Packages changed: checkpolicy (3.1 -> 3.2) e2fsprogs (1.46.1 -> 1.46.2) elfutils kernel-firmware (20210208 -> 20210315) libnettle (3.7.1 -> 3.7.2) libselinux (3.1 -> 3.2) libselinux-bindings (3.1 -> 3.2) patterns-microos policycoreutils (3.1 -> 3.2) python-semanage (3.1 -> 3.2) selinux-policy (20210223 -> 20210309) setools (4.3.0 -> 4.4.0) snapper (0.8.15 -> 0.8.16) toolbox (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) transactional-update (3.2.2 -> 3.3.0) === Details === ==== checkpolicy ==== Version update (3.1 -> 3.2) - Update to version 3.2 * Fix a memleak and an integer overflow ==== e2fsprogs ==== Version update (1.46.1 -> 1.46.2) Subpackages: libcom_err2 libext2fs2 - e2fsprogs 1.46.2: * tune2fs -c now takes "random" argument * Add support for the FS_NOCOMP_FL flag to chattr and lsattr * Fix warnings when resizing small file systems to a super-large * Fix the debugfs rdump and ls commands so they will work correctly for uid's and gid's => 65536 * Fix the debugfs write and symlink commands so they support targets which contain a pathname * Fix Direct I/O support on block devices where the logical block size is greater 1k * Fix debugfs's logdump so it works on file systems whose block size is greater than 8k * Fix a crash when there is error while e2fsck is trying to open the file system, and e2fsck calls ext2fs_mmp_stop() before MMP has been initialized * Improved error checking in the fast commit replay code in e2fsck * Fix various compiler and Coverity warnings * Update the Spanish translation from the translation project ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ==== kernel-firmware ==== Version update (20210208 -> 20210315) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210315 (git commit 3568f962908c): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtw88: 8822c: Update normal firmware to v9.9.6 * iwlwifi: add new FWs from core59-66 release * iwlwifi: update 9000-family firmwares * iwlwifi: update 7265D firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406 * linux-firmware: add frimware for mediatek bluetooth chip (MT7921) * rtw89: 8852a: add firmware v0.9.12.2 * WHENCE: add missing symlink for BananaPi M3 * Add symlink for BananaPi M2 to brcmfmac43430-sdio config * brcm: Fix Raspberry Pi 4B NVRAM file * silabs: add new firmware for WF200 * amdgpu: add initial firmware for green sardine * rtw88: RTL8822C: Update normal firmware to v9.9.5 - Drop obsoleted patch: Revert-brcm-rpi4-boardflags3-bit.patch - Update topics and aliases ==== libnettle ==== Version update (3.7.1 -> 3.7.2) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (boo#1183835) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger ==== libselinux ==== Version update (3.1 -> 3.2) Subpackages: libselinux1 selinux-tools - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. + Replace pkgconfig(libpcre) Requires in -devel static with pkgconfig(libpcre2-8). - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== libselinux-bindings ==== Version update (3.1 -> 3.2) - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Remove gnome-calculator and add gnome-branding-MicroOS to MicroOS GNOME Desktop - Add gnome-shell-search-provider-nautilus and gnome-color-manager to MicroOS GNOME Desktop - gnome-color-manager needed for Night Light - Use busybox hostname and gzip for MicroOS except for the Desktop - Require util-linux instead of "login" alias - Remove supportutils, we didn't use it and it pulls in more than we want - Ensure that a repository configuration package is installed for Micro DNF or PackageKit patterns - Split base pattern into separate patterns for Zypper, Micro DNF, and PackageKit - Make GNOME and KDE Plasma patterns require PackageKit pattern ==== policycoreutils ==== Version update (3.1 -> 3.2) Subpackages: policycoreutils-python-utils python3-policycoreutils - Update to version 3.2 * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * `setfiles` doesn't abort on labeling errors - Refreshed get_os_version.patch ==== python-semanage ==== Version update (3.1 -> 3.2) - Minor spec file cleanups - Update to version 3.2 * dropped old and deprecated symbols and functions libsemanage version was bumped to libsemanage.so.2 * libsemanage tries to sync data to prevent empty files in SELinux module store ==== selinux-policy ==== Version update (20210223 -> 20210309) Subpackages: selinux-policy-targeted - Adjust fix_init.patch to allow systemd to do sd-listen on tcp socket [bsc#1183177] - Update to version 20210309 - Refreshed * fix_systemd.patch * fix_selinuxutil.patch * fix_iptables.patch * fix_init.patch * fix_logging.patch * fix_nscd.patch * fix_hadoop.patch * fix_unconfineduser.patch * fix_chronyd.patch * fix_networkmanager.patch * fix_cron.patch * fix_usermanage.patch * fix_unprivuser.patch * fix_rpm.patch - Ensure that /usr/etc is labeled according to /etc rules ==== setools ==== Version update (4.3.0 -> 4.4.0) - Update to the version 4.4.0: * Added support for old Boolean name substitution in seinfo and sesearch. * Added sechecker tool which is a configuration file driven analysis tool. ==== snapper ==== Version update (0.8.15 -> 0.8.16) Subpackages: libsnapper5 - fixed creating root config (root prefix handling) (gh#openSUSE/snapper#627) ==== toolbox ==== Version update (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) - Update to version 2.1+git20210311.15cb3ad: * Don't check for subuid if root calls toolbox [bsc#1183375] ==== transactional-update ==== Version update (3.2.2 -> 3.3.0) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.3.0 - Add support for more package managers by bind mounting their directories - Support snapshots without dedicated overlay [boo#1183539], [bsc#1183539] - Link RPM database correctly with older zypper versions [boo#1183521] - Don't discard manual changes in fstab [boo#1183856]