Packages changed: GraphicsMagick (1.3.42 -> 1.3.43) MozillaFirefox (123.0.1 -> 124.0.1) cppcheck (2.13.3 -> 2.13.4) createrepo_c (1.0.2 -> 1.1.0) ell (0.62 -> 0.63) emacs (29.2 -> 29.3) kdbg (3.0.1 -> 3.1.0) libX11 (1.8.7 -> 1.8.8) libXmu (1.1.4 -> 1.2.0) libcddb libpciaccess (0.18 -> 0.18.1) libxkbcommon (1.6.0 -> 1.7.0) libzypp (17.31.31 -> 17.32.0) llvm18 (18.1.1 -> 18.1.2) mozilla-nss (3.97 -> 3.98) openSUSE-build-key openSUSE-release (20240322 -> 20240325) perl-Mail-SPF (2.9.0 -> 3.202.402.60) python-httpcore (1.0.2 -> 1.0.4) python-pycairo (1.25.1 -> 1.26.0) python311 python311-core sdbootutil (1+git20240320.8b35615 -> 1+git20240321.04bfbac) shadow (4.15.0 -> 4.15.1) snappy timezone tree-sitter (0.20.8 -> 0.22.2) xdm (1.1.14 -> 1.1.15) xf86-video-nv (2.1.22 -> 2.1.23) xf86-video-savage (2.4.0 -> 2.4.1) yast2-trans (84.87.20240317.9b1b5b2b95 -> 84.87.20240324.ae2a0736e6) zypper (1.14.68 -> 1.14.70) === Details === ==== GraphicsMagick ==== Version update (1.3.42 -> 1.3.43) Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - version update to 1.3.43 Bug fixes: * JBIG: Add support for 'width', 'height', and 'pixels', resource limits. Your mileage may vary. * WPG: Many fixes based on oss-fuzz testing. * Ghostscript: When invoking Ghostscript, re-direct Ghostscript stdout to stderr to avoid output corruption when GM stdout is redirected to a file. New Features: * File write limit: Add support for a per-file write limit (-limit write or MAGICK_LIMIT_WRITE). This imposes a limit on the number of uncompressed bytes written. The behavior when the limit is hit is similar to an unexpected write error, as if the disk is full. * Resource limit highwater: Resource highwater values are maintained for successful resource requests and final values are traced via -debug resource' at the end of program execution. These values may be used to understand the most restrictive resource limits which may be applied while still achieving successful operation. * BMP: Support BI_PNG compression (PNG inside BMP). * BMP: Support reading 64 bits-per-pixel. * BMP: Support reading 48 bits-per-pixel. * HEIF: Call heif_init() and heif_deinit() if they are available. Support setting image width limit. * HRZ: Added support for Slow scan TV format. * JPEG: Added support for reading and writing lossy or lossless 12 bits, and lossless 16-bits using libjpeg-turbo-3.0 * JXL: Improve JXL reader/writer exception information. * TIFF: Remove miniswhite/minisblack prohibitions when using Group3 and Group4 compression in order to allow using inverted photometric from the standard. * TIFF: Store EXIF IFD and GPS IFD tag information natively in TIFF sub-IFDs, the same as it would be produced in a camera supporting TIFF. This allows an EXIF profile from HEIF, JPEG, JXL, PNG, WebP, or from the META coder to be preserved in TIFF. API Updates: * ExpandFilenames(): Fix memory leak of existing allocations if realloc() fails. - modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed) ==== MozillaFirefox ==== Version update (123.0.1 -> 124.0.1) - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2613 (bmo#1875701) Improper handling of QUIC ACK frame data could have led to OOM * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438) Memory safety bugs fixed in Firefox 124 - requires NSS = 3.98 rust-cbindgen >= 0.26 ==== cppcheck ==== Version update (2.13.3 -> 2.13.4) - update to 2.13.4: * Speedup premium misra checking ==== createrepo_c ==== Version update (1.0.2 -> 1.1.0) Subpackages: libcreaterepo_c1 python3-createrepo_c - update to 1.1.0: * add --no-pretty option to reduce metadata size * align compression level for zck * restore compatibilty with libxml2 2.12.0 * restore default to pretty_print in mergerepo_c and modifyrepo_c * add tests ==== ell ==== Version update (0.62 -> 0.63) - Update to version 0.63 * Fix issue with handling ending boundary of the PEM. ==== emacs ==== Version update (29.2 -> 29.3) Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Update to GNU Emacs version 29.3 which is an emergency bugfix release intended to fix several security vulnerabilities described below. * Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code. * New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution. * Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer. * LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value. * Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'. - Port patch emacs-24.4-ps-bdf.patch ==== kdbg ==== Version update (3.0.1 -> 3.1.0) - Update to 3.1.0 Enhancements: * The disassembly flavor to be used for the display of disassembled code can be selected. The setting is per program. Thanks to Petros Siligkounas. * The break ("pulse") button now shows help text. Bug Fixes: * Icons of certain actions were missing, which has been fixed, most importantly of the Open Executable action * The value parser no longer chokes on references to incomplete types, which caused a truncated list in the Variables window. Development Support: * Many modernizations took place so that the build procedure now reports far fewer deprecation warnings. Deprecation Notice: * XSL debugging support is no longer maintained and is now deprecated. It will be removed in a future release. ==== libX11 ==== Version update (1.8.7 -> 1.8.8) Subpackages: libX11-6 libX11-data libX11-xcb1 - update to 1.8.8 * Fix XIM input sometimes jumbled (#198, !236) * Fix _XkbReadGetDeviceInfoReply for nButtons == dev->buttons (!237) * Drop ifdefs for platforms that are no longer supported (!242, !243) * Assorted memory handling cleanups ==== libXmu ==== Version update (1.1.4 -> 1.2.0) Subpackages: libXmu6 libXmuu1 - Update to version 1.2.0 * This release raises the minimum version of libXt required to 1.1.0 (released in 2011), and for those builders who need to regenerate the autoconf files, raises the minimum version of autoconf required to 2.70 (released in 2020). ==== libcddb ==== - Add pointer-types.patch to fix compilation error with GCC 14 (bsc#1221698). ==== libpciaccess ==== Version update (0.18 -> 0.18.1) - Update to version 0.18.1 * meson: allow building static library, not just shared ==== libxkbcommon ==== Version update (1.6.0 -> 1.7.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.7 * Added early detection of invalid encodings and BOM for keymaps, rules & Compose. Also added a hint that the expected encoding must be UTF-8 compatible. * Updated keysyms using latest xorgproto (cd33097fc779f280925c6d6bbfbd5150f93ca5bc): For the sake of compatibility, this reintroduces some deleted keysyms and postpones the effective deprecation of others that had landed in xkbcommon 1.6.0. * Reverted removal of some XKB_KEYs and fixed inconsistencies in names. Details see upstream changelog. * ``xkbcli compile-compose``: added new CLI utility to test Compose files. * ``xkbcli interactive-evdev``: added a ``--verbose`` option. * ``xkbcli interactive-x11``: added support for Compose. * ``xkbcli interactive-wayland``: added support for Compose. ==== libzypp ==== Version update (17.31.31 -> 17.32.0) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Tests: fix vsftpd.conf where SUSE and Fedora use different defaults (fixes #522) - Add default stripe minimum (#529) - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config. - version 17.32.0 (32) - ProblemSolution::skipsPatchesOnly overload to handout the patches. - Remove https->http redirection exceptions for download.opensuse.org. - version 17.31.32 (22) ==== llvm18 ==== Version update (18.1.1 -> 18.1.2) Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold - Update to version 18.1.2. * This release contains bug-fixes for the LLVM 18.1.0 release. This release is API and ABI compatible with 18.1.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-normally-versioned-libllvm.patch - Prefer ld.bfd for now to get THP-compatible section layout. ==== mozilla-nss ==== Version update (3.97 -> 3.98) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value * bmo#1876390 - take ownership of ecckilla shims * bmo#1874458 - add valgrind annotations to freebl/ec.c * bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * bmo#1875965 - Update zlib to 1.3.1 - Add crypto-policies support [bsc#1211301] deactivated for now ==== openSUSE-build-key ==== - Requires(post): coreutils is missing * instead of adding it, change the post scriptlet: do not use touch, use shell redirection ==== openSUSE-release ==== Version update (20240322 -> 20240325) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== perl-Mail-SPF ==== Version update (2.9.0 -> 3.202.402.60) - Remove fix_pod.patch, fixed upstream - updated to 3.20240206 see /usr/share/doc/packages/perl-Mail-SPF/Changes ==== python-httpcore ==== Version update (1.0.2 -> 1.0.4) - update to 1.0.4: * Add `target` request extension. * Fix support for connection `Upgrade` and `CONNECT` when some data in the stream has been read. * Fix support for async cancellations. * Fix trace extension when used with socks proxy. * Fix SSL context for connections using the "wss" scheme ==== python-pycairo ==== Version update (1.25.1 -> 1.26.0) - update to 1.26.0: * Bump minimum required meson version from 0.56.0 to 0.64.0 * Various meson related cleanups :pr:`350` * Fix header file being installed to the wrong location with meson on some systems :pr:`350` * Adds a new ``wheel`` meson build option as preparation for meson-python support :pr:`350` :pr:`345` * Update dependencies (libpng, pixman, zlib) of the Windows wheels :pr:`358` * Various maintenance related updates :pr:`360` :pr:`359` :pr:`361` :pr:`362` ==== python311 ==== Subpackages: python311-curses python311-dbm - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. - Because of bsc#1189495 we have to revert use of %autopatch. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. - Because of bsc#1189495 we have to revert use of %autopatch. ==== sdbootutil ==== Version update (1+git20240320.8b35615 -> 1+git20240321.04bfbac) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240321.04bfbac: * Warning if make-policy do not register all PCRs ==== shadow ==== Version update (4.15.0 -> 4.15.1) Subpackages: libsubid4 login_defs - Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 - Drop shadow-4.15.0-fix-definition.patch ==== snappy ==== - Fix build with GTest 1.14.0 by using C++14, bsc#1221872 ==== timezone ==== - Unify SLE-15-SP6 and Factory packages (PED#8158). This is still related to bsc#1213470. We're applying this fix for SLE-15-SP6 too. This changelog entry is meant to bring over the SLE information, so the same package can be used for both code streams. - This patch has long been removed on Factory but was never mentioned explicitly, it was related to ticket bsc#1202310, a minor update to reflect Chile's DST change back in 2022. * bsc1202310.patch - Use /bin/sh for tzselect. Used to require bash for the 'select' builtin but has a fallback meanwhile so no need for explicit bash anymore. ==== tree-sitter ==== Version update (0.20.8 -> 0.22.2) - Add packaging macros for tree-sitter grammar - Add missing dependency for tree-sitter generate - Update to version 0.22.2: * fix(lib): allow hiding symbols * feat(lib): implement Display for Node * test: fix header writes * chore: turbofish styling * feat(cli)!: add a separate build command to compile parsers * ci: simplify workflows * docs(license): update year * fix(lib): avoid possible UB of calling memset on a null ptr when 0 is passed into `array_grow_by` * fix(lib): makefile installation - Update _service file * replace obsoleted mode "disabled" with "manual" * use download_files instead of performing scm ==== xdm ==== Version update (1.1.14 -> 1.1.15) - Update to release 1.1.15 * This release fixes a failure to build with the upcoming gcc 14, cleans up several other compiler warnings, fixes a bug in the generation of the xdm.service file for systemd, and removes a lot of dead code checks for platforms & features that have not been supported since the conversion from Imake to autoconf in 2005. - supersedes u_gcc14-fix.patch ==== xf86-video-nv ==== Version update (2.1.22 -> 2.1.23) - Update to version 2.1.23 * gitlab CI: stop requiring Signed-off-by in commits * Remove "All rights reserved" from Oracle copyright notices * gitlab CI: ensure libtool is installed in build container * Don't call xf86DisableRandR in ABI_VIDEODRV_VERSION 24 & later * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * Add X.Org's standard C warning flags to AM_CFLAGS * Fix 4 -Wdiscarded-qualifiers warnings * Fix warning: ‘NVDMAKickoffCallback’ defined but not used [-Wunused-function] * Fix warning: ‘NVPatternROP’ defined but not used [-Wunused-const-variable=] * Fix -Wdiscarded-qualifiers warning in G80PreInit * Fix warning: no previous prototype for ‘G80ExaInit’ [-Wmissing-prototypes] * riva_hw.c: Ensure ABS macro expands correctly * fix nv on powerpc * treewide: #if -> #ifdef ==== xf86-video-savage ==== Version update (2.4.0 -> 2.4.1) - Update to version 2.4.1 * This release fixes a failure to build with gcc 14 and cleans up several other compiler warnings. ==== yast2-trans ==== Version update (84.87.20240317.9b1b5b2b95 -> 84.87.20240324.ae2a0736e6) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240324.ae2a0736e6: * Translated using Weblate (Romanian) * Translated using Weblate (Romanian) * New POT for text domain 'gtk'. * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (German) * Translated using Weblate (Swedish) * Translated using Weblate (German) ==== zypper ==== Version update (1.14.68 -> 1.14.70) Subpackages: zypper-log zypper-needs-restarting - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) - version 1.14.70 - info,summary: Support VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - BuildRequires: libzypp-devel >= 17.32.0. API cleanup and changes for VendorSupportSuperseded. - Show active dry-run/download-only at the commit propmpt. - patch: Add --skip-not-applicable-patches option (closes #514) - Fix printing detailed solver problem description. The problem description() is one rule out possibly many in completeProblemInfo() the solver has chosen to represent the problem. So either description or completeProblemInfo should be printed, but not both. - Fix bash-completion to work with right adjusted numbers in the 1st column too (closes #505) - Set libzypp shutdown request signal on Ctrl+C (fixes #522) - lr REPO: In the detailed view show all baseurls not just the first one (bsc#1218171) - version 1.14.69