Packages changed:
MicroOS-release (20240924 -> 20240926)
bash (5.2.32 -> 5.2.37)
bluez
cairomm (1.16.1 -> 1.16.2)
chrony (4.5 -> 4.6)
curl (8.10.0 -> 8.10.1)
cyrus-sasl
fwupd (1.9.24 -> 1.9.25)
gcc
gcr
gcr3
gettext-runtime
gstreamer (1.24.7 -> 1.24.8)
gstreamer-plugins-bad (1.24.7 -> 1.24.8)
gstreamer-plugins-base (1.24.7 -> 1.24.8)
gstreamer-plugins-good (1.24.7 -> 1.24.8)
gtk4 (4.16.1 -> 4.16.2)
gupnp (1.6.6 -> 1.6.7)
harfbuzz (9.0.0 -> 10.0.1)
kernel-source (6.10.11 -> 6.11.0)
libmbim (1.28.4 -> 1.30.0)
libostree (2024.7 -> 2024.8)
libpeas
microos-tools (2.21+git13 -> 2.21+git16)
openssh (9.8p1 -> 9.9p1)
openssh-askpass-gnome (9.8p1 -> 9.9p1)
openssl-3
orc (0.4.39 -> 0.4.40)
pinentry
pinentry-gui
podman (5.2.2 -> 5.2.3)
python-Jinja2
python-oauthlib
python-pycurl
python-pyrsistent
python-pyserial
sddm
sddm-qt6
selinux-policy (20240912 -> 20240925)
systemd (256.5 -> 256.6)
toolbox
transactional-update (4.8.2 -> 4.8.3)
xorg-x11-server
xwayland
=== Details ===
==== MicroOS-release ====
Version update (20240924 -> 20240926)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== bash ====
Version update (5.2.32 -> 5.2.37)
Subpackages: bash-sh
- Add upstream patches
* bash52-037
Fix the case where text to be completed from the line buffer (quoted) is
compared to the common prefix of the possible matches (unquoted) and the
quoting makes the former appear to be longer than the latter. Readline
assumes the match doesn't add any characters to the word and doesn't display
multiple matches.
* bash52-036
When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
* bash52-035
There are systems that supply one of select or pselect, but not both.
* bash52-034
If we parse a compound assignment during an alias expansion, it's possible
to have the current input string popped out from underneath the parse. In
this case, we should not restore the input we were using when we began to
parse the compound assignment.
* bash52-033
A typo in the autoconf test for strtold causes false negatives for strtold
being available and working when compiled with gcc-14.
- Port patch bash-3.2-printf.patch to fit change in bash52-033
==== bluez ====
Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3
- add Fix-crash-after-bt_uhid_unregister_all.patch to fix crashes
when devices disconnect or go to sleep
==== cairomm ====
Version update (1.16.1 -> 1.16.2)
- update to version 1.16.2:
* meson.build: Avoid configuration warnings
* MSVC build: Support VS2022 builds
(Chun-wei Fan) Merge request !20
* Meson build: When mm-common >= 1.0.4 is used, Perl is not required
* Meson build: Specify 'check' option in run_command()
Will be necessary with future versions of Meson.
Require Meson >= 0.55.0
* Meson build: Avoid unnecessary configuration warnings
(Kjell Ahlstedt)
==== chrony ====
Version update (4.5 -> 4.6)
Subpackages: chrony-pool-openSUSE
- Update to version 4.6:
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts
* Obsoletes chrony-124-tai.patch
- The project's new home is https://chrony-project.org/ .
==== curl ====
Version update (8.10.0 -> 8.10.1)
Subpackages: libcurl4
- Update to 8.10.1:
* Bugfixes:
- autotools: fix `--with-ca-embed` build rule
- cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
- cmake: fix MSH3 to appear on the feature list
- connect: store connection info when really done
- FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
- http2: when uploading data from stdin, fix eos forwarding
- http: make max-filesize check not count ignored bodies
- lib: fix AF_INET6 use outside of USE_IPV6
- multi: check that the multi handle is valid in curl_multi_assign
- QUIC: on connect, keep on trying on draining server
- request: correctly reset the eos_sent flag
- setopt: remove superfluous use of ternary expressions
- singleuse: drop `Curl_memrchr()` for no-HTTP builds
- tool_cb_wrt: use "curl_response" if no file name in URL
- transfer: fix sendrecv() without interim poll
- vtls: fix `Curl_ssl_conn_config_match` doc param
==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings.
* Add cyrus-sasl-make-digestmd5-work-ssl3.patch
==== fwupd ====
Version update (1.9.24 -> 1.9.25)
Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.25:
+ This release fixes the following bugs:
- Fix checking new Synaptics MST firmware size
- Make another ModemManager instance ID visible for firmware
matching
- Never set a zero-length device name when matching the vendor
name
- Recalculate the device supported flag when reparenting
devices
- Reduce idle power consumption of paired logitech-hidpp
devices
- Retry the open action to fix BC901 NVMe reload
+ This release adds support for the following hardware:
- Algoltek devices supporting sector erase
- Dell K2 dock
- Intel USB4 hub 5787
- More MediaTek scaler devices
- Nordic HID devices supporting DFUv1
==== gcc ====
- Ensure every -build package conflicts and provides the non-build
counterpart (related to boo#1230628)
- Make gcc-build-fortran provide and conflict gcc-fortran.
==== gcr ====
Subpackages: gcr-ssh-askpass libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gcr3 ====
Subpackages: gcr3-data gcr3-prompter gcr3-ssh-askpass libgck-1-0 libgcr-3-1
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gettext-runtime ====
Subpackages: libtextstyle0
- Move envsubst requires into main package, gettext.sh is not part of
gettext-tools, but gettext-runtime (fixes boo#1227070)
==== gstreamer ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.24.8:
+ Highlighted bugfixes:
- decodebin3: collection handling fixes
- encodebin: Fix pad removal (and smart rendering in
gst-editing-services)
- glimagesink: Fix cannot resize viewport when video size
changed in caps
- matroskamux, webmmux: fix firefox compatibility issue with
Opus audio streams
- mpegtsmux: Wait for data on all pads before deciding on a
best pad unless timing out
- splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
- video: QoS event handling improvements
- voamrwbenc: fix list of bitrates
- vtenc: Restart encoding session when certain errors are
detected
- wayland: Fix ABI break in WL context type name
- webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
- cerbero: ship vp8/vp9 software encoders again, which went
missing in 1.24.7; ship transcode plugin
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ gstreamer:
- clock: Fix unchecked overflows in linear regression code
- meta: Add missing include of gststructure.h
- pad: Check data NULL-ness when probes are stopped
- aggregator: Immediately return NONE from
simple_get_next_time() on non-TIME segments
==== gstreamer-plugins-bad ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.24.8:
+ GstPlay: Name the different bus
+ GstPlay: check whether stream is seekable before seeking when
state change
+ GstPlayer: Check GstPlayerSignalDispatcher type
+ mpegtsmux: Wait for data on all pads before deciding on a best
pad unless timing out
+ mpegtsmux: Fix refcounting issue when selecting the best pad
+ uvcsink: fix caps event handling
+ v4l2codecs: h265: Minimize memory allocation
+ voamrwbenc: fix list of bitrates
+ vtenc: Restart encoding session when certain errors are
detected
+ wayland: Fix ABI break in WL context type name
+ webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
+ wpe: fix gst-launch example
==== gstreamer-plugins-base ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0
- Update to version 1.24.8:
+ decodebin3: Fix collection identity check
+ encodebin: Fix pad removal
+ glimagesink: Fix cannot resize viewport when video size changed
in caps
+ video: Don't overshoot QoS earliest time by a factor of 2
+ meson: gst-play: link to libm
- Drop gst-plugins-base-decodebin3-collection-identity-check.patch:
Fixed upstream.
- Rebase add_wayland_dep_to_tests.patch with quilt.
==== gstreamer-plugins-good ====
Version update (1.24.7 -> 1.24.8)
- Update to version 1.24.8:
+ jackaudiosrc: actually use the queried ports from JACK
+ matroskamux: Include end padding in the block duration for Opus
streams, fixing firefox compatibility
+ osxaudio: Avoid dangling pointer on shutdown
+ splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
+ v4l2bufferpool: actually queue back the empty buffer flagged
LAST
+ v4l2videoenc: unref buffer pool after usage properly
+ v4l2: encoder: Add dynamic framerate support
==== gtk4 ====
Version update (4.16.1 -> 4.16.2)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.16.2:
+ GtkLabel: Fix centered text in RTL
+ Gsk:
- Speed up some Vulkan operations
- Improve startup speed by avoiding initialization of GL and
Vulkan in most cases
- Reduce critials at startup to warnings
- Fix a crash on startup with some Vulkan drivers
- Fix a big texture leak in NGL
+ Gdk: Speed up memory format conversions
+ Wayland: Be more careful with mimetypes during DND or
copy-paste
+ Tools: builder-tool: Improve conversion of boxes
+ Updated translations.
==== gupnp ====
Version update (1.6.6 -> 1.6.7)
- Update to version 1.6.7:
+ Fix compatiblity with libxml2 2.12.x
+ Improve reproducability
+ ControlPoint: Fix re-scan
+ ContextManager: Fix boot-id update
+ Context: Fix crash if served URI is not an IP address
- Drop 00514fb6.patch: Fixed upstream.
==== harfbuzz ====
Version update (9.0.0 -> 10.0.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- Update to version 10.0.1:
+ Relax sanitization checks for “morx†subtables to fix broken
AAT shaping of macOS 15.0 version of GeezaPro.
- Switch to source service for tarball.
- Update to version 10.0.0:
+ Unicode 16.0.0 support.
+ Various documentation fixes.
+ Various build fixes.
+ Add API to allow HarfBuzz client to set what glyph to use when
a Unicode Variation Selector is not supported by the font,
which would allow the client to customize what happens in this
case, by using a different font for example.
+ Add a callback to for “hb_face_t†for getting the list of table
tags. This is now used to make calling
“hb_face_get_table_tags()†work on a faces created by
“hb_face_create_for_tables()†(e.g. faces returned by
“hb_subset_or_fail()â€).
+ CGJ and Mongolian Variation Selectors are now ignored during
glyph positioning, previously they would block both glyph
substitution and positioning across them.
+ Support cairo script as an output format for “hb-view†command
line tool.
+ Drop an optimization that would cause HarfBuzz not apply pair
positioning lookup subtables under certain circumstances, for
compatibility with other implementations that do apply these
subtables.
+ Subsetting will now fail if source font has no glyphs, so
feeding the subsetter invalid data will not silently return an
empty face.
+ If after partially instancing a font no variation data is left
(the instance is fully static), don’t consider this a failure.
+ Workaround a Firefox bug in displaying SVGs generated be
“hb-view†command line tool under certain circumstances.
+ Fix bug in macroman mapping for “cmap†table.
+ Fix difference shaping output when HarfBuzz is built with with
“HB_NO_OT_RULESETS_FAST_PATH†enabled.
+ Various subsetting and instancing fixes.
+ Various fuzzing fixes.
+ Add “with_libstdcxx†meson build option.
==== kernel-source ====
Version update (6.10.11 -> 6.11.0)
- Revert "PCI: Extend ACS configurability" (bsc#1229019).
- commit 4b97d57
- block: Fix elv_iosched_local_module handling of "none" scheduler
(bsc#1230925).
- commit d8cfa46
- drm/amdgpu/display: Fix a mistake in revert commit (bsc#1228093
- commit 39574a1
- Refresh patches.suse/ALSA-hda-Enhance-pm_blacklist-option.patch.
- Refresh
patches.suse/ALSA-hda-Keep-PM-disablement-for-deny-listed-instanc.patch.
Update upstream status.
- commit 2244c0f
==== libmbim ====
Version update (1.28.4 -> 1.30.0)
- Update to version 1.30.0:
+ New Intel Mutual Authentication service
+ New Intel Tools service
+ New Google service
+ Extended the Microsoft-defined Basic Connect Extensions service
- Drop patches included upstream:
+ 0001-intel-mutual-authentication-new-service-fcc-lock.patch
+ 0002-intel-tools-new-service-trace-config.patch
==== libostree ====
Version update (2024.7 -> 2024.8)
Subpackages: libostree-1-1
- Update to version 2024.8:
+ Adapt to a change in libcurl 8.10.1 that caused ostree to start
crashing.
+ switchroot: Stop making /sysroot mount private.
==== libpeas ====
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== microos-tools ====
Version update (2.21+git13 -> 2.21+git16)
- Update to version 2.21+git16:
* selinux: Avoid parameter duplication
* 98selinux-microos: Use a single thread for relabelling /etc
* Use all cores for SELinux restorecon (related to jsc#SMO-382)
- _service: Omit +git0 suffix in versions
==== openssh ====
Version update (9.8p1 -> 9.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Add a const to the openssl 1.1/RSA section of sshkey_is_private
to keep it similar to what it used before the 9.9 rebase:
* openssh-8.1p1-audit.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.
- Update to openssh 9.9p1:
= Future deprecation notice
* OpenSSH plans to remove support for the DSA signature algorithm
in early 2025. This release disables DSA by default at compile
time. DSA, as specified in the SSHv2 protocol, is inherently
weak - being limited to a 160 bit private key and use of the
SHA1 digest. Its estimated security level is only 80 bits
symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has
retained run-time optional support for them. DSA was the only
mandatory-to-implement algorithm in the SSHv2 RFCs, mostly
because alternative algorithms were encumbered by patents when
the SSHv2 protocol was specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining
DSA in OpenSSH to be justified and hope that removing it from
OpenSSH can accelerate its wider deprecation in supporting
cryptography libraries.
= Potentially-incompatible changes
* ssh(1): remove support for pre-authentication compression.
OpenSSH has only supported post-authentication compression in
the server for some years. Compression before authentication
significantly increases the attack surface of SSH servers and
risks creating oracles that reveal information about
information sent during authentication.
* ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for
quoted strings, including allowing nested quotes and \-escaped
characters. If configurations contained workarounds for the
previous simplistic quote handling then they may need to be
adjusted. If this is the case, it's most likely to be in the
arguments to a "Match exec" confition. In this case, moving the
command to be evaluated from the Match line to an external
shell script is easiest way to preserve compatibility with both
the old and new versions.
= New features
* ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
* ssh(1): the ssh_config "Include" directive can now expand
environment as well as the same set of %-tokens "Match Exec"
supports.
* sshd(8): add a sshd_config "RefuseConnection" option that, if
set will terminate the connection at the first authentication
request.
* sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped
by the new RefuseConnection keyword.
* sshd(8): add a "Match invalid-user" predicate to sshd_config
Match options that matches when the target username is not
valid on the server.
* ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
* ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key
exchange algorithm now has an IANA-assigned name in addition to
the "@openssh.com" vendor extension name. This algorithm is now
also available under this name "sntrup761x25519-sha512"
* ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This
is in addition to pre-existing controls in ssh-agent(1) and
sshd(8) that prevented coredumps. This feature is supported on
OpenBSD, Linux and FreeBSD.
* All: convert key handling to use the libcrypto EVP_PKEY API,
with the exception of DSA.
* sshd(8): add a random amount of jitter (up to 4 seconds) to the
grace login time to make its expiry unpredictable.
= Bugfixes
* sshd(8): relax absolute path requirement back to what it was
prior to OpenSSH 9.8, which incorrectly required that sshd was
started with an absolute path in inetd mode. bz3717
* sshd(8): fix regression introduced in openssh-9.8 that swapped
the order of source and destination addresses in some sshd log
messages.
* sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
bz3733
* ssh-keygen(1): include pathname in some of ssh-keygen's
passphrase prompts. Helps the user know what's going on when
ssh-keygen is invoked via other tools. Requested in GHPR503
* ssh(1), ssh-add(1): make parsing user@host consistently look
for the last '@' in the string rather than the first. This
makes it possible to more consistently use usernames that
contain '@' characters.
* ssh(1), sshd(8): be more strict in parsing key type names. Only
allow short names (e.g "rsa") in user-interface code and
require full SSH protocol names (e.g. "ssh-rsa") everywhere
else. bz3725
* regress: many performance and correctness improvements to the
re-keying regression test.
... changelog too long, skipping 41 lines ...
- Use gcc11 when building in SLE12 and SLE15.
==== openssh-askpass-gnome ====
Version update (9.8p1 -> 9.9p1)
- Update to openssh 9.9p1:
* No changes for askpass, see main package changelog for
details.
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1230698, CVE-2024-41996]
* Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used
* Added openssl-CVE-2024-41996.patch
==== orc ====
Version update (0.4.39 -> 0.4.40)
- Update to version 0.4.40:
+ Security: Minor follow-up fixes for CVE-2024-40897
+ Fix include header use from C++
+ orccodemem: Assorted memory mapping fixes
+ powerpc: fix div255w which still used the inexact substitution
+ powerpc: Disable VSX and ISA 2.07 for Apple targets
+ powerpc: Allow detection of ppc64 in Mac OS
+ x86: work around old GCC versions (pre 9.0) having broken
xgetbv implementationsv
+ x86: consider MSYS2/Cygwin as Windows for ABI purposes only
+ x86: handle unnatural and misaligned array pointers
+ x86: Fix non-C11 typedefs
+ x86: try fixing AVX detection again by adding check for XSAVE
+ Some compatibility fixes for Musl
+ meson: Fix detecting XSAVE on older AppleClangv
+ Check return values of malloc() and realloc()
==== pinentry ====
- Make pinentry-efl optional
==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-qt6
- Make pinentry-efl optional
==== podman ====
Version update (5.2.2 -> 5.2.3)
- Update to version 5.2.3:
* Bugfixes
- Fixed a bug that could cause network namespaces to fail to
unmount, resulting in Podman commands hanging.
- Fixed a bug where Podman could not run images which included
SCTP exposed ports.
- Fixed a bug where containers run by the root user, but inside
a user namespace (including inside a container), could not
use the pasta network mode.
- Fixed a bug where volume copy-up did not properly chown empty
volumes when the :idmap mount option was used.
* Misc
- Updated Buildah to v1.37.3
==== python-Jinja2 ====
- Fix build error under Leap.
==== python-oauthlib ====
- Fix build error under Leap.
==== python-pycurl ====
- Add upstream patch test-bottle-flask.patch to use Flask instead of
bottle for tests.
gh#pycurl/pycurl#838
==== python-pyrsistent ====
- Fix build error under Leap.
==== python-pyserial ====
- Fix build error under Leap.
==== sddm ====
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== sddm-qt6 ====
Subpackages: sddm-greeter-qt6
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== selinux-policy ====
Version update (20240912 -> 20240925)
Subpackages: selinux-policy-targeted
- Update to version 20240925:
* Allow snapperd to manage unlabeled_t files (bsc#1230966)
- Update to version 20240924:
* Revert "Allow virtstoraged to manage images (bsc#1228742)"
* Label /etc/mdevctl.d with mdevctl_conf_t
* Sync users with Fedora targeted users
* Update policy for rpc-virtstorage
* Allow virtstoraged get attributes of configfs dirs
* Fix SELinux policy for sandbox X server to fix 'sandbox -X' command
* Update bootupd policy when ESP is not mounted
* Allow thumb_t map dri devices
* Allow samba use the io_uring API
* Allow the sysadm user use the secretmem API
* Allow nut-upsmon read systemd-logind session files
* Allow sysadm_t to create PF_KEY sockets
* Update bootupd policy for the removing-state-file test
- Fix macros.selinux-policy (bsc#1230897)
- %selinux_relabel_post should not relabel files in
transactional systems in %post as the policy is not loaded
into the kernel directly after install, instead the relabelling
will happen on the next boot
==== systemd ====
Version update (256.5 -> 256.6)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev
- Import commit 8a0ae4d90aff1d067a125ff9366eafc7dd5d4701 (merge of v256.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/bef0958f4db1b774c23505e93537ffe16f1b3894...8a0ae4d90aff1d067a125ff9366eafc7dd5d4701
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
- Move 80-container-host0.network back to the network sub-package (bsc#1229098)
Rev 428 mistakenly moved it to the container sub-package.
==== toolbox ====
- Update SLE/Leap Micro images from 5.4 to 6.0 (bsc#1227328)
==== transactional-update ====
Version update (4.8.2 -> 4.8.3)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd
- Version 4.8.3
- Check return value of register command [bsc#1230901]
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb
- added conflicts to patterns-wsl-tmpfiles to Xserver packages
as this patterns package creates a symlink from /tmp/.X11-unix to
/mnt/wslg/.X11-unix and therefore prevents Xservers from creating
this needed directory (bsc#1230755)
==== xwayland ====
- added conflicts to patterns-wsl-tmpfiles as this patterns package
creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and
therefore prevents Xwayland from creating this needed directory
(bsc#1230755)