Packages changed:
MicroOS-release (20240605 -> 20240606)
apparmor
chrony
cockpit (309 -> 316)
crun (1.14.4 -> 1.15)
dialog
gnome-control-center
libapparmor
libbpf (1.4.2 -> 1.4.3)
libkrun (1.4.10 -> 1.9.0)
libtommath (1.2.1 -> 1.3.0)
patterns-base
podman (5.1.0 -> 5.1.1)
python-Mako (1.3.4 -> 1.3.5)
samba (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2)
selinux-policy (20240321 -> 20240411)
xen (4.18.2_04 -> 4.18.2_05)
xwayland
zypp-boot-plugin (0.0.8 -> 0.0.9)
=== Details ===
==== MicroOS-release ====
Version update (20240605 -> 20240606)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)
- add plasmashell.diff - fix QtWebEngineProcess path to prevent a
crash in plasmashell (boo#1225961)
==== chrony ====
Subpackages: chrony-pool-openSUSE
- bsc#1225362, chrony-124-tai.patch: make 124-tai more reliable
- Update clknetsim to snapshot 0a11a35.
==== cockpit ====
Version update (309 -> 316)
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- new version 316:
* cockpit.js API: Fix format_bytes() units
- add 0001-users-Support-for-watching-lastlog2.patch (bsc#1220551)
- add 0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch (bsc#1220551)
- new version 315:
* Networking: Show additional ports for each firewall zone
* Networking: List Firewall active zones when unprivileged
* Inline documentation
* Support for transient virtual machines
* UEFI for virtual machines
* Unattended virtual machines installation
* Localize times
* Better support for various TLS certificate formats
* Overview: Add CPU utilization to usage card
* Dashboard: Support SSH identity unlocking when adding new machines
* SElinux: Introduce an Ansible automation script
* Machines: Support “bridge†type network interfaces
* Machines: Support “bus†type disk configuration
- suse_docs.patch, storage-btrfs.patch: refreshed
==== crun ====
Version update (1.14.4 -> 1.15)
- New upstream release 1.15
* fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY.
* linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run.
* release: build s390x binaries using musl libc.
* features: add support for potentiallyUnsafeConfigAnnotations.
* handlers: add option to load wasi-nn plugin for wasmedge.
* linux: fix "harden chdir()" security measure. The previous check was not correct.
* crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits.
==== dialog ====
Subpackages: libdialog15
- Update to version 1.3-20240307:
+ add option --color-modes, which can be used to color the content of
programbox, tailbox, textbox (requested by Rafał Radziejewski).
+ updated configure script, e.g., for compiler-warning fixes.
+ amend change to formbox while revising --max-input to work with the
form's "ilen" parameter (report by Anna-Maria Gruber, cf: 2022/04/14)
+ update config.guess, config.sub
+ updated configure script, e.g., for compiler-warning fixes.
+ updated lv.po from
http://translationproject.org/latest/dialog/
+ add/use dlg_print_nowrap(), to handle multibyte character strings in
progressbox and tailbox (report/testcase by Sergey Merzlikin).
+ updated configure script, e.g., for compiler-warning fixes.
+ update config.guess, config.sub
+ updated configure script, e.g., for compiler-warning fixes.
+ minor fixes for manpages to address mandoc warnings.
+ updated th.po from
http://translationproject.org/latest/dialog/
+ update config.guess, config.sub
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa
- Update gnome-control-center-disable-error-message-for-NM.patch:
Add info page to toolbar view instead of navigation page to
prevent hiding close button (bsc#1222099).
==== libapparmor ====
- add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)
- add plasmashell.diff - fix QtWebEngineProcess path to prevent a
crash in plasmashell (boo#1225961)
==== libbpf ====
Version update (1.4.2 -> 1.4.3)
- update to 1.4.3:
* Fix libbpf unintentionally dropping FD_CLOEXEC flag when (internally)
duping FDs
==== libkrun ====
Version update (1.4.10 -> 1.9.0)
- Update to version 1.9.0:
* console: send a resize event on PORT_READY by @slp in #179
* Fix another batch of new clippy warnings by @slp in #182
* Fix constness when taking an array of string pointers by @teohhanhui in #181
* Fix new lints in Rust 1.78 by @teohhanhui in #184
* Use the correct documentation comment style recognized by clang by @teohhanhui in #183
* virtio/snd: import virtio-snd from vhost-user-sound by @slp in #186
- Changes from 1.8.1:
* VirtIO optimizations
- Changes from 1.8.0:
* Implement stdin/stdout/stderr redirection support using multiport virtio-console
* devices/legacy: import PL011 for aarch64
* init: accept arguments from the "args" Field
* Fix various minor issues on macOS and add a CI workflow for this OS
* Add Matej Hrica (mtjhrc) to CODEOWNERS
* Implement an EFI flavor
* Implement krun_add_vsock_port() and UnixProxy for guest communication with host UNIX sockets.
* Implement the infrastructure to support sending shut down signals to the guest
* lib: allow having multiple virtio-fs devices
* devices/net: allow configuring a custom MAC
* Import SECURITY_CTX support from virtiofsd
* Makefile: fix EFI library naming
* virtio/net: implement gvproxy backend
* macos/eventfd: ignore EAGAIN on write
* Import rutabaga_gfx+virtio_gpu from crosvm
* devices/vsock/unix: implement update_peer_credit
* devices/console: implement an empty port input
* Extend virtio-gpu to support Venus on macOS
* libkrun: Extend API to redirect console to file
* virtio/fs/macos: overhaul to use macos inodes
- Update to version 1.7.2:
* Fix aarch64 build by adapting to changes in kvm-ioctl
- Changes from 1.7.1
* Update kbs-types version to 0.5 and release 1.7.1
- Update to version 1.7.0:
* SNP Attestation
* Read TEE config from the end of the block device
* De-vendorize kbs-types
* Remove libfdt dependency
* init: place SEV behind build-time conditional
* devices/fs: fix reading the end of init.krun
* init: don't build init.c on SEV flavor
* Prepare to support libkrunfw 4.x
* init: Report an error when execution of the user binary fails
* virtio-net implementation using passt
* Make krun_set_vm_config use the same argument type for num_vcpus as ...
* Update sev crate to 1.2.0
* virtio net bugfixes and performance improvement
* Makefile: De-couple KBS init sources from SEV-SNP
* Update rust-vmm deps and bump version for upcoming release
- Changes from 1.5.1
* Fix CI clippy
* Add a pkgconf file
* examples: Fix error handling of krun_create_ctx
* VSOCK: fix reaper timeout
* Fix typo in README.md
* macos: implement host->guest time sync
* Bump version to v1.5.1
- Changes from 1.5.0
* devices: update lru dep to 0.9
* Introduce the krun_set_data_disk API.
- The vendored tarball already contains the config these days, so
don't mess with that in the spec file
==== libtommath ====
Version update (1.2.1 -> 1.3.0)
- update to 1.3.0:
* Deprecate more APIs which are replaced in develop
* Add support for CMake (PR #573)
* Add support for GitHub Actions (PR #573)
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- Update rpmlintrc W: no-binary to E: no-binary
- Remove tigervnc
* Most users including myself don't even know what a vnc is
or how to use one
==== podman ====
Version update (5.1.0 -> 5.1.1)
- Update to version 5.1.1:
* Bump to v5.1.1
* Update release notes for v5.1.1
* libpod: do not leak systemd hc startup unit timer
* Check AppleHypervisor before accessing it
* [v5.1] Bump c/common to v0.59.1
* [v5.1] pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED ... correctly
* test/e2e: use local skopeo not image
* [v5.1] Mac PM test: Require pre-installed rosetta
* Fix typo in release notes
* Bump to v5.1.1-dev
==== python-Mako ====
Version update (1.3.4 -> 1.3.5)
- update to 1.3.5:
* Reverted the fix for :ticket:`400` as it caused new issues
when traversing some bracketed situations.
==== samba ====
Version update (4.20.1+git.335.0a46cdafe2 -> 4.20.1+git.339.cf6e153bb2)
Subpackages: samba-ad-dc-libs samba-client samba-client-libs samba-libs
- Fix non deterministic builds; (bsc#1225754); (bso#13213);
==== selinux-policy ====
Version update (20240321 -> 20240411)
Subpackages: selinux-policy-targeted
- Remove "Reference" from the package description. It's not the
reference policy, but the Fedora branch of the policy
- Use python311 tools in 15.4 and 15.5 when building selinux-policy to deprecate
python36 tooling
- Fixed varrun-convert.sh script to not break because of duplicate
entries
- Move to %posttrans to ensure selinux-policy got updated before
the commands run (bsc#1221720)
- Add file contexts "forwarding" to file_contexts.sub_dist
to fix systemd-gpt-auto-generator and systemd-fstab-generator
(bsc#1222736):
* /run/systemd/generator.early /usr/lib/systemd/system
* /run/systemd/generator.late /usr/lib/systemd/system
- Update to version 20240411:
* Remove duplicate in sysnetwork.fc
* Rename /var/run/wicked* to /run/wicked*
* Remove /var/run/rsyslog/additional-log-sockets.conf from logging.fc
* policy: support pidfs
* Confine selinux-autorelabel-generator.sh
* Allow logwatch_mail_t read/write to init over a unix stream socket
* Allow logwatch read logind sessions files
* files_dontaudit_getattr_tmpfs_files allowed the access and didn't dontaudit it
* files_dontaudit_mounton_modules_object allowed the access and didn't dontaudit it
* Allow NetworkManager the sys_ptrace capability in user namespace
* dontaudit execmem for modemmanager
* Allow dhcpcd use unix_stream_socket
* Allow dhcpc read /run/netns files
* Update mmap_rw_file_perms to include the lock permission
* Allow plymouthd log during shutdown
* Add logging_watch_all_log_dirs() and logging_watch_all_log_files()
* Allow journalctl_t read filesystem sysctls
* Allow cgred_t to get attributes of cgroup filesystems
* Allow wdmd read hardware state information
* Allow wdmd list the contents of the sysfs directories
* Allow linuxptp configure phc2sys and chronyd over a unix domain socket
* Allow sulogin relabel tty1
* Dontaudit sulogin the checkpoint_restore capability
* Modify sudo_role_template() to allow getpgid
* Allow userdomain get attributes of files on an nsfs filesystem
* Allow opafm create NFS files and directories
* Allow virtqemud create and unlink files in /etc/libvirt/
* Allow virtqemud domain transition on swtpm execution
* Add the swtpm.if interface file for interactions with other domains
* Allow samba to have dac_override capability
* systemd: allow sys_admin capability for systemd_notify_t
* systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
* Allow thumb_t to watch and watch_reads mount_var_run_t
* Allow krb5kdc_t map krb5kdc_principal_t files
* Allow unprivileged confined user dbus chat with setroubleshoot
* Allow login_userdomain map files in /var
* Allow wireguard work with firewall-cmd
* Differentiate between staff and sysadm when executing crontab with sudo
* Add crontab_admin_domtrans interface
* Allow abrt_t nnp domain transition to abrt_handle_event_t
* Allow xdm_t to watch and watch_reads mount_var_run_t
* Dontaudit subscription manager setfscreate and read file contexts
* Don't audit crontab_domain write attempts to user home
* Transition from sudodomains to crontab_t when executing crontab_exec_t
* Add crontab_domtrans interface
* Fix label of pseudoterminals created from sudodomain
* Allow utempter_t use ptmx
* Dontaudit rpmdb attempts to connect to sssd over a unix stream socket
* Allow admin user read/write on fixed_disk_device_t
* Only allow confined user domains to login locally without unconfined_login
* Add userdom_spec_domtrans_confined_admin_users interface
* Only allow admindomain to execute shell via ssh with ssh_sysadm_login
* Add userdom_spec_domtrans_admin_users interface
* Move ssh dyntrans to unconfined inside unconfined_login tunable policy
* Update ssh_role_template() for user ssh-agent type
* Allow init to inherit system DBus file descriptors
* Allow init to inherit fds from syslogd
* Allow any domain to inherit fds from rpm-ostree
* Update afterburn policy
* Allow init_t nnp domain transition to abrtd_t
* Rename all /var/lock file context entries to /run/lock
* Rename all /var/run file context entries to /run
- Add script varrun-convert.sh for locally existing modules
to be able to cope with the /var/run -> /run change
- Update embedded container-selinux to commit
a8e389dbcd3f9b6ed0a7e495c6f559c0383dc49e
==== xen ====
Version update (4.18.2_04 -> 4.18.2_05)
- bsc#1225953 - Package xen does not build with gcc14 because of
new errors
gcc14-fixes.patch
==== xwayland ====
- disable DPMS on sle15 due to missing proto package
==== zypp-boot-plugin ====
Version update (0.0.8 -> 0.0.9)
- Update to version 0.0.9:
* Set reboot flag for multiversion packages ( type "M" ).