Packages changed: SDL2 (2.30.1 -> 2.30.2) cryptsetup (2.7.1 -> 2.7.2) dracut-pcr-signature (0.2+0 -> 0.3+0) gcc13 kbd openSUSE-release (20240409 -> 20240410) power-profiles-daemon publicsuffix (20240326 -> 20240410) sdbootutil (1+git20240408.49e4021 -> 1+git20240410.3325802) spamassassin (4.0.0 -> 4.0.1) systemd-default-settings (0.9 -> 0.10) wicked wsdd (0.7.1 -> 0.8) xen (4.18.1_02 -> 4.18.2_02) xwayland (23.2.5 -> 23.2.6) === Details === ==== SDL2 ==== Version update (2.30.1 -> 2.30.2) - Update to release 2.30.2 * Fixed performance regression initialing controllers on Linux * Added support for the 6-button SEGA Mega Drive Control Pad for Nintendo Online * Add support for MadCatz Saitek Side Panel Control Deck * Added support for the Hori Fighting Stick EX2 * Added support for the Yawman Arrow flightstick * Added a gamepad mapping for the Defender Joystick Cobra R4 * Fixed the gamepad mapping for the Sanwa Supply JY-P76USV controller * Allow using SDL_RWFromFile() with named pipes ==== cryptsetup ==== Version update (2.7.1 -> 2.7.2) Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12 - update to 2.7.2: * Fix activation of OPAL-only encrypted LUKS device with tokens * Fix formatting of OPAL devices with 4096-byte sector size * Fix incorrect OPAL locking range alignment calculation if used over an unaligned device partition. * Do not check the passphrase quality for OPAL Admin PIN, as this passphrase already exists. * Update license for FAQ document to CC BY-SA 4.0. NOTE: Please note that with OPAL-only (--hw-opal-only) encryption, the configured OPAL administrator PIN (passphrase) allows unlocking all configured locking ranges without LUKS keyslot decryption (without knowledge of LUKS passphrase). Because of many observed problems with compatibility, cryptsetup currently DOES NOT use OPAL single-user mode, which would allow such decoupling of OPAL admin PIN access. ==== dracut-pcr-signature ==== Version update (0.2+0 -> 0.3+0) - Update to version 0.3+0: * Various small improvements ==== gcc13 ==== Subpackages: cpp13 gcc13-locale libgccjit0-gcc13 libstdc++6-devel-gcc13 - Add gcc13-pr101523.patch to avoid combine spending too much compile-time and memory doing nothing on s390x. [boo#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Add gcc13-pr111731.patch to fix unwinding for JIT code. [bsc#1221239] ==== kbd ==== - Move legacy keymaps that have no acceptable xkb counterpart and its includes back to kbd. (bsc#1194609) - Stop requiring kbd-legacy. All YaST supported languages should now have its keymaps in kbd. - Remove kbd-1.15.2-prtscr_no_sigquit.patch rejected by the upstream. The problem is fixed for a long time, this is an additional modification. (PED-7977, https://github.com/legionus/kbd/pull/111): - Drop kbd_fonts.tar.bz2 containing just several 30 years old inferior fonts with an unknown author and uncertain license. - Add structured comments to patches. ==== openSUSE-release ==== Version update (20240409 -> 20240410) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== power-profiles-daemon ==== - Revert "Remove duplicate DBus service files net.hadess.PowerProfiles" workaround to boo#1222179 (see comment 10). ==== publicsuffix ==== Version update (20240326 -> 20240410) - Update to version 20240410: * Removing `ravendb.me` (#1841) * Updating psl: Adding myfritz.link (follow up PR#77) (#1761) * Add `framer.ai` (#1831) * chore: add `is-a.dev` (#1949) * Add StackBlitz (#1939) * Add `unison-services.cloud` (#1839) * Add `is-cool.dev`, `is-local.org`, `is-not-a.dev` and `localplayer.dev` (#1672) * Add grayjayleagues.com (#1742) * Add `runcontainers.dev` for Libre IT Ltd (#1783) * Add `heliohost.us`, `helioho.st`(#1825) * Remove `123sait.ru` (#1844) * Add MyDNS.JP Dynamic DNS Service (#1937) * add `scrypted.io` (#1826) * Add `darklang.io` (#1880) * Update `cloudns.net` dynamic dns domains listing (#1593) * Add wildcard to `snowflake.app` and `privatelink.snowflake.app` (#1743) * Add `preview.csb.app` and `csb.app` (#1648) * Add `nimsite.uk` (#1797) * add getlocalcert.net domains (#1798) * Add wadl.top (#1924) * ADD: `can.re` (#1651) * Add cdn77-storage.com and rsc.contentproxy9.cz (#1882) * add `srv.us`, `xmit.co` * Add at.emf.camp (#1955) * util: gTLD data autopull updates for 2024-03-28T15:13:37 UTC (#1952) ==== sdbootutil ==== Version update (1+git20240408.49e4021 -> 1+git20240410.3325802) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240410.3325802: * fallback for machine-id ==== spamassassin ==== Version update (4.0.0 -> 4.0.1) Subpackages: perl-Mail-SpamAssassin spamassassin-spamc - fix iXhash2-meta-rules.patch - update to patch release version 4.0.1 - Incompatibilities with some versions of perl and some perl modules that have been released since the release of SpamAssassin 4.0.0 - Problems using cpan to install SpamAssassin when certain required or optional modules are not already installed - Support for space characters in the path name of some executables used by certain plugins - Improved handling of URL shortener link redirects - Improved TxRep locking management - Added Mail::SpamAssassin::Plugin::AuthRes plugin to use Authentication-Results header fields in other plugins - Added a Pyzor Perl implementation - Perl crash when certain uri_detail rules processed some messages with UTF-8 characters - Inconsistent handling of newlines in header rules - Text or HTML content placed in octet-stream attachments by spammers to bypass SpamAssassin scanning - Implemented TCP fallback for truncated DNS UDP replies - Refresh patch-URIDNSBL - Drop undocumented patch-SQL_ASCII_SORT breaking sqlite - Drop most of iXhash2-meta-rules.patch (additional services no longer exist) ==== systemd-default-settings ==== Version update (0.9 -> 0.10) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Import 0.10 5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123) ==== wicked ==== Subpackages: wicked-service - client: do not convert sec to msec twice (bsc#1222105) [+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch] ==== wsdd ==== Version update (0.7.1 -> 0.8) - Fix build for SLE_15 - Update to version 0.8 * Configuration files for firewalld added * Show device type and allow filtering in API's list command * Add option --metadata-timeout to set the timeout for the HTTP-based metadata exchange * The employed UUID is now read from /etc/{machine-id,hostid} before falling by back to the UUID derivation from the host name. * Handle addresses with zone id by ignoring the interface part * Do not crash with asyncio future error when non-existing interface is provided - Remove some bashism from wsdd-init.sh - Use the unmodified service files from wsdd for Leap 15.5 and below, else reuse ws-discovery-udp service from firewalld ==== xen ==== Version update (4.18.1_02 -> 4.18.2_02) Subpackages: xen-libs xen-tools xen-tools-domU - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - Dropped patch contained in new tarball 65f83951-x86-mm-use-block_lock_speculation-in.patch ==== xwayland ==== Version update (23.2.5 -> 23.2.6) - Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.