Packages changed: 7zip (22.01 -> 23.01) accountsservice (22.08.8 -> 23.13.9) apparmor (3.1.5 -> 3.1.6) bind (9.18.15 -> 9.18.16) cups health-checker (1.8 -> 1.9) installation-images-MicroOS (17.88 -> 17.89) kernel-firmware (20230531 -> 20230620) libapparmor (3.1.5 -> 3.1.6) libstorage-ng (4.5.120 -> 4.5.121) man-pages-ja (20230115 -> 20230615) mlterm (3.9.2 -> 3.9.3) systemd systemd-rpm-macros (23 -> 24) wtmpdb (0.6.0 -> 0.7.0) === Details === ==== 7zip ==== Version update (22.01 -> 23.01) - Update to version 23.01: * 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture. * Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It can increase compression ratio for executable files larger than 64 MiB. * UDF: support was improved. * cpio: support for hard links. * Some changes and optimizations in WIM creation code. * When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only volumes that still can be changed. Previous versions kept all volumes in open state until the end of the archive creation. * 7-Zip now can reduce the number of simultaneously open files, when 7-Zip opens, extracts or creates multivolume archive. It allows to avoid the failures for cases with big number of volumes, bacause there is a limitation for number of open files allowed for a single program in Linux. * The bugs were fixed: * ZIP archives: if multithreaded zip compression was performed with more than one file to stdout stream (-so switch), 7-zip didn't write "data descriptor" for some files. * ext4 archives: 7-Zip couldn't correctly extract symbolic link to directory from ext4 archives. * HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks. * Some another bugs were fixed. - Refresh fix-compatib-with-p7zip.patch ==== accountsservice ==== Version update (22.08.8 -> 23.13.9) Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 - Update to version 23.13.9: + daemon: Fix boot delay + user-manager: - Add cancellable to fetch user requests - Track non-existent users - Changes from version 23.11.69: + Add lightdm autologin support + user: - Return an error when setting invalid language - Throw a warning for invalid locales - Support new LocalAccount property in cache file - Replace usermod -p with chpasswd -e + main: - Use new overridable USERDIR - Use new overridable ICONDIR - Use new overridable sysconfdir + daemon: - Add GetUsersLanguages() function - Don't crash if /etc/shadow doesn't exist + Updated translations. - Rebase patches: + accountsservice-sysconfig.patch + accountsservice-filter-suse-accounts.patch ==== apparmor ==== Version update (3.1.5 -> 3.1.6) Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog ==== bind ==== Version update (9.18.15 -> 9.18.16) - Update to release 9.18.16 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) New Features: * The system test suite can now be executed with pytest (along with pytest-xdist for parallel execution). Removed Features: * TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now deprecated, and will be removed in a future release. A warning will be logged when the tkey-dhkey option is used in named.conf. Bug Fixes: * BIND could get stuck on reconfiguration when a listen-on statement for HTTP is removed from the configuration. That has been fixed. * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. * BIND could allocate too big buffers when sending data via stream-based DNS transports, leading to increased memory usage. This has been fixed. * When the stale-answer-enable option was enabled and the stale-answer-client-timeout option was enabled and larger than 0, named previously allocated two slots from the clients-per-query limit for each client and failed to gradually auto-tune its value, as configured. This has been fixed. ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 bsc#1212230 ==== health-checker ==== Version update (1.8 -> 1.9) Subpackages: health-checker-plugins-MicroOS - Update to version 1.9 * Fix failing subvolume mount checks with certain characters in mount point [gh#openSUSE/health-checker#14]. ==== installation-images-MicroOS ==== Version update (17.88 -> 17.89) - merge gh#openSUSE/installation-images#649 - add shim, mokutil, and grub2-i386-efi to rescue system (bsc#1209985) - add shim and grub2-i386-efi to rescue system (bsc#1209985) - 17.89 ==== kernel-firmware ==== Version update (20230531 -> 20230620) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20230620 (git commit 045b2136a619): * amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs * fix broken cirrus firmware symlinks * qcom: Update the microcode files for Adreno a630 GPUs. * qcom: sdm845: rename the modem firmware * qcom: sdm845: update remoteproc firmware * rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D * rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225 * amdgpu: DMCUB updates for various AMDGPU asics * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * i915: Add HuC v8.5.0 for MTL * mediatek: Update mt8195 SCP firmware to support hevc - Drop obsoleted patch for WHENCE: cirrus-WHENCE-link-fixes.patch - Update aliases ==== libapparmor ==== Version update (3.1.5 -> 3.1.6) - update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog ==== libstorage-ng ==== Version update (4.5.120 -> 4.5.121) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#937 - query version of lsscsi (preparation for using json output) - coding style - extended documentation - 4.5.121 ==== man-pages-ja ==== Version update (20230115 -> 20230615) - version update to 20230615 * Improved and updated manual pages ==== mlterm ==== Version update (3.9.2 -> 3.9.3) Subpackages: mlterm-common mlterm-fcitx mlterm-sdl2 - version update to 3.9.3 * mlterm-wl supports xdg-decoration. * Add --disable-compact-truecolor option to ./configure script. * Add vte 0.68 API symbols to libvte compatible library. * Add libvterm 0.2 API symbols to libvterm compatible library. * Add --sdpr / simple_scrollbar_dpr option. (https://github.com/arakiken/mlterm/issues/64) * Set "COLORTERM=truecolor" environmental variable. (https://github.com/arakiken/mlterm/issues/36) * Update unicode property table (generated from UnicodeData.txt and EastAsianWidth.txt) to version 15.0.0. * Support mosh-1.4.0. - deleted patches - CVE-2022-24130-c_sixel.c-Fix-segmentation-fault-when-the-repeat-cou.patch (upstreamed) - mlfc-Fix-crash-with-more-than-1024-font-faces-installed.patch (upstreamed) - mlterm-Fix-buffer-overflow-with-long-plugin-suffix.patch (upstreamed) - mlterm-SDL2-UI-also-needs-math-libs.patch (upstreamed) - mlterm-wayland-Detect-compiler-flags.patch (upstreamed) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev - Make sure to pre-install the groups systemd and udev rely on. This is needed when the tmpfiles are run at package installation time. Theoretically with only "Requires(pre): group()", rpm is allowed to drop the group at the end of the package installations hence let's keep "Requires: group()" dep. Note: this is also needed when (post)file-triggers are enabled due to the current limitation of the default libzypp transaction backend. - file-triggers: fix lua trigger priority for sysusers (bsc#1212376) A single digit in the priority used for sysusers got dropped somehow and upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it in the lua implementation. - file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we ensure that packages that really need the tmpfiles in advance use the right API which is %tmpfiles_create_package. - file-triggers: to be consistent with what we already does with tmpfiles, we skip the call to systemd-sysusers and delay system user creations until the next reboot. - Temporarily add 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's backported to the next stable release See https://github.com/systemd/systemd/pull/28000 ==== systemd-rpm-macros ==== Version update (23 -> 24) - Bump to version 24 - Drop %tmpfiles_create_package It can't work during transactional updates because the paths that systemd-tmpfiles usually operates on (such as /var) can't be changed. It appears that the only user of this macro doesn't really need this macro so let's drop it. - Drop %sysusers_create_inline It's deprecated and the only user of this macro is being converted to %sysusers_create_package. So drop it now before the deprecated macro attracts more users. - Unlike systemd-tmpfiles call in %tmpfiles_create_package(), systemd-sysusers must always be called by %sysusers_create_package() even on transactional systems since it's part of the macro contract. Writing to /etc is not recommended on such systems but it has to work anyways. ==== wtmpdb ==== Version update (0.6.0 -> 0.7.0) Subpackages: libwtmpdb0 - Update to version 0.7.0 - wtmpdb rotate: use sqlite3_bind_* internal - wtmpdb last: Implement -x, -d, -i and -w options