Packages changed: checkpolicy (3.8.1 -> 3.9) cloud-init (25.1.1 -> 25.1.3) docker firewalld hplip libselinux (3.8.1 -> 3.9) libselinux-bindings (3.8.1 -> 3.9) libsemanage (3.8.1 -> 3.9) libsepol (3.8.1 -> 3.9) libzypp (17.37.12 -> 17.37.14) openSUSE-build-key policycoreutils (3.8.1 -> 3.9) python-gpg python-semanage (3.8.1 -> 3.9) qemu === Details === ==== checkpolicy ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add support for wildcard netifcon names * Abort on mismatched declarations * Introduce neveraudit types ==== cloud-init ==== Version update (25.1.1 -> 25.1.3) - Update to version 25.1.3 (bsc#1245403) + Forward port - cloud-init-no-openstack-guess.patch + docs: provide example3 for PAM and ssh_pwauth behavior (#27) + fix: Make hotplug socket writable only by root (#25) (CVE-2024-11584) + fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607) (CVE-2024-6174) From 25.1.2 + fix: ensure MAAS datasource retries on failure (#6167) ==== docker ==== Subpackages: docker-buildx docker-rootless-extras - Update to docker-buildx v0.26.1. Upstream changelog: - Update to docker-buildx v0.26.0. Upstream changelog: ==== firewalld ==== - Adding Python multiversion support, will enable firewalld pkg to provide Python libraries compatible with all supported Python versions. ==== hplip ==== Subpackages: hplip-hpijs hplip-udev-rules - Fix ReDoS issue in HPLIP's SLP parser (bsc#1245358) * add Fix-ReDoS-issue-in-HPLIP-s-SLP-parser.patch ==== libselinux ==== Version update (3.8.1 -> 3.9) Subpackages: libselinux1 selinux-tools - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libselinux-bindings ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Fix local literal fcontext definitions priority * Fix order for path substitutions * Limit fcontext regex path length ==== libsemanage ==== Version update (3.8.1 -> 3.9) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== libsepol ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Add new 'netif_wildcard' policy capability * Allow multiple policycap statements * Support genfs_seclabel_wildcard * Introduce neveraudit types ==== libzypp ==== Version update (17.37.12 -> 17.37.14) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - version 17.37.14 (35) - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - version 17.37.13 (35) ==== openSUSE-build-key ==== - obsolete gpg-pubkey-ded64f3b, the openSUSE buildservice global key which was used mistakenly for repository signing. ==== policycoreutils ==== Version update (3.8.1 -> 3.9) Subpackages: policycoreutils-python-utils python313-policycoreutils - Update to version 3.9 * setfiles: Add -U option to modify user and role portions * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config * Updated usr_etc.patch - Moved /etc/sestatus.conf to /usr/etc. - This patch is upstream: https://github.com/SELinuxProject/selinux/pull/415 ==== python-gpg ==== - Fixup of previous commit to really fix the build on armv6 ==== python-semanage ==== Version update (3.8.1 -> 3.9) - Update to version 3.9 * Improved POSIX compliance (added semanage_basename) * Add relabel_store config option * Add semanage_handle_create_with_path * Add relabel_store config option to semanage.conf ==== qemu ==== - Fix bsc#1246566: * [roms] seabios: include "pciinit: don't misalign large BARs" (bsc#1246566)