Packages changed: MicroOS-release (20241001 -> 20241002) SDL2 (2.30.7 -> 2.30.8) apparmor (4.0.2 -> 4.0.3) branding-openSUSE glibc grub2 installation-images-MicroOS (17.137 -> 17.138) libapparmor (4.0.2 -> 4.0.3) libarchive (3.7.4 -> 3.7.6) mozjs115 patterns-microos python-PyYAML (6.0.1 -> 6.0.2) sdbootutil (1+git20240903.81f1f40 -> 1+git20241002.7da4a47) systemd-presets-common-SUSE yast2 (5.0.9 -> 5.0.10) === Details === ==== MicroOS-release ==== Version update (20241001 -> 20241002) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL2 ==== Version update (2.30.7 -> 2.30.8) - Update to release 2.30.8 * Fixed a crash in XInput code at startup * Fixed flooding the OS with I/O when a PS4/PS5 controller is disconnected * Added SDL_VIDEO_DOUBLE_BUFFER support to the Wayland backend * SDL_WINDOWEVENT_EXPOSED is sent appropriately when using Wayland * Fixed hang at startup in audio code when the application has large stack usage on Linux * Fixed initializing KMSDRM on older Linux systems ==== apparmor ==== Version update (4.0.2 -> 4.0.3) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2 - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE wallpaper-branding-openSUSE - Install the grub2 branding if grub2-common is present ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - langpacks are no more used. Drop glibc-2.3.90-langpackdir.diff. - gen-tempname-randomness.patch: Fix missing randomness in __gen_tempname (bsc#1230965, BZ #32214) - Use nss-systemd by default also in SLE (bsc#1230638) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Introduces a new package, grub2-x86_64-efi-bls, which includes a straightforward grubbls.efi file. This file can be copied to the EFI System Partition (ESP) along with boot fragments in the Boot Loader Specification (BLS) format * 0001-Streamline-BLS-and-improve-PCR-stability.patch - Fix crash in bli module (bsc#1226497) * 0001-bli-Fix-crash-in-get_part_uuid.patch - Rework package dependencies: grub2-common now includes common userland utilities and is required by grub2 platform packages. grub2 is now a meta package that pulls in the default platform package. ==== installation-images-MicroOS ==== Version update (17.137 -> 17.138) - merge gh#openSUSE/installation-images#736 - follow grub2 package restructuring - 17.138 ==== libapparmor ==== Version update (4.0.2 -> 4.0.3) - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2 - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes ==== libarchive ==== Version update (3.7.4 -> 3.7.6) - Update to 3.7.6: * tar: clean up linkpath between entries * tar: fix memory leaks when processing symlinks or parsing pax headers * iso: be more cautious about parsing ISO-9660 timestamps - Version 3.7.5 changes: * fix multiple vulnerabilities identified by SAST * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing * lzop: prevent integer overflow * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971) * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972) * rar4: fix OOB in delta and audio filter * rar4: fix out of boundary access with large files * rar4: add boundary checks to rgb filter * rar4: fix OOB access with unicode filenames * rar5: clear 'data ready' cache on window buffer reallocs * rpm: calculate huge header sizes correctly * unzip: unify EOF handling * util: fix out of boundary access in mktemp functions * uu: stop processing if lines are too long * 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes * ar: fix archive entries having no type * lha: do not allow negative file sizes * lha: fix integer truncation on 32-bit systems * shar: check strdup return value * rar5: don't try to read rediculously long names * xar: fix another infinite loop and expat error handling * many Windows fixes, cleanups and improvements - Drop fix-soversion.patch, fix-bsdunzip-test.patch * Fixed upstream ==== mozjs115 ==== - Add mozjs115-CVE-2024-45492.patch: Backporting 9bf0f2c1 from libexpat upstream, Detect integer overflow in function nextScaffoldPart. (CVE-2024-45492, bsc#1230038) - Add mozjs115-CVE-2024-45491.patch: Backporting 8e439a99 from libexpat upstream, Detect integer overflow in dtdCopy. (CVE-2024-45491, bsc#1230037) - Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch: Backporting 5c1a3164 from libexpat upstream, Reject negative len for XML_ParseBuffer. CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat sources; c12f039b for libexpat tests; 2db23301 for libexpat docs; Because mozjs only embeds libexpat sources, so unnecessary to port prart02 and part03. (CVE-2024-45490, bsc#1230036) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Enahnce supplements that were so far triggering on grub2 to also trigger on grub2-common. ==== python-PyYAML ==== Version update (6.0.1 -> 6.0.2) - Update to 6.0.2 * Support for Cython 3.x and Python 3.13 - Adjust invocation path for testsuite - Adjust upstream source name in spec file - Drop build-with-cython3.patch, merged upstream ==== sdbootutil ==== Version update (1+git20240903.81f1f40 -> 1+git20241002.7da4a47) Subpackages: sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20241002.7da4a47: * Do not specify bootloader requirement - Update to version 1+git20241002.7b8957c: * Requires udev for bootctl * Use chroot instead of --sysroot in dracut * Replace cut with idiomatic code * Show recovery PIN generated by systemd-pcrlock - Update to version 1+git20240912.02d30ed: * Generate predictions for update_entry - Update to version 1+git20240905.e7ca8cf: * Replace root=UUID= with root=device ==== systemd-presets-common-SUSE ==== - Enable audit-rules: audit-rules has been split form audit with version 4.0 in order to be able to load rules earlier. From audit changelog: One of the main features is the separation of loading rules and logging events into separate services, audit-rules.service and auditd.service. ==== yast2 ==== Version update (5.0.9 -> 5.0.10) - Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD (bsc#1231006) - 5.0.10