Packages changed: MozillaFirefox (109.0.1 -> 110.0.1) SDL2 babl (0.1.98 -> 0.1.102) cpupower (6.1.12 -> 6.2.1) discover elfutils (0.188 -> 0.189) elfutils-debuginfod (0.188 -> 0.189) gegl (0.4.40 -> 0.4.42) gimp kdump (1.0.2+git46.g755f3a3 -> 1.0.2+git50.g4b01402) krb5 libhugetlbfs libstorage-ng (4.5.74 -> 4.5.76) pcsc-lite polkit-default-privs (1550+20221102.9f111fa -> 1550+20230303.7726e9f) python310 (3.10.9 -> 3.10.10) python310-core (3.10.9 -> 3.10.10) util-linux util-linux-systemd zlib === Details === ==== MozillaFirefox ==== Version update (109.0.1 -> 110.0.1) Subpackages: MozillaFirefox-translations-common - Fix 32 bit build bmo#1810584 add mozilla-bmo1810584.patch - Mozilla Firefox 110.0.1 boo#1208886 * Fixed clearing recent cookies clears all cookies (bmo#1816279) * Fixed WebGL crashes on Linux when ran inside a VMWare virtual machine (bmo#1807942) * Fixed a bug with CSP serialization causing bugs with the MitID Digital ID in Denmark (Bug 1819096) - Mozilla Firefox 110.0 * https://www.mozilla.org/en-US/firefox/110.0/releasenotes MFSA 2023-05 (bsc#1208144) * CVE-2023-25728 (bmo#1790345) Content security policy leak in violation reports using iframes * CVE-2023-25730 (bmo#1794622) Screen hijack via browser fullscreen mode * CVE-2023-25743 (bmo#1800203) Fullscreen notification not shown in Firefox Focus * CVE-2023-0767 (bmo#1804640) Arbitrary memory write via PKCS 12 in NSS * CVE-2023-25735 (bmo#1810711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-25737 (bmo#1811464) Invalid downcast in SVGUtils::SetupStrokeGeometry * CVE-2023-25738 (bmo#1811852) Printing on Windows could potentially crash Firefox with some device drivers * CVE-2023-25739 (bmo#1811939) Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * CVE-2023-25729 (bmo#1792138) Extensions could have opened external schemes without user knowledge * CVE-2023-25732 (bmo#1804564) Out of bounds memory write from EncodeInputStream * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338) Opening local .url files could cause unexpected network loads * CVE-2023-25740 (bmo#1812354) Opening local .scf files could cause unexpected network loads * CVE-2023-25731 (bmo#1801542) Prototype pollution when rendering URLPreview * CVE-2023-25733 (bmo#1808632) Possible null pointer dereference in TaskbarPreviewCallback * CVE-2023-25736 (bmo#1811331) Invalid downcast in GetTableSelectionMode * CVE-2023-25741 (bmo#1437126, bmo#1812611, bmo#1813376) Same-origin policy leak via image drag and drop * CVE-2023-25742 (bmo#1813424) Web Crypto ImportKey crashes tab * CVE-2023-25744 (bmo#1789449, bmo#1803628, bmo#1810536) Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 * CVE-2023-25745 (bmo#1688592, bmo#1797186, bmo#1804998, bmo#1806521, bmo#1813284) Memory safety bugs fixed in Firefox 110 - requires NSS = 3.87 rust/cargo = 1.66 - update create-tar.sh ==== SDL2 ==== - Use current keymap on console (https://github.com/libsdl-org/SDL/pull/7400 ) + 0001-Cleanup-add-brace-6545.patch + 0002-Update-for-SDL3-coding-style-6717.patch + 0003-Clang-Tidy-fixes-6725.patch + 0004-evdev_kbd-Use-current-keymap.patch ==== babl ==== Version update (0.1.98 -> 0.1.102) - update to 0.1.102: * LUT code-paths now disabled by default. * Stop double processing with LUT+normal fishes. * Support for non-ASCII characters in file paths on windows. Improved wrap build support. ==== cpupower ==== Version update (6.1.12 -> 6.2.1) Subpackages: cpupower-bash-completion cpupower-lang libcpupower0 - Add wildcard for powercap.h since powercap patches have reached mainline - Build bash-completion noarch ==== discover ==== Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Add patch to fix some pages not loading (kde#466765): * 0001-pk-Don-t-forget-to-finish-streams.patch ==== elfutils ==== Version update (0.188 -> 0.189) Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Update to version 0.189: * configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols when linked with libstdc++. Use --disable-demangler to disable. A new option --enable-sanitize-memory has been added for msan sanitizer support. * libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against libzstd * libdwfl: dwfl_module_return_value_location now returns 0 (no return type) for DIEs that point to a DW_TAG_unspecified_type. * elfcompress: -t, --type= now support zstd if libelf has been build with ELFCOMPRESS_ZSTD support. * backends: Add support for LoongArch and Synopsys ARCv2 processors. - drop upsteam patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch * support-DW_TAG_unspecified_type.patch - Enable -Werror=use-after-free again. - Drop 0005-backends-Add-RISC-V-object-attribute-printing.patch, never intented to be added ==== elfutils-debuginfod ==== Version update (0.188 -> 0.189) Subpackages: debuginfod-profile libdebuginfod1 - Update to version 0.189: * configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols when linked with libstdc++. Use --disable-demangler to disable. A new option --enable-sanitize-memory has been added for msan sanitizer support. * libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against libzstd * libdwfl: dwfl_module_return_value_location now returns 0 (no return type) for DIEs that point to a DW_TAG_unspecified_type. * elfcompress: -t, --type= now support zstd if libelf has been build with ELFCOMPRESS_ZSTD support. * backends: Add support for LoongArch and Synopsys ARCv2 processors. - drop upsteam patches: * elfutils-0.188-CURLOPT_PROTOCOLS_STR.patch * elfutils-0.188-CURL_AT_LEAST_VERSION.patch * elfutils-0.188-deprecated-CURLINFO.patch * support-DW_TAG_unspecified_type.patch - Enable -Werror=use-after-free again. ==== gegl ==== Version update (0.4.40 -> 0.4.42) Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Update to version 0.4.42: + Operations: - raw-load: add conditional support for 0.21.0 API. - rgb-clib: improved ui-ranges. - perlin, mosiac, c2g, long-shadow: small cleanups. - gif-load: update vendored dependency, including code updates. + Build: Keeping up with babl. - Drop 133.patch: Fixed upstream. - Add boolean pkgconfig(babl-0.1) BuildRequires following upstream changes. ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 - Add boolean pkgconfig(babl-0.1) BuildRequires, allow build with new version of babl. ==== kdump ==== Version update (1.0.2+git46.g755f3a3 -> 1.0.2+git50.g4b01402) - add calibrate values for Leap 15.5 - revert back to using rd.neednet=1 to enable network (bsc#1206015) - kdumptool calibrate: add even more margin to reservation calculations (bsc#1207061) - don't skip infiniband interfaces (bsc#1186745) (not a complete fix, requires a patch in dracut as well) ==== krb5 ==== Subpackages: krb5-32bit krb5-client - Migration of PAM settings to /usr/lib/pam.d ==== libhugetlbfs ==== - Drop tests from rpm (boo#1159558) ==== libstorage-ng ==== Version update (4.5.74 -> 4.5.76) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#914 - use some actions for different objects - more defensive programming - 4.5.76 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.75 ==== pcsc-lite ==== Subpackages: libpcsclite1 - add a 32 bit -devel package for use by wine development with wine 8.3 ==== polkit-default-privs ==== Version update (1550+20221102.9f111fa -> 1550+20230303.7726e9f) - Update to version 1550+20230303.7726e9f: * tuned: incremental addition of new acquire_devices method (bsc#1208727) ==== python310 ==== Version update (3.10.9 -> 3.10.10) Subpackages: python310-curses python310-dbm python310-tk - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ==== python310-core ==== Version update (3.10.9 -> 3.10.10) Subpackages: libpython3_10-1_0 python310-base - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ==== util-linux ==== Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang - Fix comments bleeding into rpm scriptlets. /sbin/ldconfig does not take any parameters and thus we must not have content in the script body. Use %dnl to properly mark the comments as 'rpm comments' (boo#1208963). - added patches agetty: don't ignore --noclear when re-print issue file https://github.com/util-linux/util-linux/commit/0c0fb46dcef6c63c74094486e499e376fdb33a04.diff [bsc#1194322] + util-linux-honor-noclear-when-reprint-issue.patch ==== util-linux-systemd ==== - Fix comments bleeding into rpm scriptlets. /sbin/ldconfig does not take any parameters and thus we must not have content in the script body. Use %dnl to properly mark the comments as 'rpm comments' (boo#1208963). - added patches agetty: don't ignore --noclear when re-print issue file https://github.com/util-linux/util-linux/commit/0c0fb46dcef6c63c74094486e499e376fdb33a04.diff [bsc#1194322] + util-linux-honor-noclear-when-reprint-issue.patch ==== zlib ==== Subpackages: libminizip1 libz1 - avoid buildcycle with krb5 (in sle15+ - jsc#PED-3641) - skip hwcaps subpackage building for -static subpackage - build with glibc hwcaps optimized libs