Packages changed: cryptsetup (2.4.0 -> 2.4.1) e2fsprogs (1.46.3 -> 1.46.4) etcd fcoe-utils installation-images-MicroOS (17.14 -> 17.15) libXi (1.7.10 -> 1.8) libcontainers-common libtirpc libzypp (17.28.3 -> 17.28.4) perl-Bootloader (0.935 -> 0.936) podman (3.2.3 -> 3.3.1) python-jsonpatch transactional-update (3.5.4 -> 3.5.5) xkeyboard-config === Details === ==== cryptsetup ==== Version update (2.4.0 -> 2.4.1) Subpackages: libcryptsetup12 - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. ==== e2fsprogs ==== Version update (1.46.3 -> 1.46.4) Subpackages: libcom_err2 libext2fs2 - Update to 1.46.4: * Default to 256-byte inodes for all filesystems, not only larger ones * Bigalloc is considered supported now for small cluster sizes * E2fsck and e2image fixes for quota feature * Fix mke2fs creation of filesystem into non-existent file - libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer libreadline.so.8 to dlopen path (bsc#1189453) - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_e2scrub@.service.patch * harden_e2scrub_all.service.patch * harden_e2scrub_fail@.service.patch * harden_e2scrub_reap.service.patch ==== etcd ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * etcd.service ==== fcoe-utils ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_fcoe.service.patch ==== installation-images-MicroOS ==== Version update (17.14 -> 17.15) - merge gh#openSUSE/installation-images#523 - increase minimal ext2 fs size to 128 kiB - 17.15 ==== libXi ==== Version update (1.7.10 -> 1.8) - Update to version 1.8 * This release of libXi marks the support of XI 2.4 touchpad gesture events official. This feature is the only difference between libXi 1.8 and the latest release in the 1.7.x series (1.7.10). ==== libcontainers-common ==== - Comment out ostree_repo if it's blank [boo#1189893] - Comment out ostree_repo [boo#1189893] ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - Backport DoS vulnerability fix 0001-Fix-DoS-vulnerability-in-libtirpc.patch - Replace %setup with %autosetup ==== libzypp ==== Version update (17.28.3 -> 17.28.4) - Make sure to keep states alives while transitioning (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. If environment variables are unhandy one may enable the desired techpreview in zypp.conf as well: [main] techpreview.ZYPP_SINGLE_RPMTRANS=1 techpreview.ZYPP_MEDIANETWORK=1 - version 17.28.4 (22) ==== perl-Bootloader ==== Version update (0.935 -> 0.936) - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 ==== podman ==== Version update (3.2.3 -> 3.3.1) Subpackages: podman-cni-config - require runc >= 1.0.1 - Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the - -pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. - Revert crun change due to crun having exclusive arch targets that would drop podman support in PPC and IBM Z - Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html - Switch to crun (bsc#1188914) ==== python-jsonpatch ==== - Don't use python setup.py test expression. ==== transactional-update ==== Version update (3.5.4 -> 3.5.5) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.5 - t-u: Use tukit for SUSEConnect call [bsc#1190574] Correctly registers repositories ==== xkeyboard-config ==== - Remove obsolete translation-update-upstream support (jsc#SLE-21105).