Packages changed: NetworkManager (1.36.0 -> 1.36.2) bash-completion busybox-links cockpit container-selinux (2.171.0 -> 2.180.0) dbus-1 dbus-1-x11 flatpak (1.12.6 -> 1.12.7) fwupd-efi (1.1 -> 1.2) gnome-control-center gnome-software (41.4 -> 41.5) grep grub2 kernel-source (5.16.14 -> 5.16.15) libepoxy (1.5.9 -> 1.5.10) libgnomesu (2.0.6 -> 2.0.7) libnvme (1.0~6 -> 1.0~7) librsvg (2.52.7 -> 2.52.8) libsigc++2 (2.10.7 -> 2.10.8) mobile-broadband-provider-info (20210805 -> 20220315) nvme-cli (2.0~6 -> 2.0~7) openSUSE-build-key p11-kit (0.23.22 -> 0.24.1) protobuf toolbox wavpack xdg-desktop-portal (1.12.1 -> 1.14.0) === Details === ==== NetworkManager ==== Version update (1.36.0 -> 1.36.2) Subpackages: libnm0 typelib-1_0-NM-1_0 - Do not requires dhcp-client, NM is using its internal client by default for a long time now. - Convert iproute2 and iputils requires to recommends, they should not be hard requires. - Update to version 1.36.2: + When the list of plugins is not specified via "main.plugins" in NetworkManager.conf and no build-time default is set with "--with-config-plugins-default" configure argument, now all known plugins found in the plugin directory are loaded (and the built-in "keyfile" plugin is preferred over others). + Preserve external ports during checkpoint rollback. + Fix removal of ovsdb entry when an OVS interface goes away. + Fix DNS configuration for WWAN connections. ==== bash-completion ==== - remove PS1-completion-boo903362.patch as it breaks on non-bash shells and the original problem in bsc#903362#c9 does not occur anymore - add versioned dependency to bash versions that have the fix ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed busybox-xz - replace copy from buildroot's gzip with a reimplementation that is not GPLv3 (jsc#PM-3301) ==== cockpit ==== Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - re-add suse-microos-branding.patch from GitHub - add hide-docs.patch (bsc#1197003) - make package compatible with OBS version (bsc#1197224): * move branding images to distribution-logos-SLE package * re-add dependency on distribution-logos * remove branding patch and assets (suse-microos-branding.patch, suse-microos-branding.tar.gz); moved to GitHub fork * remove local __python3 macro * apply SLE specific patches only on SLE - add hide-pcp.patch to hide references to PCP (Performance Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp package is not included in SLE Micro 5.2 base and these parts require it. - change self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade - update to new LTS version from openSUSE:Factory - port remove-pwscore.patch * remove dependency on pwscore (bsc#1182924) * remove password strenth indicator - port branding changes as suse-microos "theme" * remove suse_cockpit_assets.tar.gz * add suse-microos-branding.tar.gz * remove branding_tests.patch * add suse-microos-branding.patch - remove files not needed to build this version anymore * webpack-warnings-are-not-errors.patch * github_package.patch * nodejs_output_helper.bash - remove cockpit.permissions workaround (bsc#1169614) ==== container-selinux ==== Version update (2.171.0 -> 2.180.0) - Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service ==== dbus-1 ==== Subpackages: libdbus-1-3 - Drop use of %{with libalternatives}, there's no such bcond defined and in many other places it's not optional anyway (boo#1197258) ==== dbus-1-x11 ==== - Use --with-x=auto to actually enable X11 integration (boo#1197258, workaround https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/263) ==== flatpak ==== Version update (1.12.6 -> 1.12.7) Subpackages: libflatpak0 system-user-flatpak - Update to version 1.12.7: + allow networked access to X11 and PulseAudio services if that is configured, and the application has network access + Absolute paths in WAYLAND_DISPLAY now work + Allow apps that were built with Flatpak 1.13.x to export AppStream metadata in share/metainfo + Most commands now work if /var/lib/flatpak exists but /var/lib/flatpak/repo does not, and will automatically populate the repo directory if possible + Consistently pass relative subpaths to libostree, working around a bug in libostree < 2021.6 when used with GLib >= 2.71 + Fix some memory leaks in GVariant data processing ==== fwupd-efi ==== Version update (1.1 -> 1.2) - Update to version 1.2: * Release fwupd-efi 1.2 * meson: use stadard objcopy binary * meson: use find_program() to find the helper scripts we run * meson: using local copy ldscript when local copy crt0 be used for SBAT * sbat: clarify project URL * trivial: Ignore some markdown issues * Wait 5 seconds to reboot on errors * Port pre-commit clang-format, codespell, markdownlint from fwupd * trivial: fixup python errors by codacity/precommit * trivial: fixup markdown format * trivial: spelling errors * Sleep longer when no updates to process * README: fix typo and URL * trivial: post release version bump - Remove 0001-meson-using-local-copy-ldscript-when-local-copy-crt0.patch (merged upstream) ==== gnome-control-center ==== Subpackages: gnome-control-center-goa - Add gnome-control-center-reload-vpn-plugins.patch: network/connection-editor: always load all available VPN plugins (glgo#GNOME/gnome-control-center!1263). ==== gnome-software ==== Version update (41.4 -> 41.5) - Update to version 41.5: + Disable scroll-by-mouse-wheel on featured carousel. + Ensure details page shows app provided on command line. + Added several appstream-related fixes. + Updated translations. ==== grep ==== - Make profiling deterministic (bsc#1040589) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) * 0001-grub-probe-Deduplicate-probed-partmap-output.patch - Fix GCC 12 build failure (bsc#1196546) * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - Revised * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch ==== kernel-source ==== Version update (5.16.14 -> 5.16.15) - Linux 5.16.15 (bsc#1012628). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (bsc#1012628). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (bsc#1012628). - HID: elo: Revert USB reference counting (bsc#1012628). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (bsc#1012628). - ARM: boot: dts: bcm2711: Fix HVS register range (bsc#1012628). - clk: qcom: gdsc: Add support to update GDSC transition delay (bsc#1012628). - clk: qcom: dispcc: Update the transition delay for MDSS GDSC (bsc#1012628). - soc: mediatek: mt8192-mmsys: Fix dither to dsi0 path's input sel (bsc#1012628). - HID: vivaldi: fix sysfs attributes leak (bsc#1012628). - HID: nintendo: check the return value of alloc_workqueue() (bsc#1012628). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (bsc#1012628). - tipc: fix kernel panic when enabling bearer (bsc#1012628). - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (bsc#1012628). - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (bsc#1012628). - net: phy: meson-gxl: fix interrupt handling in forced mode (bsc#1012628). - mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1012628). - vhost: fix hung thread due to erroneous iotlb entries (bsc#1012628). - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (bsc#1012628). - virtio-blk: Remove BUG_ON() in virtio_queue_rq() (bsc#1012628). - vdpa: fix use-after-free on vp_vdpa_remove (bsc#1012628). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (bsc#1012628). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (bsc#1012628). - esp: Fix BEET mode inter address family tunneling on GSO (bsc#1012628). - net: gro: move skb_gro_receive_list to udp_offload.c (bsc#1012628). - qed: return status of qed_iov_get_link (bsc#1012628). - smsc95xx: Ignore -ENODEV errors when device is unplugged (bsc#1012628). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (bsc#1012628). - drm/i915/psr: Set "SF Partial Frame Enable" also on full update (bsc#1012628). - drm/sun4i: mixer: Fix P010 and P210 format numbers (bsc#1012628). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (bsc#1012628). - ARM: dts: aspeed: Fix AST2600 quad spi group (bsc#1012628). - iavf: Fix handling of vlan strip virtual channel messages (bsc#1012628). - i40e: stop disabling VFs due to PF error responses (bsc#1012628). - ice: stop disabling VFs due to PF error responses (bsc#1012628). - ice: Fix error with handling of bonding MTU (bsc#1012628). - ice: Don't use GFP_KERNEL in atomic context (bsc#1012628). - ice: Fix curr_link_speed advertised speed (bsc#1012628). - ethernet: Fix error handling in xemaclite_of_probe (bsc#1012628). - tipc: fix incorrect order of state message data sanity check (bsc#1012628). - net: ethernet: ti: cpts: Handle error for clk_enable (bsc#1012628). - net: ethernet: lpc_eth: Handle error for clk_enable (bsc#1012628). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (bsc#1012628). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (bsc#1012628). - net/mlx5: Fix size field in bufferx_reg struct (bsc#1012628). - net/mlx5: Fix a race on command flush flow (bsc#1012628). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (bsc#1012628). - net/mlx5e: SHAMPO, reduce TIR indication (bsc#1012628). - NFC: port100: fix use-after-free in port100_send_complete (bsc#1012628). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (bsc#1012628). - selftests: pmtu.sh: Kill nettest processes launched in subshell (bsc#1012628). - gpio: ts4900: Do not set DAT and OE together (bsc#1012628). - mm: gup: make fault_in_safe_writeable() use fixup_user_fault() (bsc#1012628). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (bsc#1012628). - net: phy: DP83822: clear MISR2 register to disable interrupts (bsc#1012628). - sctp: fix kernel-infoleak for SCTP sockets (bsc#1012628). - net: arc_emac: Fix use after free in arc_mdio_probe() (bsc#1012628). - net: bcmgenet: Don't claim WOL when its not available (bsc#1012628). - net: phy: meson-gxl: improve link-up behavior (bsc#1012628). - selftests/bpf: Add test for bpf_timer overwriting crash (bsc#1012628). - swiotlb: fix info leak with DMA_FROM_DEVICE (bsc#1012628). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (bsc#1012628). - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (bsc#1012628). - KVM: Fix lockdep false negative during host resume (bsc#1012628). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (bsc#1012628). - spi: rockchip: Fix error in getting num-cs property (bsc#1012628). - spi: rockchip: terminate dma transmission when slave abort (bsc#1012628). - drm/vc4: hdmi: Unregister codec device on unbind (bsc#1012628). - of/fdt: move elfcorehdr reservation early for crash dump kernel (bsc#1012628). - x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU (bsc#1012628). - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (bsc#1012628). - net-sysfs: add check for netdevice being present to speed_show (bsc#1012628). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (bsc#1012628). - nvme-tcp: send H2CData PDUs based on MAXH2CDATA (bsc#1012628). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (bsc#1012628). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (bsc#1012628). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (bsc#1012628). - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" (bsc#1012628). - Revert "xen-netback: Check for hotplug-status existence before watching" (bsc#1012628). - ipv6: prevent a possible race condition with lifetimes (bsc#1012628). - tracing: Ensure trace buffer is at least 4096 bytes large (bsc#1012628). - tracing/osnoise: Make osnoise_main to sleep for microseconds (bsc#1012628). - tracing: Fix selftest config check for function graph start up test (bsc#1012628). - selftest/vm: fix map_fixed_noreplace test failure (bsc#1012628). - selftests/memfd: clean up mapping in mfd_fail_write (bsc#1012628). - ARM: Spectre-BHB: provide empty stub for non-config (bsc#1012628). - fuse: fix fileattr op failure (bsc#1012628). - fuse: fix pipe buffer lifetime for direct_io (bsc#1012628). - staging: rtl8723bs: Fix access-point mode deadlock (bsc#1012628). - staging: gdm724x: fix use after free in gdm_lte_rx() (bsc#1012628). - net: macb: Fix lost RX packet wakeup race in NAPI receive (bsc#1012628). - riscv: alternative only works on !XIP_KERNEL (bsc#1012628). - mmc: meson: Fix usage of meson_mmc_post_req() (bsc#1012628). - riscv: Fix auipc+jalr relocation range checks (bsc#1012628). - tracing/osnoise: Force quiescent states while tracing (bsc#1012628). - tracing/osnoise: Do not unregister events twice (bsc#1012628). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (bsc#1012628). - arm64: Ensure execute-only permissions are not allowed without EPAN (bsc#1012628). - arm64: kasan: fix include error in MTE functions (bsc#1012628). - swiotlb: rework "fix info leak with DMA_FROM_DEVICE" (bsc#1012628). - virtio: unexport virtio_finalize_features (bsc#1012628). - virtio: acknowledge all features before access (bsc#1012628). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (bsc#1012628). - ARM: fix Thumb2 regression with Spectre BHB (bsc#1012628). - watch_queue: Fix filter limit check (bsc#1012628). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (bsc#1012628). - watch_queue: Fix to release page in ->release() (bsc#1012628). - watch_queue: Fix to always request a pow-of-2 pipe ring size (bsc#1012628). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (bsc#1012628). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (bsc#1012628). - watch_queue: Fix lack of barrier/sync/lock between post and read (bsc#1012628). - watch_queue: Make comment about setting ->defunct more accurate (bsc#1012628). - x86/boot: Fix memremap of setup_indirect structures (bsc#1012628). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1012628). - x86/module: Fix the paravirt vs alternative order (bsc#1012628). - x86/sgx: Free backing memory after faulting the enclave page (bsc#1012628). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1012628). - drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (bsc#1012628). - perf parse: Fix event parser error for hybrid systems (bsc#1012628). - btrfs: make send work with concurrent block group relocation (bsc#1012628). - riscv: dts: k210: fix broken IRQs on hart1 (bsc#1012628). - vhost: allow batching hint without size (bsc#1012628). - commit 2bd8d63 - config: enable XFS_RT (bsc#1197190) - commit d8f0e40 - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - commit f5ed8a3 ==== libepoxy ==== Version update (1.5.9 -> 1.5.10) - Update to version 1.5.10: + Fix for building with MSVC on non-English locale. + Fix build on Android. + Add the right include paths for EGL and X11 headers. - Upstream tarball url changed, probably by mistake, so leave old url in place, but disabled. ==== libgnomesu ==== Version update (2.0.6 -> 2.0.7) Subpackages: libgnomesu0 - Update to version 2.0.7: * Updated translations. * Better wording in the documentation. ==== libnvme ==== Version update (1.0~6 -> 1.0~7) - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ==== librsvg ==== Version update (2.52.7 -> 2.52.8) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.52.8: + Catch circular references when rendering patterns (glgo#GNOME/librsvg#721). ==== libsigc++2 ==== Version update (2.10.7 -> 2.10.8) - Update to version 2.10.8: + Build: - Meson build: Perl is not required by new versions of mm-common - NMake Makefiles: Support building with VS2022 + Documentation: Upgrade the manual from DocBook 4.1 to DocBook 5.0 ==== mobile-broadband-provider-info ==== Version update (20210805 -> 20220315) - Update to version 20220315: * release: bump version to 20220315 * doap: remove Jiri * doap: add myself * us: include information for voicemail for Verizon Wireless * dtd: expand DTD to include information for vvm3 Visual Voicemail standard * us: add Purism SPC AweSIM MVNO * us: added MCCMNC 310280 to AT&T * ro: update the Romania Orange net and mms credentials * eg: mms settings for vodafone.eg * de: add mms information to combined apn * us: added Ting provider information * us: add US Mobile (T-Mobile MVNO): mcc="310" mnc="260" * au: remove duplicate Telstra MMS entry * bd: updated profile names and other information * bd: remove defunct provider * se: remove defunct operators * fr: add AIF Mvno provider * it: add Rabona Mobile * us: move mobilenet APN to T-Mobile and add mmsc * us: add Mint Mobile VVM, APN, and MMSC * ca: update Fido APN settings * us: add MMS settings to T-Mobile LTE APN * us: add T-Mobile to LTE APN name * fr: add TeleCoop * dtd: fix a spelling error * jp: add Japanese providers * cl: update apn of main providers of Chile * ca: change Wind Mobile to Freedom Mobile * ca: add Public Mobile provider * Rename Orange (Israel) to Partner * Add APN information for We4G (Israel) * Adds the missing MMSC and MMS proxy for Orange France into serviceproviders.xml * il: Add Golan Telecom and Hot Mobile MMS settings * Update redirected GNOME wiki URL in CONTRIBUTING - Drop mobile-broadband-provider-info-tmobile-reorder.patch: Having this patch downstream for ages makes no sense, and if it was really needed, one would think it had landed as a bug upstream at some point. ==== nvme-cli ==== Version update (2.0~6 -> 2.0~7) - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ==== openSUSE-build-key ==== - gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key and try to remove it from installed systems via Obsoletes. ==== p11-kit ==== Version update (0.23.22 -> 0.24.1) Subpackages: libp11-kit0 p11-kit-tools - make sure p11-kit components have matching versions (boo#1196812) - Update to version 0.24.1: * rpc: Support protocol version negotiation. * proxy: Support copying attribute array recursively. * Link libp11-kit so that it cannot unload. * Translation improvements. * Build fixes. - Update to version 0.24.0: * Use inclusive language on certificate distrust. Note: This changes the directory and attribute names to distrust certain CAs to "blocklist". * Fix issues spotted by coverity and ASan. * Integrate gettext with tools more tightly. * rpc: Forbid use of array of attributes. * Build fixes. - Change dirs from blacklist to blocklist ref upstream changes. ==== protobuf ==== Subpackages: libprotobuf-lite30 libprotobuf30 - Change Requires: zlib-devel to pkgconfig(zlib) so as not to conflict with libz-ng-compat1. ==== toolbox ==== - adjusted the patch to the toolbox container in registry ==== wavpack ==== - security update - added patches fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file + wavpack-CVE-2021-44269.patch ==== xdg-desktop-portal ==== Version update (1.12.1 -> 1.14.0) - Update to version 1.14.0: + Add a new "dynamic launcher" portal, which can install .desktop files and accompanying icons after user confirmation. + Rework handling of empty app IDs: In case an empty string app ID is stored in the permission store, this permission is now shared only by apps whose app ID couldn't be determined, rather than all unsandboxed apps. + Use libsystemd (when available) to try to determine the app ID of unsandboxed processes. This is useful since some portals otherwise can't be used by host apps. + Make x-d-p start on session start, which is needed for the dynamic launcher portal to handle rewriting launchers for apps that have been renamed. + Bring back the copy of Flatpak's icon-validator, which was dropped many releases ago. + Icon validation is now required for the notification and dynamic launcher portals (previously it was only done if the "flatpak-validate-icon" binary could be found). + document-portal: Move to the libfuse3 API + document-portal: Use renameat2 sys call + document-portal: Use mutex to fix concurrency bug + realtime: Fix error code paths + realtime: Fix MakeThreadHighPriorityWithPID method + screencast: Fix an error when restoring streams + ci: Various improvements + Documentation improvements + Updated translations. - Replace BuildRequires: pkgconfig(fuse) with pkgconfig(fuse3) since document-portal moved to use it. - Add BuildRequires: pkgconfig(libsystemd) and pkgconfig(gdk-pixbuf-2.0) which are now used.