Packages changed:
clamav (0.103.7 -> 0.103.8)
dav1d (1.0.0 -> 1.1.0)
git (2.39.1 -> 2.39.2)
gnutls (3.7.8 -> 3.7.9)
grub2
gstreamer-plugins-rs (0.9.8+git20230124.d9e9468 -> 0.10.1+git20230213.9cd68ff)
kernel-source (6.1.10 -> 6.1.12)
mozilla-nss (3.86 -> 3.87)
mozjs102 (102.7.0 -> 102.8.0)
plasma5-openSUSE
tcl
thunar
util-linux
util-linux-systemd
=== Details ===
==== clamav ====
Version update (0.103.7 -> 0.103.8)
Subpackages: libclamav9 libfreshclam2
- Update to 0.103.8
* CVE-2023-20032: Fixed a possible remote code execution vulnerability
in the HFS+ file parser. Issue affects versions 1.0.0 and earlier,
0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208363)
* CVE-2023-20052: Fixed a possible remote information leak
vulnerability in the DMG file parser. Issue affects versions 1.0.0
and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
(bsc#1208365)
* Update vendored libmspack library to version 0.11alpha.
- Package huge .html documentation in a separate subpackage.
==== dav1d ====
Version update (1.0.0 -> 1.1.0)
- Update to version 1.1.0
* New function dav1d_get_frame_delay to query the decoder
frame delay
* Numerous fixes for strict conformity to the specs and samples
* NEON and AVX-512 misc fixes and improvements
* Partial AVX2 12bpc transform implementations
* AVX-512 high bit-depth cdef_filter, loopfilter, itx
* NEON z1/z3 optimization for 8bpc
* SSSE3 z1 optimization for 8bpc
==== git ====
Version update (2.39.1 -> 2.39.2)
Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git
- git 2.39.2:
* CVE-2023-22490: Using a specially-crafted repository, Git can
be tricked into using its local clone optimization even when
using a non-local transport boo#1208027
* CVE-2023-23946: a path outside the working tree can be
overwritten as the user who is running "git apply" boo#1208028
==== gnutls ====
Version update (3.7.8 -> 3.7.9)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-hmac
- Update to 3.7.9: [bsc#1208143, CVE-2023-0361]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361]
* Rebase gnutls-FIPS-140-3-references.patch
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen
- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to
handle the TPM2 responseCode correctly.
==== gstreamer-plugins-rs ====
Version update (0.9.8+git20230124.d9e9468 -> 0.10.1+git20230213.9cd68ff)
- Add BuildRequires: zstd so it build in SLE/Leap now that the
sources are compressed with zstd
- Update to version 0.10.1+git20230213.9cd68ff:
* rtpav1pay: Fix calculation of Leb128 size size to work
correctly with streams from certain encoders.
- Changes from version 0.10.0:
* Fixed:
- audiornnoise: Use correct value range for the samples
- awss3sink: Treat stopping without EOS as an error for
multipart upload
- awss3hlssink:
. Fix the name of the hlssink child element
. Fix deadlock on EOS
- dav1d: Various fixes to improve performance, to handle
decoding errors more gracefully and to make sure all frames
are output in the end
- fmp4mux: Various fixes to fragment splitting behaviour,
output formatting and header generation
- gtk4: Various stability and rendering fixes
- meson: Various fixes and improvements to the meson-based
build system
- ndi: provide non-Linux/macOS UNIX fallback for the soname
- ndisrc: Use default channel mask for audio output to allow >2
channels to work better
- rav1e: Correctly enable threading support
- rtpav1: Various fixes to the payloader and depayloader to
handle streams more correctly and to handle errors more
cleanly
- rtpav1depay: Set caps on the source pad
- spotify: fix "start a runtime from within a runtime" with
static link
- textahead: fix previous buffers
- textwrap: Don't panic on empty buffers
- tttocea608: Don't fail if a GAP event contains no duration
- webrtchttp: whipsink: construct TURN URL correctly
- webrtcsink: fix panic on pre-bwe request error
- whipsink:
. Send ICE candidates together with the offer
. Various cleanups and minor fixes
* Added:
- audiornnoise: Add voice detection threshold property
- awss3hlssink: Add stats property
- awss3sink: Add properties to set Content-Type and
Content-Disposition
- fmp4mux:
. Add 'offset-to-zero' property
. Add support for CMAF-style chunking, e.g. low-latency / LL
HLS and DASH
- fmp4mux/mp4mux:
. Add support for muxing Opus, VP8, VP9 and AV1 streams
. Make media/track timescales configurable
- gtk4: Support for rendering GL textures on X11/EGL, X11/GLX,
Wayland and macOS
- hlssink3: Allow generating i-frame-only playlist
- livesync: New element that alllows maintaining a contiguous
live stream without gaps from a potentially unstable source.
- mp4mux: New non-fragmented MP4 muxer element
- spotifyaudiosrc: Support configurable bitrate
- textahead: add settings to display previous buffers
- threadshare: Introduce new ts-audiotestsrc
- webrtcsink: Support nvv4l2vp9enc
- whepsource: Add a WebRTC WHEP source element
* Changed:
- audiofx: Derive from AudioFilter where possible
- dav1ddec: Lower rank to primary to allow usage of hardware
decoders with higher ranks
- fmp4mux: Only push fragment_offset if write-mfra is true to
reduce memory usage
- webrtcsink:
. Make the turn-server property a turn-servers list
. Move from async-std to tokio
==== kernel-source ====
Version update (6.1.10 -> 6.1.12)
- Linux 6.1.12 (bsc#1012628).
- Documentation/hw-vuln: Add documentation for Cross-Thread
Return Predictions (bsc#1012628).
- KVM: x86: Mitigate the cross-thread return address predictions
bug (bsc#1012628).
- x86/speculation: Identify processors vulnerable to SMT RSB
predictions (bsc#1012628).
- drm/i915: Fix VBT DSI DVO port handling (bsc#1012628).
- drm/i915: Initialize the obj flags for shmem objects
(bsc#1012628).
- drm/i915: Move fd_install after last use of fence (bsc#1012628).
- drm/amd/display: fix cursor offset on rotation 180
(bsc#1012628).
- drm/amd/display: properly handling AGP aperture in vm setup
(bsc#1012628).
- drm/amdgpu/smu: skip pptable init under sriov (bsc#1012628).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
init/fini (bsc#1012628).
- drm/amd/pm: bump SMU 13.0.7 driver_if header version
(bsc#1012628).
- drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1012628).
- drm/amd/pm: bump SMU 13.0.0 driver_if header version
(bsc#1012628).
- arm64: efi: Force the use of SetVirtualAddressMap() on eMAG
and Altra Max machines (bsc#1012628).
- Fix page corruption caused by racy check in __free_pages
(bsc#1012628).
- arm64: dts: meson-axg: Make mmc host controller interrupts
level-sensitive (bsc#1012628).
- arm64: dts: meson-g12-common: Make mmc host controller
interrupts level-sensitive (bsc#1012628).
- arm64: dts: meson-gx: Make mmc host controller interrupts
level-sensitive (bsc#1012628).
- rtmutex: Ensure that the top waiter is always woken up
(bsc#1012628).
- tracing: Fix TASK_COMM_LEN in trace event format file
(bsc#1012628).
- drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes
(bsc#1012628).
- powerpc/64s/interrupt: Fix interrupt exit race with security
mitigation switch (bsc#1012628).
- riscv: kprobe: Fixup misaligned load text (bsc#1012628).
- riscv: Fixup race condition on PG_dcache_clean in
flush_icache_pte (bsc#1012628).
- nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE
(bsc#1012628).
- ceph: flush cap releases when the session is flushed
(bsc#1012628).
- drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping
(bsc#1012628).
- pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group
(bsc#1012628).
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
(bsc#1012628).
- cxl/region: Fix passthrough-decoder detection (bsc#1012628).
- cxl/region: Fix null pointer dereference for resetting decoder
(bsc#1012628).
- usb: typec: altmodes/displayport: Fix probe pin assign check
(bsc#1012628).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
(bsc#1012628).
- btrfs: free device in btrfs_close_devices for a single device
filesystem (bsc#1012628).
- btrfs: simplify update of last_dir_index_offset when logging
a directory (bsc#1012628).
- selftests: mptcp: stop tests earlier (bsc#1012628).
- selftests: mptcp: allow more slack for slow test-case
(bsc#1012628).
- mptcp: be careful on subflow status propagation on errors
(bsc#1012628).
- mptcp: do not wait for bare sockets' timeout (bsc#1012628).
- net: USB: Fix wrong-direction WARNING in plusb.c (bsc#1012628).
- cifs: Fix use-after-free in rdata->read_into_pages()
(bsc#1012628).
- pinctrl: intel: Restore the pins that used to be in Direct
IRQ mode (bsc#1012628).
- pinctrl: aspeed: Revert "Force to disable the function's signal"
(bsc#1012628).
- spi: dw: Fix wrong FIFO level setting for long xfers
(bsc#1012628).
- pinctrl: single: fix potential NULL dereference (bsc#1012628).
- pinctrl: aspeed: Fix confusing types in return value
(bsc#1012628).
- pinctrl: mediatek: Fix the drive register definition of some
Pins (bsc#1012628).
- clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating
formatted strings (bsc#1012628).
- ASoC: topology: Return -ENOMEM on memory allocation failure
(bsc#1012628).
- ASoC: fsl_sai: fix getting version from VERID (bsc#1012628).
- ASoC: tas5805m: add missing page switch (bsc#1012628).
- ASoC: tas5805m: rework to avoid scheduling while atomic
(bsc#1012628).
- arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings
(bsc#1012628).
- riscv: stacktrace: Fix missing the first frame (bsc#1012628).
- ALSA: pci: lx6464es: fix a debug loop (bsc#1012628).
- arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on
rock-3a (bsc#1012628).
... changelog too long, skipping 478 lines ...
- commit 82ff25b
==== mozilla-nss ====
Version update (3.86 -> 3.87)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.87
* bmo#1803226 - NULL password encoding incorrect
* bmo#1804071 - Fix rng stub signature for fuzzing builds
* bmo#1803595 - Updating the compiler parsing for build
* bmo#1749030 - Modification of supported compilers
* bmo#1774654 - tstclnt crashes when accessing gnutls server
without a user cert in the database.
* bmo#1751707 - Add configuration option to enable source-based
coverage sanitizer
* bmo#1751705 - Update ECCKiila generated files.
* bmo#1730353 - Add support for the LoongArch 64-bit architecture
* bmo#1798823 - add checks for zero-length RSA modulus to avoid
memory errors and failed assertions later
* bmo#1798823 - Additional zero-length RSA modulus checks
- add man-pages to the tools package (boo#1208242)
==== mozjs102 ====
Version update (102.7.0 -> 102.8.0)
- Update to version 102.8.0:
+ Various security fixes.
+ CVE-2023-25728: Content security policy leak in violation
reports using iframes.
+ CVE-2023-25730: Screen hijack via browser fullscreen mode.
+ CVE-2023-25743: Fullscreen notification not shown in Firefox
Focus.
+ CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS.
+ CVE-2023-25735: Potential use-after-free from compartment
mismatch in SpiderMonkey.
+ CVE-2023-25737: Invalid downcast in
SVGUtils::SetupStrokeGeometry.
+ CVE-2023-25738: Printing on Windows could potentially crash
Firefox with some device drivers.
+ CVE-2023-25739: Use-after-free in
mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
+ CVE-2023-25729: Extensions could have opened external schemes
without user knowledge.
+ CVE-2023-25732: Out of bounds memory write from
EncodeInputStream.
+ CVE-2023-25734: Opening local .url files could cause unexpected
network loads.
+ CVE-2023-25742: Web Crypto ImportKey crashes tab.
+ CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and
Firefox ESR 102.8.
+ CVE-2023-25746: Memory safety bugs fixed in Firefox ESR 102.8.
==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE
- Require distribution-logos-openSUSE-icons
==== tcl ====
- bsc#1203982, tcl-interp-limit-time.patch: Fix a y2k38 problem
in [interp limit -time] .
==== thunar ====
Subpackages: libthunarx-3-0 thunar-lang
- Explicitly require the newer libpcre2 instead of libpcre; this
fixes boo#1208260
==== util-linux ====
Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang
- Remove requires for adjtimex, which and time: this where wrongly
implemented split provides we don't need anymore.
- Remove pam_lastlog, not Y2038 safe, will be removed upstream.
Additional tools update the files themself.
- Readd hwclock.8 manual page.
- Move permissions pre-require to correct package.
- Remove install_info_prereq, we have no info pages.
- clean up spec file, tag all the %if-endif to make it easy to read the file
and try to simplify a bit the if-endif logic grouping by core, systemd and
python.
==== util-linux-systemd ====
- Remove requires for adjtimex, which and time: this where wrongly
implemented split provides we don't need anymore.
- Remove pam_lastlog, not Y2038 safe, will be removed upstream.
Additional tools update the files themself.
- Readd hwclock.8 manual page.
- Move permissions pre-require to correct package.
- Remove install_info_prereq, we have no info pages.
- clean up spec file, tag all the %if-endif to make it easy to read the file
and try to simplify a bit the if-endif logic grouping by core, systemd and
python.