Packages changed: Mesa Mesa-drivers MicroOS-release (20250310 -> 20250311) checkpolicy (3.8 -> 3.8.1) container-selinux (2.234.2 -> 2.235.0) libkate (0.4.1 -> 0.4.3) libmysofa (1.3.2 -> 1.3.3) libselinux (3.8 -> 3.8.1) libselinux-bindings (3.8 -> 3.8.1) libsemanage (3.8 -> 3.8.1) libsepol (3.8 -> 3.8.1) podman policycoreutils (3.8 -> 3.8.1) python-Jinja2 (3.1.5 -> 3.1.6) python-semanage (3.8 -> 3.8.1) qca-qt6 (2.3.9 -> 2.3.10) selinux-policy (20250305 -> 20250307) serd (0.32.2 -> 0.32.4) sord (0.16.16 -> 0.16.18) sratom (0.6.14 -> 0.6.18) xinit (1.4.3 -> 1.4.4) zxing-cpp (2.2.1 -> 2.3.0) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Make build recipe POSIX sh compatible ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium - Make build recipe POSIX sh compatible ==== MicroOS-release ==== Version update (20250310 -> 20250311) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== checkpolicy ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== container-selinux ==== Version update (2.234.2 -> 2.235.0) - Update to version 2.235.0: * Bump to v2.235.0 * OWNERS: add wrabcak and zpytela * OWNERS: initial commit * container_log{reader,writer}_t: allow watch file * RPM: Update gating config * Enable aarch64 testing * TMT: simplify podman tests * feat: support /var/lib/crio - OBS service file: use the tagged commit for archive versioning and don't just archive the latest changes from the main branch using the latest tag ==== libkate ==== Version update (0.4.1 -> 0.4.3) - update to 0.4.3: * full Python 3 compatibility - includes changes from 0.4.2: * Adjust decoder to allow zero sized metadata content * Adjust text parsing to better recognize invalid UNICODE * Eliminate timing precision issues in writing to kate format, and ensure seconds are written with a leading 0 if less than 10 * Fixes to build systems, compiler warnings * Correct option handling in KateDJ. * Adust kate_high_decode_init() to avoid use after free - drop disable-namespace-test.patch ==== libmysofa ==== Version update (1.3.2 -> 1.3.3) - update to 1.3.3: * Remove file size limit * add an -o output option * developer visible fixes and portability fixes - drop Install-header-when-only-building-shared-lib.patch, included ==== libselinux ==== Version update (3.8 -> 3.8.1) Subpackages: libselinux1 selinux-tools - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== libselinux-bindings ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== libsemanage ==== Version update (3.8 -> 3.8.1) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * libsemanage: improved performance of semanage store rebuild ==== libsepol ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== podman ==== - Add patch for CVE-2025-27144 (bsc#1237641): * 0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch ==== policycoreutils ==== Version update (3.8 -> 3.8.1) Subpackages: policycoreutils-python-utils python313-policycoreutils - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== python-Jinja2 ==== Version update (3.1.5 -> 3.1.6) - Update to 3.1.6 * The ``|attr`` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. ==== python-semanage ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * libsemanage: improved performance of semanage store rebuild ==== qca-qt6 ==== Version update (2.3.9 -> 2.3.10) Subpackages: libqca-qt6-2 - Update to version 2.3.10: * Increase version number * Avoid some clang-format incompatibility issues * Port away from CMP0042 * CI: Remove build_clazy_clang_tidy build * CI: Use clang-format 19 * CI: Fix FreeBSD build * Retire KF5 Android CI * Avoid using QtTest module include which slows down compilation - Switch _service to use mode="manual" ==== selinux-policy ==== Version update (20250305 -> 20250307) Subpackages: selinux-policy-targeted - Update to version 20250307: * allow systemd_pcrlock_t to manage dos directories (bsc#1233358) * Allow snapper to manage dos files and dontaudit execmem (bsc#1233358) * enabled filed name transitions for systemd_pcrlock (bsc#1233358) * Update kmscon policy module to kmscon version 9 (bsc#1238137) * Revert "Allow systemd-networkd to rw memfd objects in tmpfs (bsc#1237515)" * Remove duplicate dev_rw_dma_dev(xdm_t) * Allow thumbnailer read and write the dma device * Allow named_filetrans_domain filetrans raid/mdadm named content * Allow afterburn to mount and read config drives * Allow mptcpd the net_admin capability * Allow systemd-networkd the sys_admin capability * Update systemd-networkd policy in systemd v257 * Separate insights-core from insights-client * Removed unused insights_client interfaces calls from other modules * Update policy for insights_client wrt new rules for insights_core_t * Add policy for insights-core * Allow systemd-networkd use its private tmpfs files * Allow boothd connect to systemd-machined over a unix socket * Update init_explicit_domain() interface * Allow tlp to read/write nmi_watchdog state information * Allow power-profiles-daemon the bpf capability * Allow svirt_t to connect to nbdkit over a unix stream socket * Update ktlshd policy to read /proc/keys and domain keyrings * Allow virt_domain read hardware state information unconditionally * Allow init mounton crypto sysctl files * Rename winbind_rpcd_* types to samba_dcerpcd_* * Support peer-to-peer migration of vms using ssh * Allow virtqemud use hostdev usb devices conditionally * Allow virtqemud map svirt_image_t plain files * Allow virtqemud work with nvdimm devices * Support saving and restoring a VM to/from a block device * Allow virtnwfilterd dbus chat with firewalld - Update embedded container-selinux version to commit: * c9b3eca0e1a878a1fe79408cb6c2e89b38b10829 ==== serd ==== Version update (0.32.2 -> 0.32.4) - update to 0.32.4: * Fix overly permissive parsing of syntax names on the command line * Fix parsing NQuads lines with no space before the final dot * Fix reading chunks from files without trailing newlines * Fix rewriting special literals when datatype URIs are prefixed names * Gracefully handle errors while writing the end of anonymous nodes * Support reading lone lists in lax mode * Treat out of range unicode characters as errors * Write blank lines between graphs and statements in TriG * developer visible fixes ==== sord ==== Version update (0.16.16 -> 0.16.18) - update to 0.16.18: * Replace more platform-specific code with use of zix ==== sratom ==== Version update (0.6.14 -> 0.6.18) - update to 0.6.18: * Avoid snprintf when writing MIDI events * developer visible code fixes - includes changes from 0.6.16: * Constrain relative URI references to the base URI * maintenance and clean-up of build system ==== xinit ==== Version update (1.4.3 -> 1.4.4) - Update to version 1.4.4 This release fixes regresssions introduced by the shell script modernization in the 1.4.3 release, primarily seen on systems without the "mcookie" helper program to make xauth cookies, and thus using openssl or /dev/urandom to make cookies instead. Thanks to Peter Tribble of the Tribblix illumos distro for reporting the issue and testing the fixes. - adjusted xinit-suse.patch, xinit-tolerant-hostname-changes.patch ==== zxing-cpp ==== Version update (2.2.1 -> 2.3.0) - Update to 2.3.0 New features: * Add support for DX Film Edge read * Add support for detecting and reading Aztec Runes * Add reader support for DataBarLimited symbols * Add C-API in official build (EDIT: unfortunately the default is still off, to enable do cmake -DZXING_C_API=ON) * Add Kotlin/Native Wrapper * Add Rust wrapper based on C-API * Add .NET wrapper based on C-API * Introduce new name Barcode for Result which will be removed in 3.0 * LocalAverage binarizer: re-implement with symmetric threshold interpolation for improved detection of inverted symbols * cmake: replace BUILD_... prefix of cmake options with ZXING_... * cmake: switch to c++-20 by default for the core library * ImageView: introduce bounds checks in constructor * ImageView: Add ImageFormat::LumX for 2-byte grey + alpha input * ImageFormat: replace 'X' with 'A', e.g. RGBX -> RGBA * ZXingReader: add -binarizer command line option * ZXingReader: add -single option to setMaxNumberOfSymbols(1) * ZXingReader: parse -formats (including 's') command line argument * ZXingReader: support reading image file from stdin by passing '-' * android: switch 'namespace' from zxingcpp to zxingcpp.lib to fix issue with maven central publication * Python: add support to write bytes as binary data * ZXing::Version() function to query the library version at runtime (useful when dynamically linked) Minor changes and bug fixes: * Complete ZXIReaderOptions in iOS Wrapper * ios: remove initWithFormats initializer * cmake: Make build reproducible across different build directories * Release color space after use in iOS wrapper * cmake: allow overriding python install directories * Refine MultiFormatReader results filtering and apply C++20 erase_if * HRI: update AIs to latest gs1-syntax-dictionary.txt * android: add linker flag to support flexible page sizes in Android 15 * Deprecate validateITFCheckSum, validateCode39CheckSum, returnCodabarStartEnd * BitHacks: fix random QRCode content on pre-Haswell Windows machines * DataMatrix: improve detection of near 45° rotated symbols * cmake: add /utf-8 to MSVC compile flags * Barcode: tune operator==() to not split up overly tall linear symbols * Several ITFReader improvements * QRDecoder: return some content even in the presence of a checksum error * DataBar: improve detection rate by incorporating edge-2-edge pattern * PDF417: prevent wrong position info with right side collapsing to (0,0) * Python: make sure macOS and 64bit Linux packes on pypi.org support multi-symbol DataMatrix detection (c++20 support) - Drop obsolete version checks - Drop cmake.patch, no longer needed