Packages changed: Mesa Mesa-drivers MicroOS-release (20240403 -> 20240404) MozillaFirefox (124.0.1 -> 124.0.2) aaa_base (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) coreutils (9.4 -> 9.5) coreutils-systemd (9.4 -> 9.5) installation-images-MicroOS (17.117 -> 17.120) kdsoap-qt6 (2.1.1 -> 2.2.0) kirigami-addons6 (1.0.1 -> 1.1.0) krb5 libbpf (1.3.0 -> 1.4.0) libdeflate (1.19 -> 1.20) libdnf (0.73.0 -> 0.73.1) liburing (2.4 -> 2.5) nghttp2 (1.60.0 -> 1.61.0) openssh podman (4.9.3 -> 5.0.1) python-pyasn1 (0.5.1 -> 0.6.0) re2 (20240301 -> 20240401) systemd vim xorg-x11-server (21.1.11 -> 21.1.12) xwayland (23.2.4 -> 23.2.5) yast2-storage-ng (5.0.10 -> 5.0.11) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - fix missing free codecs in builds with non-free codecs enabled ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - fix missing free codecs in builds with non-free codecs enabled ==== MicroOS-release ==== Version update (20240403 -> 20240404) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== MozillaFirefox ==== Version update (124.0.1 -> 124.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 124.0.2 https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/ * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347) ==== aaa_base ==== Version update (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) Subpackages: aaa_base-extras - Update to version 84.87+git20240402.16596d1: * add alacritty to DIR_COLORS * Make sure tput it present before resetting TERM * Add mc helpers for both tcsh and bash resources * Do not overwrite escape sequences for xterm like * Check for valid TERM ==== coreutils ==== Version update (9.4 -> 9.5) Subpackages: coreutils-doc coreutils-lang - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== coreutils-systemd ==== Version update (9.4 -> 9.5) - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== installation-images-MicroOS ==== Version update (17.117 -> 17.120) - merge gh#openSUSE/installation-images#704 - ensure crypto-policies postinstall script is run (bsc#1222235) - 17.120 - merge gh#openSUSE/installation-images#702 - Require Mesa-dri - 17.119 - merge gh#openSUSE/installation-images#703 - etc: update module.config to match 6.9 - 17.118 ==== kdsoap-qt6 ==== Version update (2.1.1 -> 2.2.0) - update to 2.2.0: * buildsystem - Add co-installability of Qt5 and Qt6 headers back. Installs Qt6 headers into their own subdirectory so client code still works, but can be co-installed with Qt5 again. * Add KDSoapClientInterface::setMessageAddressingProperties() so that WS-Addressing support can be used with WSDL-generated services (issue #254) * Don't require a SOAP action in order to write addressing properties (also issue #254) * WSDL parser / code generator changes, applying to both client and server side * Improve -import-path ==== kirigami-addons6 ==== Version update (1.0.1 -> 1.1.0) Subpackages: kirigami-addons6-lang - Update to 1.1.0 * New FormCard delegate: FormColorDelegate * New delegate container: FormCardDialog * Fixed a newline bug in the AboutKDE component * The default size of MessageDialog was decreased * Fixed the autoplay of the video delegate for the maximized album component ==== krb5 ==== - Add crypto-policies support [bsc#1211301] * Update krb5.conf in vendor-files.tar.bz2 ==== libbpf ==== Version update (1.3.0 -> 1.4.0) - update to 1.4.0: * support for BPF token throughout low-level and high-level APIs (see also LIBBPF_BPF_TOKEN_PATH envvar) * struct_ops functionality around handling multi-kernel compatibility using BPF CO-RE principles and approaches * BPF arena map support * support __arena tagged global variables, which are automatically put into BPF arena map * BPF cookie support for raw tracepoint BPF programs in attach APIs loaded or created, respectively * add SEC("sk_skb/verdict") support * support global subprog argument tagging for for kprobe/uprobe, and perf_event BPF program with newly added __arg_ctx, __arg_nonnull, __arg_nullable, __arg_trusted, and __arg_arena annotations * add bpf_core_cast() macro, improving ergonomics of bpf_rdonly_cast() BPF helper * __long() macro added for specifying 64-bit values when declaring BTF-defined maps * better GCC-BPF support in BPF CO-RE macros in bpf_core_read.h header * show specific error messages when attempting to use struct bpf_program/bpf_map instances there were not loaded or created * fix inner map's max_entries setting logic * btf_ext__raw_data() and btf__new_split() APIs are added back * ignore DWARF sections in BPF linker sanity checks, improving handling of some corner cases * fix potential NULL dereference when handling corrupted ELF files. ==== libdeflate ==== Version update (1.19 -> 1.20) - update to 1.20: * Improved CRC-32 performance on recent x86 CPUs by adding * VPCLMULQDQ-accelerated implementations using 256-bit and 512-bit vectors. * Improved Adler-32 performance on recent x86 CPUs by adding * VNNI-accelerated implementations using 256-bit and 512-bit vectors. * Improved CRC-32 and Adler-32 performance on short inputs. * Optimized the portable implementation of Adler-32. * Added some basic optimizations for RISC-V. * Dropped support for gcc versions older than v4.9 (released in 2014) and clang versions older than v3.9 (released in 2016). * Dropped support for CRC-32 acceleration on 32-bit ARM using the ARMv8 pmull or crc32 instructions. ==== libdnf ==== Version update (0.73.0 -> 0.73.1) Subpackages: libdnf-repo-config-zypp libdnf2 - version update to 0.73.1 * Bug fixes: - Fix https://issues.redhat.com/browse/RHEL-27657 - subject-py: Fix memory leak * Others: - MergedTransaction: Calculate RPM difference between two same versions as no-op - Onboard packit tests - Add virtual destructor to TransactionItem ==== liburing ==== Version update (2.4 -> 2.5) - Update to 2.5: * Add support for io_uring_prep_cmd_sock() * Add support for application allocated ring memory, for placing rings in huge mem. Available through io_uring_queue_init_mem(). * Add support for registered ring fds * Various documentation updates * Various fixes - Remove (they are upstream) * test-io_uring_register-fix-errno-confusion-and-new-e.patch * tests-don-t-expect-multishot-recv-overflow-backloggi.patch - Add * test-recv-multishot-wait-for-the-right-amount-of-CQE.patch (to fix test errors on the 6.8.2 kernel) * test-no-mmap-inval-0-return-is-fine-too.patch (fix the test) ==== nghttp2 ==== Version update (1.60.0 -> 1.61.0) - version update to 1.61.0 * Fixes CVE-2024-28182 [bsc#1221399] * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 * Checkout with submodules by @jonaski in #2093 * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 * docker: Use copy --link by @tatsuhiro-t in #2099 * Nghttpx header idle timeout by @tatsuhiro-t in #2100 * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 * Rewrite hexdump by @tatsuhiro-t in #2102 * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 * Bump ngtcp2 by @tatsuhiro-t in #2105 * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 * Automate release process by @tatsuhiro-t in #2109 * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 * Add actions/stale by @tatsuhiro-t in #2116 * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 * No rfc7540 priority fix by @tatsuhiro-t in #2120 * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 * Bump munit by @tatsuhiro-t in #2131 * nghttpx: Fix error message by @tatsuhiro-t in #2133 * nghttpd: Fix read stall by @tatsuhiro-t in #2134 - gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206) ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Use %config(noreplace) for sshd_config . In any case, it's recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063) - Use %{_libexecdir} when removing ssh-keycat instead of the hardcoded path so it works in TW and SLE. - Add crypto-policies support [bsc#1211301] * Add patches: - openssh-9.6p1-crypto-policies.patch - openssh-9.6p1-crypto-policies-man.patch ==== podman ==== Version update (4.9.3 -> 5.0.1) - update to 5.0.1: * Bugfixes - Fixed a bug where rootless containers using the Pasta network driver did not properly handle localhost DNS resolvers on the host leading to DNS resolution issues (#22044). - Fixed a bug where Podman would warn that cgroups v1 systems were no longer supported on FreeBSD hosts. - Fixed a bug where HyperV podman machine VMs required an SSH client be installed on the system (#22075). - Fixed a bug that prevented the remote Podman client's podman build command from working properly when connecting from a rootless client to a rootful server (#22109). * Misc - The HyperV driver to podman machine now fails immediately if admin privileges are not available (previously, it would only fail when it reached operations that required admin privileges). - Refactor network backend dependencies: * require either cni or netavark for SLE-15-SP5 and lower * require netavark for all other streams and fresh installations even on older SLE systems for podman >= 5.0.0 - Drop slirp4netns, require passt instead for rootless networking - Update to version 5.0.0: * New release: v5.0.0 * Update RELEASE_NOTES.md with CVE-2024-1753 (bsc#1221677) * [v5.0] Bump Buildah to v1.35.1 * Adjust to the standard location of gvforwarder used in new images * Switch to 5.x WSL machine os stream using new automation * rpm: use macro supported vendoring * Bump to v5.0.0-dev * Bump to v5.0.0-RC7 * Add release notes for v5.0.0-rc7 * fix invalid HTTP header values when hijacking a connection * Use faster gzip for compression for 3x speedup for sending large contexts to remote * pkg/machine: make checkExclusiveActiveVM race free * pkg/machine/wsl: remove unused CheckExclusiveActiveVM() * pkg/machine: CheckExclusiveActiveVM should also check for starting * pkg/machine: refresh config after we hold lock * rpm: update containers-common dep on f40+ * Change API socket to be machine name isolated * Makefile: drop tests-included from validate target * Add release notes for v5.0.0 * do not require policy.json * Machine decompress.go refactoring follow-up * Add target win-gvproxy in winmake.ps1 * Add final machine endpoint * update API doc version to 5.0.0 * Bump to 5.0.0-dev * Bump to 5.0.0-rc6 * docs: generate-systemd: add clarification statement * docs: quadlet: improve docs on root/rootless dirs * [CI:DOCS] performance: fix URL and kernel version requirement * [CI:DOCS] Remove outdated references * Add note for RHEL 8.5 * Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY] * Update module github.com/go-jose/go-jose/v3 to v3.0.3 [SECURITY] * Bump to v5.0.0-dev * Bump to v5.0.0-rc5 * Fix Mac CI * Complete policy.json inclusion * Bump Buildah to v1.35.0 * podman compose: enable machine socket connection * [CI:DOCS] Add farm command to commands list * podman machine start/stop do not write config unlocked * [CI:BUILD] Build universal Podman binary for Mac installer * podman machine init: do not write config unlocked * Fail on failures to close the file descriptors, and especially the SparseWriter * Avoid reliance on fs.ErrClosed in SparseWriter users * Fix the logic for detecting an unexpected close error * vendor libhvee-0.7.0 * podman machine set: change options only locked * Remove copySparseFile * pkg/machine: fix relative DefaultPolicyJSONPath * Don't read full VM File before decompressing * [CI:DOCS] Fix windows installer action * machine: make more use of strongunits * Fix wrong units size return * fix(deps): update github.com/containers/libhvee digest to 7cee23c * [CI:DOCS] Migrate podman container image * fix(deps): update module google.golang.org/protobuf to v1.33.0 * CI: try to fix more flakes * [CI:BUILD] rpm: Put the podmansh(1) manual in the podmansh sub-package * e2e: fix potential race in file-locks test * Makefile: podman should have correct selinux label * properly implement pull-error event status * fix(deps): update module golang.org/x/tools to v0.19.0 * Resurrect auto-port reassignment, but for all providers * Refactor env dir and port functions into new leaf pkgs * fix(deps): update module golang.org/x/net to v0.22.0 * Revert "Expose as-tested Mac/Windows repository state" * fix(deps): update module golang.org/x/term to v0.18.0 * Update podman-for-windows.md * fix(deps): update github.com/containers/libhvee digest to 0ff33af * machine init: print output to improve UX * logformatter: fixes for Macintosh * test/e2e: check for stderr errors in cleanup() * Bump to FreeBSD 13.3 (13.2 vanished) * Bump to v5.0.0-dev * fix(deps): update module github.com/stretchr/testify to v1.9.0 ... changelog too long, skipping 613 lines ... * Change default QEMU CPU level to `qemu64` on Windows amd64 ==== python-pyasn1 ==== Version update (0.5.1 -> 0.6.0) - update to 0.6.0: * Added support for previously missing RELATIVE-OID construct * Updated link to Layman's Guide Now it provides a link to links to a formatted PDF version of the paper, at a stable domain (researchgate), using https * Removed support for EOL Python 2.7, 3.6, 3.7 ==== re2 ==== Version update (20240301 -> 20240401) - update to 2024-04-01: * Fix SIGSEGV if Match is called before Compile * remove unsuppressable stderr message when compiling an empty re2.Filter ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-lang udev - Move systemd-repart from experimental to udev. - Add 0001-Drop-support-for-efivar-SystemdOptions.patch (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - The following patches have been merged into SUSE/v255 branch hence removed from the OBS project. 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch 5008-test-Add-effective-cgroup-limits-testing.patch 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch 5010-cgroup-Rename-effective-limits-internal-table.patch - Import commit 56b53b17bcd8311dfb53f05b359b2812593883ab 56b53b17bc cgroup: Rename effective limits internal table (jsc#PED-5659) 7c9202317c cgroup: Restrict effective limits with global resource provision (jsc#PED-5659) da858e68eb test: Add effective cgroup limits testing (jsc#PED-5659) 2f013357a5 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659) 0a3ea7f367 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659) - Drop split_usr build conditional since both split-usr and unmerged-usr supports have been removed since v255. - Don't use the "Patch:" directive with a suffix number as since the suffix doesn't serve any purpose. ==== vim ==== Subpackages: vim-data vim-data-common vim-small xxd - spec.skeleton: add sample check section (W: no-%check-section) ==== xorg-x11-server ==== Version update (21.1.11 -> 21.1.12) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Security update 21.1.12 This release addresses the following 4 security issues: * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31082 * CVE-2024-31083 Additionally it provides a way to disable byte-swapped clients either by command line flag or config option. This allows to turn off byte swapping code that has been a source of security problems lately. ==== xwayland ==== Version update (23.2.4 -> 23.2.5) - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. ==== yast2-storage-ng ==== Version update (5.0.10 -> 5.0.11) - GuidedProposal: fixed a problem related to the :bigger_resize strategy (Agama) detected at gh#openSUSE/agama#1106. - 5.0.11