Packages changed: grub2 gstreamer-plugins-rs (0.10.2 -> 0.10.4) hostname libass (0.17.0 -> 0.17.1) lua54 microos-tools (2.19 -> 2.20) mpg123 (1.31.2 -> 1.31.3) net-tools ovmf pam pam-config (1.9 -> 2.1) pam-full-src selinux-policy (20221019 -> 20230321) systemd tigervnc (1.13.0 -> 1.13.1) transfig vlan vsftpd xz (5.4.1 -> 5.4.2) yast2-trans (84.87.20230312.2a5006f40f -> 84.87.20230318.5548fe53da) === Details === ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Restrict cryptsetup key file permission for better security (bsc#1207499) * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch - Meanwhile, memtest86+ gained EFI support, but using the grub command line to run it manually is quite tedious... Adapt 20_memtest86+ to provide a proper menu entry. Executing memtest requires to turn security off in BIOS: (Boot Mode: Other OS). ==== gstreamer-plugins-rs ==== Version update (0.10.2 -> 0.10.4) - Update to version 0.10.4: * Fixed: - fmp4mux: . Return a running time from AggregatorImpl::next_time() to fix waiting in live pipelines. . Fix hls_live example to set properties on the right element. - uriplaylistbin: Reset element when switching back to NULL state. - livesync: Handle variable framerates correctly in fallback buffer duration calculation. - meson: Fix GStreamer version feature detection. * Added: webrtc: New webrtc element. - Update to version 0.10.3: * Added: - tracers: `queue_levels` tracer now also supports printing the `appsrc` levels. - webrtc: `webrtcsink` can use `nvvidconv` if `nvvideoconvert` does not exist on an NVIDIA platform. * Fixed: - gtk4: Set the sync point on the video frame after mapping it as otherwise the frame might not be ready yet for further usage. - livesync: Correctly calculate the fallback buffer duration from the video framerate. - ndi: Handle caps changes correctly in `ndisinkcombiner`. * Changed: webrtc: Minor cleanup. ==== hostname ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== libass ==== Version update (0.17.0 -> 0.17.1) - update to 0.17.1: * Fix buffer overread if soft-wrapping occurred and ASS_FEATURE_WHOLE_TEXT_LAYOUT was enabled via API or due to Encoding -1 * x86: detect GNU Hurd and configure NASM appropriately ==== lua54 ==== - Added more numbered patches from upstream: * luabugs10.patch ==== microos-tools ==== Version update (2.19 -> 2.20) - Update to version 2.20: - 98selinux-microos: don't load the policy to label the system ==== mpg123 ==== Version update (1.31.2 -> 1.31.3) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.31.3 build: * Fix --disable-8bit. * Fix some pedantic compiler warnings, avoid breaking libtool wrappers. mpg123: * Fix verbose position printout for new resampling outside libmpg123 (where output rate differs from decoding rate). libsyn123: * Fix reconfiguration of resampler to avoid double free when reducing decimator stages to zero. ==== net-tools ==== Subpackages: net-tools-lang - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - Add ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch to revert 58eb8517ad7b56574f8f04b770a59a9cbed796c4 patch to prevent booting hangs when SEV + secure boot. (bsc#1209266) ==== pam ==== Subpackages: pam-32bit - Add common-session-nonlogin and postlogin-* pam.d config files for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 and upcoming pam_wtmpdb. ==== pam-config ==== Version update (1.9 -> 2.1) - Update to version 2.1 - Bug fix release - Update to version 2.0 - Add support for pam_fscrypt - Add support for pam.d/common-session-nonlogin - Add support for pam.d/postlogin-{account,auth,password,session} ==== pam-full-src ==== - Add common-session-nonlogin and postlogin-* pam.d config files for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 and upcoming pam_wtmpdb. ==== selinux-policy ==== Version update (20221019 -> 20230321) Subpackages: selinux-policy-targeted - Update to version 20230321: * make kernel_t unconfined again - Update to version 20230316: * prevent labeling of overlayfs filesystems based on the /var/lib/overlay path * allow kernel_t to relabel etc_t files * allow kernel_t to relabel sysnet config files * allow kernel_t to relabel systemd hwdb etc files * add systemd_hwdb_relabel_etc_files to allow labeling of hwdb files * change sysnet_relabelto_net_conf and sysnet_relabelfrom_net_conf to apply to files and lnk_files. lnk_files are commonly used in SUSE to allow easy management of config files * add files_relabel_etc_files_basic and files_relabel_etc_lnk_files_basic interfaces to allow labeling on etc_t, not on the broader configfiles attribute * Allow systemd-timesyncd to bind to generic UDP ports (bsc#1207962). The watch permissions reported are already fixed in a current policy. - Reinstate update.sh and remove container-selinux from the service. Having both repos in there causes issues and update.sh makes the update process easier in general. Updated README.Update ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-container systemd-coredump systemd-lang udev - Drop 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch These obsolete symlinks were kept because several years ago VLC was still relying on some of them. However it's been a long a time ago that it's been fixed and cdrom or similar devices are discovered in a better way. - Enable that systemd can load the IMA policy from /etc/ima/ima-policy. This is used to complement dracut-ima when using SELinux, as the SELinux policy should not be loaded in the initrd (https://github.com/openSUSE/microos-tools/pull/14) ==== tigervnc ==== Version update (1.13.0 -> 1.13.1) Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - update to 1.13.1: * x0vncserver can either crash itself, or crash the X server it is connected to * The servers might crash if the clipboard is updated just as a client is connected * The vncserver service can fail to start on SELinux system if ~/.vnc doesn't exist ==== transfig ==== - Drop obsolete fig2dev-3.2.6a-RGBFILE.patch. - Set correct path for X11 rgb.txt file (no longer in /etc), recommend rgb package. - Fix typo for enable-scale-pict2e option. - Remove obsolsete hunks from transfig-3.2.8.dif, rebase fig2dev-3.2.6-fig2mpdf.patch. - Avoid epstopdf dependency, add 0001-Use-native-fig2dev-pdf-output-instead-of-epstopdf.patch This also fixes unreproducible figures created by fig2mpdf. - Fix CFLAGS checks, -Wformat-security requires -Wformat. ==== vlan ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== vsftpd ==== - Use valid separator for logrotate config file. [bsc#1192179] ==== xz ==== Version update (5.4.1 -> 5.4.2) Subpackages: liblzma5 liblzma5-32bit xz-lang - Update to version 5.4.2: * All fixes from 5.2.11 that were not included in 5.4.1. * If xz is built with support for the Capsicum sandbox but running in an environment that doesn't support Capsicum, xz now runs normally without sandboxing instead of exiting with an error. * liblzma: - Documentation was updated to improve the style, consistency, and completeness of the liblzma API headers. - The Doxygen-generated HTML documentation for the liblzma API header files is now included in the source release and is installed as part of "make install". All JavaScript is removed to simplify license compliance and to reduce the install size. - Fixed a minor bug in lzma_str_from_filters() that produced too many filters in the output string instead of reporting an error if the input array had more than four filters. This bug did not affect xz. * Build systems: - autogen.sh now invokes the doxygen tool via the new wrapper script doxygen/update-doxygen, unless the command line option - -no-doxygen is used. - Added microlzma_encoder.c and microlzma_decoder.c to the VS project files for Windows and to the CMake build. These should have been included in 5.3.2alpha. * Tests: - Added a test to the CMake build that was forgotten in the previous release. - Added and refactored a few tests. * Translations: - Updated the Brazilian Portuguese translation. - Added Brazilian Portuguese man page translation. ==== yast2-trans ==== Version update (84.87.20230312.2a5006f40f -> 84.87.20230318.5548fe53da) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230318.5548fe53da: * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * New POT for text domain 'storage'. * New POT for text domain 'installation'.