Packages changed: Imath (3.1.3 -> 3.1.5) accountsservice (0.6.55 -> 22.08.8) dracut (056+suse.275.g4ce7a6a7 -> 057+suse.292.g508db4cd) gstreamer (1.20.2 -> 1.20.3) gstreamer-plugins-bad (1.20.2 -> 1.20.3) gstreamer-plugins-base (1.20.2 -> 1.20.3) hwinfo (21.81 -> 21.82) keylime openslp pipewire podman (4.0.3 -> 4.1.1) python-PyYAML systemd-presets-common-SUSE toolbox (2.3+git20220603.bbeda2e -> 2.3+git20220622.32785f7) === Details === ==== Imath ==== Version update (3.1.3 -> 3.1.5) - update to 3.1.5: * Update CI workflow matrix for VFX-CY2022 * Use _WIN32 instead of _MSC_VER to fix mingw build * Fix 32-bit x86 build failure with 16c instructions * Move numeric_limits specializations into half.h * Change references to "master" branch to "main" * Remove some simple typos in the code * Added missing check _M_IX86 or _M_X64 when using __lzcnt. * SolveNormalizedCubic fix to return proper real root * Add docs target only if not a subproject * Fix docs race condition and make installation optional * Remove dead PyImath code and references to ilmbase * Use equalWithAbsError instead of equal operator for float * Fix sphinx warnings and man page filenames * Adding missing stdexcept header * for better SIMD auto-vectorization * Remove extra project layer for the pyimath code * Successor/predecessor functions use isnan() and isinf() * Fix python imath export * Cuda safety fixes * Sort Imath source files * Fix formatting in release notes ==== accountsservice ==== Version update (0.6.55 -> 22.08.8) Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Update to version 22.08.8 + Handle missing admin groups when changing account types + Set PrivateTmp to false in the systemd service + Add function to set user password expiration policy - Update to version 22.04.62 + Updated Swedish translation + Updated Indonesian translation + Updated German translation + Updated slovak translation + Update Ukrainian translation + Updated Brazilian Portuguese translation + act-user: Use stronger hashing methods in make_crypted() if available. + act-user-manager: Watch for the daemon going away and coming back + user-manager: Update users tables on username changes + user: Translate property x-session property name to match the proxy one + Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag + daemon: Fix error check in save_autologin() + Never delete the root filesystem when removing users + Remove user heuristics + user-classify: Add git to username blacklist + daemon: ensure cache files for system users are processed + daemon: Don't try to add admin users to non existing groups + Move D-Bus conf file to $(datadir)/dbus-1/system.d - Rebased patches: + accountsservice-sysconfig.patch + accountsservice-filter-suse-accounts.patch + as-fate318433-prevent-same-account-multi-logins.patch - Drop upstream fixed patches: + ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch + accountsservice-fix-gdm-crash.patch + accountsservice-read-root-user-cache.patch + accountsservice-wtmp-io-improvements.patch ==== dracut ==== Version update (056+suse.275.g4ce7a6a7 -> 057+suse.292.g508db4cd) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 057+suse.292.g508db4cd: See https://github.com/dracutdevs/dracut/releases/tag/057 for details. Additional changes: * fix(integrity): do not enable EVM if there is no key (bsc#1200718) * fix(dracut.sh): temporary workaround for kiwi (bsc#1199051) * chore(suse): update spec ==== gstreamer ==== Version update (1.20.2 -> 1.20.3) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.20.3 + Highlighted bugfixes: - Security fixes in Matroska, MP4 and AVI demuxers - Fix scrambled video playback with hardware-accelerated VA-API decoders on certain Intel hardware - playbin3/decodebin3 regression fix for unhandled streams - Fragmented MP4 playback fixes - Android H.265 encoder mapping - Playback of MXF files produced by FFmpeg before March 2022 - Fix rtmp2sink crashes on 32-bit platforms - WebRTC improvements - D3D11 video decoder and screen recorder fixes - Performance improvements - Support for building against OpenCV 4.6 and other build fixes - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - clock: Avoid creating a weakref with every entry (performance improvement) - plugin: add Apache 2 license to list of known licenses to avoid warning - gst_plugin_load_file: force plugin reload if filename differs Add support for LoongArch ==== gstreamer-plugins-bad ==== Version update (1.20.2 -> 1.20.3) Subpackages: libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 - Update to version 1.20.3: + GstPlay: Fix new error + warning parsing API (was unusuable before) + av1parse: let the parser continue on verbose OBUs + d3d11converter: Fix RGB to GRAY conversion, broken debug messages, and add missing GRAY conversion + gs: look for google_cloud_cpp_storage.pc + ipcpipeline: fix crash and error on windows with SOCKET or _pipe() + ivfparse: Don't set zero resolution on caps + mpegtsdemux: Handle PES headers bigger than a mpeg-ts packet; fix locking in error code path; handle more program updates + mpegtsmux: Start last_ts with GST_CLOCK_TIME_NONE to fix VBR muxing behaviour + mpegtsmux: Thread safety fixes: lock mux->tsmux, the programs hash table, and pad streams + mpegtsmux: Skip empty buffers + osxaudiodeviceprovider: Add initial support for duplex devices on OSX + rtpldacpay: Fix missing payload information + sdpdemux: add media attributes to caps, fixes ptp clock handling + mfaudioenc: Handle empty IMFMediaBuffer + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + nvenc: Fix deadlock because of too strict buffer pool size + va: fix library build issues, caps leaks in the vpp transform function, and add vaav1dec to documentation + v4l2codecs: vp9: Minor fixes + v4l2codecs: h264: Correct scaling matrix ABI check + dtlstransport: Notify ICE transport property changes + webrtc: Various fixes to the webrtc-sendrecv python example + webrtc-ice: Fix memory leaks in gst_webrtc_ice_add_candidate() + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros ==== gstreamer-plugins-base ==== Version update (1.20.2 -> 1.20.3) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Update to version 1.20.3: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ==== hwinfo ==== Version update (21.81 -> 21.82) - merge gh#openSUSE/hwinfo#113 - Keep NVMe's namespace output consistency when nvme_core.multipath=1 (bsc#1199948) - 21.82 ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python310-keylime - Remove user downgrade mechanism from the package (CVE-2022-31250, bsc#1200885) - Add logrotate configuration for the services - Create run directory as non-root user - Conflict with rust-keylime - Consolidate in _distconfdir when possible ==== openslp ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to remove 44.1kHz from allowed rates. This reverts the new behaviour in 0.3.52 which is causing problems to too many people (boo#1200760): * 0001-settings-remove-44.1KHz-from-allowed-rates-again.patch ==== podman ==== Version update (4.0.3 -> 4.1.1) Subpackages: podman-cni-config - Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. - Drop obsolete patches: * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch * 0001-Relabel-relabel-links-instead-of-their-targets.patch * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ==== python-PyYAML ==== - Clean up the SPEC file. ==== systemd-presets-common-SUSE ==== - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter "user", the save/apply-changes commands now work with user services instead of system ones (boo#1200485) - enable ignition-delete-config by default (bsc#1199524) ==== toolbox ==== Version update (2.3+git20220603.bbeda2e -> 2.3+git20220622.32785f7) - Update to version 2.3+git20220622.32785f7: * Only set --userns=keep-id when running rootless