Packages changed: MicroOS-release (20240605 -> 20240606) apparmor chrony cockpit (309 -> 316) crun (1.14.4 -> 1.15) dialog gnome-control-center libapparmor libbpf (1.4.2 -> 1.4.3) libkrun (1.4.10 -> 1.9.0) libtommath (1.2.1 -> 1.3.0) patterns-base podman (5.1.0 -> 5.1.1) python-Mako (1.3.4 -> 1.3.5) samba (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) selinux-policy (20240321 -> 20240411) xen (4.18.2_04 -> 4.18.2_05) xwayland zypp-boot-plugin (0.0.8 -> 0.0.9) === Details === ==== MicroOS-release ==== Version update (20240605 -> 20240606) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== chrony ==== Subpackages: chrony-pool-openSUSE - bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable - Update clknetsim to snapshot 0a11a35. ==== cockpit ==== Version update (309 -> 316) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 316: * cockpit.js API: Fix format_bytes() units - add 0001-users-Support-for-watching-lastlog2.patch (bsc#1220551) - add 0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch (bsc#1220551) - new version 315: * Networking: Show additional ports for each firewall zone * Networking: List Firewall active zones when unprivileged * Inline documentation * Support for transient virtual machines * UEFI for virtual machines * Unattended virtual machines installation * Localize times * Better support for various TLS certificate formats * Overview: Add CPU utilization to usage card * Dashboard: Support SSH identity unlocking when adding new machines * SElinux: Introduce an Ansible automation script * Machines: Support “bridge” type network interfaces * Machines: Support “bus” type disk configuration - suse_docs.patch, storage-btrfs.patch: refreshed ==== crun ==== Version update (1.14.4 -> 1.15) - New upstream release 1.15 * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. * release: build s390x binaries using musl libc. * features: add support for potentiallyUnsafeConfigAnnotations. * handlers: add option to load wasi-nn plugin for wasmedge. * linux: fix "harden chdir()" security measure. The previous check was not correct. * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. ==== dialog ==== Subpackages: libdialog15 - Update to version 1.3-20240307: + add option --color-modes, which can be used to color the content of programbox, tailbox, textbox (requested by Rafał Radziejewski). + updated configure script, e.g., for compiler-warning fixes. + amend change to formbox while revising --max-input to work with the form's "ilen" parameter (report by Anna-Maria Gruber, cf: 2022/04/14) + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + updated lv.po from http://translationproject.org/latest/dialog/ + add/use dlg_print_nowrap(), to handle multibyte character strings in progressbox and tailbox (report/testcase by Sergey Merzlikin). + updated configure script, e.g., for compiler-warning fixes. + update config.guess, config.sub + updated configure script, e.g., for compiler-warning fixes. + minor fixes for manpages to address mandoc warnings. + updated th.po from http://translationproject.org/latest/dialog/ + update config.guess, config.sub ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa - Update gnome-control-center-disable-error-message-for-NM.patch: Add info page to toolbar view instead of navigation page to prevent hiding close button (bsc#1222099). ==== libapparmor ==== - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) ==== libbpf ==== Version update (1.4.2 -> 1.4.3) - update to 1.4.3: * Fix libbpf unintentionally dropping FD_CLOEXEC flag when (internally) duping FDs ==== libkrun ==== Version update (1.4.10 -> 1.9.0) - Update to version 1.9.0: * console: send a resize event on PORT_READY by @slp in #179 * Fix another batch of new clippy warnings by @slp in #182 * Fix constness when taking an array of string pointers by @teohhanhui in #181 * Fix new lints in Rust 1.78 by @teohhanhui in #184 * Use the correct documentation comment style recognized by clang by @teohhanhui in #183 * virtio/snd: import virtio-snd from vhost-user-sound by @slp in #186 - Changes from 1.8.1: * VirtIO optimizations - Changes from 1.8.0: * Implement stdin/stdout/stderr redirection support using multiport virtio-console * devices/legacy: import PL011 for aarch64 * init: accept arguments from the "args" Field * Fix various minor issues on macOS and add a CI workflow for this OS * Add Matej Hrica (mtjhrc) to CODEOWNERS * Implement an EFI flavor * Implement krun_add_vsock_port() and UnixProxy for guest communication with host UNIX sockets. * Implement the infrastructure to support sending shut down signals to the guest * lib: allow having multiple virtio-fs devices * devices/net: allow configuring a custom MAC * Import SECURITY_CTX support from virtiofsd * Makefile: fix EFI library naming * virtio/net: implement gvproxy backend * macos/eventfd: ignore EAGAIN on write * Import rutabaga_gfx+virtio_gpu from crosvm * devices/vsock/unix: implement update_peer_credit * devices/console: implement an empty port input * Extend virtio-gpu to support Venus on macOS * libkrun: Extend API to redirect console to file * virtio/fs/macos: overhaul to use macos inodes - Update to version 1.7.2: * Fix aarch64 build by adapting to changes in kvm-ioctl - Changes from 1.7.1 * Update kbs-types version to 0.5 and release 1.7.1 - Update to version 1.7.0: * SNP Attestation * Read TEE config from the end of the block device * De-vendorize kbs-types * Remove libfdt dependency * init: place SEV behind build-time conditional * devices/fs: fix reading the end of init.krun * init: don't build init.c on SEV flavor * Prepare to support libkrunfw 4.x * init: Report an error when execution of the user binary fails * virtio-net implementation using passt * Make krun_set_vm_config use the same argument type for num_vcpus as ... * Update sev crate to 1.2.0 * virtio net bugfixes and performance improvement * Makefile: De-couple KBS init sources from SEV-SNP * Update rust-vmm deps and bump version for upcoming release - Changes from 1.5.1 * Fix CI clippy * Add a pkgconf file * examples: Fix error handling of krun_create_ctx * VSOCK: fix reaper timeout * Fix typo in README.md * macos: implement host->guest time sync * Bump version to v1.5.1 - Changes from 1.5.0 * devices: update lru dep to 0.9 * Introduce the krun_set_data_disk API. - The vendored tarball already contains the config these days, so don't mess with that in the spec file ==== libtommath ==== Version update (1.2.1 -> 1.3.0) - update to 1.3.0: * Deprecate more APIs which are replaced in develop * Add support for CMake (PR #573) * Add support for GitHub Actions (PR #573) ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Update rpmlintrc W: no-binary to E: no-binary - Remove tigervnc * Most users including myself don't even know what a vnc is or how to use one ==== podman ==== Version update (5.1.0 -> 5.1.1) - Update to version 5.1.1: * Bump to v5.1.1 * Update release notes for v5.1.1 * libpod: do not leak systemd hc startup unit timer * Check AppleHypervisor before accessing it * [v5.1] Bump c/common to v0.59.1 * [v5.1] pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED ... correctly * test/e2e: use local skopeo not image * [v5.1] Mac PM test: Require pre-installed rosetta * Fix typo in release notes * Bump to v5.1.1-dev ==== python-Mako ==== Version update (1.3.4 -> 1.3.5) - update to 1.3.5: * Reverted the fix for :ticket:`400` as it caused new issues when traversing some bracketed situations. ==== samba ==== Version update (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2) Subpackages: samba-ad-dc-libs samba-client samba-client-libs samba-libs - Fix non deterministic builds; (bsc#1225754); (bso#13213); ==== selinux-policy ==== Version update (20240321 -> 20240411) Subpackages: selinux-policy-targeted - Remove "Reference" from the package description. It's not the reference policy, but the Fedora branch of the policy - Use python311 tools in 15.4 and 15.5 when building selinux-policy to deprecate python36 tooling - Fixed varrun-convert.sh script to not break because of duplicate entries - Move to %posttrans to ensure selinux-policy got updated before the commands run (bsc#1221720) - Add file contexts "forwarding" to file_contexts.sub_dist to fix systemd-gpt-auto-generator and systemd-fstab-generator (bsc#1222736): * /run/systemd/generator.early /usr/lib/systemd/system * /run/systemd/generator.late /usr/lib/systemd/system - Update to version 20240411: * Remove duplicate in sysnetwork.fc * Rename /var/run/wicked* to /run/wicked* * Remove /var/run/rsyslog/additional-log-sockets.conf from logging.fc * policy: support pidfs * Confine selinux-autorelabel-generator.sh * Allow logwatch_mail_t read/write to init over a unix stream socket * Allow logwatch read logind sessions files * files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it * files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it * Allow NetworkManager the sys_ptrace capability in user namespace * dontaudit execmem for modemmanager * Allow dhcpcd use unix_stream_socket * Allow dhcpc read /run/netns files * Update mmap_rw_file_perms to include the lock permission * Allow plymouthd log during shutdown * Add logging_watch_all_log_dirs() and logging_watch_all_log_files() * Allow journalctl_t read filesystem sysctls * Allow cgred_t to get attributes of cgroup filesystems * Allow wdmd read hardware state information * Allow wdmd list the contents of the sysfs directories * Allow linuxptp configure phc2sys and chronyd over a unix domain socket * Allow sulogin relabel tty1 * Dontaudit sulogin the checkpoint_restore capability * Modify sudo_role_template() to allow getpgid * Allow userdomain get attributes of files on an nsfs filesystem * Allow opafm create NFS files and directories * Allow virtqemud create and unlink files in /etc/libvirt/ * Allow virtqemud domain transition on swtpm execution * Add the swtpm.if interface file for interactions with other domains * Allow samba to have dac_override capability * systemd: allow sys_admin capability for systemd_notify_t * systemd: allow systemd_notify_t to send data to kernel_t datagram sockets * Allow thumb_t to watch and watch_reads mount_var_run_t * Allow krb5kdc_t map krb5kdc_principal_t files * Allow unprivileged confined user dbus chat with setroubleshoot * Allow login_userdomain map files in /var * Allow wireguard work with firewall-cmd * Differentiate between staff and sysadm when executing crontab with sudo * Add crontab_admin_domtrans interface * Allow abrt_t nnp domain transition to abrt_handle_event_t * Allow xdm_t to watch and watch_reads mount_var_run_t * Dontaudit subscription manager setfscreate and read file contexts * Don't audit crontab_domain write attempts to user home * Transition from sudodomains to crontab_t when executing crontab_exec_t * Add crontab_domtrans interface * Fix label of pseudoterminals created from sudodomain * Allow utempter_t use ptmx * Dontaudit rpmdb attempts to connect to sssd over a unix stream socket * Allow admin user read/write on fixed_disk_device_t * Only allow confined user domains to login locally without unconfined_login * Add userdom_spec_domtrans_confined_admin_users interface * Only allow admindomain to execute shell via ssh with ssh_sysadm_login * Add userdom_spec_domtrans_admin_users interface * Move ssh dyntrans to unconfined inside unconfined_login tunable policy * Update ssh_role_template() for user ssh-agent type * Allow init to inherit system DBus file descriptors * Allow init to inherit fds from syslogd * Allow any domain to inherit fds from rpm-ostree * Update afterburn policy * Allow init_t nnp domain transition to abrtd_t * Rename all /var/lock file context entries to /run/lock * Rename all /var/run file context entries to /run - Add script varrun-convert.sh for locally existing modules to be able to cope with the /var/run -> /run change - Update embedded container-selinux to commit a8e389dbcd3f9b6ed0a7e495c6f559c0383dc49e ==== xen ==== Version update (4.18.2_04 -> 4.18.2_05) - bsc#1225953 - Package xen does not build with gcc14 because of new errors gcc14-fixes.patch ==== xwayland ==== - disable DPMS on sle15 due to missing proto package ==== zypp-boot-plugin ==== Version update (0.0.8 -> 0.0.9) - Update to version 0.0.9: * Set reboot flag for multiversion packages ( type "M" ).