Packages changed: bluedevil5 (5.21.0 -> 5.21.1) bluez (5.55 -> 5.56) breeze (5.21.0 -> 5.21.1) cockpit (235 -> 238.1) cockpit-podman (26 -> 28.1) conmon (2.0.22 -> 2.0.26) container-selinux (2.154.0 -> 2.158.0) cyrus-sasl discover (5.21.0 -> 5.21.1) dracut (052+suse.93.g7bfaa6d9 -> 053+suse.90.gb89b6347) drkonqi5 (5.21.0 -> 5.21.1) fuse-overlayfs (1.1.2 -> 1.4.0) hplip ibus (1.5.23 -> 1.5.24) kactivitymanagerd (5.21.0 -> 5.21.1) kde-cli-tools5 (5.21.0 -> 5.21.1) kgamma5 (5.21.0 -> 5.21.1) khotkeys5 (5.21.0 -> 5.21.1) kinfocenter5 (5.21.0 -> 5.21.1) kmenuedit5 (5.21.0 -> 5.21.1) krb5 (1.18.3 -> 1.19.1) kscreen5 (5.21.0 -> 5.21.1) kscreenlocker (5.21.0 -> 5.21.1) ksysguard5 (5.21.0 -> 5.21.1) kwayland-integration (5.21.0 -> 5.21.1) kwayland-server (5.21.0 -> 5.21.1) kwin5 (5.21.0 -> 5.21.1) kwrited5 (5.21.0 -> 5.21.1) libcontainers-common libinput (1.16.4 -> 1.17.0) libkdecoration2 (5.21.0 -> 5.21.1) libkscreen2 (5.21.0 -> 5.21.1) libksysguard5 (5.21.0 -> 5.21.1) libxcrypt (4.4.17 -> 4.4.18) libxml2 milou5 (5.21.0 -> 5.21.1) mozilla-nss (3.60.1 -> 3.61) netcfg patterns-base pcre pipewire (0.3.21 -> 0.3.22) plasma-browser-integration (5.21.0 -> 5.21.1) plasma-nm5 (5.21.0 -> 5.21.1) plasma5-addons (5.21.0 -> 5.21.1) plasma5-desktop (5.21.0 -> 5.21.1) plasma5-integration (5.21.0 -> 5.21.1) plasma5-openSUSE plasma5-pa (5.21.0 -> 5.21.1) plasma5-workspace (5.21.0 -> 5.21.1) podman (2.2.1 -> 3.0.1) polkit-kde-agent-5 (5.21.0 -> 5.21.1) powerdevil5 (5.21.0 -> 5.21.1) procps pulseaudio python-pytz python38 (3.8.7 -> 3.8.8) python38-core (3.8.7 -> 3.8.8) qpdf (10.1.0 -> 10.2.0) selinux-policy (20210111 -> 20210223) system-users systemd systemsettings5 (5.21.0 -> 5.21.1) toolbox (2.1+git20210203.a669e3a -> 2.1+git20210226.daeb191) v4l-utils xdg-desktop-portal-kde (5.21.0 -> 5.21.1) xen (4.14.1_11 -> 4.14.1_12) === Details === ==== bluedevil5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== bluez ==== Version update (5.55 -> 5.56) Subpackages: libbluetooth3 - update to 5.56: * Fix issue with setting AVDTP disconnect timer. * Fix issue with AVDTP not sending GetCapabilities. * Fix issue with AVDTP connecting using streaming mode. * Fix issue with handling A2DP and remote SEP disappearing. * Fix issue with handling session of A2DP channels. * Fix issue with GATT and handling device removal. * Fix issue with GATT not accepting multiple requests. * Fix issue with HID report value callback registration. * Add support for new advertising management command. * Add support for battery D-Bus interface. * removed obsolete bccmd ==== breeze ==== Version update (5.21.0 -> 5.21.1) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-wallpapers libbreezecommon5-5 - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Revert "Revert "Do not draw background or line in toolbars if the color scheme has no headers group"" (kde#433118) ==== cockpit ==== Version update (235 -> 238.1) Subpackages: cockpit-bridge cockpit-system - new version 238.1 https://cockpit-project.org/blog/cockpit-238.html https://cockpit-project.org/blog/cockpit-237.html - No longer recompress tarball at buildtime - Rebuild from git leveraging local-npm-registry (needs cockpit-redhatfont.diff) ==== cockpit-podman ==== Version update (26 -> 28.1) - new version 28.1 https://github.com/cockpit-project/cockpit-podman/releases/tag/28.1 - use upstream sources without bundled and pre-built dist since we want to rebuild it - use local-npm-registry for building - fix_dependencies.patch: fix build dependencies ==== conmon ==== Version update (2.0.22 -> 2.0.26) - Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment ==== container-selinux ==== Version update (2.154.0 -> 2.158.0) - Update to version 2.158.0 - Add nfs remount support - Allow containers to execmod on nfs, samba and cephs remote shares - Allow confined users to send dbus messages to container_runtime ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files. ==== discover ==== Version update (5.21.0 -> 5.21.1) Subpackages: discover-backend-flatpak discover-notifier - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Correct usage of preferredHeight * Use more appropriate delete and download icons in compact app delegate * Remove weird padding at the bottom of resource lists * pk: make sure search queries eventually finish (kde#432384) * Properly show the pointing hand on screenshot thumbnails * Show the correct screenshot when clicking it (kde#433123) * pk: Improve updates progress when doing an offline update * Don't truncate reviews in compact mode (kde#433078) * notifier: Reduce the unattended updates idle timeout to 15' * Increase maximum width of review dialog to a sane size (kde#432807) ==== dracut ==== Version update (052+suse.93.g7bfaa6d9 -> 053+suse.90.gb89b6347) Subpackages: dracut-ima - Update to version 053+suse.90.gb89b6347: Highlights: https://github.com/dracutdevs/dracut/releases/tag/053 dracut.sh: unfreeze /boot on exit (d87ae137) proper return code for inst_multiple in dracut-init.sh (d437970c) fcoe: rename rd.nofcoe to rd.fcoe (6f7823bc) rd.nofcoe=0 should disable fcoe (805b46c2) i18n: get rid of eval calls (5387ed24), backported for 052 downstream create the keyboard symlinks again (9e1c7f3d), backported for 052 downstream network-manager: run as a service if systemd module is present (c17c5b76) rework how NM is started in debug mode (34c73b33) drm: skip empty modalias files in drm module setup (c3f24184) ==== drkonqi5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== fuse-overlayfs ==== Version update (1.1.2 -> 1.4.0) - Update to version 1.4.0 * add squash_to_uid and squash_to_gid * add squash_to_root mount option. * honor option "volatile". * when writing mode to xattr, create files with mode 0755. * support ID mapping when using xattr permissions. * allow opening not accessible but still referenced files. * invalidate directory cache on create/rename. * fix segfault if no mountpoint specified * fix file_exists_at musl compatibility * introduce extended attribute to override gid/uid/mode. * support writing uid/gid/mode to an extended attribute. * fix a memory leak, where inodes are maintained in memory even if not needed. ==== hplip ==== - Remove %is_opensuse from spec file (jsc#SLE-11640) This will build hp-scan-utils package on SLE, too, where it has unsatisfiable dependencies. * add hplip-missing-drivers.patch (lp#1843592) Now working: HP Laserjet Professional P1102w HP LaserJet 100 ColorMFP M175nw HP Laserjet CP 1025nw ==== ibus ==== Version update (1.5.23 -> 1.5.24) Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Upstream update to 1.5.24 * Add GTK4 IM module (currently disabled for openSUSE) * Search engine name directly * Update IBusInputPurpose and IBusInputHints in ibustypes.h * Warn deprecated IBus XKB engines /w dialog - Workaround for boo#1177545 * Update simple.xml * Fix arguments in GLib.DBusSignalCallback for Vala 0.50 * Fix to build emoji-*.dict in CLDR 38 * Fix build environments * Hide IBus Preferences from AppStream - Drop vala-0.50.patch, merged by upstream - Remove old "Obsoletes" for ibus-gnome-shell and libibus-1_0-0 ==== kactivitymanagerd ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kde-cli-tools5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kgamma5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== khotkeys5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kinfocenter5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kmenuedit5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== krb5 ==== Version update (1.18.3 -> 1.19.1) - Update to 1.19.1 * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. - Update to 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). ==== kscreen5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * [kded] Fix selecting OSD action by keyboard (kde#432481) ==== kscreenlocker ==== Version update (5.21.0 -> 5.21.1) Subpackages: libKScreenLocker5 - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== ksysguard5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Force device statistics refresh rate to be always one second (kde#433063) ==== kwayland-integration ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kwayland-server ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== kwin5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * [platforms/drm] accept both keypress and keyrelease event in filter * Fix build * [platforms/drm] only enable output on key press not release * Create Xcursor sprites with correct format * Fix crash on pasting too soon after copying from XWayland * effects/wobblywindows: Allow model geometry and real geometry get out of sync (kde#433187) * effects/wobblywindows: Refactor the update loop * x11: Introduce an envvar to force software vsync (kde#433094) * x11: Introduce an envvar to prevent sync'ing to vblanks * Properly clean up DrmGpu * inputmethod: honour SNI disabled state * Sprinkle static keywords * x11: Properly detect whether swap events have to disabled * inputmethod: toggle the inputmethod if we get second show request ==== kwrited5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== libcontainers-common ==== - Update commonver to 0.35.1 - Update podmanver to 3.0.1 - Update storagever to 1.24.8 - Update imagever to 5.10.4 ==== libinput ==== Version update (1.16.4 -> 1.17.0) - Update to release 1.17 * New (sub-)tool: `libinput analyze recording` * Support for tap-and-drag with two and three fingers * Wacom's AES tablets no longer have smoothing enabled ==== libkdecoration2 ==== Version update (5.21.0 -> 5.21.1) Subpackages: libkdecorations2-5 libkdecorations2private8 - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== libkscreen2 ==== Version update (5.21.0 -> 5.21.1) Subpackages: libKF5Screen7 libkscreen2-plugin - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== libksysguard5 ==== Version update (5.21.0 -> 5.21.1) Subpackages: libksysguard5-helper libksysguard5-imports - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Guard against null configloader in destructor (kde#433431) * Add method CGroupDataModel::isAvailable * Don't emit dataChanged for invalid indices ==== libxcrypt ==== Version update (4.4.17 -> 4.4.18) - Update to version 4.4.18 * Fix conversion error in lib/alg-gost3411-core.c ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch ==== milou5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Fix launching empty query - Drop patches, now upstream: * 0001-Fix-launching-empty-query.patch ==== mozilla-nss ==== Version update (3.60.1 -> 3.61) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - Add nss-btrfs-sqlite.patch to address bmo#1690232 - update to NSS 3.61 * required for Firefox 86 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. ==== netcfg ==== - services-create.pl: Switch to https (bsc#1182395) ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Suggest pulseaudio, so that zypp has something to base the decision on when choosing between pulseaudio and pipewire-pulseaudio (boo#1182730). ==== pcre ==== - Copy pcre_jit_test only if jit is enabled ==== pipewire ==== Version update (0.3.21 -> 0.3.22) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Do not provide pulseaudio, but pulseaudio-daemon so we can specify in the patterns that we prefer the pulseaudio package (boo#1182730) - Update to version 0.3.22: * Highlights + Per client config files replace the module-profiles. It's now possible to tweak settings and load custom modules. + Pro Audio card profile support. You can now select the Pro Audio profile and have raw device access with the maximum number of channels and no mixer controls. This is the usual setup for managing high end Pro Audio cards. + Many fixes and improvements in the JACK library to make devices look and integrate better. + Many bluetooth improvements. Playback should be more reliable and better synchronized. Support for the HFP HF profile. + Small fixes and improvements all over the map. * PipeWire improvements + Add support for restrictions requested by a client. This makes it possible to implement Flatpak policy for emulated PulseAudio clients as well. + Fix removal of params in objects. Previously they would not be removed from the cache. + Remove mlock warnings by default. There is an option to enable them again if you want to check if your system is optimized. + Remove LimitMEMLOCK lines from the service files. They can only lower the system settings and are thus not useful. + Implement per-client config files. Each pipewire client will now read a config file that you can use to configure the context of the client. + Implement state and config load/save in pipewire. This is used by the session manager or other apps. + Make an option to disable dbus support. + Add tool to convert pipewire config to JSON. * Session-manager + Give all permissions to Manager flatpak apps. In the future we will use the Permission store to remember user settings. + Improvements to default audio/sink handling. + Add option to configure device suspend time. + Small fixes in route handling. * Device support + Complain when ACP profile files are not found and use a fallback in order to get something working. + Add volume support to monitor ports. + Fix resume from suspend for ALSA in more cases. + ALSA ACP cards now have a Pro Audio profile that exposes the raw card devices. * Bluetooth + Enable A2DP delay reporting. This improves audio/video sync when playing audio over bluetooth. + Fix stuttering in A2DP source + Tweak buffer size and latency settings to avoid stuttering + More work on HSP and HFP support + Fix initial profile configuration + Add HFP HF support * PulseAudio server + Small tweaks in capture packet size to avoid crashes in some apps. + Detect Flatpak apps and requests the flatpak permissions from the session manager. This means that Flatpak pulseaudio apps will now run with reduced permissions. * ALSA plugin + Reduce min buffer size in the plugin for lower possible latency. * JACK + implement some missing methods to make qjackctl work again. + Use the context data thread instead of making our own. This fixes the issue where the data thread was not given RT priority correctly. + Pass extra jack flags around in port properties. This makes CV ports in carla work. + Many tweaks to the port names and aliases. Unwanted characters are filtered out, giving better names to jack apps. Default device names are now equal to those seen in pulseaudio apps. + Add an option to make a separate client for the monitor ports of a device. This makes it more usable in apps. + add support for system:playback_N and system:capture_N port names for apps that hardcode these port names. - Re-add the Provides: pulseaudio; patterns-base now suggests pulseaudio, which should help zypp in doing a smarter decision (boo#1182730). ==== plasma-browser-integration ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== plasma-nm5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== plasma5-addons ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== plasma5-desktop ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * [applets/kickoff] Always capitalize section header letters (kde#433217) * Launch runners KCM in systemsettings (kde#433101) * kcms/keyboard: fix migration (kde#431923) * [Kickoff] Remove redundant hover filter ==== plasma5-integration ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE sddm-theme-openSUSE - Update to 5.21.1 ==== plasma5-pa ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Unref stream after unsetting callbacks ==== plasma5-workspace ==== Version update (5.21.0 -> 5.21.1) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add back patch for fix which didn't make it into 5.21.1: * 0001-locations-runner-Fix-empty-list-on-invalid-shell-quo.patch - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * Fix case in logout applet config key (kde#433320) * calculatorrunner: Fix mixed hex+decimal calculations (kde#431362) * Fix font installation * locations runner: Fix absolute filepath + arguments (kde#433053) * Enforce SESSION_MANAGER is exported before plasmashell is started * libtaskmanager: Allow to launch executables (kde#433148) * Move ksmserver's ksplash notifying to ksmserver (kde#432364) * Handle closeSession being called concurrently * [libkworkspace] Interim fix for the logout issue (kde#432460) * fixup! [keyboard applet] fix TypeError garbage in log - Drop patches, now upstream: * 0001-locations-runner-Fix-absolute-filepath-arguments.patch * 0001-locations-runner-Fix-empty-list-on-invalid-shell-quo.patch * 0001-libkworkspace-Interim-fix-for-the-logout-issue.patch - Drop workaround, no longer needed: * 0001-ksmserver-Enable-debug-output-by-default.patch ==== podman ==== Version update (2.2.1 -> 3.0.1) Subpackages: podman-cni-config - Drop obsolete varlink.patch - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 ==== polkit-kde-agent-5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== powerdevil5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * core: when we get request to wakeup turn dpms on ==== procps ==== Subpackages: libprocps8 - Remove /usr/share/man/uk dir to file list for lang sub package: It's now provided by filesystem. ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils - Let pulseaudio-utils require any pulseaudio-daemon provider so parecord and the other utils can be used with other pulseaudio implementations - Provide pulseaudio-daemon capability so pipewire-pulseaudio can also provide that capability instead of providing 'pulseaudio' itself which makes it difficult to recommend the pulseaudio package (boo#1182730). ==== python-pytz ==== - Bump tzdata_version ==== python38 ==== Version update (3.8.7 -> 3.8.8) - Update to 3.8.8: - bpo#42938 (bsc#1181126): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. This issue was assigned CVE-2021-3177. - bpo#42967 (bso#1182379): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. This issue was assigned CVE-2021-23336. - Remove bsc1167501-invalid-alignment.patch and CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included into the upstream tarball. ==== python38-core ==== Version update (3.8.7 -> 3.8.8) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.8: - bpo#42938 (bsc#1181126): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. This issue was assigned CVE-2021-3177. - bpo#42967 (bso#1182379): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. This issue was assigned CVE-2021-23336. - Remove bsc1167501-invalid-alignment.patch and CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included into the upstream tarball. ==== qpdf ==== Version update (10.1.0 -> 10.2.0) - Update to version 10.2.0 * See http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes for the complete changelog. ==== selinux-policy ==== Version update (20210111 -> 20210223) Subpackages: selinux-policy-targeted - Update to version 20210223 - Change name of tar file to a more common schema to allow parallel installation of several source versions - Adjust fix_init.patch ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody - Revert /var/lib/ntp to the ownership and permissions it had in the ntp package. It should be owned by root and not be writable by the ntp user, because it is the base of ntpd's chroot envoronment and the ntp user is not supposed to log in anyway. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - systemd requires aaa_base >= 13.2 This dependency is required because 'systemctl {is-enabled,enable,disable} " ends up calling systemd-sysv-install which in its turn calls "chkconfig - -no-systemctl". aaa_base package has a weird versioning but the '--no-systemctl' option has been introduced starting from SLE12-SP2-GA, which shipped version "13.2+git20140911.61c1681". Spotted in bsc#1180083. ==== systemsettings5 ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - Changes since 5.21.0: * [sidebarmode] Fix header height for QWidget KCMs * [sidebar mode] Fix back button icons (kde#433062) ==== toolbox ==== Version update (2.1+git20210203.a669e3a -> 2.1+git20210226.daeb191) - Update to version 2.1+git20210226.daeb191: * Set trap only after option parsing (#22) - Update to version 2.1+git20210225.5c541c8: * Check sub{u,g}id if rootless, and fail early if they're not setup * Fix creating a container with a specific name with `-c` - Update to version 2.1+git20210208.a720b25: * Alleviate the need for zypper in the user toolbox script * Consolidate logging and help debugging of the user toolbox's script * Export machine-id and IPC inside the toolbox (IPC, user only) * Fix (more) formatting... ==== v4l-utils ==== Subpackages: libv4l libv4l1-0 libv4l2-0 libv4lconvert0 - Force C++14 as the code is not C++17 ready. Fixes GCC 11 build (boo#1181884). - Don't exclude /usr/lib/udev/systemd-udevd.service.d/50-rc_keymap.conf for Leap 15.3. ==== xdg-desktop-portal-kde ==== Version update (5.21.0 -> 5.21.1) - Update to 5.21.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.1 - No code changes since 5.21.0 ==== xen ==== Version update (4.14.1_11 -> 4.14.1_12) - bsc#1177204 - L3-Question: conring size for XEN HV's with huge memory to small. Inital Xen logs cut 5ffc58c4-ACPI-reduce-verbosity-by-default.patch - Upstream bug fixes (bsc#1027519) 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch - bsc#1181921 - GCC 11: xen package fails gcc11-fixes.patch - bsc#1182576 - L3: XEN domU crashed on resume when using the xl unpause command 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch - Start using the %autosetup macro to simplify patch management xen.spec