Packages changed: Mesa Mesa-drivers MozillaFirefox (108.0.2 -> 109.0) container-selinux (2.188.0 -> 2.198.0) crash ctags ddclient fwupd git (2.39.0 -> 2.39.1) gnome-software highway (1.0.2 -> 1.0.3) icewm (3.2.2 -> 3.3.0) iptables (1.8.8 -> 1.8.9) kernel-firmware libeconf (0.5.0 -> 0.5.1) libinput (1.22.0 -> 1.22.1) libksane libreoffice (7.4.3.2 -> 7.4.4.2) libspectre (0.2.11 -> 0.2.12) libxmlb libzypp-plugin-appdata (1.0.1+git.20220816 -> 1.0.1+git.20230117) llvm15 (15.0.6 -> 15.0.7) mozilla-nss (3.85 -> 3.86) mozjs102 (102.6.0 -> 102.7.0) multipath-tools netpbm rubygem-ruby-dbus (0.18.1 -> 0.19.0) salt tcpdump (4.99.2 -> 4.99.3) thunar (4.18.2 -> 4.18.3) tpm2-0-tss translation-update xfce4-notifyd (0.6.5 -> 0.7.1) xfce4-whiskermenu-plugin (2.7.1 -> 2.7.2) xfdesktop (4.18.0 -> 4.18.1) xfsprogs (6.1.0 -> 6.1.1) yast2 (4.5.21 -> 4.5.22) yast2-network (4.5.11 -> 4.5.12) zlib (1.2.12 -> 1.2.13) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add support for Rusticl - Mesa's new OpenCL implementation. * See https://docs.mesa3d.org/rusticl You will need to set your environment to use it * See https://docs.mesa3d.org/envvars#rusticl-environment-variables - Compile with gcc12 on Leaps: building drivers fails with: /usr/include/dxguids/dxguids.h:70:1: internal compiler error: in cxx_eval_bit_field_ref, at cp/constexpr.c:2578 - Fix some deprecation warnings * WARNING: option "false" deprecated, please use "disabled" instead. * WARNING: option "true" deprecated, please use "enabled" instead. ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - Add support for Rusticl - Mesa's new OpenCL implementation. * See https://docs.mesa3d.org/rusticl You will need to set your environment to use it * See https://docs.mesa3d.org/envvars#rusticl-environment-variables - Compile with gcc12 on Leaps: building drivers fails with: /usr/include/dxguids/dxguids.h:70:1: internal compiler error: in cxx_eval_bit_field_ref, at cp/constexpr.c:2578 - Fix some deprecation warnings * WARNING: option "false" deprecated, please use "disabled" instead. * WARNING: option "true" deprecated, please use "enabled" instead. ==== MozillaFirefox ==== Version update (108.0.2 -> 109.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 109.0 MFSA 2023-01 (bsc#1207119) * CVE-2023-23597 (bmo#1538028) Logic bug in process allocation allowed to read arbitrary files * CVE-2023-23598 (bmo#1800425) Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599 (bmo#1777800) Malicious command could be hidden in devtools output on Windows * CVE-2023-23600 (bmo#1787034) Notification permissions persisted between Normal and Private Browsing on Android * CVE-2023-23601 (bmo#1794268) URL being dragged from cross-origin iframe into same tab triggers navigation * CVE-2023-23602 (bmo#1800890) Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers * CVE-2023-23603 (bmo#1800832) Calls to console.log allowed bypasing Content Security Policy via format directive * CVE-2023-23604 (bmo#1802346) Creation of duplicate SystemPrincipal from less secure contexts * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974) Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201, bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393, bmo#1804626, bmo#1804971, bmo#1807004) Memory safety bugs fixed in Firefox 109 - requires NSS 3.86 - rebased patches ==== container-selinux ==== Version update (2.188.0 -> 2.198.0) - Update to version 2.198.0: * Fix spc_t transition rules on tmpfs_t - Changes from 2.197.0: * Add boolean containers_use_ecryptfs policy - Changes from 2.195.1: * Readd missing allow rules for container_t - Changes from 2.194.0: * Allow syslogd_t to use tmpfs files created by container runtime - Changes from 2.193.0: * Allow containers to mount tmpfs_t file systems * Label spc_t as a init initrc daemon * Allow userdomains to run containers - Changes from 2.191.0: * Create container_logwriter_t type - Changes from 2.190.1: * Support BuildKit * container.fc: Set label for kata-agent * support nerdctl - Changes from 2.190.0: * Packit: initial enablement * Allow iptables to list directories labeled as container_file_t - Changes from 2.189.0: * Dont audit searching other processes in /proc. ==== crash ==== - Added crash-trace-2021-02-08.tar.bz2 and modified project to create the crash-trace package. If installed with crash installed the extension can be used for diagnosing kernel trace data. ==== ctags ==== - CVE-2022-4515.patch: fixes arbitrary command execution via a tag file with a crafted filename (bsc#1206543, CVE-2022-4515) - Stop resetting ctags update-alternative priority back to auto. These are admin settings. - Remove u-a links in the correct scriptlet ==== ddclient ==== - Add curl as BuildRequires/Requires to be able to use the '-curl' option (eg. in DDCLIENT_OPTIONS in /etc/sysconfig/ddclient). ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Fix error generating grub.cfg when an update is available. + uefi-capsule-Do-not-call-grub2-probe-without-argumen.patch ==== git ==== Version update (2.39.0 -> 2.39.1) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.39.1, fixing two security issues that could allow remote code execution when accessing specially crafted repositories: * CVE-2022-41903: log format integer overflow boo#1207033 * CVE-2022-23521: gitattributed parsing integer overflow boo#1207032 ==== gnome-software ==== Subpackages: gnome-software-lang gnome-software-plugin-packagekit - Also add download.opensuse.org-non-oss (NON-OSS repo) download.opensuse.org-oss (OSS repo), and download.opensuse.org-tumbleweed (Update repo) to software-opensuse.gschema.override, declaring them also official repositories (the names match the ones picked by the NET installer). ==== highway ==== Version update (1.0.2 -> 1.0.3) - Update to release 1.0.3 * Add RearrangeToOddPlusEven, Xor3, 8-bit CompressStore, HWY_ASSUME * Add contrib/bit_pack for 8/16-bit lanes * Update for new RVV intrinsics; faster WASM min/max and extmul/q15mul ==== icewm ==== Version update (3.2.2 -> 3.3.0) Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite - Update to 3.3.0: * Prevent a derefence of a null-Pixel in xftColor. * Add "getClass" and "setClass" commands to icesh. * Support tabs in task grouping. * Use spaces instead of dots when printing WM_COMMAND. * When a focused window hides or rolls up, focus some other window. * When looking for a focusable window, avoid rolled up windows. * Fix for setting focus on passive motif dialogs * Fallback to rolled up windows in the second pass of getLastFocus. * Use CurrentTime when setting focus to a passive client in the timeout. * On icon not found, report dimensions. * Don't refocus a focused window in focusLastWindow. * Don't activate an active window when receiving an activation message. * Ignore duplicate map requests. * Let icesh implicitly select windows at most once. * Add support for nanosvg for issue #695. * Add preference ToolTipIcon=1 for issue #637. * Add nanosvg to .gitignore. * Remove unneeded logevent from icesh. - Remove unknown options from configure - Rebase icewm-preferences.patch - update to 3.2.3: * Only freeze the task pane layout when a button was removed, * which fixes the KeySysWorkspaceNext+Prev+Last bug. * Ensure that a task button is updated once it is mapped, * which prevents stale task button titles. * Show a big icon in the tooltip of a toolbar button and the tray. * All of the winoptions are now fully tab-aware. * More documentation about tabbing in the icewm manpage. * Document the "workspace" directory for icons on workspace buttons. * Add "loadicon" and "saveicon" commands to icesh. * Updated translations: Catalan, Dutch, Slovak, Japanese, * Portuguese + Brazil, Macedonian. ==== iptables ==== Version update (1.8.8 -> 1.8.9) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Update to release 1.8.9 * arptables-nft: Support --exact flag * Support more chunk types in the "sctp" extension * Print `--` in ip6tables' "opt" column for consistency with iptables * More verbose error messages if iptables-nft-restore fails * Support `-p Length` with ebtables-nft, needed for 802_3 extension. ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Correct alias list for ACPI entries (bsc#1207211) ==== libeconf ==== Version update (0.5.0 -> 0.5.1) Subpackages: libeconf0 libeconf0-32bit - Update to version 0.5.1: * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless there is a /etc/_example_._suffix_ file. (#175) ==== libinput ==== Version update (1.22.0 -> 1.22.1) Subpackages: libinput-udev libinput10 - Update to release 1.22.1: * This version includes quirks for laptops from Apple and Dell, as well as for the Glorious Model 0 mouse. It also backports a meson fix for use of libinput as subproject and a fix for libinput debug-events not flushing the output, resulting in truncated information. * Finally, the tablet touch arbitration rectangle was increased by 50mm in both directions to reduce the number of misdetected touches. - Use ldconfig_scriptlets macro for post(un) handling. ==== libksane ==== Subpackages: libKF5Sane5 libksane-lang - Add patch to avoid -devel depending on KSaneCore: * 0001-Don-t-search-for-KSane-Core-in-KF5SaneConfig.patch ==== libreoffice ==== Version update (7.4.3.2 -> 7.4.4.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.4.4.2: https://wiki.documentfoundation.org/Releases/7.4.4/RC2 https://wiki.documentfoundation.org/Releases/7.4.4/RC1 - Updated bundled dependencies: * poppler-22.09.0.tar.xz -> poppler-22.12.0.tar.xz ==== libspectre ==== Version update (0.2.11 -> 0.2.12) - update to 0.2.12: * This is another bugfix only release in the libspectre's 0.2 series. * Fix exporting to PDF with newer ghostscript (Albert Astals Cid) ==== libxmlb ==== - build hwcaps optimized libraries ==== libzypp-plugin-appdata ==== Version update (1.0.1+git.20220816 -> 1.0.1+git.20230117) - Update to version 1.0.1+git.20230117: * InstallAppdata: use subprocess.run instead of os.system (CVE-2023-22643) - Update to version 1.0.1+git.20220909: * Add dist directory, for openSUSE packaging ==== llvm15 ==== Version update (15.0.6 -> 15.0.7) Subpackages: clang-tools clang15 libLLVM15 libclang-cpp15 libclang13 llvm15-gold - Update to version 15.0.7. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. - Build stage 2 with -fno-plt on x86_64: since building with - Wl,-z,now the PLT stubs are basically dead code, so eliminating the indirection reduces the number of branches and improves code locality for the quite frequent cross-DSO calls. - Add llvm-workaround-superfluous-branches.patch: hints LLVM to eliminate branches until gh#llvm/llvm-project#28804 is solved. ==== mozilla-nss ==== Version update (3.85 -> 3.86) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.86 * bmo#1803190 - conscious language removal in NSS * bmo#1794506 - Set nssckbi version number to 2.60 * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS * bmo#1797559 - Remove EC-ACC root cert from NSS * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS * bmo#1794495 - Remove Network Solutions Certificate Authority * bmo#1802331 - compress docker image artifact with zstd * bmo#1799315 - Migrate nss from AWS to GCP * bmo#1800989 - Enable static builds in the CI * bmo#1765759 - Removing SAW docker from the NSS build system * bmo#1783231 - Initialising variables in the rsa blinding code * bmo#320582 - Implementation of the double-signing of the message for ECDSA * bmo#1783231 - Adding exponent blinding for RSA. ==== mozjs102 ==== Version update (102.6.0 -> 102.7.0) - Update to version 102.7.0: + Various stability, functionality, and security fixes. + CVE-2022-46871: libusrsctp library out of date. + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux. + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows. + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation. + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. + CVE-2022-46877: Fullscreen notification bypass. + CVE-2023-23603: Calls to console.log allowed bypasing Content Security Policy via format directive. + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7. ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Fix "rpm --verify" (bsc#1207232) ==== netpbm ==== Subpackages: libnetpbm11 - Drop patch big-endian.patch, already in upstream since 10.87.00 ==== rubygem-ruby-dbus ==== Version update (0.18.1 -> 0.19.0) - 0.19.0 API: * Added a ObjectManager mix-in to implement the service-side ObjectManager interface. Bug fixes: * dbus_attr_accessor and friends validate the signature * (gh#mvidner/ruby-dbus#120). * Declare the Introspectable interface in exported * objects (gh#mvidner/ruby-dbus#99). * Do reply with an error when calling a nonexisting object with an existing path prefix (gh#mvidner/ruby-dbus#121). ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Control the collection of lvm grains via config (bsc#1204939) - Added: * control-the-collection-of-lvm-grains-via-config.patch ==== tcpdump ==== Version update (4.99.2 -> 4.99.3) - update to 4.99.3: * Updated printers: PTP: Use the proper values for the control field and print un-allocated values for the message field as "Reserved" instead of "none". * Source code: smbutil.c: Replace obsolete function call (asctime) * Documentation: Reformat the installation notes (INSTALL.txt) in Markdown. Convert CONTRIBUTING to Markdown. CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. Add a README file for NetBSD. Fix CMake build to set man page section numbers in tcpdump.1 ==== thunar ==== Version update (4.18.2 -> 4.18.3) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.18.3: * Prevent critical when changing directory (gxo#xfce/thunar#1014) * Keep hidden toolbar hidden after Ctrl+L (gxo#xfce/thunar#1011) * Prevent jumping cursor on file deletion (gxo#xfce/thunar#910) * Prevent Critical when file counting is enabled * Properly handle resident thunar plugins (gxo#xfce/thunar#1007) * Translation Updates ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tctildr0 - add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large RC values passed to the TSS2 function could lead to memory overread or memory overread. This patch is not yet part of any upstream git tag. ==== translation-update ==== Subpackages: translation-update-cs translation-update-da translation-update-de translation-update-el translation-update-en_GB translation-update-es translation-update-fr translation-update-hu translation-update-it translation-update-ja translation-update-pl translation-update-pt translation-update-pt_BR translation-update-ru translation-update-zh_CN translation-update-zh_TW - Update translation list (add az, ms and oc). ==== xfce4-notifyd ==== Version update (0.6.5 -> 0.7.1) Subpackages: xfce4-notifyd-lang - Update to 0.7.1: * Fix incorrect usage of XDT_CHECK_OPTIONAL_PACKAGE * Properly validate markup * Update glade file to remove use of deprecated properties * Support the 'action-icons' hint * Add support for notification sounds * Clean up notification ID storage * Return replaces_id if provided * Remove xfconf prop name define duplication * Add ability to disallow certain apps to send critical notifications * Add a context menu that allows individual known application deletion * Fix a slide-out loop when the mouse pointer is in the way * Add option to hide panel button when no unread notifications * Remove more pre-GTK-3.22 guards * Bump GTK minimum to 2.22 and remove/ifdef X11-isms * Support Wayland * Don't set a nonsensical icon name * Clean up xfce_notify_window_set_icon_pixbuf() * xfce_notify_window_set_icon_pixbuf() shouldn't take ownership * Move urgency hint fetch inside check for correct type * DRY up the configuration handling * Add pref to show summary & body with gauge values * Update glade file to latest version * settings: Disable single click to mute apps (gxo#apps/xfce4-notifyd#5) * Do not treat zero expiration time as urgent * Add compile_flags.txt generation * Fix incorrect icon name for preview notification * Fix blurry icons when UI scale factor > 1 * build: Let xdt-depends.m4 macros set GLib macros * Translation Updates ==== xfce4-whiskermenu-plugin ==== Version update (2.7.1 -> 2.7.2) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.7.2 * Fix missing version number * Fix memory leak when adding launchers to panel * Fix skipping first treeview item when switching modes * Fix clipping when changing application icon size * Fix missing NULL checks with String class * Use Thunar for adding launchers to desktop * Translation Updates ==== xfdesktop ==== Version update (4.18.0 -> 4.18.1) Subpackages: xfdesktop-lang - Update to version 4.18.1: * Load removable volume information asynchronously * Fix apps menu not popping up when menu icons disabled * Translation Updates ==== xfsprogs ==== Version update (6.1.0 -> 6.1.1) Subpackages: libhandle1 xfsprogs-scrub - update to 6.1.1: - scrub: fix warnings/errors due to missing include - debian: Add missing pkg version to the changelog ==== yast2 ==== Version update (4.5.21 -> 4.5.22) Subpackages: yast2-logs - Replace transitional %usrmerged macro with regular version check (boo#1206798) - 4.5.22 ==== yast2-network ==== Version update (4.5.11 -> 4.5.12) - Copy only the specific backend configuration to the target system having a clean installation (bsc#1206723) - 4.5.12 ==== zlib ==== Version update (1.2.12 -> 1.2.13) Subpackages: libminizip1 libz1 zlib-devel - Update to 1.13: * Fix configure issue that discarded provided CC definition * Correct incorrect inputs provided to the CRC functions * Repair prototypes and exporting of new CRC functions * Fix inflateBack to detect invalid input with distances too far * Have infback() deliver all of the available output up to any error * Fix a bug when getting a gzip header extra field with inflate() * Fix bug in block type selection when Z_FIXED used * Tighten deflateBound bounds * Remove deleted assembler code references * Various portability and appearance improvements - Added patches: * zlib-1.2.13-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.13-fix-bug-deflateBound.patch * zlib-1.2.13-optimized-s390.patch - Refreshed patches: * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-s390-vectorize-crc32.patch - Removed patches: * zlib-1.2.12-fix-configure.patch * zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.12-optimized-crc32-power8.patch * zlib-1.2.12-correct-inputs-provided-to-crc-func.patch * zlib-1.2.12-fix-CVE-2022-37434.patch * zlib-1.2.11-optimized-s390.patch