properly
* icd: Add VkPhysicalDeviceDriverProperties
1
0