Packages changed: dnsmasq firewalld gawk gnutls hwdata (0.369 -> 0.370) inxi (3.3.23 -> 3.3.27) kernel-source (6.3.1 -> 6.3.2) libcontainers-common libnettle (3.8.1 -> 3.9) libpng16 libstorage-ng (4.5.103 -> 4.5.105) setxkbmap (1.3.3 -> 1.3.4) sysvinit (3.00 -> 3.07) texlive tnftp (20210827 -> 20230507) ucode-intel (20230214 -> 20230512) yast2-installation (4.6.2 -> 4.6.3) yast2-pkg-bindings (4.6.1 -> 4.6.2) yast2-services-manager (4.6.0 -> 4.6.1) === Details === ==== dnsmasq ==== - Correct rundir from /var/run to /run for pid file ==== firewalld ==== Subpackages: firewalld-bash-completion firewalld-lang python3-firewall - Add firewalld-runstatedir.patch: change pid file location from /var/run to /run ==== gawk ==== - enable profiling ==== gnutls ==== - Disable GNULIB's year2038 also for 32-bit arm - boo#1211394 ==== hwdata ==== Version update (0.369 -> 0.370) - update to 0.370: * Update pci, usb and vendor ids ==== inxi ==== Version update (3.3.23 -> 3.3.27) - Update to version 3.3.27: + /usr/share/doc/packages/inxi/inxi.changelog. ==== kernel-source ==== Version update (6.3.1 -> 6.3.2) - Linux 6.3.2 (bsc#1012628). - netfilter: nf_tables: deactivate anonymous set from preparation phase (bsc#1012628). - arch_topology: Remove early cacheinfo error message if -ENOENT (bsc#1012628). - debugobject: Ensure pool refill (again) (bsc#1012628). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1012628). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1012628). - cifs: fix potential race when tree connecting ipc (bsc#1012628). - cifs: fix sharing of DFS connections (bsc#1012628). - cifs: protect session status check in smb2_reconnect() (bsc#1012628). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1012628). - io_uring/rsrc: check for nonconsecutive pages (bsc#1012628). - perf intel-pt: Fix CYC timestamps after standalone CBR (bsc#1012628). - perf auxtrace: Fix address filter entire kernel size (bsc#1012628). - dm: don't lock fs when the map is NULL in process of resume (bsc#1012628). - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1012628). - dm flakey: fix a crash with invalid table line (bsc#1012628). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (bsc#1012628). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (bsc#1012628). - dm verity: fix error handling for check_at_most_once on FEC (bsc#1012628). - vhost_vdpa: fix unmap process in no-batch mode (bsc#1012628). - mm/hugetlb: fix uffd-wp during fork() (bsc#1012628). - mm/mempolicy: correctly update prev when policy is equal on mbind (bsc#1012628). - ia64: fix an addr to taddr in huge_pte_offset() (bsc#1012628). - s390/dasd: fix hanging blockdevice after request requeue (bsc#1012628). - btrfs: scrub: reject unsupported scrub flags (bsc#1012628). - scripts/gdb: fix lx-timerlist for Python3 (bsc#1012628). - afs: Avoid endless loop if file is larger than expected (bsc#1012628). - afs: Fix getattr to report server i_size on dirs, not local size (bsc#1012628). - afs: Fix updating of i_size with dv jump from server (bsc#1012628). - PM: hibernate: Do not get block device exclusively in test_resume mode (bsc#1012628). - PM: hibernate: Turn snapshot_test into global variable (bsc#1012628). - ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini (bsc#1012628). - hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id() (bsc#1012628). - hte: tegra: fix 'struct of_device_id' build error (bsc#1012628). - mfd: arizona-spi: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - mfd: ocelot-spi: Fix unsupported bulk read (bsc#1012628). - mfd: tqmx86: Correct board names for TQMxE39x (bsc#1012628). - mfd: tqmx86: Specify IO port register range more precisely (bsc#1012628). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (bsc#1012628). - thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe (bsc#1012628). - pinctrl-bcm2835.c: fix race condition when setting gpio dir (bsc#1012628). - dmaengine: at_xdmac: do not enable all cyclic channels (bsc#1012628). - dmaengine: at_xdmac: restore the content of grws register (bsc#1012628). - dmaengine: at_xdmac: do not resume channels paused by consumers (bsc#1012628). - dmaengine: at_xdmac: fix imbalanced runtime PM reference counter (bsc#1012628). - dmaengine: at_xdmac: disable/enable clock directly on suspend/resume (bsc#1012628). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (bsc#1012628). - dmaengine: dw-edma: Fix to change for continuous transfer (bsc#1012628). - dma: gpi: remove spurious unlock in gpi_ch_init (bsc#1012628). - phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select() (bsc#1012628). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (bsc#1012628). - soundwire: intel: don't save hw_params for use in prepare (bsc#1012628). - pwm: mtk-disp: Configure double buffering before reading in .get_state() (bsc#1012628). - pwm: mtk-disp: Disable shadow registers before setting backlight values (bsc#1012628). - leds: tca6507: Fix error handling of using fwnode_property_read_string (bsc#1012628). - dmaengine: mv_xor_v2: Fix an error code (bsc#1012628). - pinctrl: ralink: reintroduce ralink,rt2880-pinmux compatible string (bsc#1012628). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (bsc#1012628). ... changelog too long, skipping 1100 lines ... - commit 26ec1ca ==== libcontainers-common ==== - Introduce new subpackage that adds SLE-specific mounts only on SLE systems (if sles-release) hence avoiding superfluous warnings on non-SLE systems while running podman commands. (bsc#1211124) ==== libnettle ==== Version update (3.8.1 -> 3.9) Subpackages: libhogweed6 libnettle8 - update to 3.9 * rewrite of the C and plain x86_64 assembly implementations of GHASH to use precomputed tables in a different way, with tables always accessed in the same sequential manner. This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms without carry- less mul instructions. E.g., benchmarks of the C implementation on x86_64 showed a slowdown of 3 times. * Fix bug in ecdsa and gostdsa signature verify operation, for the unlikely corner case that point addition really is point duplication. * Fix for chacha on Power7, nettle's assembly used an instruction only available on later processors * Add support for the SM4 block cipher * Add support for the Balloon password hash * Add support for SIV-GCM authenticated encryption mode * Add support for OCB authenticated encryption mode. * New exported functions md5_compress, sha1_compress, sha256_compress, sha512_compress * multiple performance optimizations * Delete all arcfour assembly code. Affects 32-bit x86, 32-bit and 64-bit sparc ==== libpng16 ==== - do not use NEON instructions [bsc#1211176] ==== libstorage-ng ==== Version update (4.5.103 -> 4.5.105) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#931 - added test programs for nvme list and list-subsys - 4.5.105 - merge gh#openSUSE/libstorage-ng#930 - avoid to handle some fstab entries twice - 4.5.104 ==== setxkbmap ==== Version update (1.3.3 -> 1.3.4) - Update to version 1.3.4 * gitlab CI: stop requiring Signed-off-by in commits * Be more careful about querying randr * Fix "Xwayland" spelling * Check for the XWAYLAND extension * Route the Xwayland warning through stderr ==== sysvinit ==== Version update (3.00 -> 3.07) - Update to sysvinit 3.07 * Fixed killall5 so that processes in the omit list are not sent any signals, including SIGSTOP. * Fixed usage message for killall5 to be more accurate. * pidof was not returning PIDs of programs which were launched using a symbolic link. (ie /tmp/sleep when /tmp/sleep links to /usr/bin/sleep). This is now fixed as we check both the realpath and symbolic path for processes. In other words, "pidof /tmp/sleep" and "pidof /usr/bin/sleep" will return the same PIDs when /tmp/sleep is a symbolic link to /usr/bin/sleep. * Fixed memory initialization error in pidof. Fix provided by Markus Fischer. * Accepted patch from Mark Hindley which avoids clearing realpath information in pidof when trying to find matching executables. * Mark Hindley fixed typo in es.po * Mark Hindley cleaned up translation code in src/Makefile. * Drop sulogin from Debian build. Removed libcrypt-dev dependency. * Fixed pt translation pages which were failing due to mis-matched open/close tags. * Makefile now respects ROOT prefix when setting up pidof-to-killall5 symbolic link. * Removed redundant translation files from man directory. * Makefile now respects DESTDIR. User can specify either ROOT= or DESTDIR= to set install prefix. * Helge Kreutzmann provided updated Makefile for translation of manual pages. This has been added to the man directory. * Added sys/sysmacros.h include in mountpoint.c to fix compiler errors on systems where major/minor macros were not defined. * Applied patches from Mark Hindley to clean up man page Makefile, translations and installs of new man pages. * Remove reliance on linux/fs.h as it conflicts with glibc 2.36. Patch provided by lucascars. * Mark Hindley supplied patch to make bootlogd compile on GNU Hurd systems. Was missing major/minor macro. * Fixed formatting in init.8 man page. Patch provided by Mark Hindley. * Added q and Q flags to synopsis in shutdown manual page. * Applied fixes for markup and spacing in manual pages. Patch provided by Mario Blattermann. * Added translation framework (po4a) from Mario Blttermann. * Added Makefile for man/ directory. Will handle translations and substitutions. * Applied new translations for multiple languages from Mario Blattermann. * Added ability to use "@" symbol in command named in the inittab file. This treats commands as literal and does not launch a shell to interpret them. * Updated inittab manual page to include overview of symbols which trigger a shell interpretor and how to disable them using the @ symbol. * Introduced change which adds error checking in bootlogd when performing chdir(). - Provided by Alexander Vickberg * Add check for console using TIOCGDEV on Linux systems in bootlogd to make finding console more robust. - Provided by Alexander Vickberg * Default to showing processes in the uninterruptable state (D). The -z flag no longer affects whether processes in D state are shown. The -z flag does still toggle whether zombie (Z) processes are shown. * Removed unnecessary check which is always true from init tab parsing. - Port patches * sysvinit-2.88dsf-suse.patch * sysvinit-2.90-no-kill.patch * sysvinit-2.90.dif - Add keyring as well as signature for source tar ball of sysvinit ==== texlive ==== - Add patch source-luatex.dif * Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code execution in LuaTeX ==== tnftp ==== Version update (20210827 -> 20230507) - Update to version 20230507 * Add timeout for SSL connection setup, defaulting to 60 seconds. * Consistently use poll(2) instead of select(2). * Check EAGAIN as well as EINTR. * Simplify includes. - Update to version 20230409 * Add option sslnoverify to control validation of SSL certificates. * Add netrc processing to fetch-mode (URL on command line) to enable options and autologin via netrc. * Fix SSL cleanup in some error paths. * Support SSL certificate validation by default. FTPSSLNOVERIFY=1 in the environment to disable validation. * Handle relative URLs. * Improve ftp(1) markup. * Fix -? in a more portable manner. ==== ucode-intel ==== Version update (20230214 -> 20230512) - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ==== yast2-installation ==== Version update (4.6.2 -> 4.6.3) - Use a larger font for xterm during installation via X resources (bsc#1211267) Details: https://github.com/yast/yast-installation/pull/1085 4.6.3 ==== yast2-pkg-bindings ==== Version update (4.6.1 -> 4.6.2) - Dropped the *-devel-doc subpackage (related to bsc#1211319) - 4.6.2 ==== yast2-services-manager ==== Version update (4.6.0 -> 4.6.1) - Improved help text for services table (bsc#1211320) - 4.6.1