Packages changed: Mesa (24.0.7 -> 24.0.8) Mesa-drivers (24.0.7 -> 24.0.8) MicroOS-release (20240530 -> 20240606) aardvark-dns (1.10.0 -> 1.11.0) apparmor chrony cockpit (309 -> 316) crun (1.14.4 -> 1.15) dialog dmidecode dracut-pcr-signature (0.3+6 -> 0.4+0) elfutils ethtool (6.7 -> 6.9) findutils (4.9.0 -> 4.10.0) gdm (46.0 -> 46.2) glibc gnome-control-center (46.1 -> 46.2) google-noto-fonts (20240501 -> 20240601) highway (1.1.0 -> 1.2.0) installation-images-MicroOS (17.129 -> 17.130) kernel-source (6.9.1 -> 6.9.3) less (643 -> 656) libapparmor libbpf (1.4.2 -> 1.4.3) libcap (2.69 -> 2.70) libdrm (2.4.120 -> 2.4.121) libkrun (1.4.10 -> 1.9.0) libtommath (1.2.1 -> 1.3.0) libzypp (17.34.0 -> 17.34.1) lvm2 (2.03.22 -> 2.03.24) lvm2-device-mapper (2.03.22_1.02.196 -> 2.03.24_1.02.198) lzo ncurses (6.5.20240525 -> 6.5.20240601) netavark (1.10.3 -> 1.11.0) patterns-base plasma-branding-Kalpa plasma6-workspace podman (5.0.3 -> 5.1.1) policycoreutils python-Mako (1.3.4 -> 1.3.5) python-semanage re2 (20240501 -> 20240601) samba (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) selinux-policy (20240321 -> 20240411) setools skopeo (1.15.0 -> 1.15.1) systemd (255.6 -> 255.7) vim (9.1.0413 -> 9.1.0448) wireplumber xwayland xz (5.6.1.revertto5.4 -> 5.6.2) === Details === ==== Mesa ==== Version update (24.0.7 -> 24.0.8) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 24.0.8 - -> https://docs.mesa3d.org/relnotes/24.0.8.html - refreshed 0008-pipe-loader-plumb-a-flag-for-implicit-driver-load-th.patch ==== Mesa-drivers ==== Version update (24.0.7 -> 24.0.8) Subpackages: Mesa-dri Mesa-gallium - Update to bugfix release 24.0.8 - -> https://docs.mesa3d.org/relnotes/24.0.8.html - refreshed 0008-pipe-loader-plumb-a-flag-for-implicit-driver-load-th.patch ==== MicroOS-release ==== Version update (20240530 -> 20240606) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== aardvark-dns ==== Version update (1.10.0 -> 1.11.0) - Remove redundant source: cargo_config - Update to version 1.11.0: * Release v1.11.0 * v1.11.0 release notes * run cargo update * chore(deps): update dependency containers/automation_images to v20240529 * Internal networks cannot make external DNS requests * fix(deps): update rust crate anyhow to 1.0.86 * fix(deps): update rust crate nix to 0.29.0 * [skip-ci] RPM: use default __cargo macro across all envs * chore(deps): update dependency containers/automation_images to v20240513 * fix(deps): update rust crate anyhow to 1.0.83 * [skip-ci] Packit: separate `packages` key for rhel jobs * fix(deps): update rust crate libc to 0.2.154 * [skip-ci] Packit: enable rhel10, c10s tests and c10s downstream sync * [skip-ci] Packit: Remove EL8 jobs * fix(deps): update rust crate syslog to ^6.1.1 * fix reverse ipv6 lookup test flake * fix(deps): update hickory-dns monorepo to 0.24.1 * chore(deps): update rust crate chrono to 0.4.38 * Don't tear down all server threads on SIGHUP (bsc#1224167) * fix(deps): update rust crate anyhow to 1.0.82 * fix(deps): update rust crate tokio to 1.37.0 * Update to nix-0.28.0 * update chrono package * chore(deps): update dependency containers/automation_images to v20240320 * fix(deps): update rust crate anyhow to 1.0.81 * tests: check queried domain name in reverse lookup tests * fix: set name for answers in reverse lookups * chore: fix typo in runner script * chore: fix log message when doing reverse lookup * fix(deps): update rust crate log to 0.4.21 * fix(deps): update rust crate anyhow to 1.0.80 * chore(deps): update rust crate chrono to 0.4.34 * fix(deps): update rust crate async-broadcast to 0.7.0 * fix(deps): update rust crate tokio to 1.36.0 * [CI:DOCS] Packit: disable bodhi tasks * chore(deps): update rust crate chrono to 0.4.33 * Bump to 1.11.0-dev ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== chrony ==== Subpackages: chrony-pool-openSUSE - bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable - Update clknetsim to snapshot 0a11a35. ==== cockpit ==== Version update (309 -> 316) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 316: * cockpit.js API: Fix format_bytes() units - add 0001-users-Support-for-watching-lastlog2.patch (bsc#1220551) - add 0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch (bsc#1220551) - new version 315: * Networking: Show additional ports for each firewall zone * Networking: List Firewall active zones when unprivileged * Inline documentation * Support for transient virtual machines * UEFI for virtual machines * Unattended virtual machines installation * Localize times * Better support for various TLS certificate formats * Overview: Add CPU utilization to usage card * Dashboard: Support SSH identity unlocking when adding new machines * SElinux: Introduce an Ansible automation script * Machines: Support “bridge” type network interfaces * Machines: Support “bus” type disk configuration - suse_docs.patch, storage-btrfs.patch: refreshed ==== crun ==== Version update (1.14.4 -> 1.15) - New upstream release 1.15 * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. * release: build s390x binaries using musl libc. * features: add support for potentiallyUnsafeConfigAnnotations. * handlers: add option to load wasi-nn plugin for wasmedge. * linux: fix "harden chdir()" security measure. The previous check was not correct. * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. ==== dialog ==== Subpackages: libdialog15 - Update to version 1.3-20240307: + add option --color-modes, which can be used to color the content of programbox, tailbox, textbox (requested by Rafał Radziejewski). + updated configure script, e.g., for compiler-warning fixes. + amend change to formbox while revising --max-input to work with the form's "ilen" parameter (report by Anna-Maria Gruber, cf: 2022/04/14) + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + updated lv.po from http://translationproject.org/latest/dialog/ + add/use dlg_print_nowrap(), to handle multibyte character strings in progressbox and tailbox (report/testcase by Sergey Merzlikin). + updated configure script, e.g., for compiler-warning fixes. + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + minor fixes for manpages to address mandoc warnings. + updated th.po from http://translationproject.org/latest/dialog/ + update config.guess, config.sub ==== dmidecode ==== - Enable build on riscv64 ==== dracut-pcr-signature ==== Version update (0.3+6 -> 0.4+0) - Update to version 0.4: + No new features, tagged on 0.3+6 - Remove GRUB2 conflict - Adapt regenerate initrd macro expansion ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add "-g" to %optflags, so that the tests work in all repos, with or without globally enabled debuginfo creation. ==== ethtool ==== Version update (6.7 -> 6.9) - update to upstream release 6.9 * Feature: support for rx-flow-hash gtp (-N) * Feature: support for RSS input transformation (-X) * Fix: typo in coalescing output (-c) * Fix: document all debugging flags in man page ==== findutils ==== Version update (4.9.0 -> 4.10.0) - Update to 4.10.0. Announcement: https://savannah.gnu.org/news/?id=10638 - findutils-xautofs.patch: Refresh. ==== gdm ==== Version update (46.0 -> 46.2) Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update to version 46.2: + Block suspend when remote displays are active. + Support S0ix suspend when deciding if nvidia should use wayland. + Misc fixes. + Updated translations. - Rebase gdm-initial-setup-hardening.patch. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Also provide glibc-locale-base- from glibc-: the package was merged in the baselibs.conf case, so the capability is there. Steam for one has a requires on the symbol (boo#1225809). ==== gnome-control-center ==== Version update (46.1 -> 46.2) Subpackages: gnome-control-center-color gnome-control-center-goa - Update gnome-control-center-disable-error-message-for-NM.patch: Add info page to toolbar view instead of navigation page to prevent hiding close button (bsc#1222099). - Update to version 46.2: + Enable the "Location" settings panel by default. + Improve accessibility of some secondary-labels in settings rows. + Increase default log verbosity level. + Accessibility: - Fix icon name of accessibility panel desktop file. - Fix flash area settings selection shown incorrectly. + Display: Fix crash when closing laptop lid. + Keyboard: Fix keyboard navigation of keyboard shortcuts dialog categories. + Mouse and Touchpad: Remove unnecessary a11y label. + Network: - Fix crash when removing bluetooth network adapter row. - Sort VPN connections list alphabetically. - Remove incorrect assertion that breaks proxy settings page. + Sound: - Make sliders more accessible by keyboard. - Remove need for translating speaker test button tooltip. + System: - Improve accessibility of "Copy" buttons in Remote Desktop. - Fix crash in Date And Time settings closing before async calls finish. - Fix reuse of remote-desktop verify encryption fingerprint dialog. + Users: Fix visibility issue in parental controls row. + Updated translations. ==== google-noto-fonts ==== Version update (20240501 -> 20240601) Subpackages: google-noto-sans-fonts google-noto-sans-math-fonts - Remove obsolete "Group" parameter - Update to 20240601 * Noto Znamenny Musical Notation has been added * Other fonts have been updated ==== highway ==== Version update (1.1.0 -> 1.2.0) - Update to release 1.2.0 * Add utility functions Add InterleaveEven/InterleaveOdd, BitShuffle, GatherIndexNOr, IsNegative, IfNegativeThenElseZero, IfNegativeThenZeroElse, PromoteInRangeTo / ConvertInRangeTo / DemoteInRangeTo ==== installation-images-MicroOS ==== Version update (17.129 -> 17.130) - merge gh#openSUSE/installation-images#721 - Check for root permissions at start - 17.130 - merge gh#openSUSE/installation-images#720 - Use dedicated path for Slowroll tftpboot files ==== kernel-source ==== Version update (6.9.1 -> 6.9.3) - Linux 6.9.3 (bsc#1012628). - Revert "selftests/sgx: Include KHDR_INCLUDES in Makefile" (bsc#1012628). - Revert "selftests: Compile kselftest headers with -D_GNU_SOURCE" (bsc#1012628). - l2tp: fix ICMP error handling for UDP-encap sockets (bsc#1012628). - net: txgbe: fix to control VLAN strip (bsc#1012628). - net: wangxun: match VLAN CTAG and STAG features (bsc#1012628). - net: wangxun: fix to change Rx features (bsc#1012628). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1012628). - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (bsc#1012628). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1012628). - netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1012628). - idpf: don't skip over ethtool tcp-data-split setting (bsc#1012628). - selftests/net/lib: no need to record ns name if it already exist (bsc#1012628). - net: qrtr: ns: Fix module refcnt (bsc#1012628). - libbpf: fix feature detectors when using token_fd (bsc#1012628). - net: bridge: mst: fix vlan use-after-free (bsc#1012628). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (bsc#1012628). - net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1012628). - modules: Drop the .export_symbol section from the final modules (bsc#1012628). - tracing/user_events: Fix non-spaced field matching (bsc#1012628). - samples/landlock: Fix incorrect free in populate_ruleset_net (bsc#1012628). - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (bsc#1012628). - RDMA/IPoIB: Fix format truncation compilation errors (bsc#1012628). - selftests/kcmp: remove unused open mode (bsc#1012628). - selftests/damon/_damon_sysfs: check errors from nr_schemes file reads (bsc#1012628). - SUNRPC: Fix gss_free_in_token_pages() (bsc#1012628). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (bsc#1012628). - of: module: add buffer overflow check in of_modalias() (bsc#1012628). - clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 (bsc#1012628). - clk: qcom: Fix SM_GPUCC_8650 dependencies (bsc#1012628). - Update config files. - clk: qcom: Fix SC_CAMCC_8280XP dependencies (bsc#1012628). - Update config files. - ext4: remove the redundant folio_wait_stable() (bsc#1012628). - ext4: fix potential unnitialized variable (bsc#1012628). - dax/bus.c: use the right locking mode (read vs write) in size_show (bsc#1012628). - dax/bus.c: don't use down_write_killable for non-user processes (bsc#1012628). - dax/bus.c: fix locking for unregister_dax_dev / unregister_dax_mapping paths (bsc#1012628). - dax/bus.c: replace WARN_ON_ONCE() with lockdep asserts (bsc#1012628). - nfsd: don't create nfsv4recoverydir in nfsdfs when not used (bsc#1012628). - sunrpc: removed redundant procp check (bsc#1012628). - iommu/amd: Enable Guest Translation after reading IOMMU feature register (bsc#1012628). - iommu/vt-d: Decouple igfx_off from graphic identity mapping (bsc#1012628). - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1012628). - virt: acrn: stop using follow_pfn (bsc#1012628). - RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1012628). - RDMA/mana_ib: Use struct mana_ib_queue for CQs (bsc#1012628). - RDMA/mana_ib: Introduce helpers to create and destroy mana queues (bsc#1012628). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1012628). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (bsc#1012628). - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (bsc#1012628). - clk: qcom: mmcc-msm8998: fix venus clock issue (bsc#1012628). - clk: qcom: dispcc-sm8650: fix DisplayPort clocks (bsc#1012628). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (bsc#1012628). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (bsc#1012628). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (bsc#1012628). - mm/ksm: fix ksm exec support for prctl (bsc#1012628). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (bsc#1012628). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (bsc#1012628). - clk: renesas: r8a779a0: Fix CANFD parent clock (bsc#1012628). - IB/mlx5: Use __iowrite64_copy() for write combining stores (bsc#1012628). - RDMA/rxe: Fix incorrect rxe_put in error path (bsc#1012628). - RDMA/rxe: Allow good work requests to be executed (bsc#1012628). - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (bsc#1012628). - clk: samsung: gs101: propagate PERIC1 USI SPI clock rate ... changelog too long, skipping 702 lines ... - commit 6d0f67e ==== less ==== Version update (643 -> 656) - Update to 656: * Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251). * Add --match-shift option. * Add --lesskey-content option (github #447). * Add LESSKEY_CONTENT environment variable (github #447). * Add --no-search-header-lines and --no-search-header-columns options (github #397). * Add ctrl-L search modifier (github #367). * A ctrl-P at the start of a shell command suppresses the "done" message (github #462). * Add attribute characters ('*', '~', '_', '&') to --color parameter (github #471). * Allow expansion of environment variables in lesskey files. * Add LESSSECURE_ALLOW environment variable (github #449). * Add LESS_UNSUPPORT environment variable. * Add line number parameter to --header option (github #436). * Mouse right-click jumps to position marked by left-click (github #390). * Ensure that the target line is not obscured by a header line set by --header (github #444). * Change default character set to "utf-8", except remains "dos" on MS-DOS. * Add message when search with ^W wraps (github #459). * UCRT builds on Windows 10 and later now support Unicode file names (github #438). * Improve behavior of interrupt while reading non-terminated pipe (github #414). * Improve parsing of -j, -x and -# options (github #393). * Support files larger than 4GB on Windows (github #417). * Support entry of Unicode chars larger than U+FFFF on Windows (github #391). * Improve colors of bold, underline and standout text on Windows. * Allow --rscroll to accept non-ASCII characters (github #483). * Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495). * Fix bug where # substitution failed after viewing help (github #420). * Fix crash if files are deleted while less is viewing them (github #404). * Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input. * Fix -J display when searching for non-ASCII characters (github #422). * Don't filter header lines via the & command (github #423). * Fix bug when horizontally shifting long lines (github #425). * Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run. * Fix bug searching long lines with --incsearch and -S (github #428). * Fix bug that made ESC-} fail if top line on screen was empty (github #429). * Fix bug with --mouse on Windows when used with pipes (github #440). * Fix bug in --+OPTION command line syntax. * Fix display bug when using -w with an empty line with a CR/LF line ending (github #474). * When substituting '#' or '%' with a filename, quote the filename if it contains a space (github #480). * Fix wrong sleep time when system has usleep but not nanosleep (github #489). * Fix bug when file name contains a newline. * Fix bug when file name contains nonprintable characters (github #503). * Fix DJGPP build (github #497). * Update Unicode tables. - Refresh less-429-shell.patch ==== libapparmor ==== - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== libbpf ==== Version update (1.4.2 -> 1.4.3) - update to 1.4.3: * Fix libbpf unintentionally dropping FD_CLOEXEC flag when (internally) duping FDs ==== libcap ==== Version update (2.69 -> 2.70) - update to 2.70: * setcap changes to make it harder to set invalid file capabilities * Lots of documentation fixes * Fix c89 compilation syntax for the C code in the libraries * libpam has deprecated providing the _pam_overwrite() function, so use memset() instead ==== libdrm ==== Version update (2.4.120 -> 2.4.121) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - update to 2.4.121 * meson: make build system happy by replacing deprecated feature * include poll.h instead of sys/poll.h * amdgpu: Make amdgpu_device_deinitialize thread-safe * Revert "xf86drm: ignore symlinks in process_device()" * xf86drm: Don't consider node names longer than the maximum allowed * tests/amdgpu: fix compile warning with the guard enum value * tests/amdgpu: fix compile error with gcc7.5 * tests/amdgpu: fix compile error with gcc14 * tests/util: add tidss driver * meson: Replace usages of deprecated ExternalProgram.path() * meson: Fix broken str.format usage * amdgpu: add marketing names from Adrenalin 23.11.1 * amdgpu: add marketing names from PRO Edition for W7700 * amdgpu: add marketing names from Windows Steam Deck OLED APU driver * amdgpu: add marketing names from amd-6.0 * amdgpu: add marketing name for Radeon RX 6550M * amdgpu: add marketing names from amd-6.0.1 * amdgpu: Make amdgpu_cs_signal_semaphore() thread-safe * amdgpu: sync amdgpu_drm.h * symbols-check: Add _GLOBAL_OFFSET_TABLE_ * symbols-check: Add _fbss, _fdata, _ftext * amdgpu: expose amdgpu_va_manager publicly * amdgpu: add amdgpu_va_range_alloc2 * amdgpu: add amdgpu_device_initialize2 * amdgpu: fix deinit logic * ci: build with meson --fatal-meson-warnings * ci: use "meson setup" sub-command * xf86drm: document drmDevicesEqual() * xf86drm: ignore symlinks in process_device() ==== libkrun ==== Version update (1.4.10 -> 1.9.0) - Update to version 1.9.0: * console: send a resize event on PORT_READY by @slp in #179 * Fix another batch of new clippy warnings by @slp in #182 * Fix constness when taking an array of string pointers by @teohhanhui in #181 * Fix new lints in Rust 1.78 by @teohhanhui in #184 * Use the correct documentation comment style recognized by clang by @teohhanhui in #183 * virtio/snd: import virtio-snd from vhost-user-sound by @slp in #186 - Changes from 1.8.1: * VirtIO optimizations - Changes from 1.8.0: * Implement stdin/stdout/stderr redirection support using multiport virtio-console * devices/legacy: import PL011 for aarch64 * init: accept arguments from the "args" Field * Fix various minor issues on macOS and add a CI workflow for this OS * Add Matej Hrica (mtjhrc) to CODEOWNERS * Implement an EFI flavor * Implement krun_add_vsock_port() and UnixProxy for guest communication with host UNIX sockets. * Implement the infrastructure to support sending shut down signals to the guest * lib: allow having multiple virtio-fs devices * devices/net: allow configuring a custom MAC * Import SECURITY_CTX support from virtiofsd * Makefile: fix EFI library naming * virtio/net: implement gvproxy backend * macos/eventfd: ignore EAGAIN on write * Import rutabaga_gfx+virtio_gpu from crosvm * devices/vsock/unix: implement update_peer_credit * devices/console: implement an empty port input * Extend virtio-gpu to support Venus on macOS * libkrun: Extend API to redirect console to file * virtio/fs/macos: overhaul to use macos inodes - Update to version 1.7.2: * Fix aarch64 build by adapting to changes in kvm-ioctl - Changes from 1.7.1 * Update kbs-types version to 0.5 and release 1.7.1 - Update to version 1.7.0: * SNP Attestation * Read TEE config from the end of the block device * De-vendorize kbs-types * Remove libfdt dependency * init: place SEV behind build-time conditional * devices/fs: fix reading the end of init.krun * init: don't build init.c on SEV flavor * Prepare to support libkrunfw 4.x * init: Report an error when execution of the user binary fails * virtio-net implementation using passt * Make krun_set_vm_config use the same argument type for num_vcpus as ... * Update sev crate to 1.2.0 * virtio net bugfixes and performance improvement * Makefile: De-couple KBS init sources from SEV-SNP * Update rust-vmm deps and bump version for upcoming release - Changes from 1.5.1 * Fix CI clippy * Add a pkgconf file * examples: Fix error handling of krun_create_ctx * VSOCK: fix reaper timeout * Fix typo in README.md * macos: implement host->guest time sync * Bump version to v1.5.1 - Changes from 1.5.0 * devices: update lru dep to 0.9 * Introduce the krun_set_data_disk API. - The vendored tarball already contains the config these days, so don't mess with that in the spec file ==== libtommath ==== Version update (1.2.1 -> 1.3.0) - update to 1.3.0: * Deprecate more APIs which are replaced in develop * Add support for CMake (PR #573) * Add support for GitHub Actions (PR #573) ==== libzypp ==== Version update (17.34.0 -> 17.34.1) - zypp-tui: Make sure translated texts use the correct textdomain (fixes #551) - Skip libproxy1 requires for tumbleweed. - version 17.34.1 (34) ==== lvm2 ==== Version update (2.03.22 -> 2.03.24) Subpackages: liblvm2cmd2_03 - add rpm dependency in spec file for aligning new DM udev rules (bsc#1225783) * update lvm2.spec - Update lvm2 from LVM2.2.03.22 to LVM2.2.03.24 * ** WHATS_NEW from 2.03.22 to 2.03.24 *** Version 2.03.24 - 16th May 2024 =============================== Lvconvert supports VDO options for thin-pool with vdo conversion. Improve placement to .data.rel.ro and .rodata sections. Fix support for -y and -W when creating thinpool with vdo. Bettter support for runtime valgrind detection. Allow command interruption when communicating with dmeventd. Fix resize of VDO volume used for thin pool data volume. Use -Wl,-z,now and -Wl,--as-needed for compilation by default. Require 3.7 as minimal version for sanlock. Share code for closing opened desriptors on program startup. Fix memleak in lvmcache. Add configure --with-default-event-activation=ON setting. Fix return value from reporter function when hitting internal error. Skip checking of pools for lvremove and vgremove commands. VDO modprobes dm-vdo for 6.9 kernel and kvdo for older kernel version. Fix lvs reporting for VDO volumes with new upstream kernel driver. Don't import DM_UDEV_DISABLE_OTHER_RULES_FLAG in LVM rules, DM rules cover it. Fix table line generation for cache snapshots using cachevol. Enhance lvconvert support for external origins stacking. When swapping LV names also swap properties like hostname, time and data. Fix removal of stacked external origins. Lock filesystem when converting volume to read-only external origin. Support external origin between different thin-pool. Improve validation of acceptable volumes for external origins. Reduce amount of preloaded devices for complex device trees. Avoid logging problems from monitoring snapshots with inactive origins. Check for cache policy module presence in kernel's builtin modules file. Add configure --with-modulesdir to select kernel modules directory. Support creation of thin-pool with VDO use for its data volume. Version 2.03.23 - 21st November 2023 ==================================== Set the first lv_attr flag for raid integrity images to i or I. Add -A option for pvs and pvscan to show PVs outside devices file. Improve searched_devnames temp file usage to prevent redundant scanning. Change default search_for_devnames from auto to all. Add lvmdevices --refresh to search for missing PVIDs on all devices. Add comparison between old and new entries in lvmdevices --check. Fix device_id matching order - match non-devname first. Fix "lvconvert -m 0" when there is other than first in-sync leg. Use system.devices as default for dmeventd when dmeventd.devices is undefined. Accept WWIDs containing QEMU HARDDISK for device_id. Improve handling of non-standard WWID prefixes used for device_id. Configure automatically enables cmdlib for dmeventd and notify-dbus for dbus. Fix hint calculation for pools with zero or error segment. Configure supports --disable-shared to build only static binaries. Configure supports --without-{blkid|systemd|udev} for easier static build. Refresh device ids if the system changes. Fix pvmove when specifying raid components as moved LVs. Enhance error detection for lvm_import_vdo. Support PV lists with thin lvconvert. Fix support for lvm_import_vdo with SCSI VDO volumes. Fix locking issue leading to hanging concurrent vgchange --refresh. Recognize lvm.conf report/headings=2 for full column names in report headings. Add --headings none|abbrev|full cmd line option to set report headings type. Fix conversion to thin pool using lvmlockd. Fix conversion from thick into thin volume using lvmlockd. Require writable LV for conversion to vdo pool. Fix return value from lvconvert integrity remove. Preserve UUID for pool metadata spare. Preserve UUID for swapped pool metadata. Rewrite validation of device name entries used as device_id. * ** WHATS_NEW_DM from 1.02.196 to 1.02.198 *** Version 1.02.198 - 16th May 2024 ================================ Fix static only compilation of libdevmapper.a and dmsetup tool. Use better code for closing opened descriptors when starting dmeventd. Correct dmeventd -R for systemd environment. Restart of dmeventd -R checks pid file to detect running dmeventd first. Query with dmeventd -i quickly ends when there is no running dmeventd. Enhance dm_get_status_raid to handle mismatching status or reported legs. Create /dev/disk/by-label symlinks for DM devs that have crypto as next layer. Persist udev db for DM devs on cleanup used in initrd to rootfs transition. Process synthetic udev events other than 'add/change' as 'change' events. Increase DM_UDEV_RULES_VSN to 3 to indicate changed udev rules. Rename DM_NOSCAN to .DM_NOSCAN so it's not stored in udev db. Rename DM_SUSPENDED to .DM_SUSPENDED so it's not stored in udev db. Do not import DM_UDEV_DISABLE_OTHER_RULES_FLAG from db in 10-dm-disk.rules. Test DISK_RO after importing properties from db in 10-dm.rules. Also import ID_FS_TYPE in 13-dm-disk.rules from db if needed. Version 1.02.197 - 21st November 2023 ===================================== Fix invalid JSON report if using DM_REPORT_OUTPUT_MULTIPLE_TIMES and selection. Propagate ioctl errno from dm_task_run when creating new table line. Add support for group aliases in dmstats. Add support for exit-on file for dmeventd to reduce shutdown delays. Add configure option --with-dmeventd-exit-on-path to specify default path. Add dmsetup --headings none|abbrev|full to set report headings type. Add DM_REPORT_OUTPUT_FIELD_IDS_IN_HEADINGS to provide alternative headings. - Drop patches that have been merged into upstream - 0001-lvconvert-swapmetadata-fix-lvmlockd-locking.patch - 0002-lvconvert-fix-ret-values-fro-integrity-remove.patch - 0003-lvconvert-fix-regresion-from-integrity-check.patch - 0004-gcc-cleanup-warnings.patch - 0005-lvmlockd-fix-thick-to-thin-lv-conversion.patch ... changelog too long, skipping 20 lines ... - bug-1184687_Add-nolvm-for-kernel-cmdline.patch ==== lvm2-device-mapper ==== Version update (2.03.22_1.02.196 -> 2.03.24_1.02.198) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - add rpm dependency in spec file for aligning new DM udev rules (bsc#1225783) * update lvm2.spec - Update lvm2 from LVM2.2.03.22 to LVM2.2.03.24 * ** WHATS_NEW from 2.03.22 to 2.03.24 *** Version 2.03.24 - 16th May 2024 =============================== Lvconvert supports VDO options for thin-pool with vdo conversion. Improve placement to .data.rel.ro and .rodata sections. Fix support for -y and -W when creating thinpool with vdo. Bettter support for runtime valgrind detection. Allow command interruption when communicating with dmeventd. Fix resize of VDO volume used for thin pool data volume. Use -Wl,-z,now and -Wl,--as-needed for compilation by default. Require 3.7 as minimal version for sanlock. Share code for closing opened desriptors on program startup. Fix memleak in lvmcache. Add configure --with-default-event-activation=ON setting. Fix return value from reporter function when hitting internal error. Skip checking of pools for lvremove and vgremove commands. VDO modprobes dm-vdo for 6.9 kernel and kvdo for older kernel version. Fix lvs reporting for VDO volumes with new upstream kernel driver. Don't import DM_UDEV_DISABLE_OTHER_RULES_FLAG in LVM rules, DM rules cover it. Fix table line generation for cache snapshots using cachevol. Enhance lvconvert support for external origins stacking. When swapping LV names also swap properties like hostname, time and data. Fix removal of stacked external origins. Lock filesystem when converting volume to read-only external origin. Support external origin between different thin-pool. Improve validation of acceptable volumes for external origins. Reduce amount of preloaded devices for complex device trees. Avoid logging problems from monitoring snapshots with inactive origins. Check for cache policy module presence in kernel's builtin modules file. Add configure --with-modulesdir to select kernel modules directory. Support creation of thin-pool with VDO use for its data volume. Version 2.03.23 - 21st November 2023 ==================================== Set the first lv_attr flag for raid integrity images to i or I. Add -A option for pvs and pvscan to show PVs outside devices file. Improve searched_devnames temp file usage to prevent redundant scanning. Change default search_for_devnames from auto to all. Add lvmdevices --refresh to search for missing PVIDs on all devices. Add comparison between old and new entries in lvmdevices --check. Fix device_id matching order - match non-devname first. Fix "lvconvert -m 0" when there is other than first in-sync leg. Use system.devices as default for dmeventd when dmeventd.devices is undefined. Accept WWIDs containing QEMU HARDDISK for device_id. Improve handling of non-standard WWID prefixes used for device_id. Configure automatically enables cmdlib for dmeventd and notify-dbus for dbus. Fix hint calculation for pools with zero or error segment. Configure supports --disable-shared to build only static binaries. Configure supports --without-{blkid|systemd|udev} for easier static build. Refresh device ids if the system changes. Fix pvmove when specifying raid components as moved LVs. Enhance error detection for lvm_import_vdo. Support PV lists with thin lvconvert. Fix support for lvm_import_vdo with SCSI VDO volumes. Fix locking issue leading to hanging concurrent vgchange --refresh. Recognize lvm.conf report/headings=2 for full column names in report headings. Add --headings none|abbrev|full cmd line option to set report headings type. Fix conversion to thin pool using lvmlockd. Fix conversion from thick into thin volume using lvmlockd. Require writable LV for conversion to vdo pool. Fix return value from lvconvert integrity remove. Preserve UUID for pool metadata spare. Preserve UUID for swapped pool metadata. Rewrite validation of device name entries used as device_id. * ** WHATS_NEW_DM from 1.02.196 to 1.02.198 *** Version 1.02.198 - 16th May 2024 ================================ Fix static only compilation of libdevmapper.a and dmsetup tool. Use better code for closing opened descriptors when starting dmeventd. Correct dmeventd -R for systemd environment. Restart of dmeventd -R checks pid file to detect running dmeventd first. Query with dmeventd -i quickly ends when there is no running dmeventd. Enhance dm_get_status_raid to handle mismatching status or reported legs. Create /dev/disk/by-label symlinks for DM devs that have crypto as next layer. Persist udev db for DM devs on cleanup used in initrd to rootfs transition. Process synthetic udev events other than 'add/change' as 'change' events. Increase DM_UDEV_RULES_VSN to 3 to indicate changed udev rules. Rename DM_NOSCAN to .DM_NOSCAN so it's not stored in udev db. Rename DM_SUSPENDED to .DM_SUSPENDED so it's not stored in udev db. Do not import DM_UDEV_DISABLE_OTHER_RULES_FLAG from db in 10-dm-disk.rules. Test DISK_RO after importing properties from db in 10-dm.rules. Also import ID_FS_TYPE in 13-dm-disk.rules from db if needed. Version 1.02.197 - 21st November 2023 ===================================== Fix invalid JSON report if using DM_REPORT_OUTPUT_MULTIPLE_TIMES and selection. Propagate ioctl errno from dm_task_run when creating new table line. Add support for group aliases in dmstats. Add support for exit-on file for dmeventd to reduce shutdown delays. Add configure option --with-dmeventd-exit-on-path to specify default path. Add dmsetup --headings none|abbrev|full to set report headings type. Add DM_REPORT_OUTPUT_FIELD_IDS_IN_HEADINGS to provide alternative headings. - Drop patches that have been merged into upstream - 0001-lvconvert-swapmetadata-fix-lvmlockd-locking.patch - 0002-lvconvert-fix-ret-values-fro-integrity-remove.patch - 0003-lvconvert-fix-regresion-from-integrity-check.patch - 0004-gcc-cleanup-warnings.patch - 0005-lvmlockd-fix-thick-to-thin-lv-conversion.patch ... changelog too long, skipping 20 lines ... - bug-1184687_Add-nolvm-for-kernel-cmdline.patch ==== lzo ==== - Use %autosetup macro: allows us to eliminate usage of deprecated %patchN syntax. ==== ncurses ==== Version update (6.5.20240525 -> 6.5.20240601) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20240601 + improve formatting/style of manpages (patches by Branden Robinson). + change Ada95/configure to use --with-screen option rather than - -enable-widec, to provide more choices of underlying curses library ==== netavark ==== Version update (1.10.3 -> 1.11.0) - Remove redundant source: cargo_config - Update to version 1.11.0: * Release v1.11.0 * Update release notes for 1.11.0 * update netlink-packet-route to 0.20.0 * run cargo update * fix: remove extra / in make install and uninstall * chore(deps): update dependency containers/automation_images to v20240529 * fix(deps): update rust crate nix to 0.29.0 * fix(deps): update rust crate nispor to 1.2.19 * fix(deps): update rust crate anyhow to 1.0.86 * fix(deps): update rust crate anyhow to 1.0.85 * [skip-ci] Packit: do not create dup jobs on podman-next * fix(deps): update rust crate anyhow to 1.0.84 * [skip-ci] RPM: use default __cargo macro across all envs * [skip-ci] RPM: switch default firewall to nftables on EL10+ * chore(deps): update dependency containers/automation_images to v20240513 * Add conditional compilation of default firewall driver * fix(deps): update rust crate serde_json to 1.0.117 * fix new clippy warnings * Update CI image to fedora 40 * fix ncat sctp tests * fix(deps): update rust crate anyhow to 1.0.83 * build(deps): bump h2 from 0.3.25 to 0.3.26 * [skip-ci] Packit: distinct `-rhel` packages value * [skip-ci] Packit: enable c10s downstream sync * fix(deps): update rust crate libc to 0.2.154 * fix(deps): update rust crate ipnet to 2.9.0 * fix(deps): update rust crate tower to 0.4.13 * fix(deps): update rust crate tokio-stream to 0.1.15 * fix(deps): update rust crate prost to 0.12.4 * fix(deps): update rust crate iptables to 0.5.1 * [skip-ci] Packit: remove el8 jobs * fix(deps): update rust crate anyhow to 1.0.82 * fix(deps): update rust crate serde to 1.0.199 * Add suffix to Aardvark internal network filenames * fix port forward with strict RPF and multi networks * renovate: stop rebasing PRs automatically * chore(deps): update rust crate chrono to 0.4.38 * fix(deps): update rust crate serde_json to 1.0.116 * fix(deps): update rust crate netlink-sys to 0.8.6 * nftables: only dump netavark table rules * update nftables to 0.4 * fix aardvark-dns netns check * fix(deps): update rust crate tokio to 1.37 * fix(deps): update rust crate netlink-packet-route to 0.19.0 * Update to nix-0.28.0 * fix(deps): update rust crate mozim to 0.2.3 * fix(deps): update rust crate nispor to 1.2.18 * Update chrono * fix(deps): update rust crate serde_json to 1.0.115 * build(deps): bump mio from 0.8.9 to 0.8.11 * [skip-ci] rpm: aardvark-dns is a hard dep across the board * Update Rust crate env_logger to 0.11.3 * Update Rust crate serde to 1.0.197 * Update Rust crate tempfile to 3.10.1 * Update Rust crate log to 0.4.21 * Update Rust crate zbus to 3.15.2 * Update Rust crate serde_json to 1.0.114 * Update Rust crate env_logger to 0.11.2 * Update Rust crate chrono to 0.4.34 * Update Rust crate tonic-build to 0.11 * Update Rust crate tonic to 0.11 * fix netavark update to not start a new aardvark-dns * Update Rust crate tempfile to 3.10.0 * Update Rust crate zbus to 3.15.0 * Update Rust crate tokio to 1.36 * Update Rust crate chrono to 0.4.33 * Do not perform network namespace detection on AV update * [CI:BUILD] Packit/rpm: fix aardvark-dns handling * Update Rust crate serde_json to 1.0.113 * Update Rust crate serde_json to 1.0.112 * Update Rust crate env_logger to 0.11.1 * update README with nftables support * Bump to v1.11.0-dev * perf-netavark: accept fw driver as argument * perf-netavark: fix missing --config arg ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Update rpmlintrc W: no-binary to E: no-binary - Remove tigervnc * Most users including myself don't even know what a vnc is or how to use one ==== plasma-branding-Kalpa ==== - Added Conflicts: plasma-branding-MicroOS - Removed Obsolets from spec file to avoid collision with plasma-branding-MicroOS ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-workspace-libs sddm-qt6-branding-openSUSE - Add patches to fix ksmserver authentication (CVE-2024-36041, boo#1225774): * 0001-Authenticate-local-clients.patch * 0002-Remove-iceauth-dependency.patch ==== podman ==== Version update (5.0.3 -> 5.1.1) - Update to version 5.1.1: * Bump to v5.1.1 * Update release notes for v5.1.1 * libpod: do not leak systemd hc startup unit timer * Check AppleHypervisor before accessing it * [v5.1] Bump c/common to v0.59.1 * [v5.1] pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED ... correctly * test/e2e: use local skopeo not image * [v5.1] Mac PM test: Require pre-installed rosetta * Fix typo in release notes * Bump to v5.1.1-dev - Update to version 5.1.0: * Bump to v5.1.0 * Release notes for v5.1 * Add configuration for podmansh * [v5.1] Bump c/* for vendor dance * test/e2e: fix new error message * Add Hyper-V option in windows installer * Only stop chowning volumes once they're not empty * remote API: restore v4 payload in container inspect * Fix windows action trigger * Update podman network docs * Add Rosetta support for Apple Silicon mac * fix incorrect host.containers.internal entry for rootless bridge mode * vendor latest c/common main * Bump to v5.1.0-dev * Bump to v5.1.0-rc1 * Add release notes for v5.1.0 (preliminary) * `podman events`: check for an error after we finish reading events * Fix updating connection when SSH port conflict happens * rootless: fix reexec to use /proc/self/exe * ExitWithError() - enforce required exit status & stderr * ExitWithError() - a few that I missed * [skip-ci] Packit: use only one value for `packages` key for `trigger: commit` copr builds * Revert "Temporarily disable rootless debian e2e testing" * CI tests: enforce TMPDIR on tmpfs * use new CI images with tmpfs /tmp * run e2e test on tmpfs * Update module github.com/crc-org/crc/v2 to v2.36.0 * Address CVE-2024-3727 * [CI:DOCS] Use checkout@v4 in GH Actions * ExitWithError() - rmi_test * ExitWithError() - more r files * ExitWithError() - s files * ExitWithError() - more run_xxx tests * Fix podman-remote support for `podman farm build` * [CI:DOCS] Trigger windows installer action properly * Revert "container stop: kill conmon" * Ensure that containers do not get stuck in stopping * [CI:DOCS] Improvements to make validatepr * ExitWithError() - rest of the p files * [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1 * Graceful shutdown during podman kube down * test/system: fix broken "podman volume globs" test * Quadlet/Container: Add GroupAdd option * Don't panic if a runtime was configured without paths * update c/{buildah,common,image,storage} to latest main * update golangci-lint to 1.58 * machine: Add LibKrun provider detection * ExitWithError() - continue tightening * fix(deps): update module google.golang.org/protobuf to v1.34.1 * test: improve test for powercap presence * fix(deps): update module go.etcd.io/bbolt to v1.3.10 * fix(deps): update module golang.org/x/tools to v0.21.0 * [skip-ci] RPM: `bats` required only on Fedora * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 * gpdate and remove parameter settings in `.golangci.yml` * ExitWithError() - play_kube_test.go * Temporarily disable rootless debian e2e testing * fix(deps): update module golang.org/x/crypto to v0.23.0 * CI Docs: Clarify passthrough_envars() comments * Skip machine tests if they don't need to be run * Update CI VMs to F40, F39, D13 * ExitWithError() - v files * Update module golang.org/x/term to v0.20.0 * machine: Add provider detection API * util: specify a not empty pause dir for root too * Add missing option 'healthy' to output of `podman run --help` * [CI:DOCS] Add info on the quay.io images to the README.md * Add a random suffix to healthcheck unit names * test/e2e: remove toolbox image * Also substitute $HOME in runlabel with user's homedir * Update module github.com/cyphar/filepath-securejoin to v0.2.5 * ExitWithError() - pod_xxx tests * ExitWithError() -- run_test.go * Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f * Update module github.com/shirou/gopsutil/v3 to v3.24.4 * Update module github.com/docker/docker to v26.1.1+incompatible * GHA: Attempt fix exceeded a secondary rate limit * vendor ginkgo 2.17.2 into test/tools * Fix machine volumes with long path and paths with dashes * Update module google.golang.org/protobuf to v1.34.0 * Update module github.com/crc-org/crc/v2 to v2.35.0 * Update module github.com/onsi/gomega to v1.33.1 * test/e2e: podman unshare image mount fix tmpdir leak * test/e2e: do not leak /tmp/private_file * test/e2e: "persistentVolumeClaim with source" do not leak file * e2e tests: use /var/tmp, not $TMPDIR, as workdirs * Update dependency pytest to v8.1.2 ... changelog too long, skipping 193 lines ... * kube play: always pull when both imagePullPolicy and tag are missing ==== policycoreutils ==== Subpackages: policycoreutils-python-utils - Rework packaging to modern python packaging as we need policycoreutils-python-tools as build dependency for python311-setools - General: - python version for scripts is now set to python311, deprecating python3.6 on 15.4 + 15.5 - replaced python3 dependencies with corresponding dependencies - moved %{_localstatedir}/lib/selinux out of the python-policycoreutils rpm and into policycoreutils-python-utils as it does not belong into a module and causes conflicts when module is built for multiple python versions - Factory-specific changes: - python-policycoreutils module is now built for python310, python311, python312 instead of python3 - added %python3_fix_shebang to set the shebang to the current python - 15.4 and 15.5 specific changes - python-policycoreutils module is now built for python311 instead of python3 - added %python311_fix_shebang to set the shebang to python311, this is currently a dirty hack since the python3_fix_shebang_path macro does not exist in <=15.5 so far - 15.4 specific changes - policycoreutils-devel requires python3-distro still, as there is no python311-distro package - exclude %python3_fix_shebang for distros <=15.4 to avoid build failure - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== python-Mako ==== Version update (1.3.4 -> 1.3.5) - update to 1.3.5: * Reverted the fix for :ticket:`400` as it caused new issues when traversing some bracketed situations. ==== python-semanage ==== - Build python-semanage for python311 in 15.4 and 15.5 instead of python3.6 to fix build dependencies ==== re2 ==== Version update (20240501 -> 20240601) - update to 2024-06-01: * switch to abseil logging * build system changes ==== samba ==== Version update (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) Subpackages: samba-ad-dc-libs samba-client samba-client-libs samba-libs - Fix non deterministic builds; (bsc#1225754); (bso#13213); ==== selinux-policy ==== Version update (20240321 -> 20240411) Subpackages: selinux-policy-targeted - Remove "Reference" from the package description. It's not the reference policy, but the Fedora branch of the policy - Use python311 tools in 15.4 and 15.5 when building selinux-policy to deprecate python36 tooling - Fixed varrun-convert.sh script to not break because of duplicate entries - Move to %posttrans to ensure selinux-policy got updated before the commands run (bsc#1221720) - Add file contexts "forwarding" to file_contexts.sub_dist to fix systemd-gpt-auto-generator and systemd-fstab-generator (bsc#1222736): * /run/systemd/generator.early /usr/lib/systemd/system * /run/systemd/generator.late /usr/lib/systemd/system - Update to version 20240411: * Remove duplicate in sysnetwork.fc * Rename /var/run/wicked* to /run/wicked* * Remove /var/run/rsyslog/additional-log-sockets.conf from logging.fc * policy: support pidfs * Confine selinux-autorelabel-generator.sh * Allow logwatch_mail_t read/write to init over a unix stream socket * Allow logwatch read logind sessions files * files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it * files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it * Allow NetworkManager the sys_ptrace capability in user namespace * dontaudit execmem for modemmanager * Allow dhcpcd use unix_stream_socket * Allow dhcpc read /run/netns files * Update mmap_rw_file_perms to include the lock permission * Allow plymouthd log during shutdown * Add logging_watch_all_log_dirs() and logging_watch_all_log_files() * Allow journalctl_t read filesystem sysctls * Allow cgred_t to get attributes of cgroup filesystems * Allow wdmd read hardware state information * Allow wdmd list the contents of the sysfs directories * Allow linuxptp configure phc2sys and chronyd over a unix domain socket * Allow sulogin relabel tty1 * Dontaudit sulogin the checkpoint_restore capability * Modify sudo_role_template() to allow getpgid * Allow userdomain get attributes of files on an nsfs filesystem * Allow opafm create NFS files and directories * Allow virtqemud create and unlink files in /etc/libvirt/ * Allow virtqemud domain transition on swtpm execution * Add the swtpm.if interface file for interactions with other domains * Allow samba to have dac_override capability * systemd: allow sys_admin capability for systemd_notify_t * systemd: allow systemd_notify_t to send data to kernel_t datagram sockets * Allow thumb_t to watch and watch_reads mount_var_run_t * Allow krb5kdc_t map krb5kdc_principal_t files * Allow unprivileged confined user dbus chat with setroubleshoot * Allow login_userdomain map files in /var * Allow wireguard work with firewall-cmd * Differentiate between staff and sysadm when executing crontab with sudo * Add crontab_admin_domtrans interface * Allow abrt_t nnp domain transition to abrt_handle_event_t * Allow xdm_t to watch and watch_reads mount_var_run_t * Dontaudit subscription manager setfscreate and read file contexts * Don't audit crontab_domain write attempts to user home * Transition from sudodomains to crontab_t when executing crontab_exec_t * Add crontab_domtrans interface * Fix label of pseudoterminals created from sudodomain * Allow utempter_t use ptmx * Dontaudit rpmdb attempts to connect to sssd over a unix stream socket * Allow admin user read/write on fixed_disk_device_t * Only allow confined user domains to login locally without unconfined_login * Add userdom_spec_domtrans_confined_admin_users interface * Only allow admindomain to execute shell via ssh with ssh_sysadm_login * Add userdom_spec_domtrans_admin_users interface * Move ssh dyntrans to unconfined inside unconfined_login tunable policy * Update ssh_role_template() for user ssh-agent type * Allow init to inherit system DBus file descriptors * Allow init to inherit fds from syslogd * Allow any domain to inherit fds from rpm-ostree * Update afterburn policy * Allow init_t nnp domain transition to abrtd_t * Rename all /var/lock file context entries to /run/lock * Rename all /var/run file context entries to /run - Add script varrun-convert.sh for locally existing modules to be able to cope with the /var/run -> /run change - Update embedded container-selinux to commit a8e389dbcd3f9b6ed0a7e495c6f559c0383dc49e ==== setools ==== - Rework packaging to modern python packaging - python-setools module now builds for python310, python311, python312 for tw and builds for python311 in 15.4 + 15.5 - setools-console scripts will use python311 as default in factory, 15.4 and 15.5 - moved %dir %{_docdir}/%{name}/ and %{_docdir}/%{name}/* out of the python-setools module into setools-console as it does not belong in there and causes conflicts between python versions - moved %{python_sitearch}/setoolsgui from setools-gui into the python-setools module for multiversion build ==== skopeo ==== Version update (1.15.0 -> 1.15.1) - Update to version 1.15.1: * [release-1.15] Bump to v1.15.1 * [release-1.15] Freeze the fedora-minimal image reference * [release-1.15] CVE-2024-3727 (bsc#1224123) ==== systemd ==== Version update (255.6 -> 255.7) Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-experimental udev - Import commit 603cd1d4d81147d4f2eccd5e352064a4215119b4 (merge of v255.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b9c17562f612ab2cd8cfee1960714c58d0a6c593...603cd1d4d81147d4f2eccd5e352064a4215119b4 - Import commit b9c17562f612ab2cd8cfee1960714c58d0a6c593 b9c17562f6 99-systemd.rules: rework SYSTEMD_READY logic for device mapper c5003fc15e pcrlock: add make_pcrlock_record_from_stream - systemd.spec: introduce %{meson_extra_configure_options} to allow passing extra meson configure options. ==== vim ==== Version update (9.1.0413 -> 9.1.0448) Subpackages: vim-data-common vim-small - Update to 9.1.0448: * compiler warning in eval.c * remove remaining css code * Add ft_hare.txt to Reference Manual TOC * re-generate vim syntax from generator * fix syntax vim bug * completion may be wrong when deleting all chars * getregionpos() inconsistent for partly-selected multibyte char * fix highlighting nested and escaped quotes in string props * remove the indent plugin since it has too many issues * update Debian runtime files * Coverity warning after 9.1.0440 * Not enough tests for getregion() with multibyte chars * Can't use blockwise selection with width for getregion() * update outdated syntax files * fix floating_modifier highlight * hare runtime files outdated * getregionpos() can't properly indicate positions beyond eol * function get_lval() is too long * Cannot filter the history * Wrong Ex command executed when :g uses '?' as delimiter * support floating_modifier none; revert broken highlighting * Motif requires non-const char pointer for XPM data * Crash when using '?' as separator for :s * filetype: cygport files are not recognized * make errors trying to access autoload/zig * Wrong yanking with exclusive selection and ve=all * add missing help tags file * Ancient XPM preprocessor hack may cause build errors * include basic rescript ftplugin file * eval.c is too long * getregionpos() doesn't handle one char selection * check for gdb file/dir before using as buffer name * refactor zig ftplugin, remove auto format * Coverity complains about eval.c refactor * Tag guessing leaves wrong search history with very short names * some issues with termdebug mapping test * update matchit plugin to v1.20 * too many strlen() calls in search.c * set commentstring option * update vb indent plugin as vim9script * filetype: purescript files are not recognized * filetype: slint files are not recognized * basic nim ftplugin file for comments * Add Arduino ftplugin and indent files * include basic typst ftplugin file * include basic prisma ftplugin file * include basic v ftplugin for comment support * getregionpos() wrong with blockwise mode and multibyte * function echo_string_core() is too long * hyprlang files are not recognized * add basic dart ftplugin file * basic ftplugin file for graphql * mention comment plugin at :h 'commentstring' * set commentstring for sql files in ftplugin * :browse oldfiles prompts even with single entry * eval.c not sufficiently tested * clarify why E195 is returned * clarify temporary file clean up * fix :NoMatchParen not working * Cannot move to previous/next rare word * add basic ftplugin file for sshdconfig * if_py: find_module has been removed in Python 3.12.0a7 * some screen dump tests can be improved * Some functions are not tested * clarify instal instructions for comment package * Unable to leave long line with 'smoothscroll' and 'scrolloff' * fix typo in vim9script help file * Remove trailing spaces * clarify {special} argument for shellescape() ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-audio - Add patches from upstream to fix a crash for aborted links: * 0004-transition-fix-memleak-when-error-set.patch * 0005-transition-ensure-single-completion-and-finish.patch * 0006-linking-return-after-aborting-transition.patch - Add patch from upstream to fix default playback volume ignore: * 0007-state-stream-fix-using-default-volume.patch ==== xwayland ==== - disable DPMS on sle15 due to missing proto package ==== xz ==== Version update (5.6.1.revertto5.4 -> 5.6.2) Subpackages: liblzma5 - Update to 5.6.2: * Remove the backdoor (CVE-2024-3094). * Not changed: Memory sanitizer (MSAN) has a false positive in the CRC CLMUL code which also makes OSS Fuzz unhappy. Valgrind is smarter and doesn't complain. A revision to the CLMUL code is coming anyway and this issue will be cleaned up as part of it. It won't be backported to 5.6.x or 5.4.x because the old code isn't wrong. There is no reason to risk introducing regressions in old branches just to silence a false positive. * liblzma: - lzma_index_decoder() and lzma_index_buffer_decode(): Fix a missing output pointer initialization (*i = NULL) if the functions are called with invalid arguments. The API docs say that such an initialization is always done. In practice this matters very little because the problem can only occur if the calling application has a bug and these functions return LZMA_PROG_ERROR. - lzma_str_to_filters(): Fix a missing output pointer initialization (*error_pos = 0). This is very similar to the fix above. - Fix C standard conformance with function pointer types. - Remove GNU indirect function (IFUNC) support. This is *NOT* done for security reasons even though the backdoor relied on this code. The performance benefits of IFUNC are too tiny in this project to make the extra complexity worth it. - FreeBSD on ARM64: Add error checking to CRC32 instruction support detection. - Fix building with NVIDIA HPC SDK. * xz: - Fix a C standard conformance issue in --block-list parsing (arithmetic on a null pointer). - Fix a warning from GNU groff when processing the man page: "warning: cannot select font 'CW'" * xzdec: Add support for Linux Landlock ABI version 4. xz already had the v3-to-v4 change but it had been forgotten from xzdec.