Packages changed: dav1d (1.0.0 -> 1.1.0) git (2.39.1 -> 2.39.2) gnutls (3.7.8 -> 3.7.9) grub2 installation-images-MicroOS (17.75 -> 17.76) kernel-source (6.1.10 -> 6.1.12) keylime mozilla-nss (3.86 -> 3.87) mozjs102 (102.7.0 -> 102.8.0) patterns-microos plasma-branding-MicroOS (20230126 -> 20230214) plasma5-openSUSE python-SQLAlchemy (1.4.45 -> 1.4.46) tcl ucode-intel (20221108 -> 20230214) util-linux util-linux-systemd === Details === ==== dav1d ==== Version update (1.0.0 -> 1.1.0) - Update to version 1.1.0 * New function dav1d_get_frame_delay to query the decoder frame delay * Numerous fixes for strict conformity to the specs and samples * NEON and AVX-512 misc fixes and improvements * Partial AVX2 12bpc transform implementations * AVX-512 high bit-depth cdef_filter, loopfilter, itx * NEON z1/z3 optimization for 8bpc * SSSE3 z1 optimization for 8bpc ==== git ==== Version update (2.39.1 -> 2.39.2) - git 2.39.2: * CVE-2023-22490: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport boo#1208027 * CVE-2023-23946: a path outside the working tree can be overwritten as the user who is running "git apply" boo#1208028 ==== gnutls ==== Version update (3.7.8 -> 3.7.9) - Update to 3.7.9: [bsc#1208143, CVE-2023-0361] * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361] * Rebase gnutls-FIPS-140-3-references.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to handle the TPM2 responseCode correctly. ==== installation-images-MicroOS ==== Version update (17.75 -> 17.76) - merge gh#openSUSE/installation-images#628 - add patch to initrd - remove license files from installation system - 17.76 ==== kernel-source ==== Version update (6.1.10 -> 6.1.12) - Linux 6.1.12 (bsc#1012628). - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions (bsc#1012628). - KVM: x86: Mitigate the cross-thread return address predictions bug (bsc#1012628). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (bsc#1012628). - drm/i915: Fix VBT DSI DVO port handling (bsc#1012628). - drm/i915: Initialize the obj flags for shmem objects (bsc#1012628). - drm/i915: Move fd_install after last use of fence (bsc#1012628). - drm/amd/display: fix cursor offset on rotation 180 (bsc#1012628). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1012628). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1012628). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (bsc#1012628). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1012628). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1012628). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1012628). - arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines (bsc#1012628). - Fix page corruption caused by racy check in __free_pages (bsc#1012628). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (bsc#1012628). - rtmutex: Ensure that the top waiter is always woken up (bsc#1012628). - tracing: Fix TASK_COMM_LEN in trace event format file (bsc#1012628). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1012628). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1012628). - riscv: kprobe: Fixup misaligned load text (bsc#1012628). - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte (bsc#1012628). - nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE (bsc#1012628). - ceph: flush cap releases when the session is flushed (bsc#1012628). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1012628). - pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group (bsc#1012628). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (bsc#1012628). - cxl/region: Fix passthrough-decoder detection (bsc#1012628). - cxl/region: Fix null pointer dereference for resetting decoder (bsc#1012628). - usb: typec: altmodes/displayport: Fix probe pin assign check (bsc#1012628). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (bsc#1012628). - btrfs: free device in btrfs_close_devices for a single device filesystem (bsc#1012628). - btrfs: simplify update of last_dir_index_offset when logging a directory (bsc#1012628). - selftests: mptcp: stop tests earlier (bsc#1012628). - selftests: mptcp: allow more slack for slow test-case (bsc#1012628). - mptcp: be careful on subflow status propagation on errors (bsc#1012628). - mptcp: do not wait for bare sockets' timeout (bsc#1012628). - net: USB: Fix wrong-direction WARNING in plusb.c (bsc#1012628). - cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1012628). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (bsc#1012628). - pinctrl: aspeed: Revert "Force to disable the function's signal" (bsc#1012628). - spi: dw: Fix wrong FIFO level setting for long xfers (bsc#1012628). - pinctrl: single: fix potential NULL dereference (bsc#1012628). - pinctrl: aspeed: Fix confusing types in return value (bsc#1012628). - pinctrl: mediatek: Fix the drive register definition of some Pins (bsc#1012628). - clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating formatted strings (bsc#1012628). - ASoC: topology: Return -ENOMEM on memory allocation failure (bsc#1012628). - ASoC: fsl_sai: fix getting version from VERID (bsc#1012628). - ASoC: tas5805m: add missing page switch (bsc#1012628). - ASoC: tas5805m: rework to avoid scheduling while atomic (bsc#1012628). - arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings (bsc#1012628). - riscv: stacktrace: Fix missing the first frame (bsc#1012628). - ALSA: pci: lx6464es: fix a debug loop (bsc#1012628). - arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a (bsc#1012628). ... changelog too long, skipping 478 lines ... - commit 82ff25b ==== keylime ==== Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Remove completely unnecessary dependency on python-simplejson. ==== mozilla-nss ==== Version update (3.86 -> 3.87) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.87 * bmo#1803226 - NULL password encoding incorrect * bmo#1804071 - Fix rng stub signature for fuzzing builds * bmo#1803595 - Updating the compiler parsing for build * bmo#1749030 - Modification of supported compilers * bmo#1774654 - tstclnt crashes when accessing gnutls server without a user cert in the database. * bmo#1751707 - Add configuration option to enable source-based coverage sanitizer * bmo#1751705 - Update ECCKiila generated files. * bmo#1730353 - Add support for the LoongArch 64-bit architecture * bmo#1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * bmo#1798823 - Additional zero-length RSA modulus checks - add man-pages to the tools package (boo#1208242) ==== mozjs102 ==== Version update (102.7.0 -> 102.8.0) - Update to version 102.8.0: + Various security fixes. + CVE-2023-25728: Content security policy leak in violation reports using iframes. + CVE-2023-25730: Screen hijack via browser fullscreen mode. + CVE-2023-25743: Fullscreen notification not shown in Firefox Focus. + CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS. + CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey. + CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry. + CVE-2023-25738: Printing on Windows could potentially crash Firefox with some device drivers. + CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. + CVE-2023-25729: Extensions could have opened external schemes without user knowledge. + CVE-2023-25732: Out of bounds memory write from EncodeInputStream. + CVE-2023-25734: Opening local .url files could cause unexpected network loads. + CVE-2023-25742: Web Crypto ImportKey crashes tab. + CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8. + CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add kcm_flatpak to plasma default install (boo#1208256) ==== plasma-branding-MicroOS ==== Version update (20230126 -> 20230214) - Reverted prior commit, will investigate alternate method. * https://build.opensuse.org/request/show/1065543 - 20230214 - Added kcm-about-distrorc (boo#1207873) * Changes kinfocenter "About" to display MicroOS logo and Link to MicroOS Desktop wiki, rather than Geeko and the main website. - 20230202 ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Require distribution-logos-openSUSE-icons ==== python-SQLAlchemy ==== Version update (1.4.45 -> 1.4.46) - update to 1.4.46: * A new deprecation “uber warning” is now emitted at runtime the first time any SQLAlchemy 2.0 deprecation warning would normally be emitted, but the SQLALCHEMY_WARN_20 environment variable is not set. see https://docs.sqlalchemy.org/en/20/changelog/changelog_14.html#change-1.4.46 ==== tcl ==== - bsc#1203982, tcl-interp-limit-time.patch: Fix a y2k38 problem in [interp limit -time] . ==== ucode-intel ==== Version update (20221108 -> 20230214) - Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Remove requires for adjtimex, which and time: this where wrongly implemented split provides we don't need anymore. - Remove pam_lastlog, not Y2038 safe, will be removed upstream. Additional tools update the files themself. - Readd hwclock.8 manual page. - Move permissions pre-require to correct package. - Remove install_info_prereq, we have no info pages. - clean up spec file, tag all the %if-endif to make it easy to read the file and try to simplify a bit the if-endif logic grouping by core, systemd and python. ==== util-linux-systemd ==== - Remove requires for adjtimex, which and time: this where wrongly implemented split provides we don't need anymore. - Remove pam_lastlog, not Y2038 safe, will be removed upstream. Additional tools update the files themself. - Readd hwclock.8 manual page. - Move permissions pre-require to correct package. - Remove install_info_prereq, we have no info pages. - clean up spec file, tag all the %if-endif to make it easy to read the file and try to simplify a bit the if-endif logic grouping by core, systemd and python.