Packages changed: Mesa (23.1.4 -> 23.1.5) Mesa-drivers (23.1.4 -> 23.1.5) SDL2 (2.28.1 -> 2.28.2) cockpit (293 -> 296) cockpit-podman (70 -> 73) colord dracut (059+suse.476.g5e324584 -> 059+suse.488.g81715832) grub2 ibus-m17n (1.4.19 -> 1.4.20) installation-images-MicroOS (17.90 -> 17.91) libdnf (0.70.1 -> 0.70.2) openssl-3 (3.1.1 -> 3.1.2) openssl (3.1.1 -> 3.1.2) podman setools (4.4.2 -> 4.4.3) tar util-linux util-linux-systemd === Details === ==== Mesa ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== Mesa-drivers ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== SDL2 ==== Version update (2.28.1 -> 2.28.2) - Update to release 2.28.2 * Fixed 8BitDo gamepad mapping when in XInput mode on Linux * Fixed controller lockup initializing some unofficial PS4 replica controllers * Fixed video initialization on headless Linux systems using VNC ==== cockpit ==== Version update (293 -> 296) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 296: - https://cockpit-project.org/blog/cockpit-296.html - https://cockpit-project.org/blog/cockpit-295.html - https://cockpit-project.org/blog/cockpit-294.html - 0004-leap-gnu18-removal.patch: added support for Leap thanks to Lubos ==== cockpit-podman ==== Version update (70 -> 73) - New version 73. Changes since 70 include, * show time of container's latest checkpoint * Bug fixes and translation updates * Add manifest condition for the Python bridge - 1299.patch: included in release and deleted here ==== colord ==== Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2 - Reduce memory constraints for riscv64 ==== dracut ==== Version update (059+suse.476.g5e324584 -> 059+suse.488.g81715832) Subpackages: dracut-ima - Update to version 059+suse.488.g81715832: This is the 3rd backport of the most important fixes and features from the upstream master branch, while the release date of version 060 is still undefined. * fix(systemd-udevd): add missing override paths * fix(systemd-journald): add systemd-sysusers dependency * fix(base): correct handling of quiet in loginit * chore(suse): require gawk instead of awk * refactor(install): log about missing firmware only once * fix(integrity): do not require ls * fix(dracut-init.sh): `module_check` method ignores `forced` option * fix(man): add missing initrd-root-device.target to flow chart * fix(dracut-init.sh): use the local _ret variable * fix(dracut.sh): use gawk for strtonum * fix(man): remove duplicate entry ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch ==== ibus-m17n ==== Version update (1.4.19 -> 1.4.20) - Update to 1.4.20 * Reduce preedit flicker * Remove xml:lang="en" from the screenshot in appdata.xml * Use ibus_text_new_from_string (string) instead of ibus_text_new_from_static_string (string) in ibus_m17n_engine_commit_string() * Add missing g_free (buf) in ibus_m17n_mtext_to_utf8() ==== installation-images-MicroOS ==== Version update (17.90 -> 17.91) - merge gh#openSUSE/installation-images#652 - add reset-rzg2l-usbphy-ctrl module (bsc#1213805) - 17.91 ==== libdnf ==== Version update (0.70.1 -> 0.70.2) Subpackages: libdnf-repo-config-zypp libdnf2 - Update to 0.70.2: * Support "proxy=none" in main config (RhBug:2155713) * Fix #1558: Don't assume inclusion of cstdint * Disconnect monitors in dnf_repo_loader_finalize() (RhBug:2070153) ==== openssl-3 ==== Version update (3.1.1 -> 3.1.2) Subpackages: libopenssl3 - Update to 3.1.2: * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Do not ignore empty associated data entries with AES-SIV (bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. The fix changes the authentication tag value and the ciphertext for applications that use empty associated data entries with AES-SIV. To decrypt data encrypted with previous versions of OpenSSL the application has to skip calls to EVP_DecryptUpdate() for empty associated data entries. * When building with the enable-fips option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will not operate with truncated digests (FIPS 140-3 IG G.R). * Update openssl.keyring with the OTC members that sign releases * Remove openssl-z16-s390x.patch fixed upstream in https://github.com/openssl/openssl/pull/21284 * Remove security patches fixed upstream: - openssl-CVE-2023-2975.patch - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch ==== openssl ==== Version update (3.1.1 -> 3.1.2) - Update to 3.1.2 ==== podman ==== - Discard outdated README.SUSE.SLES - Recommend gvisor-tap-vsock, required for `podmand machine` ==== setools ==== Version update (4.4.2 -> 4.4.3) Subpackages: python311-setools setools-console - Update to version 4.4.3: * Fix compilation with Cython 3.0.0. * Improve man pages. * Remove neverallow options in sediff. * Add -r option to seinfoflow to get flows into the source type. * Reject a rule with no permissions as invalid policy. ==== tar ==== Subpackages: tar-lang tar-rmt - Run testsuite also on qemu build ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Disable last and lastb for ALP, too. ==== util-linux-systemd ==== - Disable last and lastb for ALP, too.