Packages changed: container-selinux (2.222.0 -> 2.228.0) gcc13 (13.2.1+git8109 -> 13.2.1+git8205) health-checker (1.10 -> 1.10+git20240111.cb84209) jasper (4.1.1 -> 4.1.2) kernel-source (6.6.10 -> 6.6.11) libgedit-amtk libjcat libstorage-ng (4.5.171 -> 4.5.172) linux-glibc-devel (6.6 -> 6.7) microos-tools (2.21+git5 -> 2.21+git9) pcr-oracle pipewire (1.0.0 -> 1.0.1) python-gevent python-greenlet (3.0.2 -> 3.0.3) python-tornado6 python-urllib3 samba (4.19.2+git.324.fa0b54b91b -> 4.19.4+git.339.acf1ccaa020) selinux-policy (20231124 -> 20240104) zstd === Details === ==== container-selinux ==== Version update (2.222.0 -> 2.228.0) - Update to version 2.228: * Allow container domains to watch fifo_files * container_engine_t: improve for podman in kubernetes case * Allow spc_t to transition to install_t domain * Default to allowing containers to use dri devices * Allow access to BPF Filesystems * Fix kubernetes transition rule * Label kubensenter as well as kubenswrapper * Allow container domains to execute container_runtime_tmpfs_t files * Allow container domains to ptrace themselves * Allow container domains to use container_runtime_tmpfs_t as an entrypoint * Add boolean to allow containers to use dri devices * Give containers access to pod resources endpoint * Label kubenswrapper kubelet_exec_t ==== gcc13 ==== Version update (13.2.1+git8109 -> 13.2.1+git8205) Subpackages: cpp13 gcc13-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 - Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205 ==== health-checker ==== Version update (1.10 -> 1.10+git20240111.cb84209) Subpackages: health-checker-plugins-MicroOS - Update to version 1.10+git20240111.cb84209: * Add missing rule for health-checker.service.8 * Don't generate html documentation * Fixing some typo's and improving the UX of the health-checker output * Fix a typo in README.md ==== jasper ==== Version update (4.1.1 -> 4.1.2) - Update to 4.1.2: * Fix invalid memory write bug (#367) (CVE-2023-51257). * Fix missing range check in the JPC encoder (#368). ==== kernel-source ==== Version update (6.6.10 -> 6.6.11) - keys, dns: Fix size check of V1 server-list header (git-fixes). - commit 05ae4ad - Linux 6.6.11 (bsc#1012628). - keys, dns: Fix missing size check of V1 server-list header (bsc#1012628). - ALSA: hda/tas2781: do not use regcache (bsc#1012628). - ALSA: hda/tas2781: move set_drv_data outside tasdevice_init (bsc#1012628). - ALSA: hda/tas2781: remove sound controls in unbind (bsc#1012628). - ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook (bsc#1012628). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (bsc#1012628). - drm/amd/display: pbn_div need be updated for hotplug event (bsc#1012628). - mptcp: prevent tcp diag from closing listener subflows (bsc#1012628). - Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (bsc#1012628). - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (bsc#1012628). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1012628). - cifs: do not depend on release_iface for maintaining iface_list (bsc#1012628). - KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL (bsc#1012628). - accel/qaic: Fix GEM import path code (bsc#1012628). - accel/qaic: Implement quirk for SOC_HW_VERSION (bsc#1012628). - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (bsc#1012628). - drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (bsc#1012628). - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (bsc#1012628). - drm/bridge: ps8640: Fix size mismatch warning w/ len (bsc#1012628). - netfilter: nf_tables: set transport offset from mac header for netdev/egress (bsc#1012628). - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (bsc#1012628). - octeontx2-af: Fix marking couple of structure as __packed (bsc#1012628). - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (bsc#1012628). - drm/i915/perf: Update handling of MMIO triggered reports (bsc#1012628). - ice: Fix link_down_on_close message (bsc#1012628). - ice: Shut down VSI with "link-down-on-close" enabled (bsc#1012628). - i40e: Fix filter input checks to prevent config with invalid values (bsc#1012628). - igc: Report VLAN EtherType matching back to user (bsc#1012628). - igc: Check VLAN TCI mask (bsc#1012628). - igc: Check VLAN EtherType mask (bsc#1012628). - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable (bsc#1012628). - ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset (bsc#1012628). - mlxbf_gige: fix receive packet race condition (bsc#1012628). - net: sched: em_text: fix possible memory leak in em_text_destroy() (bsc#1012628). - r8169: Fix PCI error on system resume (bsc#1012628). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (bsc#1012628). - selftests: bonding: do not set port down when adding to bond (bsc#1012628). - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init (bsc#1012628). - sfc: fix a double-free bug in efx_probe_filters (bsc#1012628). - net: bcmgenet: Fix FCS generation for fragmented skbuffs (bsc#1012628). - netfilter: nf_nat: fix action not being set for all ct states (bsc#1012628). - netfilter: nft_immediate: drop chain reference counter on error (bsc#1012628). - net: Save and restore msg_namelen in sock_sendmsg (bsc#1012628). - i40e: fix use-after-free in i40e_aqc_add_filters() (bsc#1012628). - ASoC: meson: g12a-toacodec: Validate written enum values (bsc#1012628). - ASoC: meson: g12a-tohdmitx: Validate written enum values (bsc#1012628). - ASoC: meson: g12a-toacodec: Fix event generation (bsc#1012628). - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (bsc#1012628). - i40e: Restore VF MSI-X state during PCI reset (bsc#1012628). - igc: Fix hicredit calculation (bsc#1012628). - apparmor: Fix move_mount mediation by detecting if source is detached (bsc#1012628). - virtio_net: avoid data-races on dev->stats fields (bsc#1012628). - virtio_net: fix missing dma unmap for resize (bsc#1012628). - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (bsc#1012628). - net/smc: fix invalid link access in dumping SMC-R connections (bsc#1012628). ... changelog too long, skipping 110 lines ... - commit f421cf4 ==== libgedit-amtk ==== Subpackages: libgedit-amtk-5-0 libgedit-amtk-5-lang typelib-1_0-Amtk-5 - Update spec file to conclicts the legacy amtk-devel, which shipped the same file Amtk-%{api_ver}.gir as libgedit-amtk does. ==== libjcat ==== - Do not install test files: pass -Dtest=false to meson instead of Dtest=true (aids with reproducible build, boo#1218715). - Add check section and run meson test. ==== libstorage-ng ==== Version update (4.5.171 -> 4.5.172) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#978 - added get_linux_partition_id() taking Arch parameter - make git ignore javascript in generated documentation - coding style - cleanup - 4.5.172 ==== linux-glibc-devel ==== Version update (6.6 -> 6.7) - Update to kernel headers 6.7 ==== microos-tools ==== Version update (2.21+git5 -> 2.21+git9) - Update to version 2.21+git9: * Add man-online command * Drop support for sle15 builds * Add OBS CI workflow ==== pcr-oracle ==== - Add fix_efi_measure.patch to fix the measurement of EFI binaries ==== pipewire ==== Version update (1.0.0 -> 1.0.1) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.1: * Highlights - Work around the buggy ALSA backend in libcanberra by forcing the pulse backend in module-x11-bell. - Fix a race in the device info updates in pulse-server. - Fix timing and rate matching in ALSA sequencer. - Improve timing information in JACK and from the ALSA driver. - More small fixes and improvements. * PipeWire - Fix a build issue when examples where disabled. - Avoid some compiler warnings. - Avoid some bitfield data races. (#3706) * Modules - Bump the PTP driver priority. (#3217) - Support the previous "allowed" permission in the access module. - Fix filename leak in module-filter-chain. - Work around the buggy ALSA backend in libcanberra by forcing the pulse backend in module-x11-bell. (#3688) - Fix a race in the device info updates in pulse-server. - Fix compatibility in RAOP. (#3698) * SPA - Handle ALSA picth control errors correctly - Clamp buffer-frames correctly. (#3000) - Fix timing and rate matching in ALSA sequencer. (#3657) - Revert a commit that could result in current time in the future in the timing updates. - Improve adapter state checks. - Remove the timer from the ALSA pcm. - Fix timeout in freewheel driver. * Pulse-server - Also handle active ports for monitor sources. - Fix zeroconf-publish format properties. * JACK - Improve timing and transport calculations. - Handle -ENOENT from the core and don't error out. * GStreamer - Handle node port removal in the device provider. (#3708) - Improve error handling while connecting. - Fix dts_offset. ==== python-gevent ==== - Clean obsolete old python and old distribution directives * Only 15.5+ with the sle15 python module and Tumbleweed have the required Python 3.8+ * Drop fix-no-return-in-nonvoid-function.patch - Update test suite execution * Use -u-network flag to disable network tests * Add gevent-opensuse-nocolor-tests.patch -- Avoid colorization of test output in obs runners * Add gevent-fix-unittest-returncode-py312-c1.patch and gevent-fix-unittest-returncode-py312-c2.patch gh#gevent/gevent#2012 ==== python-greenlet ==== Version update (3.0.2 -> 3.0.3) - Update to 3.0.3 * Python 3.12: Restore the full ability to walk the stack of a suspended greenlet; previously only the innermost frame was exposed. See issue 388. Fix by Joshua Oreman in PR 393. - Disable building the docs: Now requires the furo theme, which is not available. ==== python-tornado6 ==== - Add patch openssl-3.2.patch gh#tornadoweb/tornado#3355 ==== python-urllib3 ==== - Add upstream patch openssl-3.2.patch, to fix tests with opennssl 3.2.0, gh#urllib3/urllib3#3271 ==== samba ==== Version update (4.19.2+git.324.fa0b54b91b -> 4.19.4+git.339.acf1ccaa020) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). - Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440). * Multichannel refresh network information; (bso#15547). - Update to 4.19.3 * sid_strings test broken by unix epoch > 1700000000; (bso#15520). * smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set; (bso#15487). * smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(); (bso#15521). * Improve logging for failover scenarios; (bso#15499). * Files without "read attributes" NFS4 ACL permission are not listed in directories; (bso#15093). * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users; (bso#13595). * Kerberos TGS-REQ with User2User does not work for normal accounts; (bso#15492). * vfs_gpfs stat calls fail due to file system permissions; (bso#15507). * Samba doesn't build with Python 3.12; (bso#15513). ==== selinux-policy ==== Version update (20231124 -> 20240104) Subpackages: selinux-policy-targeted - Update to version 20240104: * Allow keepalived_t read+write kernel_t pipes (bsc#1216060) * allow rebootmgr to read the system state (bsc#1205931) ==== zstd ==== Subpackages: libzstd1 libzstd1-32bit libzstd1-x86-64-v3 - Disable build of gzip for Leap 15.x to fix build error.