Packages changed: efivar grub2 gzip kernel-source (6.5.8 -> 6.5.9) libksba libstorage-ng (4.5.151 -> 4.5.154) libzypp (17.31.22 -> 17.31.23) open-iscsi openssl-3 (3.1.3 -> 3.1.4) openssl (3.1.3 -> 3.1.4) patterns-base suse-module-tools (16.0.36 -> 16.0.37) wtmpdb (0.9.2 -> 0.9.3) === Details === ==== efivar ==== - We don’t mandoc at all after all (gh#rhboot/efivar#229 and gh#rhboot/efivar#253). ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix a potential error when appending multiple keys into the synthesized initrd * Fix-the-size-calculation-for-the-synthesized-initrd.patch - Fix Xen chainloding error of no matching file path found (bsc#1216081) * grub2-efi-chainload-harder.patch - Use grub-tpm2 token to unlock keyslots to make the unsealing process more efficient and secure. * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch ==== gzip ==== - Fix s390x build with 'gcc -Dalignas=_Alignas' bug#66709 ==== kernel-source ==== Version update (6.5.8 -> 6.5.9) - Linux 6.5.9 (bsc#1012628). - Bluetooth: hci_event: Ignore NULL link key (bsc#1012628). - Bluetooth: Reject connection with the device which has same BD_ADDR (bsc#1012628). - Bluetooth: Fix a refcnt underflow problem for hci_conn (bsc#1012628). - Bluetooth: vhci: Fix race when opening vhci device (bsc#1012628). - Bluetooth: hci_event: Fix coding style (bsc#1012628). - Bluetooth: avoid memcmp() out of bounds warning (bsc#1012628). - Bluetooth: hci_conn: Fix modifying handle while aborting (bsc#1012628). - ice: fix over-shifted variable (bsc#1012628). - ice: Fix safe mode when DDP is missing (bsc#1012628). - ice: reset first in crash dump kernels (bsc#1012628). - net/smc: return the right falback reason when prefix checks fail (bsc#1012628). - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1012628). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (bsc#1012628). - regmap: fix NULL deref on lookup (bsc#1012628). - KVM: x86: Mask LVTPC when handling a PMI (bsc#1012628). - x86/sev: Disable MMIO emulation from user mode (bsc#1012628). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1012628). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1012628). - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (bsc#1012628). - KVM: x86/pmu: Truncate counter value to allowed width on write (bsc#1012628). - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (bsc#1012628). - x86: KVM: SVM: always update the x2avic msr interception (bsc#1012628). - x86: KVM: SVM: add support for Invalid IPI Vector interception (bsc#1012628). - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (bsc#1012628). - audit,io_uring: io_uring openat triggers audit reference count underflow (bsc#1012628). - tcp: check mptcp-level constraints for backlog coalescing (bsc#1012628). - mptcp: more conservative check for zero probes (bsc#1012628). - selftests: mptcp: join: no RST when rm subflow/addr (bsc#1012628). - mm: slab: Do not create kmalloc caches smaller than arch_slab_minalign() (bsc#1012628). - fs/ntfs3: Fix OOB read in ntfs_init_from_boot (bsc#1012628). - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e() (bsc#1012628). - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea() (bsc#1012628). - fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super (bsc#1012628). - fs/ntfs3: fix deadlock in mark_as_free_ex (bsc#1012628). - Revert "net: wwan: iosm: enable runtime pm support for 7560" (bsc#1012628). - netfilter: nft_payload: fix wrong mac header matching (bsc#1012628). - io_uring: fix crash with IORING_SETUP_NO_MMAP and invalid SQ ring address (bsc#1012628). - nvmet-tcp: Fix a possible UAF in queue intialization setup (bsc#1012628). - drm/i915: Retry gtt fault when out of fence registers (bsc#1012628). - drm/mediatek: Correctly free sg_table in gem prime vmap (bsc#1012628). - drm/nouveau/disp: fix DP capable DSM connectors (bsc#1012628). - drm/edid: add 8 bpc quirk to the BenQ GW2765 (bsc#1012628). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (bsc#1012628). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (bsc#1012628). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (bsc#1012628). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (bsc#1012628). - ASoC: codecs: wcd938x: drop bogus bind error handling (bsc#1012628). - ASoC: codecs: wcd938x: fix unbind tear down order (bsc#1012628). - ASoC: codecs: wcd938x: fix resource leaks on bind errors (bsc#1012628). - ASoC: codecs: wcd938x: fix regulator leaks on probe errors (bsc#1012628). - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove (bsc#1012628). - qed: fix LL2 RX buffer allocation (bsc#1012628). - xfrm: fix a data-race in xfrm_lookup_with_ifid() (bsc#1012628). - xfrm6: fix inet6_dev refcount underflow problem (bsc#1012628). - xfrm: fix a data-race in xfrm_gen_index() (bsc#1012628). - xfrm: interface: use DEV_STATS_INC() (bsc#1012628). - net: xfrm: skip policies marked as dead while reinserting policies (bsc#1012628). - fprobe: Fix to ensure the number of active retprobes is not zero (bsc#1012628). - wifi: cfg80211: use system_unbound_wq for wiphy work ... changelog too long, skipping 321 lines ... - commit 06d7c82 ==== libksba ==== - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Run autoreconf for the added patch and add the build dependecies on autoconf, automake and libtool. * Add libksba-nobetasuffix.patch [bsc#1216334] ==== libstorage-ng ==== Version update (4.5.151 -> 4.5.154) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#962 - improved error reporting in SystemCmd - 4.5.154 - merge gh#openSUSE/libstorage-ng#961 - added testcase - 4.5.153 - merge gh#openSUSE/libstorage-ng#960 - make more use of new SystemCmd interface - added const - 4.5.152 - merge gh#openSUSE/libstorage-ng#959 - removed unused function - merge gh#openSUSE/libstorage-ng#958 - make more use of new SystemCmd interface - prefer make_unique over new - fixed compound action generation for removing btrfs qgroup relations ==== libzypp ==== Version update (17.31.22 -> 17.31.23) - Stop using boost version 1 timer library (fixes #489, bsc#1215294) - version 17.31.23 (22) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Updated to latest upstream, which includes (bsc#1210514): * several fixes to harden iscsiuio, which updates its version number to 0.7.8.8, including: - logging now uses syslog - shutdown now waits for helper threads to complete - netlink socket cleanup * some minor bug fixes, some helping builds on musl This updates open-iscsi-SUSE-latest.diff.bz2 ==== openssl-3 ==== Version update (3.1.3 -> 3.1.4) Subpackages: libopenssl3 - Update to 3.1.4: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length [bsc#1216163, CVE-2023-5363]. - Performance enhancements for cryptography from OpenSSL 3.2 [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - FIPS: Add the FIPS_mode() compatibility macro and flag support. * Add patches: - openssl-Add-FIPS_mode-compatibility-macro.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch ==== openssl ==== Version update (3.1.3 -> 3.1.4) - Update to 3.1.4 ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Do not recommend yast stuff in x11 pattern. That's what the yast patterns are for ==== suse-module-tools ==== Version update (16.0.36 -> 16.0.37) Subpackages: suse-module-tools-scriptlets * weak-modules2: ignore INITRD_MODULES (jsc#PED-1915), obtain list of modules from dracut.conf.d instead ==== wtmpdb ==== Version update (0.9.2 -> 0.9.3) Subpackages: libwtmpdb0 - Update to version 0.9.3 - wtmpdb last: don't print date in the future if there is no db entry