Packages changed: MozillaFirefox (111.0.1 -> 112.0) autoyast2 (4.6.0 -> 4.6.1) avahi avahi-glib2 btrfsprogs (6.1.3 -> 6.2.2) glslang grub2 gvfs ibus-table-chinese (1.8.11 -> 1.8.12) kernel-source (6.2.9 -> 6.2.10) kimageformats libqt5-qtwebengine mozilla-nss (3.88.1 -> 3.89) mozjs102 (102.9.0 -> 102.10.0) runc (1.1.5 -> 1.1.6) rust-keylime (0.2.0+git.1677691779.f7edd9a -> 0.2.0+git.1681223954.646cf61) snapper vim (9.0.1430 -> 9.0.1443) yast2-pkg-bindings (4.6.0 -> 4.6.1) yast2-update (4.6.0 -> 4.6.1) === Details === ==== MozillaFirefox ==== Version update (111.0.1 -> 112.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 112.0 * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/ MFSA 2023-13 (bsc#1210212) * CVE-2023-29531 (bmo#1794292) Out-of-bound memory access in WebGL on macOS * CVE-2023-29532 (bmo#1806394) Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533 (bmo#1798219, bmo#1814597) Fullscreen notification obscured * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576, bmo#1821906, bmo#1822298, bmo#1822305) Fullscreen notification could have been obscured on Firefox for Android * MFSA-TMP-2023-0001 (bmo#1819244) Double-free in libwebp * CVE-2023-29535 (bmo#1820543) Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536 (bmo#1821959) Invalid free from JavaScript code * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569) Data Races in font initialization code * CVE-2023-29538 (bmo#1685403) Directory information could have been leaked to WebExtensions * CVE-2023-29539 (bmo#1784348) Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29540 (bmo#1790542) Iframe sandbox bypass using redirects and sourceMappingUrls * CVE-2023-29541 (bmo#1810191) Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542 (bmo#1810793, bmo#1815062) Bypass of file download extension restrictions * CVE-2023-29543 (bmo#1816158) Use-after-free in debugging APIs * CVE-2023-29544 (bmo#1818781) Memory Corruption in garbage collector * CVE-2023-29545 (bmo#1823077) Windows Save As dialog resolved environment variables * CVE-2023-29546 (bmo#1780842) Screen recording in Private Browsing included address bar on Android * CVE-2023-29547 (bmo#1783536) Secure document cookie could be spoofed with insecure cookie * CVE-2023-29548 (bmo#1822754) Incorrect optimization result on ARM64 * CVE-2023-29549 (bmo#1823042) Javascript's bind function may have failed * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, bmo#1824828) Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 * CVE-2023-29551 (bmo#1763625, bmo#1814314, bmo#1815798, bmo#1815890, bmo#1819239, bmo#1819465, bmo#1819486, bmo#1819492, bmo#1819957, bmo#1820514, bmo#1820776, bmo#1821838, bmo#1822175, bmo#1823547) Memory safety bugs fixed in Firefox 112 - requires * NSS 3.89 * Python >= 3.7 (for build) - removed obsolete mozilla-bmo1807652.patch - Fix Icons displayed incorrectly on GNOME/wayland via WMCLASS in desktop file ==== autoyast2 ==== Version update (4.6.0 -> 4.6.1) - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) - 4.6.1 ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ==== avahi-glib2 ==== - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ==== btrfsprogs ==== Version update (6.1.3 -> 6.2.2) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - Use pre-generated documentation from tarball, fixes build on SLE targets where sphinx might not be available - update to 6.2.2 * fix build on old x86 architectures with builtin crypto * device stats: fix printing wrong values in tabular output * qgroup show: fix qgroup id formatting in json output * restore: fix restoring xattrs on directories * restore: don't modify metadata in dry-run mode * balance: fix some cases wrongly parsed as old syntax * balance: warn when deprecated syntax is used * seeding: fall back to old way if sysfs device fsid is not available * convert: handle orphan file ext4 feature * other: * sync ioctl definitions * enable github CI * update documentation - update to 6.2.1 * fix build with crypto libraries * CI images updated, build tests extended - update to 6.2: * receive: fix a corruption when decompressing zstd extents * subvol sync: print total number and deletion progress * accelerated hash algorithm implementations in fallback mode on x86_64 * fi mkswapfile: new option --uuid * new global option --log=level to set the verbosity level directly * other: * experimental: update checksum conversion (not usable yet) * build actually requires -std=gnu11 * refactor help option formatting, auto wrap long lines ==== glslang ==== - Add StandAlone/ to glslang-nonstd-devel ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Resolve some issues with OS boot failure on PPC NVMe-oF disks and made enhancements to PPC secure boot's root device discovery config (bsc#1207230) - Ensure get_devargs and get_devname functions are consistent * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch - Fix regex for Open Firmware device specifier with encoded commas * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings. - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution. * 0004-Introduce-prep_load_env-command.patch - Refreshed * 0005-export-environment-at-start-up.patch ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - Add 41862c0179f834d8bc3bd84ce78ee495050f2676.patch: trash: Sync trash dir items when files change. - Use auto(setup|patch) macros. ==== ibus-table-chinese ==== Version update (1.8.11 -> 1.8.12) Subpackages: ibus-table-chinese-array ibus-table-chinese-cangjie ibus-table-chinese-cantonese ibus-table-chinese-easy ibus-table-chinese-erbi ibus-table-chinese-jyutping ibus-table-chinese-quick ibus-table-chinese-scj ibus-table-chinese-stroke5 ibus-table-chinese-wu ibus-table-chinese-wubi-haifeng ibus-table-chinese-wubi-jidian ibus-table-chinese-yong - Update version to 1.8.12 * Add appdata.xml files * Convert license tags to SPDX format * Add .svg icon files for use in appdata.xml files ==== kernel-source ==== Version update (6.2.9 -> 6.2.10) - Linux 6.2.10 (bsc#1012628). - thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers (bsc#1012628). - cifs: update ip_addr for ses only for primary chan setup (bsc#1012628). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1012628). - cifs: avoid race conditions with parallel reconnects (bsc#1012628). - zonefs: Reorganize code (bsc#1012628). - zonefs: Simplify IO error handling (bsc#1012628). - zonefs: Reduce struct zonefs_inode_info size (bsc#1012628). - zonefs: Separate zone information from inode information (bsc#1012628). - zonefs: Fix error message in zonefs_file_dio_append() (bsc#1012628). - btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING (bsc#1012628). - btrfs: zoned: count fresh BG region as zone unusable (bsc#1012628). - btrfs: zoned: drop space_info->active_total_bytes (bsc#1012628). - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY (bsc#1012628). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1012628). - xfrm: Zero padding when dumping algos and encap (bsc#1012628). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (bsc#1012628). - ASoC: Intel: avs: max98357a: Explicitly define codec format (bsc#1012628). - ASoC: Intel: avs: da7219: Explicitly define codec format (bsc#1012628). - ASoC: Intel: avs: rt5682: Explicitly define codec format (bsc#1012628). - ASoC: Intel: avs: ssm4567: Remove nau8825 bits (bsc#1012628). - ASoC: Intel: avs: nau8825: Adjust clock control (bsc#1012628). - lib: zstd: Backport fix for in-place decompression (bsc#1012628). - zstd: Fix definition of assert() (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535 (bsc#1012628). - ACPI: x86: Introduce an acpi_quirk_skip_gpio_event_handlers() helper (bsc#1012628). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 7 B1-750 (bsc#1012628). - ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Book X90 (bsc#1012628). - ASoC: SOF: ipc3: Check for upper size limit for the received message (bsc#1012628). - ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit (bsc#1012628). - ASoC: SOF: Intel: pci-tng: revert invalid bar size setting (bsc#1012628). - ASoC: SOF: Intel: hda-dsp: harden D0i3 programming sequence (bsc#1012628). - ASoC: SOF: Intel: hda-ctrl: re-add sleep after entering and exiting reset (bsc#1012628). - ASoC: SOF: IPC4: update gain ipc msg definition to align with fw (bsc#1012628). - ASoC: hdmi-codec: only startup/shutdown on supported streams (bsc#1012628). - wifi: mac80211: check basic rates validity (bsc#1012628). - md: avoid signed overflow in slot_store() (bsc#1012628). - x86/PVH: obtain VGA console info in Dom0 (bsc#1012628). - drm/amdkfd: Fix BO offset for multi-VMA page migration (bsc#1012628). - drm/amdkfd: fix a potential double free in pqm_create_queue (bsc#1012628). - drm/amdgpu/vcn: custom video info caps for sriov (bsc#1012628). - drm/amdkfd: fix potential kgd_mem UAFs (bsc#1012628). - drm/amd/display: Fix HDCP failing to enable after suspend (bsc#1012628). - net: hsr: Don't log netdev_err message on unknown prp dst node (bsc#1012628). - ALSA: asihpi: check pao in control_message() (bsc#1012628). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (bsc#1012628). - fbdev: tgafb: Fix potential divide by zero (bsc#1012628). - ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range (bsc#1012628). - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized (bsc#1012628). - nvme-pci: fixing memory leak in probe teardown path (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620 (bsc#1012628). - drm/amdkfd: Fixed kfd_process cleanup on module exit (bsc#1012628). - net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites (bsc#1012628). - fbdev: nvidia: Fix potential divide by zero (bsc#1012628). - fbdev: intelfb: Fix potential divide by zero (bsc#1012628). - fbdev: lxfb: Fix potential divide by zero (bsc#1012628). - fbdev: au1200fb: Fix potential divide by zero (bsc#1012628). - tools/power turbostat: Fix /dev/cpu_dma_latency warnings (bsc#1012628). - tools/power turbostat: fix decoding of HWP_STATUS (bsc#1012628). - tracing: Fix wrong return in kprobe_event_gen_test.c (bsc#1012628). - btrfs: fix uninitialized variable warning in ... changelog too long, skipping 235 lines ... - commit f0487ac ==== kimageformats ==== - Add support for RAW image formats ==== libqt5-qtwebengine ==== - Add patch to fix build with GCC 13 (boo#1207469): * 0001-Fixes-for-building-with-GCC-13.patch ==== mozilla-nss ==== Version update (3.88.1 -> 3.89) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.89 * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase * bmo#1820175 - PR_STATIC_ASSERT is cursed * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1820175 - Fix unreachable code warning in fuzz builds * bmo#1820175 - Fix various compiler warnings in NSS * bmo#1820175 - Enable various compiler warnings for clang builds * bmo#1815136 - set PORT error after sftk_HMACCmp failure * bmo#1767883 - Need to add policy control to keys lengths for signatures * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt * bmo#1804660 - Make high tag number assertion failure an error * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello * bmo#1789436 - Fix build failure on Windows * bmo#1811337 - migrate Win 2012 tasks to Azure * bmo#1810702 - fix title length in doc * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite * bmo#1570615 - Add presence/absence tests for TLS GREASE * bmo#1804688 - Correct addition of GREASE value to ALPN xtn * bmo#1789436 - CH extension permutation * bmo#1570615 - TLS GREASE (RFC8701) * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 ==== mozjs102 ==== Version update (102.9.0 -> 102.10.0) - Update to version 102.10.0: + Various security fixes. + CVE-2023-29531: Out-of-bound memory access in WebGL on macOS + CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass + CVE-2023-29533: Fullscreen notification obscured + MFSA-TMP-2023-0001: Double-free in libwebp + CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction + CVE-2023-29536: Invalid free from JavaScript code + CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download + CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux + CVE-2023-29542: Bypass of file download extension restrictions + CVE-2023-29545: Windows Save As dialog resolved environment variables + CVE-2023-1945: Memory Corruption in Safe Browsing Code + CVE-2023-29548: Incorrect optimization result on ARM64 + CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 - Replace clang-devel and llvm-devel with clang and llvm-gold BuildRequires. ==== runc ==== Version update (1.1.5 -> 1.1.6) - Update to runc v1.1.6. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.6>. ==== rust-keylime ==== Version update (0.2.0+git.1677691779.f7edd9a -> 0.2.0+git.1681223954.646cf61) Subpackages: keylime-ima-policy - Update to version 0.2.0+git.1681223954.646cf61: * Allow setting measured boot log path for testing * build(deps): bump base64 from 0.13.1 to 0.21.0 * build(deps): bump wiremock from 0.5.14 to 0.5.18 * Build Fedora and CentOS packages on Copr using packit * build(deps): bump serde_json from 1.0.91 to 1.0.95 * build(deps): bump actix-rt from 2.7.0 to 2.8.0 * build(deps): bump base64 from 0.13.1 to 0.21.0 * build(deps): bump serde from 1.0.147 to 1.0.159 * build(deps): bump glob from 0.3.0 to 0.3.1 * Add missing test from keylime testsuite to e2e plan * Fix typo in name of test for generating coverage * build(deps): bump thiserror from 1.0.38 to 1.0.40 * build(deps): bump base64 from 0.13.1 to 0.21.0 * build(deps): bump actix-web from 4.2.1 to 4.3.1 * build(deps): bump serde from 1.0.145 to 1.0.147 * build(deps): bump libc from 0.2.139 to 0.2.140 * build(deps): bump futures from 0.3.25 to 0.3.27 * build(deps): bump reqwest from 0.11.12 to 0.11.15 * build(deps): bump config from 0.13.2 to 0.13.3 * build(deps): bump openssl from 0.10.45 to 0.10.48 * build(deps): bump tokio from 1.24.2 to 1.26.0 * Cargo: Update tempfile to 3.4.0 version ==== snapper ==== Subpackages: libsnapper6 snapper-zypp-plugin - fixed error message (gh#openSUSE/snapper#801) ==== vim ==== Version update (9.0.1430 -> 9.0.1443) Subpackages: vim-data vim-data-common vim-small xxd - Updated to version 9.0.1443, fixes the following problems * Livebook files are not recognized. * getscriptinfo() loops even when specific SID is given. * Completion popup in wrong position with virtual text "above". * On some systems the Lua library is not found. * Crash when adding package already in 'runtimepath'. * Scrolling too many lines when 'wrap' and 'diff' are set. * Cannot compare a typed variable with v:none. * Test fails with different error number. * .fs files are falsely recognized as forth files. * Start Insert mode when accessing a hidden prompt buffer. * "rvim" can execute a shell through :diffpatch. * mapset() does not restore non-script context. * Ending Insert mode when accessing a hidden prompt buffer. ==== yast2-pkg-bindings ==== Version update (4.6.0 -> 4.6.1) - Pkg.TargetInitializeOptions() - added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - 4.6.1 ==== yast2-update ==== Version update (4.6.0 -> 4.6.1) - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) - 4.6.1