Packages changed: cryptsetup (2.4.0 -> 2.4.1) e2fsprogs (1.46.3 -> 1.46.4) fcoe-utils gnome-packagekit installation-images-MicroOS (17.14 -> 17.15) libXi (1.7.10 -> 1.8) libcontainers-common libtirpc libzypp (17.28.3 -> 17.28.4) perl-Bootloader (0.935 -> 0.936) pipewire (0.3.35 -> 0.3.36) plasma5-workspace podman (3.2.3 -> 3.3.1) python-jsonpatch samba (4.14.6+git.168.6a9fc8a1ddd -> 4.14.6+git.182.2205d5224e3) transactional-update (3.5.4 -> 3.5.5) xkeyboard-config === Details === ==== cryptsetup ==== Version update (2.4.0 -> 2.4.1) Subpackages: libcryptsetup12 - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. ==== e2fsprogs ==== Version update (1.46.3 -> 1.46.4) Subpackages: libcom_err2 libext2fs2 - Update to 1.46.4: * Default to 256-byte inodes for all filesystems, not only larger ones * Bigalloc is considered supported now for small cluster sizes * E2fsck and e2image fixes for quota feature * Fix mke2fs creation of filesystem into non-existent file - libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer libreadline.so.8 to dlopen path (bsc#1189453) - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_e2scrub@.service.patch * harden_e2scrub_all.service.patch * harden_e2scrub_fail@.service.patch * harden_e2scrub_reap.service.patch ==== fcoe-utils ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_fcoe.service.patch ==== gnome-packagekit ==== - Add gnome-packagekit-drop-NEWEST-on-get-updates.patch: Don't use PK_FILTER_ENUM_NEWEST filter when getting updates (glgo#GNOME/gnome-packagekit!3, bsc#1190330). ==== installation-images-MicroOS ==== Version update (17.14 -> 17.15) - merge gh#openSUSE/installation-images#523 - increase minimal ext2 fs size to 128 kiB - 17.15 ==== libXi ==== Version update (1.7.10 -> 1.8) - Update to version 1.8 * This release of libXi marks the support of XI 2.4 touchpad gesture events official. This feature is the only difference between libXi 1.8 and the latest release in the 1.7.x series (1.7.10). ==== libcontainers-common ==== - Comment out ostree_repo if it's blank [boo#1189893] - Comment out ostree_repo [boo#1189893] ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - Backport DoS vulnerability fix 0001-Fix-DoS-vulnerability-in-libtirpc.patch - Replace %setup with %autosetup ==== libzypp ==== Version update (17.28.3 -> 17.28.4) - Make sure to keep states alives while transitioning (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. If environment variables are unhandy one may enable the desired techpreview in zypp.conf as well: [main] techpreview.ZYPP_SINGLE_RPMTRANS=1 techpreview.ZYPP_MEDIANETWORK=1 - version 17.28.4 (22) ==== perl-Bootloader ==== Version update (0.935 -> 0.936) - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 ==== pipewire ==== Version update (0.3.35 -> 0.3.36) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patches from upstream to fix an "use-after-free" error and to set the version number correctly: * 0001-media-session-dont-use-after-free-if-linking-node-removed.patch * 0002-update-version-number-as-well.patch - Update to version 0.3.36: * Highlights - A quick update with mostly only bugfixes and small improvements. - Capture and playback is now avoided on unavailable devices. This should fix some issues where an unusable microphone was selected by default. - MIDI output should not stop randomly now. - The GStreamer elements are much improved, cheese should work a lot better now. - Virtual sinks and sources should now always show up immediately. - JACK processing is now delayed until buffersize and samplerate are emited. This should improve stability of many JACK apps. - JACK transport sync is now implemented correctly so that preroll in bitwig works. * PipeWire - The module dir environment variable can now contain multiple paths. - Documentation now contains dot graphs of dependencies. (#1585) - config min/max/default quantum values are now scaled with the samplerate. - A potential crash was fixed where destroyed memory was still used by a node. This could cause crashes in cheese. * pipewire-media-session - Only allow passthrough for passthrough formats (S/PDIF) for now. (#1587) - Improve bluetooth profile autoswitch. - Don't try to route audio to nodes with unavailable routes. * ALSA - Pass the right AES bits to the alsa device when opening an S/PDIF stream. - Fix a bug in the MIDI bridge port management logic. When a port was added and immediately removed, output would stop. * GStreamer - The GStreamer source now handles the flushing state correctly. - All blocking operations now have a 30 seconds timeout, to avoid infinite locks. * Plugins - V4l2 Device formats and controls are now passed on the node, just like with audio devices. - audioconvert now also exposes the softMute property. * JACK - Improve stability when changing buffer size and sample rate dynamically by pausing the processing until the application has handled the callback. - Improve handling of timebase master. When the master was moved to another driver, it did not attempt to become a new timebase master on the new driver. (#1589) - Implement transport sync to make preroll in bitwig work. (#1589) * pulse-server - Fix an issue where virtual sinks/sources would not show up immediately. (#1588) ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add upstream patch to fix a bug that would result in power management remaining inhibited even after un-inhibiting it in the UI: * Call-UnInhibit-with-correct-signature-in-powermanagement-dataengine.patch ==== podman ==== Version update (3.2.3 -> 3.3.1) Subpackages: podman-cni-config - require runc >= 1.0.1 - Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the - -pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. - Revert crun change due to crun having exclusive arch targets that would drop podman support in PPC and IBM Z - Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html - Switch to crun (bsc#1188914) ==== python-jsonpatch ==== - Don't use python setup.py test expression. ==== samba ==== Version update (4.14.6+git.168.6a9fc8a1ddd -> 4.14.6+git.182.2205d5224e3) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Add Certificate Auto Enrollment Policy; (jsc#SLE-18457). ==== transactional-update ==== Version update (3.5.4 -> 3.5.5) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.5 - t-u: Use tukit for SUSEConnect call [bsc#1190574] Correctly registers repositories ==== xkeyboard-config ==== - Remove obsolete translation-update-upstream support (jsc#SLE-21105).