Packages changed: bcm43xx-firmware container-selinux (2.171.0 -> 2.180.0) gnome-control-center gnome-software (41.4 -> 41.5) grub2 libepoxy (1.5.9 -> 1.5.10) libgnome-games-support1_3 libgnomesu (2.0.6 -> 2.0.7) libnvme (1.0~6 -> 1.0~7) libreoffice librsvg (2.52.7 -> 2.52.8) libsigc++2 (2.10.7 -> 2.10.8) libstorage-ng (4.4.93 -> 4.4.94) nvme-cli (2.0~6 -> 2.0~7) openSUSE-build-key python python-boto3 (1.21.0 -> 1.21.10) python-botocore (1.24.0 -> 1.24.10) python-kiwi (9.24.23 -> 9.24.29) whois (5.5.11 -> 5.5.12) xdg-desktop-portal (1.12.1 -> 1.14.0) yast2-installation (4.4.48 -> 4.4.49) === Details === ==== bcm43xx-firmware ==== - Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) ==== container-selinux ==== Version update (2.171.0 -> 2.180.0) - Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces - Add gnome-control-center-reload-vpn-plugins.patch: network/connection-editor: always load all available VPN plugins (glgo#GNOME/gnome-control-center!1263). ==== gnome-software ==== Version update (41.4 -> 41.5) Subpackages: gnome-software-lang - Update to version 41.5: + Disable scroll-by-mouse-wheel on featured carousel. + Ensure details page shows app provided on command line. + Added several appstream-related fixes. + Updated translations. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) * 0001-grub-probe-Deduplicate-probed-partmap-output.patch - Fix GCC 12 build failure (bsc#1196546) * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - Revised * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch ==== libepoxy ==== Version update (1.5.9 -> 1.5.10) - Update to version 1.5.10: + Fix for building with MSVC on non-English locale. + Fix build on Android. + Add the right include paths for EGL and X11 headers. - Upstream tarball url changed, probably by mistake, so leave old url in place, but disabled. ==== libgnome-games-support1_3 ==== - Initial compat package libgnome-games-support1_3. ==== libgnomesu ==== Version update (2.0.6 -> 2.0.7) Subpackages: libgnomesu-lang libgnomesu0 - Update to version 2.0.7: * Updated translations. * Better wording in the documentation. ==== libnvme ==== Version update (1.0~6 -> 1.0~7) - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update gpgme minimum version - Only use curl tarball when needed - Remove wrong comment ==== librsvg ==== Version update (2.52.7 -> 2.52.8) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.52.8: + Catch circular references when rendering patterns (glgo#GNOME/librsvg#721). ==== libsigc++2 ==== Version update (2.10.7 -> 2.10.8) - Update to version 2.10.8: + Build: - Meson build: Perl is not required by new versions of mm-common - NMake Makefiles: Support building with VS2022 + Documentation: Upgrade the manual from DocBook 4.1 to DocBook 5.0 ==== libstorage-ng ==== Version update (4.4.93 -> 4.4.94) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#863 - do not run blkdiscard on extended partitions (bsc#1197257) - 4.4.94 ==== nvme-cli ==== Version update (2.0~6 -> 2.0~7) Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ==== openSUSE-build-key ==== - gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key and try to remove it from installed systems via Obsoletes. ==== python ==== - python-2.7.9-sles-disable-verification-by-default.patch: remove as it by default now always does strict enforcement anyway and it is 2022. ==== python-boto3 ==== Version update (1.21.0 -> 1.21.10) - Update to version 1.21.10 * api-change:``mediapackage``: [``botocore``] This release adds Hybridcast as an available profile option for Dash Origin Endpoints. * api-change:``rds``: [``botocore``] Documentation updates for Multi-AZ DB clusters. * api-change:``mgn``: [``botocore``] Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest). * api-change:``kafkaconnect``: [``botocore``] Adds operation for custom plugin deletion (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return errors from asynchronous resource creation. - from version 1.21.9 * api-change:``finspace-data``: [``botocore``] Add new APIs for managing Users and Permission Groups. * api-change:``amplify``: [``botocore``] Add repositoryCloneMethod field for hosting an Amplify app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4. * api-change:``fsx``: [``botocore``] This release adds support for the following FSx for OpenZFS features: snapshot lifecycle transition messages, force flag for deleting file systems with child resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations. * api-change:``fis``: [``botocore``] This release adds logging support for AWS Fault Injection Simulator experiments. Experiment templates can now be configured to send experiment activity logs to Amazon CloudWatch Logs or to an S3 bucket. * api-change:``route53-recovery-cluster``: [``botocore``] This release adds a new API option to enable overriding safety rules to allow routing control state updates. * api-change:``amplifyuibuilder``: [``botocore``] We are adding the ability to configure workflows and actions for components. * api-change:``athena``: [``botocore``] This release adds support for updating an existing named query. * api-change:``ec2``: [``botocore``] This release adds support for new AMI property 'lastLaunchedTime' * api-change:``servicecatalog-appregistry``: [``botocore``] AppRegistry is deprecating Application and Attribute-Group Name update feature. In this release, we are marking the name attributes for Update APIs as deprecated to give a heads up to our customers. - from version 1.21.8 * api-change:``elasticache``: [``botocore``] Doc only update for ElastiCache * api-change:``panorama``: [``botocore``] Added NTP server configuration parameter to ProvisionDevice operation. Added alternate software fields to DescribeDevice response - from version 1.21.7 * api-change:``route53``: [``botocore``] SDK doc update for Route 53 to update some parameters with new information. * api-change:``databrew``: [``botocore``] This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type. * api-change:``transfer``: [``botocore``] Support automatic pagination when listing AWS Transfer Family resources. * api-change:``s3control``: [``botocore``] Amazon S3 Batch Operations adds support for new integrity checking capabilities in Amazon S3. * api-change:``s3``: [``botocore``] This release adds support for new integrity checking capabilities in Amazon S3. You can choose from four supported checksum algorithms for data integrity checking on your upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it streams data into S3 * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in. * api-change:``lightsail``: [``botocore``] This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances. * api-change:``autoscaling``: [``botocore``] You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later. - from version 1.21.6 * api-change:``transfer``: [``botocore``] The file input selection feature provides the ability to use either the originally uploaded file or the output file from the previous workflow step, enabling customers to make multiple copies of the original file while keeping the source file intact for file archival. * api-change:``lambda``: [``botocore``] Lambda releases .NET 6 managed runtime to be available in all commercial regions. * api-change:``textract``: [``botocore``] Added support for merged cells and column header for table response. - from version 1.21.5 * api-change:``translate``: [``botocore``] This release enables customers to use translation settings for formality customization in their synchronous translation output. * api-change:``wafv2``: [``botocore``] Updated descriptions for logging configuration. * api-change:``apprunner``: [``botocore``] AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes) and a Node.js 14 runtime. - from version 1.21.4 * api-change:``imagebuilder``: [``botocore``] This release adds support to enable faster launching for Windows AMIs created by EC2 Image Builder. * api-change:``customer-profiles``: [``botocore``] This release introduces apis CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and view integration workflows. * api-change:``dynamodb``: [``botocore``] DynamoDB ExecuteStatement API now supports Limit as a request parameter to specify the maximum number of items to evaluate. If specified, the service will process up to the Limit and the results will include a LastEvaluatedKey value to continue the read in a subsequent operation. - from version 1.21.3 * api-change:``transfer``: [``botocore``] Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols. * api-change:``gamelift``: [``botocore``] Increase string list limit from 10 to 100. * api-change:``budgets``: [``botocore``] This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account - from version 1.21.2 * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM). * api-change:``redshift``: [``botocore``] SDK release for Cross region datasharing and cost-control for cross region datasharing * api-change:``evidently``: [``botocore``] Add support for filtering list of experiments and launches by status * api-change:``backup``: [``botocore``] AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list. - from version 1.21.1 * api-change:``ec2``: [``botocore``] Documentation updates for EC2. * api-change:``budgets``: [``botocore``] Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast. * api-change:``ce``: [``botocore``] AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers. * api-change:``glue``: [``botocore``] Support for optimistic locking in UpdateTable * api-change:``ssm``: [``botocore``] Assorted ticket fixes and updates for AWS Systems Manager. - Update BuildRequires and Requires from setup.py - actually does not require python-mock for build ==== python-botocore ==== Version update (1.24.0 -> 1.24.10) - Version update to 1.24.10 * api-change:``mediapackage``: This release adds Hybridcast as an available profile option for Dash Origin Endpoints. * api-change:``rds``: Documentation updates for Multi-AZ DB clusters. * api-change:``mgn``: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest). * api-change:``kafkaconnect``: Adds operation for custom plugin deletion (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return errors from asynchronous resource creation. - from version 1.24.9 * api-change:``finspace-data``: Add new APIs for managing Users and Permission Groups. * api-change:``amplify``: Add repositoryCloneMethod field for hosting an Amplify app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4. * api-change:``fsx``: This release adds support for the following FSx for OpenZFS features: snapshot lifecycle transition messages, force flag for deleting file systems with child resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations. * api-change:``fis``: This release adds logging support for AWS Fault Injection Simulator experiments. Experiment templates can now be configured to send experiment activity logs to Amazon CloudWatch Logs or to an S3 bucket. * api-change:``route53-recovery-cluster``: This release adds a new API option to enable overriding safety rules to allow routing control state updates. * api-change:``amplifyuibuilder``: We are adding the ability to configure workflows and actions for components. * api-change:``athena``: This release adds support for updating an existing named query. * api-change:``ec2``: This release adds support for new AMI property 'lastLaunchedTime' * api-change:``servicecatalog-appregistry``: AppRegistry is deprecating Application and Attribute-Group Name update feature. In this release, we are marking the name attributes for Update APIs as deprecated to give a heads up to our customers. - from version 1.24.8 * api-change:``elasticache``: Doc only update for ElastiCache * api-change:``panorama``: Added NTP server configuration parameter to ProvisionDevice operation. Added alternate software fields to DescribeDevice response - from version 1.24.7 * api-change:``route53``: SDK doc update for Route 53 to update some parameters with new information. * api-change:``databrew``: This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type. * api-change:``transfer``: Support automatic pagination when listing AWS Transfer Family resources. * api-change:``s3control``: Amazon S3 Batch Operations adds support for new integrity checking capabilities in Amazon S3. * api-change:``s3``: This release adds support for new integrity checking capabilities in Amazon S3. You can choose from four supported checksum algorithms for data integrity checking on your upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it streams data into S3 * api-change:``fms``: AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in. * api-change:``lightsail``: This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances. * api-change:``autoscaling``: You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later. - from version 1.24.6 * api-change:``transfer``: The file input selection feature provides the ability to use either the originally uploaded file or the output file from the previous workflow step, enabling customers to make multiple copies of the original file while keeping the source file intact for file archival. * api-change:``lambda``: Lambda releases .NET 6 managed runtime to be available in all commercial regions. * api-change:``textract``: Added support for merged cells and column header for table response. - from version 1.24.5 * api-change:``translate``: This release enables customers to use translation settings for formality customization in their synchronous translation output. * api-change:``wafv2``: Updated descriptions for logging configuration. * api-change:``apprunner``: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes) and a Node.js 14 runtime. - from version 1.24.4 * api-change:``imagebuilder``: This release adds support to enable faster launching for Windows AMIs created by EC2 Image Builder. * api-change:``customer-profiles``: This release introduces apis CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and view integration workflows. * api-change:``dynamodb``: DynamoDB ExecuteStatement API now supports Limit as a request parameter to specify the maximum number of items to evaluate. If specified, the service will process up to the Limit and the results will include a LastEvaluatedKey value to continue the read in a subsequent operation. - from version 1.24.3 * api-change:``transfer``: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols. * api-change:``gamelift``: Increase string list limit from 10 to 100. * api-change:``budgets``: This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account - from version 1.24.2 * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM). * api-change:``redshift``: SDK release for Cross region datasharing and cost-control for cross region datasharing * api-change:``evidently``: Add support for filtering list of experiments and launches by status * api-change:``backup``: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list. - from version 1.24.1 * api-change:``ec2``: Documentation updates for EC2. * api-change:``budgets``: Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast. * api-change:``ce``: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers. * api-change:``glue``: Support for optimistic locking in UpdateTable * api-change:``ssm``: Assorted ticket fixes and updates for AWS Systems Manager. ==== python-kiwi ==== Version update (9.24.23 -> 9.24.29) - Bump version: 9.24.28 ? 9.24.29 - Don't bind mount /run during build time In commit #9512318 a new bind mount of /run into the root tree during build time was introduced. The bind mount was done because in my tests running podman from config.sh it did not work without /run bind mounted. However, it turned out that I was wrong because along with the provided methods to prepare cgroups and a custom runtime configuration method; setupContainerRuntime() it is not needed to have /run bind mounted. Thus this commit deletes the bind mount of /run and therefore Fixes #2067 - Fix github action running obs service refresh The curl command to send the POST request for running the obs remote service uses the --fail-with-body option. Unfortunately the ubuntu-latest container used to run the action comes with a curl version that does not support the option. Thus this commit removes the use of the option - Style changes in container docs Reformulate the container building guide a bit - Update schema docs Signed-off-by: David Cassany - Provide schema version v7.5 in spec - Update descriptions to schema v7.5 - Update cron for security scorecard Run weekly on Saturdays - Add support for extended layout to msdos table This commit adds the following new type attribute If set it specifies to make use of logical partitions inside of an extended one. Effective only on type configurations which uses the msdos table type, it will cause the fourth partition to be an extended partition and all following partitions will be placed as logical partitions inside of that extended partition. This setting is useful if more than 4 partitions needs to be created in an msdos table. In addition to the support for extended/logical partitions the the attributes 'mountpoint' and 'filesystem' in the section becomes optional. This also allows to place partitions as placeholders not mounted into the system - Added type hints for partitioner interface - Bump version: 9.24.27 ? 9.24.28 - Fixed unconditional grub2 package requirement The grub2 package does not exist on all distributions as a name provider independent of the architecture. On for example Debian and Ubuntu the packages are handled differently and grub2 is only provided on supported architectures. Thus the spec file should set the grub2 requirement only if the distribution provides it in any case - Bump version: 9.24.26 ? 9.24.27 - Added overlayroot_verity_blocks attribute Setting this attribute to a number or 'all' in an overlayroot configuration will create a dm verity hash from the number of given blocks (or all) placed at the end of the squashfs compressed read-only root filesystem. For later verification of the device, and without further image description settings, the credentials information produced by veritysetup from the cryptsetup tools, is created as a file in /boot/overlayroot.verity and is stored as such into the image by default. - Fixed disk.sh caller environment The documentation explains the disk.sh script to be called from inside of the image root as it exists on the block layer. The disk.sh script is therefore also called after the sync of the unpacked image root tree to the block layer. The implementation however, was only partially calling disk.sh from such an environment. In fact the environment was only the mountpoint of the root partition but this is not the complete system regarding layouts that uses extra partitions and/or volumes. This commit introduces the use of the new class ImageSystem and calls disk.sh in the way it was designed and documented. - Added ImageSystem class The class responsibility is to provide access to the image root system from the block layer of the image scope - Prevent superfluous filesystem creation In case of an overlayroot setup and the request for no extra write partition, it is not needed to create a filesystem for the write space which never gets synced to the image - Bump version: 9.24.25 ? 9.24.26 - Fixed destructor test on oci_tools/buildah_test.py Calling del() from teardown breaks when the method is called through teardown_method - Bump version: 9.24.24 ? 9.24.25 - Support nose and xunit style tests The modifications in this commit allows the unit tests to run on both, pytest 6.x (nose test layout) and the new pytest 7.x (xunit test layout). This Fixes #2072 in a much nicer way. Thanks much to @smarlowucf - Update unit test to work in obs Some unit tests fails if they run in an obs environment. This is because the implementation checks the runtime envoironment and behaves differently if the system is an obs worker. The unit tests has to explicitly set this condition right for the test - Revert "Unit test adaptions to pytest v7" This reverts commit 0dc2e803e0e8059c54a0ea23960245286675c86c. The pytest interface from version v6 to v7 has received changes which requires the tests to be adapted to work for either the old or the new interface. As there are still many distributions which uses v6 as the standard we decided to revert back the adaptions done to support v7 and create a version requirement to v6 in .virtualenv.dev-requirements.txt This Fixes #2072 - Added overlayroot_readonly_partsize attribute Specifies the size in MB of the partition which stores the squashfs compressed read-only root filesystem in an overlayroot setup. This Fixes #2068 - Update to scorecard CI 1.0.4 - Added debootstrap log info to exception message In case debootstrap fails there is more detailed information in a logfile written by debootstrap itself. This commit changes the exception information to contain this log information if present. Related to Issue #1800 - Bump version: 9.24.23 ? 9.24.24 - Added overlayroot_write_partition attribute For the oem type only, allows to specify if the extra read-write partition in an overlayroot setup should be created or not. By default the partition is created and the kiwi-overlay dracut module also expect it to be present. However, the overlayroot feature can also be used without an initrd and under certain circumstances it is handy to configure if the partition table should contain the read-write partition or not. - Use DEB822-formatted .sources files instead .list files for APT - Support additional names for docker containers Docker containers used to support the attribute `additionaltags` which was used to provide multiple tags for the same image. Since only tags were supported this commit renames the attribute to `additionalnames` and now supports tags and names witht he following syntax: * ':' -> adds a full docker image reference including name and tag * ':' -> adds an additional tag while reusing the former name * '' -> adds an additional name while reusing the former tag Fixes #2045 Signed-off-by: David Cassany - Follow up fix on force deleting debs Also remove eventual post scripting prior force removal of deb packages. Similar inconsistencies as with the pre scripts can occur on force removal. We want the operation to be successful in force mode even if that means to leave a dirty state. - Add support for pre_disk_sync.sh script The optional pre_disk_sync.sh script is executed for the disk image type oem only and runs right before the synchronisation of the root tree into the disk image loop file. The script hook can be used to change content of the root tree as a last action before the sync to the disk image is performed. This is useful for example to delete components from the system which were needed before or cannot be modified afterwards when syncing into a read-only filesystem. - Create ci-scorecards-analysis.yml Create security health metrics score card - Fixup inplace podman storage and container conf Newer versions of podman requires runroot and graphroot to be explicitly set in storage.conf. Newer versions of podman no longer reads the engine.cgroups setting on containers.conf and prints a 'Failed to decode the keys [\"engine.cgroups\"]' warning message This commit fixes storage.conf and containers.conf written by kiwi if the setupContainerRuntime method is used in scripts. - Make use of container name in OCI images Fixes #2050 Signed-off-by: David Cassany ==== whois ==== Version update (5.5.11 -> 5.5.12) - Update to 5.5.12: * Updated the .pro TLD server, which was totally broken. * Fixed the detection of Japanese locales using $LC_MESSAGES. * Implemented providing partial salt strings to mkpasswd. * Removed 2 new gTLDs which are no longer active. * Updated one or more translations. * Enabled full hardening in debian/rules. - Cleanup build requirements for SLE-11 ==== xdg-desktop-portal ==== Version update (1.12.1 -> 1.14.0) Subpackages: xdg-desktop-portal-lang - Update to version 1.14.0: + Add a new "dynamic launcher" portal, which can install .desktop files and accompanying icons after user confirmation. + Rework handling of empty app IDs: In case an empty string app ID is stored in the permission store, this permission is now shared only by apps whose app ID couldn't be determined, rather than all unsandboxed apps. + Use libsystemd (when available) to try to determine the app ID of unsandboxed processes. This is useful since some portals otherwise can't be used by host apps. + Make x-d-p start on session start, which is needed for the dynamic launcher portal to handle rewriting launchers for apps that have been renamed. + Bring back the copy of Flatpak's icon-validator, which was dropped many releases ago. + Icon validation is now required for the notification and dynamic launcher portals (previously it was only done if the "flatpak-validate-icon" binary could be found). + document-portal: Move to the libfuse3 API + document-portal: Use renameat2 sys call + document-portal: Use mutex to fix concurrency bug + realtime: Fix error code paths + realtime: Fix MakeThreadHighPriorityWithPID method + screencast: Fix an error when restoring streams + ci: Various improvements + Documentation improvements + Updated translations. - Replace BuildRequires: pkgconfig(fuse) with pkgconfig(fuse3) since document-portal moved to use it. - Add BuildRequires: pkgconfig(libsystemd) and pkgconfig(gdk-pixbuf-2.0) which are now used. ==== yast2-installation ==== Version update (4.4.48 -> 4.4.49) - Run the YaST2-Second-Stage and YaST2-Firsboot services after purge-kernels to prevent a zypper lock error message (bsc#1196431). - 4.4.49