Packages changed: MicroOS-release (20241113 -> 20241114) gnome-session gnome-shell-extensions libgpg-error (1.50 -> 1.51) libsolv (0.7.30 -> 0.7.31) libssh2_org (1.11.0 -> 1.11.1) libzypp (17.35.12 -> 17.35.13) permissions (1699_20240522 -> 1699_20241029) plasma6-desktop plasma6-workspace qt6-tools rpm-config-SUSE (20240214 -> 20241031) sdbootutil (1+git20241107.6f81ff3 -> 1+git20241112.ecf5f97) ucode-intel (20241029 -> 20241112) webkit2gtk3 webkit2gtk4 zypper (1.14.77 -> 1.14.78) === Details === ==== MicroOS-release ==== Version update (20241113 -> 20241114) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-wayland - Move update-alternative post/postun scriptlets from the main package to the xsession sub-package (boo#1233299). - Drop gnome-session-default-session: this was there to also support the alternative fallback-session, but that one was dropped at the times of GNOME 3.8. ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common - Split out gnome-shell-classic-xsession sub-package. ==== libgpg-error ==== Version update (1.50 -> 1.51) - Update to 1.51: * Add GPGRT_PROCESS_ALLOW_SET_FG for gpgrt_process_spawn. [rEb79d4206f4] * Add new spawn function to modify the environment. [T7307] * Fix missing environ var for macOS and others. [T7169,T7307] * Fix forgotten _gpgrt_post_syscall on create pipe failure. [rEbcab96484d] * Let gpgrt_poll return an error for a closed fd. [rE4a3dc85f69] * Fix build error introduced by C-committee stupidity. [T7344] * Interface changes relative to the 1.50 release: - _gpg_w32_gettext_use_utf8 EXTN (new value 2). - gpgrt_spawn_actions_set_env_rev NEW. - GPGRT_PROCESS_ALLOW_SET_FG NEW. * Release-info: https://dev.gnupg.org/T7164 * Rebase libgpg-error-nobetasuffix.patch ==== libsolv ==== Version update (0.7.30 -> 0.7.31) - fix replaces_installed_package using the wrong solvable id when checking the noupdate map - make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - add rpm_query_idarray query function - support rpm's "orderwithrequires" dependency - bump version to 0.7.31 ==== libssh2_org ==== Version update (1.11.0 -> 1.11.1) - Update to 1.11.1: * build: enable '-pedantic-errors' * build: add 'LIBSSH2_NO_DEPRECATED' option * build: stop requiring libssl from openssl * disable DSA by default * hostkey: do not advertise ssh-rsa when SHA1 is disabled * kex: prevent possible double free of hostkey * kex: always check for null pointers before calling _libssh2_bn_set_word * kex: fix a memory leak in key exchange * kex: always add extension indicators to kex_algorithms * md5: allow disabling old-style encrypted private keys at build-time * openssl: free allocated resources when using openssl3 * openssl: fix memory leaks in '_libssh2_ecdsa_curve_name_with_octal_new' and '_libssh2_ecdsa_verify' * openssl: fix calculating DSA public key with OpenSSL 3 * openssl: initialize BIGNUMs to NULL in 'gen_publickey_from_dsa' for OpenSSL 3 * openssl: fix cppcheck found NULL dereferences * openssl: delete internal 'read_openssh_private_key_from_memory()' * openssl: use OpenSSL 3 HMAC API, add 'no-deprecated' CI job * openssl: make a function static, add '#ifdef' comments * openssl: fix DSA code to use OpenSSL 3 API * openssl: fix 'EC_KEY' reference with OpenSSL 3 'no-deprecated' build * openssl: use non-deprecated APIs with OpenSSL 3.x * openssl: silence '-Wunused-value' warnings * openssl: add missing check for 'LIBRESSL_VERSION_NUMBER' before use * packet: properly bounds check packet_authagent_open() * pem: fix private keys encrypted with AES-GCM methods * reuse: provide SPDX identifiers * scp: fix missing cast for targets without large file support * session: support server banners up to 8192 bytes * session: add 'libssh2_session_callback_set2()' * session: handle EINTR from send/recv/poll/select to try again as the error is not fatal * sftp: increase SFTP_HANDLE_MAXLEN back to 4092 * sftp: implement posix-rename@openssh.com * src: implement chacha20-poly1305@openssh.com * src: check the return value from '_libssh2_bn_*()' functions * src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) * src: check hash update/final success * src: check hash init success * src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * transport: fix unstable connections over non-blocking sockets * transport: check ETM on remote end when receiving * transport: fix incorrect byte offset in debug message * userauth: avoid oob with huge interactive kbd response * userauth: add a new structure to separate memory read and file read * userauth: check whether '*key_method' is a NULL pointer instead of 'key_method' * Rebase libssh2-ocloexec.patch * Remove patches fixed upstream: - libssh2_org-CVE-2023-48795.patch - libssh2_org-CVE-2023-48795-ext.patch - libssh2_org-ETM-remote.patch ==== libzypp ==== Version update (17.35.12 -> 17.35.13) - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - version 17.35.13 (35) ==== permissions ==== Version update (1699_20240522 -> 1699_20241029) Subpackages: permctl permissions-config - Update to version 1699_20241029: * Add RPM macros; moved from rpm-config-SUSE * package RPM macros together with permctl, to avoid having to setup an extra sub-package. ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier - Replace plasma6-framework-components 'Requires' with libplasma6-components ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-workspace-libs - Replace '%requires_ge plasma6-desktop' with 'Requires: plasma6-desktop' ==== qt6-tools ==== Subpackages: libQt6UiTools6 qt6-tools-qdbus - Reintroduce proper %requires_eq on libclang, it's needed to ensure that qdoc pulls in a libclang suitable for the used libclang-cpp. ==== rpm-config-SUSE ==== Version update (20240214 -> 20241031) - Update to version 20241031: * Merge in changes that already happened in the package - Update to version 20241031: * Drop {set,verify}_permissions macros * Strip the explicit /bin/bash dependency for ksym macros * locale.prov: handle glibc-locale-base (boo#1221250) * lang_package: Add 'basename' option * %requires_eq|ge(): Report error if package version cannot be determined ==== sdbootutil ==== Version update (1+git20241107.6f81ff3 -> 1+git20241112.ecf5f97) Subpackages: sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20241112.ecf5f97: * Move enrollment from disk-encryption-tool * Use [/usr]/etc/default/fde-tools as config file ==== ucode-intel ==== Version update (20241029 -> 20241112) - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. Security updates for [INTEL-SA-01101](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html) - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. Security updates for [INTEL-SA-01079](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html) - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. Security updates for [INTEL-SA-01079](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html) - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. Updated security updates for [INTEL-SA-01097](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access Updated security updates for [INTEL-SA-01103](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html) - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [14th/13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [5th Gen Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/793902) for details. - Update for functional issues. Refer to [4th Gen Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon D-1700 and D-1800 Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714069) for details New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Coreā„¢ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3 ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch: Fix aspect ratio in videos with gststreamer-1.24.9. ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Add 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch: Fix aspect ratio in videos with gststreamer-1.24.9. ==== zypper ==== Version update (1.14.77 -> 1.14.78) Subpackages: zypper-needs-restarting - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) - man: Update 'search' command description. Hint to "se -v" showing the matches within the packages metadata. Explain that search strings starting with a "/" will implicitly look into the filelist as well. Otherfise an explicit "-f" is needed. - version 1.14.78