Packages changed: 389-ds (2.4.0~git113.84a845c -> 2.4.0~git126.5936946) 7zip ceph grub2 gstreamer-plugins-bad ibus-libpinyin lftp libstorage-ng (4.5.175 -> 4.5.176) mlocate mozilla-nss (3.95 -> 3.96.1) mutter nvidia-open-driver-G06-signed openssl-1_1 ruby (3.2 -> 3.3) thin-provisioning-tools (1.0.9 -> 1.0.10) yast2 (5.0.3 -> 5.0.4) yast2-bootloader (5.0.2 -> 5.0.4) === Details === ==== 389-ds ==== Version update (2.4.0~git113.84a845c -> 2.4.0~git126.5936946) Subpackages: lib389 libsvrcore0 - Update to version 2.4.0~git126.5936946: * Issue 6028 - vlv index keys inconsistencies (#6031) * Issue 5989 - RFE support of inChain Matching Rule (#5990) * Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026) * Issue 6015 - Fix typo remeber (#6014) * Issue 6016 - Pin upload/download artifacts action to v3 * Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) * Issue 4673 - Update Rust crates * Issue 6004 - idletimeout may be ignored (#6005) * Issue 5954 - Disable Transparent Huge Pages * Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999) * Issue 5993 - Fix several race condition around CI tests (#5996) * Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) * Bump openssl from 0.10.55 to 0.10.60 in /src (#5995) ==== 7zip ==== - Fix build on SLE-15-SP6 * fix-avx-sle.patch ==== ceph ==== Subpackages: librados2 librbd1 - Advertised user/groups that are generated by the pre scripts: * package cephadm generates user/group cephadm * package ceph-common generates user/group ceph ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Reinstate the verification for a non-zero total entry count to skip unmapped data blocks (bsc#1218864) * 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch - Removed temporary fix as reverting it will cause a different XFS parser bug * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ==== gstreamer-plugins-bad ==== Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable zxing in Leap15 * Leap 15 can not provide zxing >= 1.4.0, zxing is inherited from SLE15 but SLE15 do provide zxing version 1.2.0 only, Factory do have zxing-cpp 2.0.0 however it's not an API compatible version. ==== ibus-libpinyin ==== ==== lftp ==== - Apply "0001-lftp_ssl-deinitialize-the-lftp_ssl_openssl_instance.patch" to fix a crash that ocurred when lftp is run on s390x with an IBM crypto card installed. The issue has been reported to upstream at https://github.com/lavv17/lftp/issues/716. [bsc#1213984] ==== libstorage-ng ==== Version update (4.5.175 -> 4.5.176) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.176 ==== mlocate ==== Subpackages: mlocate-lang - Remove the post-install scriptlet introduced earlier. It turns out that "chmod" call opened a security vulnerability that allowed users with write access to /var/lib/mlocate to obtain read/write access to arbitrary files on the system, possibly facilitating privilege escalation to root. [bsc#1218896, CVE-2023-32190] ==== mozilla-nss ==== Version update (3.95 -> 3.96.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.96.1 * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups) * bmo#1867408 - add a defensive check for large ssl_DefSend return values * bmo#1869378 - Add dependency to the taskcluster script for Darwin * bmo#1869378 - Upgrade version of the MacOS worker for the CI ==== mutter ==== Subpackages: mutter-lang - Rebase mutter-disable-cvt-s390x.patch for mutter 45.x. ==== nvidia-open-driver-G06-signed ==== - splitted up 61-nvidia-$flavor.conf to 59-nvidia-$flavor.conf and 61-nvidia-$flavor.conf, because 'install' line cannot be overwritten with higher config number ... - mistakenly moved dracut config file from 60-nvidia-%1.conf to 61-nvidia-%1.conf --> reverted! - switched from 60-nvidia-$flavor.conf to 61-nvidia-$flavor.conf in modprobe.d to resolve conflict with older package, which can be installed in parallel ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Because OpenSSL 1.1.1 is no longer default, let's rename engine directories to contain version of OpenSSL and let unversioned for the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933] * /etc/ssl/engines.d -> /etc/ssl/engines1_1.d * /etc/ssl/engdef.d -> /etc/ssl/engdef1_1.d * Update patches: - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-use-include-directive.patch ==== ruby ==== Version update (3.2 -> 3.3) - switch the default ruby to 3.3 ==== thin-provisioning-tools ==== Version update (1.0.9 -> 1.0.10) - Update to version 1.0.10: * Bump version to 1.0.10 * [build] Update dependencies * [all] Fix clippy lints and typos * [space_map] Allow non-zero values in unused index block entries * [thin_repair] Fix child keys checking on the node with a zero key * [thin_check] Tweak the logs to avoid confusion with node errors * [thin_check] Support overriding the details tree root * [tests] Update expected help text for _pack and _unpack * [all] Fix clippy lints on optional targets * [build] Simplify the pre-commit hooks by checking all the targets at once * [thin_metadata_unpack] Allow long format for input and output * [space map] Fix incorrect index_entry.nr_free while expansion * thin_metadata_pack: Allow long format for input and output ==== yast2 ==== Version update (5.0.3 -> 5.0.4) Subpackages: yast2-logs - Reading Kernel Params: Use kernel cmdline when install.inf is not available (bsc#1216408) - 5.0.4 ==== yast2-bootloader ==== Version update (5.0.2 -> 5.0.4) - Persist s390 cio_ignore kernel argument always when given (bsc#1210525). - 5.0.4 - Do not try finding undefined bootloader name to avoid error in logs (bsc#1218700) - 5.0.3