Packages changed: MicroOS-release (20251216 -> 20251217) container-selinux (2.244.0 -> 2.245.0) libarchive (3.8.3 -> 3.8.4) libeconf (0.8.2 -> 0.8.3) llvm21 (21.1.6 -> 21.1.7) nghttp3 (1.12.0 -> 1.13.1) passt (20250611.0293c6f -> 20251215.b40f5cd) qt6-base samba (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) tdb (1.4.13 -> 1.4.14) tevent (0.16.2 -> 0.17.1) timezone (2025b -> 2025c) wayland-utils (1.2.0 -> 1.3.0) === Details === ==== MicroOS-release ==== Version update (20251216 -> 20251217) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== container-selinux ==== Version update (2.244.0 -> 2.245.0) - Update to version 2.245.0: * bump to v2.245.0 * Fix typo in container_selinux(8) man page * Add new booleans to container_selinux(8) man page * Allow containers to access shared public content * Add support for Incus * Add ~/.local/share/containers/storage/overlay-containers to .fc (bsc#1253682) ==== libarchive ==== Version update (3.8.3 -> 3.8.4) - Update to 3.8.4: * bsdtar: Fix zero-length pattern issue * lib: Fix regression introduced in libarchive 3.8.2 when walking enterable but unreadable directories - add libarchive-3.8.4-tar-fix-tests.patch to fix tests ==== libeconf ==== Version update (0.8.2 -> 0.8.3) - Update to version 0.8.3: * improved Documentation (#246) ==== llvm21 ==== Version update (21.1.6 -> 21.1.7) - Update to version 21.1.7. * This release contains bug-fixes for the LLVM 21.1.0 release. This release is API and ABI compatible with 21.1.0. - Rebase llvm-do-not-install-static-libraries.patch. - Link with -z pack-relative-relocs to reduce size of relocations and speed up their application. - Run testsuite also in qemu emulation. (From Andreas Schwab.) ==== nghttp3 ==== Version update (1.12.0 -> 1.13.1) - Update to 1.13.1: * Fix header name validation on a platform where char is unsigned - Update to 1.13.0: * Revert #395 partially * Replace POPCNT-based ispow2 with portable bitwise implementation to prevent illegal instruction crashes * doc: Recommend specifying rand callback * qpack: Optimize huffman decoding a bit * Remove unused enum values from nghttp3_stream_http_state * Qpack indexing strategy ==== passt ==== Version update (20250611.0293c6f -> 20251215.b40f5cd) Subpackages: passt-selinux - spec: drop restorecon trigger now that file context rules use regex (bsc#1246291) (https://archives.passt.top/passt-dev/20251016074045.562352-1-contact@danishpraka.sh/) - Update to version 20251215.b40f5cd: * tcp: Use less-than-MSS window on no queued data, or no data sent recently * conf, fwd: Move initialisation of auto port scanning out of conf() * tcp: Remove extra space from TCP_INFO debug messages (trivial) * pasta: Clean up waiting pasta child on failures * treewide: Introduce passt_exit() helper * tcp: Suppress new instance of cppcheck bug 14191 * pif: Correctly set scope_id for guest-side link local addresses * tcp: Correct timer expiry value in trace message * tcp_splice, flow: Add socket to epoll set before connect(), drop assert * fedora: Fix build on Fedora 43, selinux_requires_min not available on Copr builders * tcp: Skip redundant ACK on partial sendmsg() failure * tcp: Send a duplicate ACK also on complete sendmsg() failure * tcp: Allow exceeding the available sending buffer size in window advertisements * tcp: Don't limit window to less-than-MSS values, use zero instead * tcp: Acknowledge everything if it looks like bulk traffic, not interactive * tcp: Don't clear ACK_TO_TAP_DUE if we're advertising a zero-sized window * tcp: Adaptive interval based on RTT for socket-side acknowledgement checks * tcp: Limit advertised window to available, not total sending buffer size * tcp: Change usage factor of sending buffer in tcp_get_sndbuf() to 75% * tcp, util: Add function for scaling to linearly interpolated factor, use it * iov: Fix coding style of basic (non-IOV_TAIL) parts * tcp, udp: Pad batched frames for vhost-user modes to 60 bytes (802.3 minimum) * tcp, udp: Pad batched frames to 60 bytes (802.3 minimum) in non-vhost-user modes * udp: Fix coding style for comment to enum udp_iov_idx * tcp: Fix coding style for comment to enum tcp_iov_parts * tap: Pad non-batched frames to 802.3 minimum (60 bytes) if needed * test: Update Makefile to avoid failing on missing images * conf: Separate local mode for each IP version, don't enable disabled IP version * vu_common: Clarify prototype of vu_collect() * test: Expand tmux right status bar to fit pass/fail/skipped counter and time * tcp: Enable SO_KEEPALIVE if we see keep-alive segments from container / guest * seccomp: Fix build and operation on 32-bit musl targets * fwd: Preserve non-standard loopback address when splice forwarding * tcp: Always populate oaddr field for socket initiated flows * util: Rename sock_l4_dualstack() to sock_l4_dualstack_any() * tcp, udp: Bind outbound listening sockets by interface instead of address * tcp, udp: Remove fallback if creating dual stack socket fails * util: Fix setting of IPV6_V6ONLY socket option * udp: Move udp_sock_init() special case to its caller * udp: Unify some more inbound/outbound parts of udp_sock_init() * tcp: Merge tcp_ns_sock_init[46]() into tcp_sock_init_one() * util, flow, pif: Simplify sock_l4_sa() interface * inany: Let length of sockaddr_inany be implicit from the family * flow: Remove bogus @path field from flowside_sock_args * conf: More useful errors for kernels without SO_BINDTODEVICE * util: Extend sock_probe_mem() to sock_probe_features() * util: Correct error message on SO_BINDTODEVICE failure * tcp: Clamp the retry timeout * tcp: Update data retransmission timeout * tcp: Resend SYN for inbound connections * util: Introduce read_file() and read_file_integer() function * tcp: Rename "retrans" to "retries" * arp/ndp: don't send messages on uninitialized tap interface * test: Fix IPv6 address/prefix mismatch error * spec: use %selinux_requires_min macro, drop overlapping dependencies * fwd: Don't explicitly exclude reverse-direction TCP ports for UDP * fwd: Exclude ports based on prior mapping state * Revert "fwd: Update all port maps before applying exclusions" * udp: Use IP_FREEBIND for flow sockets as well as listening sockets * tcp: Properly remove sockets from epoll loop when connection is closed * seccomp.sh: Quote tr character ranges to prevent glob expansion * contrib/selinux: use regex instead of SELinux template * tcp, udp: Don't exclude ports in {tcp,udp}_port_rebind() * fwd: Update all port maps before applying exclusions * fwd: Check forwarding mode in fwd_scan_ports_*() rather than caller * fwd: Share port scanning logic between init and timer cases * fwd: Move port exclusion handling from procfs_scan_listen() to callers * fwd: Consolidate scans (not rebinds) in fwd.c * tcp, udp, fwd: Run all port scanning from a single timer * icmp: Remove vestiges of ICMP timer * passt: Move main event loop processing into passt_worker() * udp: Use epoll instance management for UDP flows * icmp: Use epoll instance management for ICMP flows * tcp, flow: Replace per-connection in_epoll flag with an epollid in flow_common * util: Move epoll registration out of sock_l4_sa() * epoll_ctl: Extract epoll operations * util: Simplify epoll_del() interface to take epollfd directly * icmp: let icmp use mac address from flowside structure * tap: change signature of function tap_push_l2h() * tcp: forward external source MAC address through tap interface * udp: forward external source MAC address through tap interface * flow: add MAC address of LAN local remote hosts to flow * arp/ndp: send ARP announcement / unsolicited NA when neigbour entry added * arp/ndp: respond with true MAC address of LAN local remote hosts * fwd: Add cache table for ARP/NDP contents * netlink: add subscription on changes in NDP/ARP table * Add reverse Christmas tree to CONTRIBUTING.md * fwd: Fix misspelling * test: Fix the escaping issue in memory/passt test * test: Update the threshold value for some perf tests * tap: Update some function comments for accuracy * passt: Rename EPOLL_EVENTS to NUM_EPOLL_EVENTS * Fix the wrong command in CONTRIBUTING.md * test: For missing static checkers, skip rather than failing tests * test: Add some missing quoting in exeter runner * test: Use ${} consistently in lib/exeter ... changelog too long, skipping 96 lines ... * Single line macro to load SELinux policies for better performance ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite qt6-wayland - Add patch to fix crash due to 0001-fix-slow-scrolling-on-wayland.patch (boo#1253651): * 0001-wayland-Fix-crash-in-QWaylandShmBackingStore-scroll.patch ==== samba ==== Version update (4.22.6+git.435.014e5eceb5d -> 4.23.4+git.428.6b48e7eba5b) Subpackages: libldb2 samba-client samba-client-libs - samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20; (bso#15790); (bsc#1249058). - Update to 4.23.4 * Samba 4.22 breaks Time Machine; (bso#15926). * mdssvc doesn't support $time.iso dates before 1970; (bso#15947). * Fix winbind cache consistency; (bso#15963). * Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') in vfswrap_openat; (bso#15897). * ctdb can crash with inconsistent cluster lock configuration; (bso#15950). * samba-bgqd: rework man page; (bso#15809). * samba-bgqd can't find [printers] share; (bso#15936). * Winbind can hang forever in gssapi if there are network issues; (bso#15955). * libldb requires linking libreplace on Linux; (bso#15961). - Update to 4.23.3 * Spotlight search restriction for shares incomplete and default search searches in too many attributes; (bso#15927). * Searching for numbers doesn't work with Spotlight; (bso#15930). * rpcd_mdssvc may crash because name mangling is not initialized; (bso#15931). * Only increment lease epoch if a lease was granted; (bso#15933). * vfs_recycle does not update mtime; (bso#15940). * samba-log-parser fails with UnicodeDecodeError: 'utf-8' codec can't decode byte; (bso#15943). * Crash in ctdbd on failed updateip; (bso#15935). - Update to 4.23.2 * CVE-2025-10230: Command injection via WINS server hook script (bso#15903); (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr; (bso#15885); (bsc#1251279). - Update to 4.23.1 * Incomplete bind configuration causes DLZ plugin to crash; (bso#15920). * winbind can crash at startup; (bso#15914). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB does not support PCP 7.0.0; (bso#15904). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.23.0 * samba.tests.safe_tarfile fails on Python 3.13 with additional security fixes for tarfile support; (bso#15911). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * Uninitialized read leads to hanging rpcd_spoolss; (bso#15908). * Stack buffer overflow in samba3.smb2.dirlease.fileserver; (bso#15907). * Regression in gssproxy support in 4.23.rc1+; (bso#15902). * 'net ads group' failed to list domain groups; (bso#15900). * macOS Finder client DFS broken on 4.22.0; (bso#15843). * Self-signed certificates don't have X509v3 Subject Alternative Name for DNS; (bso#15899). * Improve handling of principals and realms in client tools; (bso#15893). * libquic build fixes; (bso#15896). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). ==== tdb ==== Version update (1.4.13 -> 1.4.14) - Add config-sitearch.patch - Update to 1.4.14 * let tdbtool return error on failure; (bso#15890). ==== tevent ==== Version update (0.16.2 -> 0.17.1) - Add config-sitearch.patch - Update to 0.17.1 * Fix 1649525 Use of 32-bit time_t * Fix Coverity ID 1649524 Dereference before null check * Fix Coverity ID 1649526 Dereference before null check - Update to 0.17.0 * add tevent_context_set_wait_timeout() * add tevent_reset_immediate() ==== timezone ==== Version update (2025b -> 2025c) - Update to 2025c: * update Baja California DST rules in 1953, 1961-1975 * An unset TZ is no longer invalid when /etc/localtime is missing, and is abbreviated "UTC" not "-00". This reverts to 2024b behavior * tzset etc. are now more cautious about questionable TZ settings. * tzset etc. now treat ' ' like '_' in time zone abbreviations * tzfree now preserves errno, consistently with POSIX.1-2024 ‘free’. * zic has new options inspired by FreeBSD. ‘-D’ skips creation of output ancestor directories, ‘-m MODE’ sets output files’ mode, and ‘-u OWNER[:GROUP]’ sets output files’ owner and group. * multiple changes visible to developers ==== wayland-utils ==== Version update (1.2.0 -> 1.3.0) - Update to 1.3.0 * add color-management-v1 support * switch to the stable tablet protocol * support tablet bustype and relative dials * add color-representation-v1 support