Packages changed: accountsservice kernel-firmware kernel-source (6.4.8 -> 6.4.9) libreoffice-share-linker patterns-microos pentaho-libxml (1.1.3 -> 1.1.6) procmail (3.22 -> 3.24) python-certifi (2023.5.7 -> 2023.7.22) qemu (8.0.3 -> 8.0.4) tracker-miners ucode-intel (20230613 -> 20230808) wtmpdb (0.7.1 -> 0.8.0) zxing-cpp === Details === ==== accountsservice ==== Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 - Rebase as-fate318433-prevent-same-account-multi-logins.patch: (bsc#1213884). ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569) amd-ucode-CVE-2023-20569.patch ==== kernel-source ==== Version update (6.4.8 -> 6.4.9) - Linux 6.4.9 (bsc#1012628). - Update config files. Set: * CONFIG_GDS_FORCE_MITIGATION=n * CONFIG_CPU_SRSO=y as per default. - x86: fix backwards merge of GDS/SRSO bit (bsc#1012628). - xen/netback: Fix buffer overrun triggered by unusual packet (bsc#1012628). - x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1012628). - x86/srso: Add a forgotten NOENDBR annotation (bsc#1012628). - x86/srso: Fix return thunks in generated code (bsc#1012628). - x86/srso: Add IBPB on VMEXIT (bsc#1012628). - x86/srso: Add IBPB (bsc#1012628). - x86/srso: Add SRSO_NO support (bsc#1012628). - x86/srso: Add IBPB_BRTYPE support (bsc#1012628). - x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1012628 bsc#1213287 CVE-2023-20569). - x86/bugs: Increase the x86 bugs vector size to two u32s (bsc#1012628). - Documentation/x86: Fix backwards on/off logic about YMM support (bsc#1012628). - x86/xen: Fix secondary processors' FPU initialization (bsc#1012628). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (bsc#1012628). - KVM: Add GDS_NO support to KVM (bsc#1012628). - x86/speculation: Add Kconfig option for GDS (bsc#1012628). - x86/speculation: Add force option to GDS mitigation (bsc#1012628). - x86/speculation: Add Gather Data Sampling mitigation (bsc#1012628 bsc#1206418 CVE-2022-40982). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1012628). - x86/fpu: Mark init functions __init (bsc#1012628). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1012628). - x86/init: Initialize signal frame size late (bsc#1012628). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1012628). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1012628). - init: Remove check_bugs() leftovers (bsc#1012628). - um/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - sparc/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - sh/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - mips/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - m68k/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - loongarch/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - ia64/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1012628). - init: Provide arch_cpu_finalize_init() (bsc#1012628). - commit 5b9ad20 - tpm/tpm_tis: Disable interrupts for Lenovo Thinkpad E14 Gen 2 and 13s-IML (bsc#1213779). - commit c4adffc - drm/amd/display: Fix a regression on Polaris cards (bsc#1212874). - commit 9764e05 - rpm/config.sh: remove IBS repos completely The commit 21cafd1f (rpm/config.sh: switch to openSUSE.org repos for IBS) duplicated the OBS repos in openSUSE.org: space. But this is done automatically in MyBS.pm. So drop all of them instead of duplicating. - commit 294d541 - rpm/config.sh: switch to openSUSE.org repos for IBS SUSE:Factory:HEAD is currently (and often) broken. Switch to openSUSE.org: repositories. They are up-to-date and provide the same archs plus armv6. - commit 21cafd1 ==== libreoffice-share-linker ==== - Do not format using f-strings, since it is python 3.6+ feature and SLE12-SP5 has python 3.4 ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add ucode-{amd,intel} to the hardware pattern ==== pentaho-libxml ==== Version update (1.1.3 -> 1.1.6) - Update to upstream version 1.1.6. * no structured changelog available starting from 2008 - Rebased and updated patches: * libxml-1.1.2-build.patch -> pentaho-libxml-1.1.6-build.patch * pentaho-libxml-1.1.3-sourcetarget.patch -> pentaho-libxml-1.1.6-sourcetarget.patch ==== procmail ==== Version update (3.22 -> 3.24) - Update to procmail 3.24 (New Upstream) - Don't coredump in comsat code if interrupted early - Correctly handle COMSAT=on - Once used, the 'H' and 'r' flags would never be cleared - Fix possible buffer overflow in variable-capture actions - Fix up the parsing of variable-capture actions - LMTP code assumed sizeof(long)==sizeof(int) - SHELL is now always preset to /bin/sh. USER_SHELL contains the shell from the user's passwd entry - When HOST is mismatched, reset it for the next rcfile - Always read in a new, global rcfile (/etc/procmail.conf) to allow runtime configuration of variables like DEFAULT. This rcfile cannot deliver or filter messages - Mismatched HOST in /etc/procmailrc didn't discard the message - backquote expansion in a condition disabled header concatenation for that condition - LMTP didn't correctly handle quoted localparts - Removed SIZE extension from LMTP (unsupportable semantics) - Don't coredump if unable to exec /bin/sh - Enable "+detail" processing in LMTP mode by passing the delimiter (e.g., "+") as an optional argument after -z - In LMTP mode, save the domain of the recipient in PROCMAIL_DOMAIN - Set PROCMAIL_MODE to one of "d", "m", "z", or "" to reflect the mode option it was invoked with, if any - Fixed all bugs collected by Debian and others during the past 21 years. See the git commit history for detailed descriptions. - Port patches * procmail-3.22-autoconf.dif * procmail-3.22-headerconcat.dif * procmail-3.22-ipv6.patch * procmail-3.22-mailstat.patch * procmail-3.22-owl-truncate.dif * procmail-3.22.dif * procmail-cflags.dif - Remove former Debian and SUSE patches from procmail-3.22-patches.tar.bz2 * 04 * 06 * 10 * 11 * 12 * 13 * 14 * 15 * 16 * 17 * 18 * 19 * 22 * 23 * 24 * 25 * 26 * 27 * 28 * 29 * 30 - Collect and port our patches from old procmail-3.22-patches.tar.bz2 into new procmail-3.24-patches.tar.bz2 * 01 * 02 * 03 * 05 * 07 * 08 * 09 * 20 * 21 ==== python-certifi ==== Version update (2023.5.7 -> 2023.7.22) - update to 2023.7.22: Added certs: [#] CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited [#] CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited [#] CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation [#] CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation [#] CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos [#] CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos Removed certs: [#] CN=Hongkong Post Root CA 1 O=Hongkong Post [#] CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi [#] CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center [#] CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center ==== qemu ==== Version update (8.0.3 -> 8.0.4) - perl-Text-Markdown is not available in all distros and for all arch-es. Use discount instead - Patches added: * [openSUSE][spec] Use discount instead of perl-Text-Markdown - Update to version 8.0.4: * Official changelog not released on the mailing list yet * Security issues fixed: - bsc#1212850 (CVE-2023-3354) - bsc#1213001 (CVE-2023-3255) - bsc#1213925 (CVE-2023-3180) - bsc#1207205 (CVE-2023-0330) ==== tracker-miners ==== Subpackages: tracker-miner-files tracker-miners-lang -Rebase patch: tracker-miners-drop-syscalls-in-seccomp.patch. ==== ucode-intel ==== Version update (20230613 -> 20230808) - Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) Security issues fixed: - CVE-2022-40982: Security updates for [INTEL-SA-00828](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html) (bsc#1206418) - CVE-2023-23908: Security updates for [INTEL-SA-00836](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html) - CVE-2022-41804: Security updates for [INTEL-SA-00837](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html) Functional issues fixed: - Update for functional issues. Refer to [13th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel® Core™ Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel® Core™ Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [4th Gen Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details. - Update for functional issues. Refer to [3rd Generation Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [3rd Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [Intel® Xeon® E-2300 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [Intel® Xeon® D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel® Xeon® D-2100 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338854) for details. New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N      | A0    | 06-be-00/11 |      | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | RPL-H/P/PX 6+8 | J0    | 06-ba-02/e0 |      | 00004119 | Core Gen13 Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CML-U62 V2   | K1    | 06-a6-01/80 | 000000f6 | 000000f8 | Core Gen10 Mobile | SKX-D      | H0    | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx | SKX-SP     | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable | KBL-G/H/S/X/E3 | B0    | 06-9e-09/2a | 000000f2 | 000000f4 | Core Gen7; Xeon E3 v6 | ADL       | L0    | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12 | ADL       | L0    | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12 | ICX-SP     | Dx/M1   | 06-6a-06/87 | 0d000390 | 0d0003a5 | Xeon Scalable Gen3 | CML-S102    | Q0    | 06-a5-05/22 | 000000f6 | 000000f8 | Core Gen10 | CFL-U43e    | D0    | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile | KBL-R U     | Y0    | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile | CFL-H      | R0    | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile | RKL-S      | B0    | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11 | ICL-U/Y     | D1    | 06-7e-05/80 | 000000ba | 000000bc | Core Gen10 Mobile | TGL-H      | R0    | 06-8d-01/c2 | 00000044 | 00000046 | Core Gen11 Mobile | SPR-SP     | E5/S3  | 06-8f-08/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4 | SPR-SP     | E4/S2  | 06-8f-07/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4 | SPR-SP     | E3    | 06-8f-06/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4 | SPR-SP     | E2    | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4 | SPR-SP     | E0    | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4 | CML-S62     | G1    | 06-a5-03/22 | 000000f6 | 000000f8 | Core Gen10 | AML-Y22     | H0    | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile | RPL-S      | B0    | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13 | CML-U62 V1   | A0    | 06-a6-00/80 | 000000f6 | 000000f8 | Core Gen10 Mobile | ADL-N      | A0    | 06-be-00/11 |      | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | CPX-SP     | A1    | 06-55-0b/bf | 07002601 | 07002703 | Xeon Scalable Gen3 | CLX-SP     | B0    | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2 | CFL-H/S/E3   | U0    | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E | SPR-HBM     | Bx    | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max | WHL-U      | W0    | 06-8e-0b/d0 | 000000f2 | 000000f4 | Core Gen8 Mobile | CLX-SP     | B1    | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2 | CFL-S      | B0    | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8 | TGL-R      | C0    | 06-8c-02/c2 | 0000002a | 0000002c | Core Gen11 Mobile | KBL-U/Y     | H0    | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile | KBL-U23e    | J1    | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile | AML-Y42     | V0    | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile | CML-U42     | V0    | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile | CML-Y42     | V0    | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile | WHL-U      | V0    | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen8 Mobile | SKX-SP     | B1    | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable | CFL-H/S     | P0    | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 | CFL-S      | P0    | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 Desktop | TGL       | B0/B1   | 06-8c-01/80 | 000000aa | 000000ac | Core Gen11 Mobile | ADL       | C0    | 06-97-02/07 | 0000002c | 0000002e | Core Gen12 | ADL       | C0    | 06-97-05/07 | 0000002c | 0000002e | Core Gen12 | ADL       | C0    | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12 | ADL       | C0    | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12 | CML-H      | R1    | 06-a5-02/20 | 000000f6 | 000000f8 | Core Gen10 Mobile | RPL-H/P/PX 6+8 | J0    | 06-ba-02/e0 |      | 00004119 | Core Gen13 | RPL-U 2+8    | Q0    | 06-ba-03/e0 |      | 00004119 | Core Gen13 ==== wtmpdb ==== Version update (0.7.1 -> 0.8.0) Subpackages: libwtmpdb0 - Update to version 0.8.0 - wtmpdb boottime: print boot time ==== zxing-cpp ==== - Restore support for building on SLE12 - Build with gcc7-c++ or gcc-c++ >= 7 because of C++17 requirements - Added patch: * cmake.patch + allow building with cmake 3.5 on SLE12SP5