- Add busybox-ether-wake replacing downstream ether-wake from
net-tools (boo#1249034).
- Provide support for net-tools-dummy-ether-wake (bsc#1242048).
==== container-selinux ====
Version update (2.240.0 -> 2.241.0)
- Update to version 2.241.0:
* Allow domains that trans to container_runtime_t bpf:prog_run
==== iso-codes ====
Version update (4.16.0 -> 4.18.0)
- Update to version 4.18.0:
+ Replace FSF postal address with their website
+ Rename Chinese translations.
+ Updated translations.
- Changes from version 4.17.0:
+ Add letter 'g' to conversion script for Tatar
+ Regenerate cyrillic Tatar from latin Tatar
+ Update Romanian translation and remove most pre- and suffixes
+ Updated translations.
- update to NSS 3.115.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
* bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.
- update to NSS 3.115
* bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c
* bmo#1981034 - CKA_SEED needs to be marked as a private attribute
* bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc
* bmo#1974505 - Key private/public/secret keys by key type in softoken keydb
* bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report
* bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain
* bmo#1927351 - Fixup ABI
* bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server
* bmo#1900841 - ECH fuzz target
* bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects
* bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root
* bmo#1965329 - Implement PKCS #11 v3.2 functions
- update to NSS 3.114
* bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37
* bmo#1970079 - Prevent leaks during pkcs12 decoding
* bmo#1953731 - Remove redundant assert in p7local.c
* bmo#1974515 - Bump nssckbi version to 2.80
* bmo#1961848 - Remove expired Baltimore CyberTrust Root
* bmo#1972391 - Add TrustAsia Dedicated Roots to NSS
* bmo#1974511 - Add SwissSign 2022 Roots to NSS
* bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper
* bmo#1974331 - remove dead code in ssl3con.c
* bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic
* bmo#1974299 - Bump nssckbi version to 2.79
* bmo#1967826 - remove unneccessary assertion
* bmo#1948485 - Update mechanisms for Softoken PCT
* bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after
* bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks
* bmo#1973930 - use -O2 for asan build
* bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS
* bmo#1973105 - remove out-of-function semicolon
* bmo#1963009 - Extend pkcs8 fuzz target
* bmo#1963008 - Extend pkcs7 fuzz target
* bmo#1908763 - Remove unused assignment to pageno
* bmo#1908762 - Remove unused assignment to nextChunk
* bmo#1973490 - don't run commands as part of shell `local` declarations
* bmo#1973490 - fix sanitizer setup
* bmo#1973187 - don't silence ssl_gtests output when running with coverage
* bmo#1967411 - Release docs and housekeeping
* bmo#1972768 - migrate to new linux tester pool
- rebase FIPS patches to adjust for upstream FIPS work
==== podman ====
- Do not recommend apparmor-parser and apparmor-abstractions: if
the system is using apparmor, those packages will be present. If
the system is selinux enabled, we don't want to recommend those
packages just becuase we build support for apparmor into the
package.
==== python-cryptography ====
- Add Make-unsafe-subinterpreter-support-available-via-cfg.patch
to allow ceph-mgr to load modules (boo#1248987)
==== python-maturin ====
Version update (1.9.3 -> 1.9.4)
- Update to 1.9.4
* downgrade manylinux version for riscv64 by @ffgan in #2709
* Fix calculation of platform tag for FreeBSD by @michael-o in #2711
* Add builtin sysconfigs for GraalPy by @msimacek in #2716
* Add use-base-python option to pyproject.toml by @SquidDev in #2717
* fix clippy warnings by @alex in #2724
* Fix Target::get_python_arch comment (#2712) by @michael-o in #2726
* Set PYO3_BUILD_EXTENSION_MODULE env var when building pyo3 extension
modules by @alex in #2723
- regenerate vendor tarball to fix CVE-2025-58160 (bsc#1249011)
- Disable LTO on armv6/7 as a workaround - boo#1249054
==== selinux-policy ====
Version update (20250812 -> 20250902)
Subpackages: selinux-policy-targeted
- Update to version 20250902:
* Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t
* Allow stalld map sysfs files
* Allow NetworkManager-dispatcher-winbind get pidfs attributes
* Allow openvpn create and use generic netlink socket
* policy_capabilities: remove estimated from released versions
* policy_capabilities: add stub for userspace_initial_context
* add netlink_xperm policy capability and nlmsg permission definitions
* policy_capabilities: add ioctl_skip_cloexec
* selinux-policy: add allow rule for tuned_ppd_t
* selinux-policy: add allow rule for switcheroo_control_t
* Label /run/audit with auditd_var_run_t
* Allow virtqemud start a vm which uses nbdkit
* Add nbdkit_signal() and nbdkit_signull() interfaces
* Fix insights_client interfaces names
* Add insights_core and insights_client interfaces
* dist/targeted/modules.conf: enable slrnpull module
* Allow bootupd delete symlinks in the /boot directory
* Allow systemd-coredumpd capabilities in the user namespace
* Allow openvswitch read virtqemud process state
- Syncing with upstream rawhide selinux-policy up to:
* 17956d28c011c35560e75a7293ac5924df57a1ee
- Update embedded container-selinux version to commit:
* 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0)
==== sof-firmware ====
Version update (2025.05 -> 2025.05.1)
- version update to 2025.05.1:
* SOF v2.13.1 DSP topologies.
==== wireplumber ====
Version update (0.5.10 -> 0.5.11)
Subpackages: libwireplumber-0_5-0
- Update to version 0.5.11:
* Additions & Enhancements:
- Added modem manager module for tracking voice call status and
voice call device profile selection hooks to improve phone
call audio routing on mobile devices (!722, !729, #819)
- Added MPRIS media player pause functionality that
automatically pauses media playback when the audio target
(e.g. headphones) is removed (!699, #764)
- Added support for human-readable names and localization of
settings in wireplumber.conf with wpctl displaying localized
setting descriptions (!712)
- Improved default node selection logic to use both session and
route priorities when nodes have equal session priorities
(!720)
- Increased USB device priority in the ALSA monitor (!719)
* Fixes:
- Fixed multiple Lua runtime issues including type confusion
bugs, stack overflow prevention, and SPA POD array/choice
builders (!723, !728)
- Fixed proxy object lifecycle management by properly clearing
the OWNED_BY_PROXY flag when proxies are destroyed to prevent
dangling pointers (!732)
- Fixed state-routes handling to prevent saving unavailable
routes and eliminate race conditions during profile switching
(!730, #762)
- Fixed some memory leaks in the script tester and the settings
iterator (!727, !726)
- Fixed a potential crash caused by module-loopback destroying
itself when the pipewire connection is closed (#812)
- Fixed profile saving behavior in wpctl set-profile command
(#808)
- Fixed GObject introspection closure annotation
==== zlib-ng-compat ====
Version update (2.2.4 -> 2.2.5)
- Update to 2.2.5:
* RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889
* MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing
inflate failure #1884
* Fix building with runtime CPU detection disabled (native)
[#1931]
* Also check for ZMM support when detecting VPCLMULQDQ support
[#1932]
* Revert "Clean up insert_match() in deflate_medium" due to
performance regression #1938
