Packages changed: gegl gobject-introspection libtpms liburing (2.6 -> 2.8) llvm19 (19.1.4 -> 19.1.5) luajit mariadb meson openSUSE-release (20241206 -> 20241208) pam pam-full-src plymouth presage python-kiwi (10.1.18 -> 10.2.3) python-pexpect sdbootutil (1+git20241112.ecf5f97 -> 1+git20241206.dccea55) selinux-policy (20241118 -> 20241206) === Details === ==== gegl ==== Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Disable luajit on LoongArch64 ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - Fix dependency generation for loongarch64. - Add python3-setuptools Requires: needed for python 3.13 which dropped distutils; setuptools now provides it. ==== libtpms ==== - Use gcc/g++-13 on Leap to fix the following failure: "tpm2_setprofile.c:49:24: error: initializer element is not constant" ==== liburing ==== Version update (2.6 -> 2.8) - switch URLs to the current location on github - Update to 2.8 * Add support for incrementally/partially consumed provided buffers, usable with the provided buffer ring support. * Add support for foo_and_wait_min_timeout(), where it's possible to define a minimum timeout for waiting to get batches of completions, but if that fails, extend for a longer timeout without having any extra context switches. * Add support for using different clock sources for completion waiting. * Great increase coverage of test cases, test case improvements and fixes. * Don't leak _GNU_SOURCE via pkb-config --cflags * Support for address sanitizer * Add examples/kdigest sample program * Add discard helper, test, and man page * Man page updates * Sync with kernel 6.10 * send/recv bundle support * accept nowait and CQE_F_MORE * Add and update test cases * Fix io_uring_queue_init_mem() returning a value that was too small, potentially causing memory corruption in userspace by overwriting 64 bytes beyond the returned value. Also add test case for that. * Add 64-bit length variants of io_uring_prep_{m,f}advise() * Add BIND/LISTEN support and helpers / man pages * Add io_uring_enable_rings.3 man page * Fix bug in io_uring_prep_read_multishot() * Fixup bundle test cases * Add fixed-hugepage test case * Fix io_uring_prep_fixed_fd_install.3 man page * Note 'len' == 0 requirement in io_uring_prep_send.3 man page * Fix some test cases for skipping on older kernels - drop (they are upstream) * test-buf-ring-nommap-skip-the-test-on-queue-init-ENO.patch * test-buf-ring-nommap-zero-the-ringbuf-memory.patch - add * 0001-test-init-mem-zero-the-ringbuf-memory.patch * 0001-test-rsrc_tags-use-correct-buffer-index-for-test.patch - cleanup spec file ==== llvm19 ==== Version update (19.1.4 -> 19.1.5) Subpackages: clang-tools clang19 libLLVM19 libclang-cpp19 libclang13 libclang_rt19 llvm19-gold - Update to version 19.1.5. * This release contains bug-fixes for the LLVM 19.1.0 release. This release is API and ABI compatible with 19.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== luajit ==== - No loongarch64 support yet - turn around the logic to known supported architectures ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Fix test for SSL connection init with openssl 3.2.3. * Added mariadb-fix-testsuite-openssl3.2.3.patch ==== meson ==== Subpackages: meson-vim - Add 13935.patch: Fix test suite with rust 1.83. ==== openSUSE-release ==== Version update (20241206 -> 20241208) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pam ==== Subpackages: pam-32bit - pam_access: rework resolving of tokens as hostname - separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname. - Add "nodns" option to disallow resolving of tokens as hostname. - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, CVE-2024-10963] ==== pam-full-src ==== Subpackages: pam-extra pam-manpages - pam_access: rework resolving of tokens as hostname - separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname. - Add "nodns" option to disallow resolving of tokens as hostname. - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, CVE-2024-10963] ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Remove plymouth-only_use_fb_for_cirrus_bochs.patch: Bochs and cirrus DRM drivers are fully compatible with plymouth. Remove the workaround that forces them to use fbdev. Resolves the blank screen when disabling fbdev interfaces.(bsc#1232727) ==== presage ==== Subpackages: libpresage1 presage-data - Add presage-setuptools.patch: Fix installation of python bindings with setuptools 76. ==== python-kiwi ==== Version update (10.1.18 -> 10.2.3) - Bump version: 10.2.2 → 10.2.3 - Update STYLEROOT to SUSE 2022 - Fix broken links in the documentation - Fix legacy_bios_mode detection The code in this method does not work correctly if the firmware is set to 'bios'. In bios only mode the method returned a false value which is incorrect as it should return a true value in this case. Without this patch ISO images will fail to boot because no loader gets configured. - Added /dev/pts to bind mount locations During runtime several kernel filesystems are bind mounted into the image root system such that programs expecting it can work. /dev/pts was not needed so far but seems to be a good addition to the list to make tools like sudo to work properly when called e.g. from a config.sh script. This Fixes #2686 - Added provide/require system files for containers Added the attributes provide_system_files and require_system_files to control the provider and requester of system files in container image builds. systemfiles is a metadata file which contains all files from the package database at call time. It is used in flake-pilot to provision the systemfiles data from the host into the container instance. One possible use case for this data is a flake registration which uses a base container that is derived from a runtime container but all data from the runtime should be provisioned from the host. Using this feature tightly couples the flake to the host OS distribution and version. - Bump version: 10.2.1 → 10.2.2 - Fix scope issue Increase livetime of the the compressor instances to the livetime of RootImportOCI. They create temporary files which are referenced later and need to live longer than the block they got created in - Bump version: 10.2.0 → 10.2.1 - Fixed use of fscreateoptions for iso type The information for fscreateoptions was not passed along to the tooling if a custom filesystem attribute was specified. This Fixes #2681 - Allow to derive from multiple containers Add support for multi inheritance to the derived_from attribute In the order of a comma seperated list of docker source URI's a base tree is created. This was possible only with one container so far and Fixes #2680 as well as jira#OBS-354 - Bump version: 10.1.18 → 10.2.0 - Add selinux test build to TW Also update derived docker integration test to latest Leap - kiwi/schema: Fix allowed value type for ISO publisher and application ID According to the spec, this should be constrained to 128 characters but also allow quite a few other special characters (as well as spaces). We didn't allow spaces in application ID, but allowed too much for Publisher. Now we set up both correctly. - Fix setup of kiwi environment variables Some kiwi env vars are initialized with an empty value and not overwritten if another value is provided. For the selected variables an empty value setting is not allowed because the schema also enforces the value to be set at least once. In addition a helpful option named --print-kiwi-env was added to the 'image info' command which allows to print the environment variables and their values. - Add random key support for LUKS encryption Allow to pass luks="random". In random mode use the generated keyfile as the only key to decrypt. This is only secure if the generated initrd also gets protected e.g. through encryption like it is done with the secure linux execution on zSystems - Added development group in pyproject setup generateDS and other tools are needed and were forgotten to be added when we deleted the tox dependency - Added containers integration with OBS When building in the Open Build Service (OBS) there is no way to create outgoing connections from the build workers. To allow the section to fetch containers from the SUSE registry we need to apply an OCI URI translation into a local path. The actual OCI container image is expected to be provided by the obs backend on the worker. Along with this commit also an integration test named test-image-disk-containers is provided. This Fixes jira#OBS-351 - Fix rendering of SUSE docs The SUSE documentation is produced through a conversion of the ReST source into docbook. The name kiwi is reserved in the index and needs to be referenced as kiwi-ng when used as command. - Remove tox dependency tox was used as sort of a make target to run unit tests and more in a python virtualenv. However, since we switched everything to poetry it's no longer needed to let tox create the python virtual environments. This commit moves the tox targets into the Makefile and adapts the github workflow files accordingly. In addition the scripts container based tests were re-activated and fixed such that they succeed again. ==== python-pexpect ==== - Disable test_performance as it randomly fails ==== sdbootutil ==== Version update (1+git20241112.ecf5f97 -> 1+git20241206.dccea55) Subpackages: sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20241206.dccea55: * Fix quotes in bind mount command (bsc#1233378) * Allow multiple entries for initial measurements - Update to version 1+git20241126.83ebe2c: * Fix help for get-timeout * Add get default and timeout * Replace -a with && * Drop PATH field * sdbootutil-enroll: harden script against unexpected conditions - Update to version 1+git20241118.23c1900: * Fix missing grep file * Detect new bootctl error message * If BLI is not active use the loader.conf ==== selinux-policy ==== Version update (20241118 -> 20241206) Subpackages: selinux-policy-targeted - Update to version 20241206: * Move systemd-homed interfaces to seperate optional_policy block (bsc#1234228) * adjust kandim binary paths (bsc#1232328)