Packages changed: clamav (0.103.7 -> 0.103.8) dav1d (1.0.0 -> 1.1.0) git (2.39.1 -> 2.39.2) gnutls (3.7.8 -> 3.7.9) grub2 gstreamer-plugins-rs (0.9.8+git20230124.d9e9468 -> 0.10.1+git20230213.9cd68ff) kernel-source (6.1.10 -> 6.1.12) mozilla-nss (3.86 -> 3.87) mozjs102 (102.7.0 -> 102.8.0) plasma5-openSUSE tcl thunar util-linux util-linux-systemd === Details === ==== clamav ==== Version update (0.103.7 -> 0.103.8) Subpackages: libclamav9 libfreshclam2 - Update to 0.103.8 * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208363) * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208365) * Update vendored libmspack library to version 0.11alpha. - Package huge .html documentation in a separate subpackage. ==== dav1d ==== Version update (1.0.0 -> 1.1.0) - Update to version 1.1.0 * New function dav1d_get_frame_delay to query the decoder frame delay * Numerous fixes for strict conformity to the specs and samples * NEON and AVX-512 misc fixes and improvements * Partial AVX2 12bpc transform implementations * AVX-512 high bit-depth cdef_filter, loopfilter, itx * NEON z1/z3 optimization for 8bpc * SSSE3 z1 optimization for 8bpc ==== git ==== Version update (2.39.1 -> 2.39.2) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.39.2: * CVE-2023-22490: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport boo#1208027 * CVE-2023-23946: a path outside the working tree can be overwritten as the user who is running "git apply" boo#1208028 ==== gnutls ==== Version update (3.7.8 -> 3.7.9) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-hmac - Update to 3.7.9: [bsc#1208143, CVE-2023-0361] * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361] * Rebase gnutls-FIPS-140-3-references.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to handle the TPM2 responseCode correctly. ==== gstreamer-plugins-rs ==== Version update (0.9.8+git20230124.d9e9468 -> 0.10.1+git20230213.9cd68ff) - Add BuildRequires: zstd so it build in SLE/Leap now that the sources are compressed with zstd - Update to version 0.10.1+git20230213.9cd68ff: * rtpav1pay: Fix calculation of Leb128 size size to work correctly with streams from certain encoders. - Changes from version 0.10.0: * Fixed: - audiornnoise: Use correct value range for the samples - awss3sink: Treat stopping without EOS as an error for multipart upload - awss3hlssink: . Fix the name of the hlssink child element . Fix deadlock on EOS - dav1d: Various fixes to improve performance, to handle decoding errors more gracefully and to make sure all frames are output in the end - fmp4mux: Various fixes to fragment splitting behaviour, output formatting and header generation - gtk4: Various stability and rendering fixes - meson: Various fixes and improvements to the meson-based build system - ndi: provide non-Linux/macOS UNIX fallback for the soname - ndisrc: Use default channel mask for audio output to allow >2 channels to work better - rav1e: Correctly enable threading support - rtpav1: Various fixes to the payloader and depayloader to handle streams more correctly and to handle errors more cleanly - rtpav1depay: Set caps on the source pad - spotify: fix "start a runtime from within a runtime" with static link - textahead: fix previous buffers - textwrap: Don't panic on empty buffers - tttocea608: Don't fail if a GAP event contains no duration - webrtchttp: whipsink: construct TURN URL correctly - webrtcsink: fix panic on pre-bwe request error - whipsink: . Send ICE candidates together with the offer . Various cleanups and minor fixes * Added: - audiornnoise: Add voice detection threshold property - awss3hlssink: Add stats property - awss3sink: Add properties to set Content-Type and Content-Disposition - fmp4mux: . Add 'offset-to-zero' property . Add support for CMAF-style chunking, e.g. low-latency / LL HLS and DASH - fmp4mux/mp4mux: . Add support for muxing Opus, VP8, VP9 and AV1 streams . Make media/track timescales configurable - gtk4: Support for rendering GL textures on X11/EGL, X11/GLX, Wayland and macOS - hlssink3: Allow generating i-frame-only playlist - livesync: New element that alllows maintaining a contiguous live stream without gaps from a potentially unstable source. - mp4mux: New non-fragmented MP4 muxer element - spotifyaudiosrc: Support configurable bitrate - textahead: add settings to display previous buffers - threadshare: Introduce new ts-audiotestsrc - webrtcsink: Support nvv4l2vp9enc - whepsource: Add a WebRTC WHEP source element * Changed: - audiofx: Derive from AudioFilter where possible - dav1ddec: Lower rank to primary to allow usage of hardware decoders with higher ranks - fmp4mux: Only push fragment_offset if write-mfra is true to reduce memory usage - webrtcsink: . Make the turn-server property a turn-servers list . Move from async-std to tokio ==== kernel-source ==== Version update (6.1.10 -> 6.1.12) - Linux 6.1.12 (bsc#1012628). - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions (bsc#1012628). - KVM: x86: Mitigate the cross-thread return address predictions bug (bsc#1012628). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (bsc#1012628). - drm/i915: Fix VBT DSI DVO port handling (bsc#1012628). - drm/i915: Initialize the obj flags for shmem objects (bsc#1012628). - drm/i915: Move fd_install after last use of fence (bsc#1012628). - drm/amd/display: fix cursor offset on rotation 180 (bsc#1012628). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1012628). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1012628). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (bsc#1012628). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1012628). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1012628). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1012628). - arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines (bsc#1012628). - Fix page corruption caused by racy check in __free_pages (bsc#1012628). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (bsc#1012628). - rtmutex: Ensure that the top waiter is always woken up (bsc#1012628). - tracing: Fix TASK_COMM_LEN in trace event format file (bsc#1012628). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1012628). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1012628). - riscv: kprobe: Fixup misaligned load text (bsc#1012628). - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte (bsc#1012628). - nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE (bsc#1012628). - ceph: flush cap releases when the session is flushed (bsc#1012628). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1012628). - pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group (bsc#1012628). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (bsc#1012628). - cxl/region: Fix passthrough-decoder detection (bsc#1012628). - cxl/region: Fix null pointer dereference for resetting decoder (bsc#1012628). - usb: typec: altmodes/displayport: Fix probe pin assign check (bsc#1012628). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (bsc#1012628). - btrfs: free device in btrfs_close_devices for a single device filesystem (bsc#1012628). - btrfs: simplify update of last_dir_index_offset when logging a directory (bsc#1012628). - selftests: mptcp: stop tests earlier (bsc#1012628). - selftests: mptcp: allow more slack for slow test-case (bsc#1012628). - mptcp: be careful on subflow status propagation on errors (bsc#1012628). - mptcp: do not wait for bare sockets' timeout (bsc#1012628). - net: USB: Fix wrong-direction WARNING in plusb.c (bsc#1012628). - cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1012628). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (bsc#1012628). - pinctrl: aspeed: Revert "Force to disable the function's signal" (bsc#1012628). - spi: dw: Fix wrong FIFO level setting for long xfers (bsc#1012628). - pinctrl: single: fix potential NULL dereference (bsc#1012628). - pinctrl: aspeed: Fix confusing types in return value (bsc#1012628). - pinctrl: mediatek: Fix the drive register definition of some Pins (bsc#1012628). - clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating formatted strings (bsc#1012628). - ASoC: topology: Return -ENOMEM on memory allocation failure (bsc#1012628). - ASoC: fsl_sai: fix getting version from VERID (bsc#1012628). - ASoC: tas5805m: add missing page switch (bsc#1012628). - ASoC: tas5805m: rework to avoid scheduling while atomic (bsc#1012628). - arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings (bsc#1012628). - riscv: stacktrace: Fix missing the first frame (bsc#1012628). - ALSA: pci: lx6464es: fix a debug loop (bsc#1012628). - arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a (bsc#1012628). ... changelog too long, skipping 478 lines ... - commit 82ff25b ==== mozilla-nss ==== Version update (3.86 -> 3.87) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.87 * bmo#1803226 - NULL password encoding incorrect * bmo#1804071 - Fix rng stub signature for fuzzing builds * bmo#1803595 - Updating the compiler parsing for build * bmo#1749030 - Modification of supported compilers * bmo#1774654 - tstclnt crashes when accessing gnutls server without a user cert in the database. * bmo#1751707 - Add configuration option to enable source-based coverage sanitizer * bmo#1751705 - Update ECCKiila generated files. * bmo#1730353 - Add support for the LoongArch 64-bit architecture * bmo#1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * bmo#1798823 - Additional zero-length RSA modulus checks - add man-pages to the tools package (boo#1208242) ==== mozjs102 ==== Version update (102.7.0 -> 102.8.0) - Update to version 102.8.0: + Various security fixes. + CVE-2023-25728: Content security policy leak in violation reports using iframes. + CVE-2023-25730: Screen hijack via browser fullscreen mode. + CVE-2023-25743: Fullscreen notification not shown in Firefox Focus. + CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS. + CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey. + CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry. + CVE-2023-25738: Printing on Windows could potentially crash Firefox with some device drivers. + CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. + CVE-2023-25729: Extensions could have opened external schemes without user knowledge. + CVE-2023-25732: Out of bounds memory write from EncodeInputStream. + CVE-2023-25734: Opening local .url files could cause unexpected network loads. + CVE-2023-25742: Web Crypto ImportKey crashes tab. + CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8. + CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8. ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Require distribution-logos-openSUSE-icons ==== tcl ==== - bsc#1203982, tcl-interp-limit-time.patch: Fix a y2k38 problem in [interp limit -time] . ==== thunar ==== Subpackages: libthunarx-3-0 thunar-lang - Explicitly require the newer libpcre2 instead of libpcre; this fixes boo#1208260 ==== util-linux ==== Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang - Remove requires for adjtimex, which and time: this where wrongly implemented split provides we don't need anymore. - Remove pam_lastlog, not Y2038 safe, will be removed upstream. Additional tools update the files themself. - Readd hwclock.8 manual page. - Move permissions pre-require to correct package. - Remove install_info_prereq, we have no info pages. - clean up spec file, tag all the %if-endif to make it easy to read the file and try to simplify a bit the if-endif logic grouping by core, systemd and python. ==== util-linux-systemd ==== - Remove requires for adjtimex, which and time: this where wrongly implemented split provides we don't need anymore. - Remove pam_lastlog, not Y2038 safe, will be removed upstream. Additional tools update the files themself. - Readd hwclock.8 manual page. - Move permissions pre-require to correct package. - Remove install_info_prereq, we have no info pages. - clean up spec file, tag all the %if-endif to make it easy to read the file and try to simplify a bit the if-endif logic grouping by core, systemd and python.