Packages changed: MicroOS-release (20240430 -> 20240502) SDL2 (2.30.2 -> 2.30.3) ca-certificates (2+git20230406.2dae8b7 -> 2+git20240415.3fe9324) conmon (2.1.10 -> 2.1.11) containerd (1.7.10 -> 1.7.15) gcc14 (14.0.1+git10008 -> 14.0.1+git10154) gnome-browser-connector google-noto-fonts (20240401 -> 20240501) gpsd gstreamer hyper-v kernel-firmware (20240419 -> 20240426) krb5 libbpf (1.4.0 -> 1.4.1) ncurses (6.4.20240414 -> 6.5.20240427) polkit-default-privs (1550+20240325.eddbe04 -> 1550+20240430.5327266) python-jsonschema (4.21.1 -> 4.22.0) python-referencing (0.34.0 -> 0.35.1) python311 python311-core qemu (8.2.2 -> 8.2.3) re2 (20240401 -> 20240501) rust-keylime (0.2.4~0 -> 0.2.5~0) setools (4.5.0 -> 4.5.1) slirp4netns (1.2.3 -> 1.3.0) systemd === Details === ==== MicroOS-release ==== Version update (20240430 -> 20240502) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL2 ==== Version update (2.30.2 -> 2.30.3) - Update to release 2.30.3 * Fixed a pointer warping issue on XWayland * Reduced startup time when scanning for game controllers on Linux ==== ca-certificates ==== Version update (2+git20230406.2dae8b7 -> 2+git20240415.3fe9324) - Update to version 2+git20240415.3fe9324: * Add ca-certificates-setup.service * typo: differnt/different ==== conmon ==== Version update (2.1.10 -> 2.1.11) - New upstream release 2.1.11 * docs/Makefile: softcode GOMD2MAN by @rahilarious * chore(deps): update dependency containers/automation_images to v20231208 by @renovate * drop --tty on exec by @haircommander * update packit config, enable downstream tasks by @lsm5 * Remove checks for (long)deprecated libsystemd-journal for libsystemd by @rahilarious * Add support for s390x by @saschagrunert * Build s390x binaries using musl libc by @saschagrunert ==== containerd ==== Version update (1.7.10 -> 1.7.15) - Use obs_scm service instead of tar_scm - Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch (merged upstream at ) - Update to containerd v1.7.15. Upstream release notes: - Update to containerd v1.7.14. Upstream release notes: - Update to containerd v1.7.13. Upstream release notes: - Update to containerd v1.7.12. Upstream release notes: - Update to containerd v1.7.11. Upstream release notes: ==== gcc14 ==== Version update (14.0.1+git10008 -> 14.0.1+git10154) Subpackages: libatomic1 libgcc_s1 libgomp1 libstdc++6 libubsan1 - Update to gcc-14 branch head, 7a00c459cbb913ac165a39d34, git10154 * GCC 14.1 RC1 ==== gnome-browser-connector ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== google-noto-fonts ==== Version update (20240401 -> 20240501) Subpackages: google-noto-sans-fonts google-noto-sans-math-fonts - Update to 20240501 * Noto Rashi Hebrew - Corrects the width and position of marks under double-yud and double-vov - Improves the anchoring of yod - Adds the U+053F yod triangle character - Improves the spacing of tsadi * Noto Egyptian Hieroglyphs - Add codepoints from Unicode 14 ==== gpsd ==== - usage of %python3_fix_shebang to cover /usr/bin is also needed [bsc#1212476] ==== gstreamer ==== Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== hyper-v ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== kernel-firmware ==== Version update (20240419 -> 20240426) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20240426 (git commit 2398d264f953): * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: Add firmware for Cirrus CS35L56 for various HP laptops * i915: Update Xe2LPD DMC to v2.20 * linux-firmware: Remove Calibration Firmware and Tuning for CS35L41 * linux-firmware: Add firmware for Lenovo Thinkbook 13X * ASoC: tas2781: Add dsp firmware for Thinkpad ICE-1 laptop * amdgpu: add DMCUB 3.5 firmware * amdgpu: add VPE 6.1.0 firmware * amdgpu: add VCN 4.0.5 firmware * amdgpu: add UMSCH 4.0.0 firmware * amdgpu: add SDMA 6.1.0 firmware * amdgpu: add PSP 14.0.0 firmware * amdgpu: add GC 11.5.0 firmware * amdgpu: update license date ==== krb5 ==== - Remove requires for not used cron - Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch * CVE-2024-26458, bsc#1220770 * CVE-2024-26461, bsc#1220771 * CVE-2024-26462, bsc#1220772 ==== libbpf ==== Version update (1.4.0 -> 1.4.1) - update to 1.4.1: * Bug fix release fixing logic around determining whether to autoload SEC("struct_ops") programs in cases when old kernel doesn't support some optional callbacks and user reset them to NULL from BPF skeleton. ==== ncurses ==== Version update (6.4.20240414 -> 6.5.20240427) Subpackages: libncurses6 ncurses-utils terminfo-base - Update to ncurses 6.5 (patch 20240427) + update announcement + fixes/corrections for manpages (patches by Branden Robinson). + fix redefinition of CASTxPTR, for legacy Unix. - Update to tack 1.9 (patch 20230201) * configure: regen * configure.in: initialize $ac_includes_default s/fgrep/$FGREP/ * aclocal.m4: resync with my-autoconf - Add ncurses patch 20240420 + improve formatting/style of manpages (patches by Branden Robinson). + compiler warning/portability fixes. ==== polkit-default-privs ==== Version update (1550+20240325.eddbe04 -> 1550+20240430.5327266) - Update to version 1550+20240430.5327266: * profiles: whitelist dnf5daemon-server (bsc#1218327) * profiles: remove pseudo auth action kcmkwallet5 (bsc#1217190) ==== python-jsonschema ==== Version update (4.21.1 -> 4.22.0) - update to 4.22.0: * Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250). * (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would. ==== python-referencing ==== Version update (0.34.0 -> 0.35.1) - Update to version 0.35.1: * Make Resource.pointer also properly handle empty pointers (which refer to the root document). This fix likely only affects you if you were using that function directly, as Resource.lookup already handles empty fragments. - Update to version 0.35.0: * Make Registry.contents raise NoSuchResource when needed. * Update pre-commit hooks. * Run coverage with 3.12 * Try convincing RTD to use uv. * uv and minor workflow tweaks * Use uv for envs, particularly the requirements env. * [pre-commit.ci] pre-commit autoupdate * Whatever pyright regression was present is still present. * [pre-commit.ci] pre-commit autoupdate * Bump suite from `71c85d0` to `87851a6` * Bump suite from `d3fdf35` to `71c85d0` * Bump suite from `e3fe0aa` to `d3fdf35` ==== python311 ==== - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping failing tests. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch - Remove included patch: - support-expat-CVE-2022-25236-patched.patch ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping failing tests. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch - Remove included patch: - support-expat-CVE-2022-25236-patched.patch ==== qemu ==== Version update (8.2.2 -> 8.2.3) - Fix a build issue on riscv: * target/riscv/kvm: rename riscv_reg_id() to riscv_reg_id_ulong() * target/riscv/kvm: add RISCV_CONFIG_REG() * target/riscv/kvm: change timer regs size to u64 * target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64 * target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32 - Update to version 8.2.3. Full changelog/backports here: https://lore.kernel.org/qemu-devel/1713980341.971368.1218343.nullmailer@tls.msk.ru/ Some of the upstream backports are: * Update version for 8.2.3 release * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS. * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. * hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus * hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately * virtio-pci: fix use of a released vector * linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4} * hw/audio/virtio-snd: Remove unused assignment * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set * hw/net/lan9118: Fix overflow in MIL TX FIFO * hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition * backends/cryptodev: Do not abort for invalid session ID * hw/misc/applesmc: Fix memory leak in reset() handler * hw/block/nand: Fix out-of-bound access in NAND block buffer * hw/block/nand: Have blk_load() take unsigned offset and return boolean * hw/block/nand: Factor nand_load_iolen() method out * qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs * ...and many more... ==== re2 ==== Version update (20240401 -> 20240501) - update to 2024-05-01: * Stop setting re2_INCLUDE_DIR * Fixes related to python bindings ==== rust-keylime ==== Version update (0.2.4~0 -> 0.2.5~0) - Update to version 0.2.5~0: * Bump version to 0.2.5 * cargo: Relax required version for pest crate * build(deps): bump log from 0.4.20 to 0.4.21 * build(deps): bump thiserror from 1.0.56 to 1.0.59 - actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650) - Update to version 0.2.4~39: * build(deps): bump openssl from 0.10.63 to 0.10.64 * build(deps): bump h2 from 0.3.24 to 0.3.26 * build(deps): bump serde_json from 1.0.107 to 1.0.116 * build(deps): bump actix-web from 4.4.1 to 4.5.1 * crypto: Enable TLS 1.3 * build(deps): bump tempfile from 3.9.0 to 3.10.1 * build(deps): bump mio from 0.8.4 to 0.8.11 * enable hex values to be used for tpm_ownerpassword * config: Support IPv6 with or without brackets * keylime: Implement a simple IP parser to remove brackets * crypto: Implement CertificateBuilder to generate certificates * tests: Fix coverage download by supporting arbitrary URL * cargo: Add testing feature to keylime library * Set X509 SAN with local DNSname/IP/IPv6 * Include newest Node20 versions for Github actions * tpm: Add unit test for uncovered public functions * crypto: Implement ECC key generation support * crypto: Add test for match_cert_to_template() * Fix minor typo, format and remove end whitespaces * crypto: Make error types less specific * tests/run.sh: Run tarpaulin with a single thread * payloads: Remove explicit drop of channel transmitter * crypto: Move to keylime library * crypto: Add specific type for every possible error * tpm: Rename origin of error as source in structures * list_parser: Add source for error for backtrace * algorithms: Make errors more specific * typo fix for default path to measured boot log file * README: remove mentions of libarchive as a dependency * Dockerfile.wolfi: Update clang to version 17 * docker: Remove libarchive as a dependency * rpm: Remove libarchive from dependencies * cargo: Replace compress-tools with zip crate * cargo: Bump ahash to version 0.8.7 * build(deps): bump serde from 1.0.195 to 1.0.196 * build(deps): bump libc from 0.2.152 to 0.2.153 * build(deps): bump reqwest from 0.11.23 to 0.11.24 * docker: Install configuration file in the correct path * config: Make IAK/IDevID disabled by default ==== setools ==== Version update (4.5.0 -> 4.5.1) - Update to version 4.5.1: - Correct annotations of NetworkX types to make it optional again. - Fix packaging issue for apol's style sheet (apol.css). - Drop 0001-Make-networkx-optional-again-Fixes-125.patch fixed upstream - Change networkx Requires to Suggests ==== slirp4netns ==== Version update (1.2.3 -> 1.3.0) - New upstream release 1.3.0 * Support new `--netns-type=tapfd` (#340, thanks to @helmutg) * Do not leak socket in case of success (#339, thanks to @jnovy) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-experimental udev - Update 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch to adapt sysv-generator-test to the SUSE's specificity brought by this patch. - systemd-testsuite: some of the integration tests depend on the bin, daemon, games and nobody users/groups. - Drop _FORTIFY_SOURCE=2 workaround. Since commit 7929e180aa (v253) it shouldn't be needed anymore. - systemd.spec: preparation for the next version of systemd (i.e. v256), libkmod2 will be dlopened hence explicitly require it now as it doesn't hurt with the current version. However don't recommend it from systemd by assuming that when module loading from PID1 is needed, udev is installed. - Make systemd-doc subpackage noarch.