Packages changed: MicroOS-release (20240803 -> 20240805) google-noto-fonts (20240601 -> 20240801) gtk4 libzypp (17.35.6 -> 17.35.9) mozilla-nss (3.101.1 -> 3.102.1) shim-leap (15.4 -> 15.8) sudo webkit2gtk3 webkit2gtk4 === Details === ==== MicroOS-release ==== Version update (20240803 -> 20240805) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== google-noto-fonts ==== Version update (20240601 -> 20240801) Subpackages: google-noto-sans-fonts google-noto-sans-math-fonts - Update to 20240801 * Sans Mongolian has its shaping rules updated to match UTN#57 * Serif Balinese fixed some overlaps * Nastaliq Urdu has most of its issues fixed ==== gtk4 ==== Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Add 0002-Revert-no-pointer-viewport.patch -- Fixes https://gitlab.gnome.org/GNOME/gtk/-/issues/6620 ==== libzypp ==== Version update (17.35.6 -> 17.35.9) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - version 17.35.9 (35) - Make sure not to statically linked installed tools (bsc#1228787) - version 17.35.8 (35) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - version 17.35.7 (35) ==== mozilla-nss ==== Version update (3.101.1 -> 3.102.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.102.1 * bmo#1905691 - ChaChaXor to return after the function - update to NSS 3.102 * bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305. * bmo#1901932 - missing sqlite header. * bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * bmo#1660676 - correct length of raw SPKI data before printing in pp utility. - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) - Added nss-fips-safe-memset.patch, fixing bsc#1222811. - Removed some dead code from nss-fips-constructor-self-tests.patch. - Rebased nss-fips-approved-crypto-non-ec.patch on above changes. - Added nss-fips-aes-gcm-restrict.patch, fixing bsc#1222830. - Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118. - Updated nss-fips-approved-crypto-non-ec.patch and nss-fips-constructor-self-tests.patch, fixing bsc#1222807, bsc#1222828, bsc#1222834. - Updated nss-fips-approved-crypto-non-ec.patch, fixing bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116. ==== shim-leap ==== Version update (15.4 -> 15.8) - Update to shim to 15.8-shim-15.8-lp155.8.2.x86_64.rpm from openSUSE secure-boot 15.5 + Version: 15.8, "Jan 23 2024" + Align the outside shim-install with the one in RPM file. This is because all important fixes in outside shim-install are also fixed in shim-install of RPM file. For consistency purposes, the outside shim-install is updated in this version. + Include the bug fixes for bsc#1215099,bsc#1215098,bsc#1215100,bsc#1215101, bsc#1215102, and bsc#1215103. ==== sudo ==== - A quick note that bsc#1227574 is expected behavior in this version of sudo. It was a regression in 15.6 which doesn't have the /etc/ split for pam.d yet. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add CVE fixes: + webkit2gtk3-CVE-2024-40776.patch (boo#1228613 CVE-2024-40776) + webkit2gtk3-CVE-2024-40779.patch (boo#1228693 CVE-2024-40779) + webkit2gtk3-CVE-2024-40780.patch (boo#1228694 CVE-2024-40780) + webkit2gtk3-CVE-2024-40782.patch (boo#1228695 CVE-2024-40782) ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Add CVE fixes: + webkit2gtk3-CVE-2024-40776.patch (boo#1228613 CVE-2024-40776) + webkit2gtk3-CVE-2024-40779.patch (boo#1228693 CVE-2024-40779) + webkit2gtk3-CVE-2024-40780.patch (boo#1228694 CVE-2024-40780) + webkit2gtk3-CVE-2024-40782.patch (boo#1228695 CVE-2024-40782)