Packages changed: apparmor cJSON (1.7.17 -> 1.7.18) chrony dialog gnome-control-center kernel-firmware-nvidia-gspx-G06 (550.78 -> 550.90.07) libapparmor libbpf (1.4.2 -> 1.4.3) libstorage-ng (4.5.206 -> 4.5.207) libtommath (1.2.1 -> 1.3.0) libvirt (10.3.0 -> 10.4.0) man (2.12.0 -> 2.12.1) ndctl (78 -> 79) nvidia-open-driver-G06-signed (550.78_k6.9.1_1 -> 550.90.07_k6.9.3_1) openSUSE-release (20240605 -> 20240606) patterns-base python-libvirt-python (10.3.0 -> 10.4.0) rubygem-ruby-augeas samba (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) seahorse selinux-policy (20240321 -> 20240411) subversion telepathy-glib xen (4.18.2_04 -> 4.18.2_05) xwayland === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== cJSON ==== Version update (1.7.17 -> 1.7.18) - unconditionally apply the revert NULL pointer test - update to 1.7.18: * CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420) * Remove non-functional list handling of compiler flags * Fix heap buffer overflow * remove misused optimization flag -01 * Set free'd pointers to NULL whenever they are not reassigned immediately after - revert tests for NULL pointers that fail on Leap 15.5 cJSON-1.7.18-misc_tests.patch ==== chrony ==== Subpackages: chrony-pool-openSUSE - bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable - Update clknetsim to snapshot 0a11a35. ==== dialog ==== Subpackages: dialog-lang libdialog15 - Update to version 1.3-20240307: + add option --color-modes, which can be used to color the content of programbox, tailbox, textbox (requested by RafaƂ Radziejewski). + updated configure script, e.g., for compiler-warning fixes. + amend change to formbox while revising --max-input to work with the form's "ilen" parameter (report by Anna-Maria Gruber, cf: 2022/04/14) + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + updated lv.po from http://translationproject.org/latest/dialog/ + add/use dlg_print_nowrap(), to handle multibyte character strings in progressbox and tailbox (report/testcase by Sergey Merzlikin). + updated configure script, e.g., for compiler-warning fixes. + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + minor fixes for manpages to address mandoc warnings. + updated th.po from http://translationproject.org/latest/dialog/ + update config.guess, config.sub ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces gnome-control-center-users - Update gnome-control-center-disable-error-message-for-NM.patch: Add info page to toolbar view instead of navigation page to prevent hiding close button (bsc#1222099). ==== kernel-firmware-nvidia-gspx-G06 ==== Version update (550.78 -> 550.90.07) - Security Update 550.90.07 * addresses boo#1223356 [CVE-2024-0090, CVE-2024-0091, CVE-2024-0092] ==== libapparmor ==== - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== libbpf ==== Version update (1.4.2 -> 1.4.3) - update to 1.4.3: * Fix libbpf unintentionally dropping FD_CLOEXEC flag when (internally) duping FDs ==== libstorage-ng ==== Version update (4.5.206 -> 4.5.207) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#996 - make more use of new SystemCmd interface - 4.5.207 ==== libtommath ==== Version update (1.2.1 -> 1.3.0) Subpackages: libtommath1 libtommath1-x86-64-v3 - update to 1.3.0: * Deprecate more APIs which are replaced in develop * Add support for CMake (PR #573) * Add support for GitHub Actions (PR #573) ==== libvirt ==== Version update (10.3.0 -> 10.4.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 10.4.0 - network: use nftables to setup virtual network firewall rules boo#1201510 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-4-0-2024-06-03 ==== man ==== Version update (2.12.0 -> 2.12.1) - Update to 2.12.1 (5 April 2024) * Fix excessive cleanup of `/var/cache/man` by `systemd-tmpfiles`. * `man` matches the display width more accurately to the configured width. * Upgrade to Gnulib `stable-202401`. * Mention `groff`'s `pdf` device in `man(1)`. * Speed up `seccomp` filter slightly. * Document how to format pages using italic rather than underlined text. * Remove the obsolete `chconfig` tool for converting man-db configuration files to the FHS. This transition took place almost 25 years ago (at least in Debian), so it's not worth keeping it around now. - Remove patch man-db-2.9.4-alternitive.dif now upstream - Port the patches * man-db-2.6.3-listall.dif * man-db-2.7.1-zio.dif * man-db-2.9.4.patch * man-propose-online.patch ==== ndctl ==== Version update (78 -> 79) - Update to version 79 * New cxl-wait-sanitize and cxl-set-alert-config commands * Support for QOS Class in cxl-create-region ==== nvidia-open-driver-G06-signed ==== Version update (550.78_k6.9.1_1 -> 550.90.07_k6.9.3_1) - Security Update 550.90.07 (boo#1223356) [CVE-2024-0090, CVE-2024-0091, CVE-2024-0092] ==== openSUSE-release ==== Version update (20240605 -> 20240606) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Update rpmlintrc W: no-binary to E: no-binary - Remove tigervnc * Most users including myself don't even know what a vnc is or how to use one ==== python-libvirt-python ==== Version update (10.3.0 -> 10.4.0) - Update to 10.4.0 - Add all new APIs and constants in libvirt 10.4.0 ==== rubygem-ruby-augeas ==== - Replace %patchN with %patch -P N: %patchN is deprecated. ==== samba ==== Version update (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Fix non deterministic builds; (bsc#1225754); (bso#13213); ==== seahorse ==== Subpackages: gnome-shell-search-provider-seahorse seahorse-lang - Add seahorse-gcc14.patch: fix an invalid cast (glgo#GNOME/seahorse!220). ==== selinux-policy ==== Version update (20240321 -> 20240411) Subpackages: selinux-policy-targeted - Remove "Reference" from the package description. It's not the reference policy, but the Fedora branch of the policy - Use python311 tools in 15.4 and 15.5 when building selinux-policy to deprecate python36 tooling - Fixed varrun-convert.sh script to not break because of duplicate entries - Move to %posttrans to ensure selinux-policy got updated before the commands run (bsc#1221720) - Add file contexts "forwarding" to file_contexts.sub_dist to fix systemd-gpt-auto-generator and systemd-fstab-generator (bsc#1222736): * /run/systemd/generator.early /usr/lib/systemd/system * /run/systemd/generator.late /usr/lib/systemd/system - Update to version 20240411: * Remove duplicate in sysnetwork.fc * Rename /var/run/wicked* to /run/wicked* * Remove /var/run/rsyslog/additional-log-sockets.conf from logging.fc * policy: support pidfs * Confine selinux-autorelabel-generator.sh * Allow logwatch_mail_t read/write to init over a unix stream socket * Allow logwatch read logind sessions files * files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it * files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it * Allow NetworkManager the sys_ptrace capability in user namespace * dontaudit execmem for modemmanager * Allow dhcpcd use unix_stream_socket * Allow dhcpc read /run/netns files * Update mmap_rw_file_perms to include the lock permission * Allow plymouthd log during shutdown * Add logging_watch_all_log_dirs() and logging_watch_all_log_files() * Allow journalctl_t read filesystem sysctls * Allow cgred_t to get attributes of cgroup filesystems * Allow wdmd read hardware state information * Allow wdmd list the contents of the sysfs directories * Allow linuxptp configure phc2sys and chronyd over a unix domain socket * Allow sulogin relabel tty1 * Dontaudit sulogin the checkpoint_restore capability * Modify sudo_role_template() to allow getpgid * Allow userdomain get attributes of files on an nsfs filesystem * Allow opafm create NFS files and directories * Allow virtqemud create and unlink files in /etc/libvirt/ * Allow virtqemud domain transition on swtpm execution * Add the swtpm.if interface file for interactions with other domains * Allow samba to have dac_override capability * systemd: allow sys_admin capability for systemd_notify_t * systemd: allow systemd_notify_t to send data to kernel_t datagram sockets * Allow thumb_t to watch and watch_reads mount_var_run_t * Allow krb5kdc_t map krb5kdc_principal_t files * Allow unprivileged confined user dbus chat with setroubleshoot * Allow login_userdomain map files in /var * Allow wireguard work with firewall-cmd * Differentiate between staff and sysadm when executing crontab with sudo * Add crontab_admin_domtrans interface * Allow abrt_t nnp domain transition to abrt_handle_event_t * Allow xdm_t to watch and watch_reads mount_var_run_t * Dontaudit subscription manager setfscreate and read file contexts * Don't audit crontab_domain write attempts to user home * Transition from sudodomains to crontab_t when executing crontab_exec_t * Add crontab_domtrans interface * Fix label of pseudoterminals created from sudodomain * Allow utempter_t use ptmx * Dontaudit rpmdb attempts to connect to sssd over a unix stream socket * Allow admin user read/write on fixed_disk_device_t * Only allow confined user domains to login locally without unconfined_login * Add userdom_spec_domtrans_confined_admin_users interface * Only allow admindomain to execute shell via ssh with ssh_sysadm_login * Add userdom_spec_domtrans_admin_users interface * Move ssh dyntrans to unconfined inside unconfined_login tunable policy * Update ssh_role_template() for user ssh-agent type * Allow init to inherit system DBus file descriptors * Allow init to inherit fds from syslogd * Allow any domain to inherit fds from rpm-ostree * Update afterburn policy * Allow init_t nnp domain transition to abrtd_t * Rename all /var/lock file context entries to /run/lock * Rename all /var/run file context entries to /run - Add script varrun-convert.sh for locally existing modules to be able to cope with the /var/run -> /run change - Update embedded container-selinux to commit a8e389dbcd3f9b6ed0a7e495c6f559c0383dc49e ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - fix build with gcc14 (boo#1225929) subversion-1.14.3-gcc14.patch subversion-1.14.3-gcc14-2.patch ==== telepathy-glib ==== Subpackages: libtelepathy-glib0 typelib-1_0-TelepathyGlib-0_12 - Add telepathy-glib-function-type-cast.patch: fix an invalid cast (glfdo#telepathy/telepathy-glib!4). ==== xen ==== Version update (4.18.2_04 -> 4.18.2_05) Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1225953 - Package xen does not build with gcc14 because of new errors gcc14-fixes.patch ==== xwayland ==== - disable DPMS on sle15 due to missing proto package