Packages changed: accountsservice kernel-firmware kernel-source (6.4.8 -> 6.4.9) libreoffice-share-linker lsb-release pentaho-libxml (1.1.3 -> 1.1.6) procmail (3.22 -> 3.24) python-certifi (2023.5.7 -> 2023.7.22) qemu (8.0.3 -> 8.0.4) tracker-miners wtmpdb (0.7.1 -> 0.8.0) zxing-cpp === Details === ==== accountsservice ==== Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 - Rebase as-fate318433-prevent-same-account-multi-logins.patch: (bsc#1213884). ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569) amd-ucode-CVE-2023-20569.patch ==== kernel-source ==== Version update (6.4.8 -> 6.4.9) - Linux 6.4.9 (bsc#1012628). - Update config files. Set: * CONFIG_GDS_FORCE_MITIGATION=n * CONFIG_CPU_SRSO=y as per default. - x86: fix backwards merge of GDS/SRSO bit (bsc#1012628). - xen/netback: Fix buffer overrun triggered by unusual packet (bsc#1012628). - x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1012628). - x86/srso: Add a forgotten NOENDBR annotation (bsc#1012628). - x86/srso: Fix return thunks in generated code (bsc#1012628). - x86/srso: Add IBPB on VMEXIT (bsc#1012628). - x86/srso: Add IBPB (bsc#1012628). - x86/srso: Add SRSO_NO support (bsc#1012628). - x86/srso: Add IBPB_BRTYPE support (bsc#1012628). - x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1012628 bsc#1213287 CVE-2023-20569). - x86/bugs: Increase the x86 bugs vector size to two u32s (bsc#1012628). - Documentation/x86: Fix backwards on/off logic about YMM support (bsc#1012628). - x86/xen: Fix secondary processors' FPU initialization (bsc#1012628). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (bsc#1012628). - KVM: Add GDS_NO support to KVM (bsc#1012628). - x86/speculation: Add Kconfig option for GDS (bsc#1012628). - x86/speculation: Add force option to GDS mitigation (bsc#1012628). - x86/speculation: Add Gather Data Sampling mitigation (bsc#1012628 bsc#1206418 CVE-2022-40982). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1012628). - x86/fpu: Mark init functions __init (bsc#1012628). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1012628). - x86/init: Initialize signal frame size late (bsc#1012628). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1012628). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1012628). - init: Remove check_bugs() leftovers (bsc#1012628). - um/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - sparc/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - sh/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - mips/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - m68k/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - loongarch/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - ia64/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - init: Provide arch_cpu_finalize_init() (bsc#1012628). - commit 5b9ad20 - tpm/tpm_tis: Disable interrupts for Lenovo Thinkpad E14 Gen 2 and 13s-IML (bsc#1213779). - commit c4adffc - drm/amd/display: Fix a regression on Polaris cards (bsc#1212874). - commit 9764e05 - rpm/config.sh: remove IBS repos completely The commit 21cafd1f (rpm/config.sh: switch to openSUSE.org repos for IBS) duplicated the OBS repos in openSUSE.org: space. But this is done automatically in MyBS.pm. So drop all of them instead of duplicating. - commit 294d541 - rpm/config.sh: switch to openSUSE.org repos for IBS SUSE:Factory:HEAD is currently (and often) broken. Switch to openSUSE.org: repositories. They are up-to-date and provide the same archs plus armv6. - commit 21cafd1 ==== libreoffice-share-linker ==== - Do not format using f-strings, since it is python 3.6+ feature and SLE12-SP5 has python 3.4 ==== lsb-release ==== - add util-linux dependency for getopt to avoid: /usr/bin/lsb_release: line 123: getopt: command not found ==== pentaho-libxml ==== Version update (1.1.3 -> 1.1.6) - Update to upstream version 1.1.6. * no structured changelog available starting from 2008 - Rebased and updated patches: * libxml-1.1.2-build.patch -> pentaho-libxml-1.1.6-build.patch * pentaho-libxml-1.1.3-sourcetarget.patch -> pentaho-libxml-1.1.6-sourcetarget.patch ==== procmail ==== Version update (3.22 -> 3.24) - Update to procmail 3.24 (New Upstream) - Don't coredump in comsat code if interrupted early - Correctly handle COMSAT=on - Once used, the 'H' and 'r' flags would never be cleared - Fix possible buffer overflow in variable-capture actions - Fix up the parsing of variable-capture actions - LMTP code assumed sizeof(long)==sizeof(int) - SHELL is now always preset to /bin/sh. USER_SHELL contains the shell from the user's passwd entry - When HOST is mismatched, reset it for the next rcfile - Always read in a new, global rcfile (/etc/procmail.conf) to allow runtime configuration of variables like DEFAULT. This rcfile cannot deliver or filter messages - Mismatched HOST in /etc/procmailrc didn't discard the message - backquote expansion in a condition disabled header concatenation for that condition - LMTP didn't correctly handle quoted localparts - Removed SIZE extension from LMTP (unsupportable semantics) - Don't coredump if unable to exec /bin/sh - Enable "+detail" processing in LMTP mode by passing the delimiter (e.g., "+") as an optional argument after -z - In LMTP mode, save the domain of the recipient in PROCMAIL_DOMAIN - Set PROCMAIL_MODE to one of "d", "m", "z", or "" to reflect the mode option it was invoked with, if any - Fixed all bugs collected by Debian and others during the past 21 years. See the git commit history for detailed descriptions. - Port patches * procmail-3.22-autoconf.dif * procmail-3.22-headerconcat.dif * procmail-3.22-ipv6.patch * procmail-3.22-mailstat.patch * procmail-3.22-owl-truncate.dif * procmail-3.22.dif * procmail-cflags.dif - Remove former Debian and SUSE patches from procmail-3.22-patches.tar.bz2 * 04 * 06 * 10 * 11 * 12 * 13 * 14 * 15 * 16 * 17 * 18 * 19 * 22 * 23 * 24 * 25 * 26 * 27 * 28 * 29 * 30 - Collect and port our patches from old procmail-3.22-patches.tar.bz2 into new procmail-3.24-patches.tar.bz2 * 01 * 02 * 03 * 05 * 07 * 08 * 09 * 20 * 21 ==== python-certifi ==== Version update (2023.5.7 -> 2023.7.22) - update to 2023.7.22: Added certs: [#] CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited [#] CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited [#] CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation [#] CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation [#] CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos [#] CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos Removed certs: [#] CN=Hongkong Post Root CA 1 O=Hongkong Post [#] CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi [#] CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center [#] CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center ==== qemu ==== Version update (8.0.3 -> 8.0.4) Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - perl-Text-Markdown is not available in all distros and for all arch-es. Use discount instead - Patches added: * [openSUSE][spec] Use discount instead of perl-Text-Markdown - Update to version 8.0.4: * Official changelog not released on the mailing list yet * Security issues fixed: - bsc#1212850 (CVE-2023-3354) - bsc#1213001 (CVE-2023-3255) - bsc#1213925 (CVE-2023-3180) - bsc#1207205 (CVE-2023-0330) ==== tracker-miners ==== Subpackages: tracker-miner-files tracker-miners-lang -Rebase patch: tracker-miners-drop-syscalls-in-seccomp.patch. ==== wtmpdb ==== Version update (0.7.1 -> 0.8.0) Subpackages: libwtmpdb0 - Update to version 0.8.0 - wtmpdb boottime: print boot time ==== zxing-cpp ==== - Restore support for building on SLE12 - Build with gcc7-c++ or gcc-c++ >= 7 because of C++17 requirements - Added patch: * cmake.patch + allow building with cmake 3.5 on SLE12SP5