Packages changed: SDL2 (2.30.7 -> 2.30.8) apparmor (4.0.2 -> 4.0.3) autoyast2 (5.0.2 -> 5.0.3) branding-openSUSE glibc grub2 libapparmor (4.0.2 -> 4.0.3) libarchive (3.7.4 -> 3.7.6) mozjs115 openSUSE-release (20241001 -> 20241002) opensc python-PyYAML (6.0.1 -> 6.0.2) systemd-presets-common-SUSE virtualbox virtualbox-kmp yast2 (5.0.9 -> 5.0.10) yast2-iscsi-client (5.0.2 -> 5.0.3) yast2-security (5.0.1 -> 5.0.2) yast2-users (5.0.2 -> 5.0.3) === Details === ==== SDL2 ==== Version update (2.30.7 -> 2.30.8) - Update to release 2.30.8 * Fixed a crash in XInput code at startup * Fixed flooding the OS with I/O when a PS4/PS5 controller is disconnected * Added SDL_VIDEO_DOUBLE_BUFFER support to the Wayland backend * SDL_WINDOWEVENT_EXPOSED is sent appropriately when using Wayland * Fixed hang at startup in audio code when the application has large stack usage on Linux * Fixed initializing KMSDRM on older Linux systems ==== apparmor ==== Version update (4.0.2 -> 4.0.3) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2 - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes ==== autoyast2 ==== Version update (5.0.2 -> 5.0.3) Subpackages: autoyast2-installation - Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD (bsc#1231006) - 5.0.3 ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Install the grub2 branding if grub2-common is present ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-gconv-modules-extra glibc-gconv-modules-extra-32bit glibc-lang glibc-locale glibc-locale-base nscd - langpacks are no more used. Drop glibc-2.3.90-langpackdir.diff. - gen-tempname-randomness.patch: Fix missing randomness in __gen_tempname (bsc#1230965, BZ #32214) - Use nss-systemd by default also in SLE (bsc#1230638) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Introduces a new package, grub2-x86_64-efi-bls, which includes a straightforward grubbls.efi file. This file can be copied to the EFI System Partition (ESP) along with boot fragments in the Boot Loader Specification (BLS) format * 0001-Streamline-BLS-and-improve-PCR-stability.patch - Fix crash in bli module (bsc#1226497) * 0001-bli-Fix-crash-in-get_part_uuid.patch - Rework package dependencies: grub2-common now includes common userland utilities and is required by grub2 platform packages. grub2 is now a meta package that pulls in the default platform package. ==== libapparmor ==== Version update (4.0.2 -> 4.0.3) - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2 - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes ==== libarchive ==== Version update (3.7.4 -> 3.7.6) - Update to 3.7.6: * tar: clean up linkpath between entries * tar: fix memory leaks when processing symlinks or parsing pax headers * iso: be more cautious about parsing ISO-9660 timestamps - Version 3.7.5 changes: * fix multiple vulnerabilities identified by SAST * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing * lzop: prevent integer overflow * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971) * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972) * rar4: fix OOB in delta and audio filter * rar4: fix out of boundary access with large files * rar4: add boundary checks to rgb filter * rar4: fix OOB access with unicode filenames * rar5: clear 'data ready' cache on window buffer reallocs * rpm: calculate huge header sizes correctly * unzip: unify EOF handling * util: fix out of boundary access in mktemp functions * uu: stop processing if lines are too long * 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes * ar: fix archive entries having no type * lha: do not allow negative file sizes * lha: fix integer truncation on 32-bit systems * shar: check strdup return value * rar5: don't try to read rediculously long names * xar: fix another infinite loop and expat error handling * many Windows fixes, cleanups and improvements - Drop fix-soversion.patch, fix-bsdunzip-test.patch * Fixed upstream ==== mozjs115 ==== - Add mozjs115-CVE-2024-45492.patch: Backporting 9bf0f2c1 from libexpat upstream, Detect integer overflow in function nextScaffoldPart. (CVE-2024-45492, bsc#1230038) - Add mozjs115-CVE-2024-45491.patch: Backporting 8e439a99 from libexpat upstream, Detect integer overflow in dtdCopy. (CVE-2024-45491, bsc#1230037) - Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch: Backporting 5c1a3164 from libexpat upstream, Reject negative len for XML_ParseBuffer. CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat sources; c12f039b for libexpat tests; 2db23301 for libexpat docs; Because mozjs only embeds libexpat sources, so unnecessary to port prart02 and part03. (CVE-2024-45490, bsc#1230036) ==== openSUSE-release ==== Version update (20241001 -> 20241002) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== opensc ==== Subpackages: opensc-bash-completion - - Security fix: [CVE-2024-8443, bsc#1230364] * opensc: heap buffer overflow in OpenPGP driver when generating key * Added patch: opensc-CVE-2024-8443.patch - Security fix: [opensc-CVE-2024-45620, bsc#1230076] - Security fix: [opensc-CVE-2024-45619, bsc#1230075] - Security fix: [opensc-CVE-2024-45618, bsc#1230074] - Security fix: [opensc-CVE-2024-45617, bsc#1230073] - Security fix: [opensc-CVE-2024-45616, bsc#1230072] - Security fix: [opensc-CVE-2024-45615, bsc#1230071] * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init * opensc: Incorrect handling length of buffers or files in libopensc * opensc: Incorrect handling of the length of buffers or files in pkcs15init * Added patches: - opensc-CVE-2024-45615.patch - opensc-CVE-2024-45616.patch - opensc-CVE-2024-45617.patch - opensc-CVE-2024-45618.patch - opensc-CVE-2024-45619.patch - opensc-CVE-2024-45620.patch ==== python-PyYAML ==== Version update (6.0.1 -> 6.0.2) - Update to 6.0.2 * Support for Cython 3.x and Python 3.13 - Adjust invocation path for testsuite - Adjust upstream source name in spec file - Drop build-with-cython3.patch, merged upstream ==== systemd-presets-common-SUSE ==== - Enable audit-rules: audit-rules has been split form audit with version 4.0 in order to be able to load rules earlier. From audit changelog: One of the main features is the separation of loading rules and logging events into separate services, audit-rules.service and auditd.service. ==== virtualbox ==== - Edit cxx17.patch to make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225] - Set BuildRequire on glslang to 11.5; this is when it starts to recognize GL_EXT_spirv_intrinsics. ==== virtualbox-kmp ==== - Edit cxx17.patch to make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225] - Set BuildRequire on glslang to 11.5; this is when it starts to recognize GL_EXT_spirv_intrinsics. ==== yast2 ==== Version update (5.0.9 -> 5.0.10) Subpackages: yast2-logs - Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD (bsc#1231006) - 5.0.10 ==== yast2-iscsi-client ==== Version update (5.0.2 -> 5.0.3) - Fixes for bsc#1228084: - Inst client: Read sessions just after auto login in order to enable services at the end of the installation if needed - Finish client: enable iscsiuio.service instead of the socket - Use ip for reading the ip address of a given device instead of the deprecated ifconfig command - 5.0.3 ==== yast2-security ==== Version update (5.0.1 -> 5.0.2) - Drop obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD in /etc/login.defs.d/70-yast.defs (bsc#1231006) - 5.0.2 ==== yast2-users ==== Version update (5.0.2 -> 5.0.3) - Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD (bsc#1231006) - 5.0.3