Packages changed: Mesa (25.2.4 -> 25.2.5) Mesa-drivers (25.2.4 -> 25.2.5) MicroOS-release (20251022 -> 20251028) busybox-links dejavu-fonts gcc15 gdk-pixbuf (2.44.3 -> 2.44.4) glib2 (2.86.0 -> 2.86.1) glycin-loaders (2.0.3 -> 2.0.4) google-noto-coloremoji-fonts (20250622 -> 20250916) gpg2 (2.5.12 -> 2.5.13) grub2 kernel-firmware-amdgpu (20251004 -> 20251024) kernel-firmware-bluetooth (20251010 -> 20251024) kernel-firmware-intel (20251018 -> 20251024) kernel-firmware-iwlwifi (20250903 -> 20251024) kernel-firmware-mediatek (20250926 -> 20251024) kernel-firmware-qcom (20251010 -> 20251024) kernel-firmware-sound (20251018 -> 20251024) kernel-source (6.17.4 -> 6.17.5) lcms2 (2.16 -> 2.17) libevdev (1.13.4 -> 1.13.5) libffi libglycin (2.0.3 -> 2.0.4) libinput (1.28.1 -> 1.29.2) libplacebo librsvg (2.61.1 -> 2.61.2) libxkbcommon (1.11.0 -> 1.12.2) llvm21 (21.1.3 -> 21.1.4) pciutils pcre2 (10.46 -> 10.47) python-PyJWT python-certifi (2025.6.15 -> 2025.10.5) python-gobject (3.54.3 -> 3.54.5) python-psutil (7.1.0 -> 7.1.1) python313-setuptools qt6-base qt6-declarative raspberrypi-firmware-dt selinux-policy (20251016 -> 20251021) spice-vdagent (0.22.1 -> 0.23.0) sqlite3 yast2 (5.0.16 -> 5.0.17) === Details === ==== Mesa ==== Version update (25.2.4 -> 25.2.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.2.5 - -> https://docs.mesa3d.org/relnotes/25.2.5 ==== Mesa-drivers ==== Version update (25.2.4 -> 25.2.5) Subpackages: Mesa-dri Mesa-vulkan-device-select libvulkan_lvp - Update to release 25.2.5 - -> https://docs.mesa3d.org/relnotes/25.2.5 ==== MicroOS-release ==== Version update (20251022 -> 20251028) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - Add conflicts of busybox-misc to ascii ==== dejavu-fonts ==== - use %license tag [bsc#1252142] ==== gcc15 ==== Subpackages: cpp15 libgcc_s1 libgomp1 libstdc++6 - Add gcc15-pr120424.patch to backport fix that cures a miscompile of libgo on arm. [bsc#1252306] ==== gdk-pixbuf ==== Version update (2.44.3 -> 2.44.4) Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.44.4: + glycin: - Make svgz work - Support saving avif + docs: Add deprecation tags for GdkPixbufAnimation + bmp: Fix loading of bottom-up images ==== glib2 ==== Version update (2.86.0 -> 2.86.1) Subpackages: glib2-tools libgio-2_0-0 libgirepository-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.86.1: + Bugs fixed: - GIRepository: union fields offsets for compiled typelibs all have offset 0xffff - `gio/tests/socket-listener` requires dlsym - GLib.OptionContext's get_help() includes width of invisible options - Memory leak related to g_get_home_dir - Gio.AppInfo.launch_default_for_uri_async crashes with non-existent paths - GNetworkMonitor's netlink backend doesn't notify connectivity change - ghash: Fix entry_is_big for CHERI architecture - ghash: Handle all table sizes in iterator - gbookmarkfile: Escape icon href and mime-type - docs: Add Luca Bacci as a co-maintainer of the Windows code - tests: Fix clang compilation warnings - gmem: Replace SIZE_OVERFLOWS with g_size_checked_mul - gstrfuncs: Check string length in g_strescape - gutils: Improve load_user_special_dirs' user-dirs.dirs parser - gutils: Handle singletons in unlocked functions - ghostutils: Treat 0x80 (and above) as non-ASCII - various fixes to user-dirs.dirs handling in gutils - girnode: Fix computation of union member offsets - gopenuriportal: Fix a crash when the file can’t be opened - gtype: Use transfer none for types (un)ref functions - gnetworkmonitorbase: Add missing notify::connectivity signal + Updated translations. ==== glycin-loaders ==== Version update (2.0.3 -> 2.0.4) - Update to version 2.0.4: + This release contains the following new component versions: - glycin-heif 2.0.4 - glycin-image-rs 2.0.4 - glycin-jpeg2000 2.0.4 - glycin-jxl 2.0.4 - glycin-raw 2.0.4 - glycin-svg 2.0.4 - glycin-utils 4.0.4 - glycin 3.0.4 - libglycin 2.0.4 - libglycin-gtk4 2.0.4 + Fixed: - D-Bus connections were never completely closed, causing a memory and FD leak. - Default to loop for animations if no explicit value is set. This fixed as backward compatibility issue when glycin/libglycin is not a .3 or later. - Support having symlinks in a directory that is already a symlink and both a explicitly picked up by fontconfig. ==== google-noto-coloremoji-fonts ==== Version update (20250622 -> 20250916) - Update to v2.051 * Unicode 17.0 update mk1 ==== gpg2 ==== Version update (2.5.12 -> 2.5.13) - Update to 2.5.13: * gpg: Fix de-vs compliance with OCB and additional password. [T7804] * gpg: Detect duplicate keys with --add-recipients. [T1825] * gpg: Take care about the prefix for cv25519 encryption. [T7649] * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures. [rGdb9705ef59] * gpg: Error out on unverified output for non-detached signatures. [rG8abc320f2a] * gpgsm: Use KEM interface for en- and decryption. [T7811,T7845] * gpgsm: Fix delete and store certificate locking glitches. [T7855] * gpg,gpgsm: Run keybox compression only when there are no other users. [T7855] * gpg,gpgsm: Improve keybox closing and locking order on read and write. [T7855] * gpg,gpgsm: Always use share mode read-write for the keybox file access. [T7829] * scd:openpgp: Fix an oddity in changing the PIN. [T7840] * dirmngr: New LDAP keyserver flag "upload". [T7866] * agent: Retry private key deletion in case of sharing violations for up to 400ms. [T7863] * Release-info: https://dev.gnupg.org/T7801 ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738) * grub2-grubenv-in-btrfs-header.patch - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch ==== kernel-firmware-amdgpu ==== Version update (20251004 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs - Update aliases ==== kernel-firmware-bluetooth ==== Version update (20251010 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659 ==== kernel-firmware-intel ==== Version update (20251018 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * linux-firmware: Renaming the file to cover a wide range of HP Lunar Lake system. * intel: qat: Fix missing link ==== kernel-firmware-iwlwifi ==== Version update (20250903 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * iwlwifi: add Bz/Fm and gl FW for core98-161 release * iwlwifi: update Bz/Hr and Bz/Gf firmwares for core98-161 release * iwlwifi: update ty/So/Ma firmwares for core98-161 release * iwlwifi: update cc/Qu/QuZ firmwares for core98-161 release ==== kernel-firmware-mediatek ==== Version update (20250926 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * mediatek MT7920: update bluetooth firmware to 20251020151255 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7920 WiFi device * mediatek MT7922: update bluetooth firmware to 20251020143443 * Revert "linux-firmware: update firmware for MT7922 WiFi device" ==== kernel-firmware-qcom ==== Version update (20251010 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * qcom: add ADSP firmware for kaanapali platform ==== kernel-firmware-sound ==== Version update (20251018 -> 20251024) - Update to version 20251024 (git commit 9b899c779b8a): * cirrus: cs35l41: Rename various Asus Laptop firmware files to not have Speaker ID ==== kernel-source ==== Version update (6.17.4 -> 6.17.5) Subpackages: kernel-64kb kernel-default - expfs: Fix exportfs_can_encode_fh() for EXPORT_FH_FID (bsc#1252541). - commit 00da826 - Linux 6.17.5 (bsc#1012628). - vfs: Don't leak disconnected dentries on umount (bsc#1012628). - ata: libata-core: relax checks in ata_read_log_directory() (bsc#1012628). - arm64/sysreg: Fix GIC CDEOI instruction encoding (bsc#1012628). - drm/xe/guc: Check GuC running state before deregistering exec queue (bsc#1012628). - ixgbevf: fix getting link speed data for E610 devices (bsc#1012628). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1012628). - rust: cfi: only 64-bit arm and x86 support CFI_CLANG (bsc#1012628). - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1012628). - x86/CPU/AMD: Prevent reset reasons from being retained across reboot (bsc#1012628). - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL (bsc#1012628). - io_uring: protect mem region deregistration (bsc#1012628). - Revert "drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume" (bsc#1012628). - r8152: add error handling in rtl8152_driver_init (bsc#1012628). - net: usb: lan78xx: Fix lost EEPROM write timeout error(-ETIMEDOUT) in lan78xx_write_raw_eeprom (bsc#1012628). - KVM: arm64: Prevent access to vCPU events before init (bsc#1012628). - f2fs: fix wrong block mapping for multi-devices (bsc#1012628). - gve: Check valid ts bit on RX descriptor before hw timestamping (bsc#1012628). - jbd2: ensure that all ongoing I/O complete before freeing blocks (bsc#1012628). - ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1012628). - ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1012628). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (bsc#1012628). - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl (bsc#1012628). - btrfs: only set the device specific options after devices are opened (bsc#1012628). - btrfs: fix incorrect readahead expansion length (bsc#1012628). - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1012628). - btrfs: do not assert we found block group item when creating free space tree (bsc#1012628). - can: gs_usb: gs_make_candev(): populate net_device->dev_port (bsc#1012628). - can: gs_usb: increase max interface to U8_MAX (bsc#1012628). - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1012628). - cxl/acpi: Fix setup of memory resource in cxl_acpi_set_cache_size() (bsc#1012628). - ALSA: hda/intel: Add MSI X870E Tomahawk to denylist (bsc#1012628). - ALSA: hda/realtek: Add quirk entry for HP ZBook 17 G6 (bsc#1012628). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1012628). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (bsc#1012628). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (bsc#1012628). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (bsc#1012628). - drm/amdgpu: fix gfx12 mes packet status return check (bsc#1012628). - drm/xe: Increase global invalidation timeout to 1000us (bsc#1012628). - perf/core: Fix address filter match with backing files (bsc#1012628). - perf/core: Fix MMAP event path names with backing files (bsc#1012628). - perf/core: Fix MMAP2 event device with backing files (bsc#1012628). - drm/amd: Check whether secure display TA loaded successfully (bsc#1012628). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1012628). - drm/amd: Fix hybrid sleep (bsc#1012628). - media: nxp: imx8-isi: m2m: Fix streaming cleanup on release (bsc#1012628). - usb: gadget: Store endpoint pointer in usb_request (bsc#1012628). - usb: gadget: Introduce free_usb_request helper (bsc#1012628). - usb: gadget: f_rndis: Refactor bind path to use __free() (bsc#1012628). - usb: gadget: f_acm: Refactor bind path to use __free() (bsc#1012628). - usb: gadget: f_ecm: Refactor bind path to use __free() (bsc#1012628). - usb: gadget: f_ncm: Refactor bind path to use __free() (bsc#1012628). - HID: multitouch: fix sticky fingers (bsc#1012628). - dax: skip read lock assertion for read-only filesystems (bsc#1012628). ... changelog too long, skipping 244 lines ... - commit 60fe5ed ==== lcms2 ==== Version update (2.16 -> 2.17) - Enable threads support * Drop lcms2-visibility.patch as it was causing linker errors when enabling threads - Update to 2.17: * Add fuzzers foundation. Many thanks to Amir Montazery and Open-Source Technology Improvement Fund (ostif.org), Google, for funding that. * Add ability to disable building tests in meson * Fixed gamut warning not working on certain conditions * Mac sequoia added to test beds * Add the possibility of duplicating a NULL context for cloning defaults. * Small cleanup of CGATS parser. * Change computation of profile ID to follow actual ICC spec (yes, they changed the spec!) * Allow to apply color management on memory blocks > 4Gb. * Get rid of samples on meson compilation * Increase coverage of pre-multiplied alpha. * Bug fixing and cosmetical work. - Refresh lcms2-ocloexec.patch ==== libevdev ==== Version update (1.13.4 -> 1.13.5) - Update to 1.14.5 * include: sync event codes with kernel 6.16 and kernel 6.17 * util: change the bit to shift to ULL ==== libffi ==== - Add upstream patch to fix GCS on aarch64: * 943.patch ==== libglycin ==== Version update (2.0.3 -> 2.0.4) - Update to version 2.0.4: + This release contains the following new component versions: - glycin-heif 2.0.4 - glycin-image-rs 2.0.4 - glycin-jpeg2000 2.0.4 - glycin-jxl 2.0.4 - glycin-raw 2.0.4 - glycin-svg 2.0.4 - glycin-utils 4.0.4 - glycin 3.0.4 - libglycin 2.0.4 - libglycin-gtk4 2.0.4 + Fixed: - D-Bus connections were never completely closed, causing a memory and FD leak. - Default to loop for animations if no explicit value is set. This fixed as backward compatibility issue when glycin/libglycin is not a .3 or later. - Support having symlinks in a directory that is already a symlink and both a explicitly picked up by fontconfig. ==== libinput ==== Version update (1.28.1 -> 1.29.2) - Update to release 1.29.2 * A potential crasher caused by abort if the dial/ring/strip pad mode group was not found, was fixed. * A zero delta timestamp caused the custom pointer acceleration to jump to 0/0 when clicking a button. * A missing forced proximity out event could cause two tablet tools to be in proximity at the same time. This could cause GTK applications to crash. - Update to release 1.29 * High-resolution scroll wheels have better heuristics to avoid inadvertent scrolls. This should also help with lesser-resolution scroll wheels which can skip those heuristics now, resulting in better responsiveness. * Virtual devices (e.g. uinput) are now detected in libinput and some internal heuristics are disabled for those (e.g. tablet smoothing). * Tablet tools with an fixed eraser button (almost all these days) can now configure that eraser button to be a regular button instead. * Jumping cursors on Asus "ASUE..." touchpads have lost their excitement and are no longer jumping. * libinput debug-tablet-pad is a new tool for interactive tablet pad debugging. - Delete pkgconf.patch (merged) ==== libplacebo ==== - Grab 12509c0f1ee8c22ae163017f0a5e7b8a9d983a17.patch from upstream repository Drops 12509c0f.patch - Drop Leap < 16 (does not meet libplacebo build requirements) - Use RPM 4.20 BuildSystem declaration - Clean up spec file ==== librsvg ==== Version update (2.61.1 -> 2.61.2) - Update to version 2.61.2: + librsvg crate version 2.61.2 + librsvg-rebind crate version 0.2.1 + Disable compilation of the gdk-pixbuf loader module by default. It used to be that if meson detected that gdk-pixbuf-query-loaders(1) is available, then it would build the gdk-pixbuf loader module. Now that GNOME has switched to glycin loaders for images, which are sandboxed, gdk-pixbuf loaders are deprecated. You can still compile the gdk-pixbuf loader in librsvg by using the "-Dpixbuf-loader=enabled" option when invoking meson. + Reduce stack usage with deeply nested layers. This should be of interest especially for users of Alpine or musl-libc. Librsvg should hopefully no longer require users of musl-libc to increase the stack size for it; please tell the maintainer if that is the case! + "rsvg-convert --version" now also outputs the versions of the C library dependencies being used at runtime. + The build process now checks the version of cargo-cbuild, as it needs to be coordinated with the minimum supported Rust version. The minimum cargo-cbuild for this release is 0.10.10. + Compiling rsvg-convert is now optional, via the "-Drsvg-convert=disabled" option for Meson. + Update Rust dependencies. - Run test suite for all non 32bit targets. ==== libxkbcommon ==== Version update (1.11.0 -> 1.12.2) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.12.2 * About 1.6× speedup at serializing with default options. * About 1.7× speedup at parsing keymaps serialized by libxkbcommon, otherwise aruond 1.1×. * Added fallback to the legacy X11 path for misconfigured setups where the canonical XKB root is not available. ==== llvm21 ==== Version update (21.1.3 -> 21.1.4) - Update to version 21.1.4. * This release contains bug-fixes for the LLVM 21.1.0 release. This release is API and ABI compatible with 21.1.0. - Simplify script for building documentation. - Use %ldconfig_scriptlets to automatically generate post scriptlets. This doesn't work with %{multisource} in Leap 15.6 though, so we leave a fallback for that. - Drop post scriptlets for gold and polly, which provide only plugin libraries that ldconfig doesn't care about. - Rebase llvm-do-not-install-static-libraries.patch. ==== pciutils ==== Subpackages: libpci3 - pciutils.spec: Add a strict dependency to libpci. [bsc#1252338] Mixing different versions of pciutils and libpci could result in a segmentation fault due to incompatible ABI. ==== pcre2 ==== Version update (10.46 -> 10.47) Subpackages: libpcre2-16-0 libpcre2-8-0 - Update to 10.47: * Pattern recursion of the form (?1(GROUP_NAME_OR_NUM,...)) acts as a subroutine call which additionally returns the listed capturing groups to the calling context. * Fixed a crash in pcre2_callout_enumerate() which is easily reachable on any pattern that contains a Unicode character class. If your application uses this function, please read the details for this change and evaluate its severity for your application. * Support symbol versioning * Add pcre2_next_match() for iterating over all matches * Add the PCRE2_CONFIG_EFFECTIVE_LINKSIZE option to pcre2_config() * Add support for $+ replacement to pcre2_substitute() ==== python-PyJWT ==== - Remove not needed update-alternatives requirement. ==== python-certifi ==== Version update (2025.6.15 -> 2025.10.5) - Update to 2025.10.15 * Bump actions/download-artifact from 4.3.0 to 5.0.0 * Bump actions/checkout from 4.2.2 to 5.0.0 * Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366) * Bump actions/setup-python from 5.6.0 to 6.0.0 (#367) * Add Python 3.14 classifier in setup.py - from version 2025.08.03 * No changes recorded - from version 2025.07.14 * No changes recorded - from version 2025.07.09 * No changes recorded ==== python-gobject ==== Version update (3.54.3 -> 3.54.5) Subpackages: python313-gobject python313-gobject-Gdk python313-gobject-cairo - Update to version 3.54.5: + Backport: GLib 2.86/GioUnix compatibility ==== python-psutil ==== Version update (7.1.0 -> 7.1.1) - Exclude tests to mutibuild due to dependency cycle with python-xdist - Update to 7.1.1 * SunOS 10 is no longer supported. * Tests that needs UNIX sockets should be properly marked for skip - Run tests with pytest (recommended by upstream) ==== python313-setuptools ==== - Remove not needed update-alternatives BuildRequires ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6WaylandClient6 libQt6Widgets6 libQt6WlShellIntegration6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite qt6-wayland - Fix slow scrolling on Wayland (bsc#1249117). - This patch relates to QTBUG-138706 and QTBUG-139231. - Add patch: * 0001-fix-slow-scrolling-on-wayland.patch ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsSynchronizer6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add upstream change (kde#509804) * 0001-QmlCompiler-Fix-write-access-to-QVariantMap.patch ==== raspberrypi-firmware-dt ==== - Adjust RPi5 overlays 0001-dts-overlays-Adjust-them-for-RPi5.patch * Add 64 bit size CMA overlay Compared to older devices RPi5 uses #size-cells=<2>. Create new overlay and add it to overlay_map so it could automagicaly loaded by the firmware. * Add map for enabling Bluetooth on RPi5 Bluetooth on RPi5 do not need to be enabled, but because we unconditionally enable-bt for all devices create similar overlay for RPi5 and add it to overlay_map. * Add map for upstream overlay on RPi5 Create empty upstream overlay to silence firmware warnings. ==== selinux-policy ==== Version update (20251016 -> 20251021) Subpackages: selinux-policy-targeted - Update to version 20251021: * Allow snapper sdbootutil plugin read emmc devices (bsc#1231354) * Allow pcrlock to delete pid entries * Allow systemd_pcrlock_t to manage its pid files * Mark snapper_sdbootutil_plugin_t as permissive * Drop unnamed filetrans, should be done upstream (bsc#1241964) * Label pcrlock pid file correctly (bsc#1241964) * Allow snapper sdbootutil plugin send msg to system bus (bsc#1241964) * snapper takes output from stdout/err, allow pcrlock to write * Add tpm2_getcap permissions to snapper sdbootutil (bsc#1244573) * Allow snapper sdbootutil plugin to read snapper data and conf * Allow snapper sdbootutil plugin to grep /proc/stat (bsc#1241964) * Replace snapper tmp file access for pcrlock (bsc#1241964) * Allow snapper sdbootutil read kernel module dirs (bsc#1241964) * Allow snapper sdbootutil plugin use bootctl (bsc#1241964) * Allow snapper sdbootutil plugin to list and read sysfs (bsc#1241964) * Allow snapper sdbootutil sys_admin (bsc#1241964) * Allow snapper sdbootutils plugin to findmnt (bsc#1241964) * Allow snapper sdbootutil plugin rw tpm (bsc#1233358) * Move manage dos permissions and dontaudit execmem to snapper sdbootutils plugin (bsc#1241964) * Move snapper domtrans to sdbootutil to plugin (bsc#1241964) * Revert snapper access to keys, move to sdbootutils plugin policy (bsc#1241964) * Add initial seperate policy for sdbootutil called by snapper (bsc#1233358) * Allow sort in snapper_grub_plugin_t read cpu.max (bsc#1252095) ==== spice-vdagent ==== Version update (0.22.1 -> 0.23.0) - Update to version 0.23.0. Features and Issues addressed: systemd services: add Documentation key (point to manpage) Switch to spice-vdagent.service by default Improve integration with systemd service manager Makefile.am: don't create /var/run/spice-vdagentd vdagent: remove callback on destroy() Fix minor spelling errors Fix VDAGentMonitorConfig size calculation - Drop 0001-Switch-to-spice-vdagent.service-by-default.patch ==== sqlite3 ==== - bsc#1252217: Add a %license file. ==== yast2 ==== Version update (5.0.16 -> 5.0.17) - Checking for TPM version. TPM2 < 1.38 will not be supported (bsc#1250403). - 5.0.17