- Update to 332
- Updated naming convention for motd to issue and relevant patches
- Added 0007-Remove-DynamicUser-setting-as-these-conflict-with-re.patch
since dynamic users can't be resolved since systemd is missing in nsswitch
bsc#1230638
- Remove 0005-cockpit-ws-user-remove-default-deps.patch
- Fix dynamic users for 330 since systemd isn't included in the
nsswitch.conf
- Tidy up pam_oath removal for leap
- Ship a new pam file since Leap15 doesn't have pam_oath
- Don't change motd if we don't have pam_oath
- Properly fix pidfd_getpid
- This can be dropped once we update again as it's been upstreamed
- Update to 330
- Web server: Increased sandboxing, setuid removal, bootc support
- Development: New install mode using systemd-sysext
- update to 329.1:
- cockpit.js: Put back cockpit.{resolve,reject}() to fix subscription-manager-cockpit
- Past updates:
* 329
- Shell: Extra warnings when connecting to remote hosts
* 328:
- Bug fixes and performance improvements
* 327:
- Connect to similar servers without Cockpit installed
* 326:
- cockpit-pcp package is now obsolete
- cockpit/ws container: Connect to servers without installed Cockpit
- cockpit/ws container: Support host specific SSH keys
- Storage: Support for Stratis filesystem sizes and limits
* 325:
- client: Properly handle unknown SSH host keys
* 324:
- Bug fixes and performance improvements
* 323.1:
- Translation updates
* 323:
- login: Prevent multiple logins in a single browser session
- Update documentation links
==== cockpit-podman ====
Version update (91 -> 100)
- Update to version 100
* dropped: correct-container-search.patch as this behaviour is
fixed upstream
- New version 99, updates since 91:
* Update to translations
* Bug fixes
* pull images from registries without search API
* Render ports are ranges in container integration tab
- Update to version 0.392:
* Update pci and vendor ids
==== kernel-source ====
Version update (6.13.2 -> 6.13.3)
- Linux 6.13.3 (bsc#1012628).
- irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on
CONFIG_MCHP_LAN966X_PCI (bsc#1012628).
- btrfs: fix lockdep splat while merging a relocation root
(bsc#1012628).
- btrfs: fix assertion failure when splitting ordered extent
after transaction abort (bsc#1012628).
- btrfs: do not output error message if a qgroup has been already
cleaned up (bsc#1012628).
- btrfs: fix use-after-free when attempting to join an aborted
transaction (bsc#1012628).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (bsc#1012628).
- exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH)
case (bsc#1012628).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison()
(bsc#1012628).
- btrfs: fix data race when accessing the inode's disk_i_size
at btrfs_drop_extents() (bsc#1012628).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper
error handling (bsc#1012628).
- btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents
(bsc#1012628).
- sched: Don't try to catch up excess steal time (bsc#1012628).
- x86: Convert unreachable() to BUG() (bsc#1012628).
- locking/ww_mutex/test: Use swap() macro (bsc#1012628).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs
(bsc#1012628).
- x86/amd_nb: Restrict init function to AMD-based systems
(bsc#1012628).
- drm/virtio: New fence for every plane update (bsc#1012628).
- drm: Add panel backlight quirks (bsc#1012628).
- drm/amd/display: Add support for minimum backlight quirk
(bsc#1012628).
- drm: panel-backlight-quirks: Add Framework 13 matte panel
(bsc#1012628).
- drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k
panels (bsc#1012628).
- nvkm/gsp: correctly advance the read pointer of GSP message
queue (bsc#1012628).
- nvkm: correctly calculate the available space of the GSP cmdq
buffer (bsc#1012628).
- drm/tests: hdmi: handle empty modes in find_preferred_mode()
(bsc#1012628).
- drm/tests: hdmi: return meaningful value from
set_connector_edid() (bsc#1012628).
- drm/amd/display: Populate chroma prefetch parameters, DET
buffer fix (bsc#1012628).
- drm/amd/display: Overwriting dualDPP UBF values before usage
(bsc#1012628).
- printk: Fix signed integer overflow when defining
LOG_BUF_LEN_MAX (bsc#1012628).
- drm/msm/dpu: filter out too wide modes if no 3dmux is present
(bsc#1012628).
- drm/connector: add mutex to protect ELD from concurrent access
(bsc#1012628).
- drm/bridge: anx7625: use eld_mutex to protect access to
connector->eld (bsc#1012628).
- drm/bridge: ite-it66121: use eld_mutex to protect access to
connector->eld (bsc#1012628).
- drm/amd/display: use eld_mutex to protect access to
connector->eld (bsc#1012628).
- drm/exynos: hdmi: use eld_mutex to protect access to
connector->eld (bsc#1012628).
- drm/msm/dp: use eld_mutex to protect access to connector->eld
(bsc#1012628).
- drm/radeon: use eld_mutex to protect access to connector->eld
(bsc#1012628).
- drm/sti: hdmi: use eld_mutex to protect access to connector->eld
(bsc#1012628).
- drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
(bsc#1012628).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1
Monitor (bsc#1012628).
- drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
(bsc#1012628).
- drm/amdkfd: Queue interrupt work to different CPU (bsc#1012628).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
(bsc#1012628).
- drm/bridge: it6505: fix HDCP Bstatus check (bsc#1012628).
- drm/bridge: it6505: fix HDCP encryption when R0 ready
(bsc#1012628).
- drm/bridge: it6505: fix HDCP CTS compare V matching
(bsc#1012628).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer
(bsc#1012628).
- safesetid: check size of policy writes (bsc#1012628).
- drm/amd/display: Increase sanitizer frame larger than limit
when compile testing with clang (bsc#1012628).
- drm/amd/display: Limit Scaling Ratio on DCN3.01 (bsc#1012628).
- ring-buffer: Make reading page consistent with the code logic
(bsc#1012628).
- wifi: ath12k: Fix for out-of bound access error (bsc#1012628).
- wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol
'ret' (bsc#1012628).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow
value (bsc#1012628).
- tun: fix group permission check (bsc#1012628).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
(bsc#1012628).
... changelog too long, skipping 663 lines ...
- commit fda61c9
==== orc ====
Version update (0.4.40 -> 0.4.41)
- Update to version 0.4.41:
+ orccodemem: Don't modify the process umask, which caused race
conditions with other threads
+ x86: various SSE and MMX fixes
+ avx: Fix sqrtps encoding causing an illegal instruction crash
+ Hide internal symbols from ABI and do not install internal
headers
+ Rename backend to target, including `orc-backend` meson option
and `ORC_BACKEND` environment variable
+ Testsuite, tools: Disambiguate OrcProgram naming conventions
+ Build: Fix `_clear_cache` call for Clang and error out on
implicit function declarations
+ opcodes: Use MIN instead of CLAMP for known unsigned values to
fix compiler warnings
+ Spelling fix in debug log message
==== polkit-default-privs ====
Version update (1550+20250212.5d3f04e -> 1550+20250217.25d4aef)
- Update to version 1550+20250217.25d4aef:
* profiles: add systemd-sysupdated (bsc#1237106)
- Update to version 1+git20250219.a796c24:
* generator: exit if /etc/crypttab is missing
* Fix measure-pcr-validator StandardOutput
- Update to version 1+git20250217.f216443:
* Remove .conf suffix from grubenv (bsc#1237198)
- Update to version 1+git20250214.ef3b642:
* Add banner reporting PCR 15 mismatch
* Generate PCR 15 predictions if crypttab changed
* Create predictions for PCR 15
* Add measure-pcr-validator service
* Order devices when FIDO2 keys are used
* Set BuildArch to noarch
* Add dracut measure-pcr module with generator
* Add tpm2-pcr-measure crypttab parameter
* Fix help indentation
==== selinux-policy ====
Version update (20250212 -> 20250218)
Subpackages: selinux-policy-targeted
- Update to version 20250218:
* Enable postfix_local_write_mail_spool boolean by default for targeted only
* Revert "Enable postfix_local_write_mail_spool boolean by default"
* Support openSUSE-specific krb5kdc paths (bsc#1237064)
- bsc#1233796 - [XEN][15-SP7-BEAT3] Xen call trace and APIC Error
found after reboot operation on AMD machine.
x86-shutdown-offline-APs-with-interrupts-disabled-on-all-CPUs.patch
==== xfsprogs ====
Version update (6.11.0 -> 6.13.0)
- mkfs: fix filesize function compilation error on 32-bit archs
- add mkfs-fix-filesize-function-compilation-error-on-32-b.patch
- update to 6.13.0
- xfs_protofile: fix device number encoding
- xfs_protofile: fix mode formatting error
- mkfs: fix file size setting when interpreting a protofile
- xfs_repair: require zeroed quota/rt inodes in metadir superblocks
- mkfs: use a default sector size that is also suitable for the rtdev
- xfs_scrub_all.timer: don't run if /var/lib/xfsprogs is readonly
- xfs_logprint: Fix super block buffer interpretation issue
- mkfs: allow sizing realtime allocation groups for concurrency
- build: initialize stack variables to zero by default
- m4: fix statx override selection if /usr/include doesn't define it
- mkfs: fix parsing of value-less -d/-l concurrency cli option
- xfs_db: improve error message when unknown btree type given to btheight
- xfs_repair: don't obliterate return codes
- xfs_db: fix multiple dblock commands
- xfs: don't return an error from xfs_update_last_rtgroup_size for !XFS_RT
- xfs_io: add extsize command support
- xfs_io: allow foreign FSes to show FS_IOC_FSGETXATTR details
- mkfs: enable rt quota options
- xfs_quota: report warning limits for realtime space quotas
- mkfs: add quota flags when setting up filesystem
- xfs_repair: try not to trash qflags on metadir filesystems
- xfs_repair: support quota inodes in the metadata directory
- xfs_db: support metadir quotas
- libfrog: scrub quota file metapaths
- mkfs: format realtime groups
- mkfs: add headers to realtime bitmap blocks
- xfs_scrub: use histograms to speed up phase 8 on the realtime volume
- xfs_scrub: trim realtime volumes too
- xfs_scrub: call GETFSMAP for each rt group in parallel
- xfs_scrub: cleanup fsmap keys initialization
- xfs_scrub: check rtgroup metadata directory connections
- xfs_scrub: scrub realtime allocation group metadata
- xfs_spaceman: report on realtime group health
- xfs_mdrestore: restore rt group superblocks to realtime device
- xfs_io: display rt group in verbose fsmap output
- xfs_io: display rt group in verbose bmap output
- xfs_io: add a command to display realtime group information
- xfs_io: add a command to display allocation group information
- xfs_io: support scrubbing rtgroup metadata paths
- xfs_io: support scrubbing rtgroup metadata
- xfs_db: report rt group and block number in the bmap command
- xfs_db: dump rt summary blocks
- xfs_db: dump rt bitmap blocks
- xfs_db: metadump realtime devices
- xfs_db: metadump metadir rt bitmap and summary files
- xfs_db: enable conversion of rt space units
- xfs_db: support changing the label and uuid of rt superblocks
- xfs_db: support dumping realtime group data and superblocks
- xfs_db: listify the definition of enum typnm
- xfs_db: enable rtconvert to handle segmented rtblocks
- xfs_db: enable the rtblock and rtextent commands for segmented rt block numbers
- xfs_repair: repair rtbitmap and rtsummary block headers
- xfs_repair: support realtime superblocks
- xfs_repair: find and clobber rtgroup bitmap and summary files
- xfs_repair: support realtime groups
- xfs_repair: add a real per-AG bitmap abstraction
- xfs_repair: simplify rt_lock handling
- xfs_repair: improve rtbitmap discrepancy reporting
- xfs_repair: refactor offsetof+sizeof to offsetofend
- xfs_repair: refactor phase4
- xfs_repair: adjust rtbitmap/rtsummary word updates to handle big endian values
- xfs_logprint: report realtime EFIs
- libfrog: add bitmap_clear
- libfrog: report rt groups in output
- libfrog: support scrubbing rtgroup metadata paths
- man: document rgextents geom field
- man: document the rt group geometry ioctl
- mkfs: add a utility to generate protofiles
- mkfs: support copying in xattrs
- mkfs: support copying in large or sparse files
- mkfs.xfs: enable metadata directories
- xfs_repair: do not count metadata directory files when doing quotacheck
- xfs_repair: truncate and unmark orphaned metadata inodes
- xfs_repair: drop all the metadata directory files during pass 4
- xfs_repair: metadata dirs are never plausible root dirs
- xfs_repair: mark space used by metadata files
- xfs_repair: update incore metadata state whenever we create new files
- xfs_repair: don't let metadata and regular files mix
- xfs_repair: rebuild the metadata directory
- xfs_repair: check metadata inode flag
- xfs_repair: dont check metadata directory dirent inumbers
- xfs_repair: handle sb_metadirino correctly when zeroing supers
- xfs_scrub: re-run metafile scrubbers during phase 5
- xfs_scrub: scan metadata directories during phase 3
- xfs_scrub: tread zero-length read verify as an IO error
- xfs_spaceman: report health of metadir inodes too
- xfs_io: support scrubbing metadata directory paths
- xfs_io: support flag for limited bulkstat of the metadata directory
- xfs_db: drop the metadata checking code from blockget
- xfs_db: display di_metatype
- xfs_db: show the metadata root directory when dumping superblocks
- xfs_db: support metadata directories in the path command
- xfs_db: don't obfuscate metadata directories and attributes
- xfs_db: report metadir support for version command
- xfs_db: disable xfs_check when metadir is enabled
- xfs_io: support scrubbing metadata directory paths
... changelog too long, skipping 26 lines ...
- ------------------------------------------------------------------
