Packages changed: MicroOS-release (20240315 -> 20240317) cryptsetup (2.7.0 -> 2.7.1) dav1d (1.4.0 -> 1.4.1) expat (2.6.1 -> 2.6.2) keylime (7.9.0 -> 7.10.0) libjxl (0.10.1 -> 0.10.2) libjxl-gtk (0.10.1 -> 0.10.2) mutter pcr-oracle phonon-qt5 phonon-qt6 phonon-vlc-qt5 plasma6-nm qemu (8.2.1 -> 8.2.2) rebootmgr (2.3 -> 2.4) sqlite3 (3.44.2 -> 3.45.2) === Details === ==== MicroOS-release ==== Version update (20240315 -> 20240317) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cryptsetup ==== Version update (2.7.0 -> 2.7.1) Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12 - Update to 2.7.1: * Fix interrupted LUKS1 decryption resume. With the replacement of the cryptsetup-reencrypt tool by the cryptsetup reencrypt command, resuming the interrupted LUKS1 decryption operation could fail. LUKS2 was not affected. * Allow --link-vk-to-keyring with --test-passphrase option. This option allows uploading the volume key in a user-specified kernel keyring without activating the device. * Fix crash when --active-name was used in decryption initialization. * Updates and changes to man pages, including indentation, sorting options alphabetically, fixing mistakes in crypt_set_keyring_to_link, and fixing some typos. * Fix compilation with libargon2 when --disable-internal-argon2 was used. * Do not require installed argon2.h header and never compile internal libargon2 code if the crypto library directly supports Argon2. * Fixes to regression tests to support older Linux distributions. ==== dav1d ==== Version update (1.4.0 -> 1.4.1) - Update to version 1.4.1 * Optimizations for 6tap filters for NEON (ARM) * More RISC-V optimizations for itx (4x8, 8x4, 4x16, 16x4, 8x16, 16x8) * Reduction of binary size on ARM64, ARM32 and RISC-V * Fix out-of-bounds read in 8bpc SSE2/SSSE3 wiener_filter * Msac optimizations ==== expat ==== Version update (2.6.1 -> 2.6.2) Subpackages: libexpat1 - update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (boo#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior ==== keylime ==== Version update (7.9.0 -> 7.10.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime - Update to version v7.10.0: * Monthly Release (7.10.0) * mba: Add a separate table for measured boot policies. In the next PR, similar to named runtime policies, this table will be used to provide support for named measured boot policies and thier management. * user_guide: Add section about 'Key Learning to Verify Files' * docs: fix rendering in PCR example * docs: update PCR monitoring example * templates: Fix typo on default measured boot log location * packit: re-enable tests against Rawhide * elparser: add different escaping required for tpm2-tools >= 5.6 * requirements: bump pyasn1-modules to 0.2.5 ==== libjxl ==== Version update (0.10.1 -> 0.10.2) - Update to release 0.10.2 * Fix unspecified bugs in (lossless) encoding and streaming mode ==== libjxl-gtk ==== Version update (0.10.1 -> 0.10.2) - Update to release 0.10.2 * Fix unspecified bugs in (lossless) encoding and streaming mode ==== mutter ==== Subpackages: mutter-lang - Add 0001-Revert-clutter-actor-Cache-stage-relative-instead-of.patch: This leads into partial update while switching VT (from TTY to GNOME) on X11 session with fbdev driver used ( glgo#GNOME/mutter#3302, bsc#1219546). ==== pcr-oracle ==== - Add fix_grub_bls_entry.patch to measure boot entries in GRUB BLS ==== phonon-qt5 ==== Subpackages: libphonon4qt5 phonon4qt5-lang phononsettings-qt5 - Update the recommended backend package name (boo#1221459) ==== phonon-qt6 ==== Subpackages: libphonon4qt6 phononsettings-qt6 - Update the recommended backend package name (boo#1221459) ==== phonon-vlc-qt5 ==== - Make sure installing phonon-vlc-qt6 also recommends installing the translations package - Update phonon-qt5-vlc 'Provides' (related: boo#1221459) ==== plasma6-nm ==== Subpackages: plasma6-nm-lang plasma6-nm-openconnect plasma6-nm-openvpn - Make plasma6-nm-libreswan obsolete the plasma5 package ==== qemu ==== Version update (8.2.1 -> 8.2.2) - Update to version 8.2.2. Full changelog here: https://lore.kernel.org/qemu-devel/1709577077.783602.1474596.nullmailer@tls.msk.ru/ Some upstream backports: * chardev/char-socket: Fix TLS io channels sending too much data to the backend * tests/unit/test-util-sockets: Remove temporary file after test * hw/usb/bus.c: PCAP adding 0xA in Windows version * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices" * gitlab: force allow use of pip in Cirrus jobs * tests/vm: avoid re-building the VM images all the time * tests/vm: update openbsd image to 7.4 * target/i386: leave the A20 bit set in the final NPT walk * target/i386: remove unnecessary/wrong application of the A20 mask * target/i386: Fix physical address truncation * target/i386: check validity of VMCB addresses * target/i386: mask high bits of CR3 in 32-bit mode * pl031: Update last RTCLR value on write in case it's read back * hw/nvme: fix invalid endian conversion * update edk2 binaries to edk2-stable202402 * update edk2 submodule to edk2-stable202402 * target/ppc: Fix crash on machine check caused by ifetch * target/ppc: Fix lxv/stxv MSR facility check * .gitlab-ci.d/windows.yml: Drop msys2-32bit job * system/vl: Update description for input grab key * docs/system: Update description for input grab key * hw/hppa/Kconfig: Fix building with "configure --without-default-devices" * tests/qtest: Depend on dbus_display1_dep * meson: Explicitly specify dbus-display1.h dependency * audio: Depend on dbus_display1_dep * ui/console: Fix console resize with placeholder surface * ui/clipboard: add asserts for update and request * ui/clipboard: mark type as not available when there is no data * ui: reject extended clipboard message if not activated * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix * i386/cpuid: Move leaf 7 to correct group * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit * iotests: Make 144 deterministic again * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU * target/arm: Fix SVE/SME gross MTE suppression checks * target/arm: Handle mte in do_ldrq, do_ldro - Address bsc#1220310. Backported upstream commits: * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. ==== rebootmgr ==== Version update (2.3 -> 2.4) - Update to version 2.4 - Make sure systemctl reboot will not switch to soft-reboot automatically ==== sqlite3 ==== Version update (3.44.2 -> 3.45.2) Subpackages: libsqlite3-0 sqlite3-tcl - Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0. - Add sqlite3-float-i586.patch to fix build on i586. - sqlite3-rtree-i686.patch is not needed anymore. - Abort build when %version and %tarversion don't match.