Packages changed: MozillaFirefox (110.0.1 -> 111.0.1) amavisd-new (2.12.2 -> 2.13.0) dmidecode drbd-utils gstreamer-plugins-rs (0.10.4 -> 0.10.5) hwdata (0.368 -> 0.369) libqt5-qtbase (5.15.8+kde183 -> 5.15.8+kde185) mdadm pam-config (2.2 -> 2.4) python-cryptography python-importlib-metadata systemd (253.1 -> 253.2) tigervnc webkit2gtk3 webkit2gtk3-soup2 wsdd (0.7.0 -> 0.7.1) xdm yast2-installation (4.6.1 -> 4.6.2) yast2-storage-ng (4.6.3 -> 4.6.4) yast2-trans (84.87.20230324.a3dfeee0c1 -> 84.87.20230401.d443fd75ae) yast2-users (4.6.0 -> 4.6.1) === Details === ==== MozillaFirefox ==== Version update (110.0.1 -> 111.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 111.0.1 (boo#1209688) * Fixed a crash on macOS while pinch-zooming under some circumstances (bmo#1658986) * Fixed a bug causing Firefox to freeze on startup for some Windows users (bmo#1823159) - fix build on Tumbleweed (mozilla-bmo1807652.patch) - exclude i586/i686 once again because it fails to link libxul due to its size - Mozilla Firefox 111.0 * https://www.mozilla.org/en-US/firefox/111.0/releasenotes MFSA 2023-09 (bsc#1209173) * CVE-2023-28159 (bmo#1783561) Fullscreen Notification could have been hidden by download popups on Android * CVE-2023-25748 (bmo#1798798) Fullscreen Notification could have been hidden by window prompts on Android * CVE-2023-25749 (bmo#1810705) Firefox for Android may have opened third-party apps without a prompt * CVE-2023-25750 (bmo#1814733) Potential ServiceWorker cache leak during private browsing mode * CVE-2023-25751 (bmo#1814899) Incorrect code generation during JIT compilation * CVE-2023-28160 (bmo#1802385) Redirect to Web Extension files may have leaked local path * CVE-2023-28164 (bmo#1809122) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28161 (bmo#1811181) One-time permissions granted to a local file were extended to other local files loaded in the same tab * CVE-2023-28162 (bmo#1811327) Invalid downcast in Worklets * CVE-2023-25752 (bmo#1811627) Potential out-of-bounds when accessing throttled streams * CVE-2023-28163 (bmo#1817768) Windows Save As dialog resolved environment variables * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674) Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * CVE-2023-28177 (bmo#1803109, bmo#1808832, bmo#1809542, bmo#1817336) Memory safety bugs fixed in Firefox 111 - ensure gcc11-c++ gets used on Leap 15.5 - requires NSS >= 3.88.1 - removed obsolete patches gcc13-fix.patch mozilla-bmo1810584.patch - rebased patches - update create-tar.sh ==== amavisd-new ==== Version update (2.12.2 -> 2.13.0) Subpackages: amavisd-new-docs - update to version 2.13.0 NEW FEATURES o Add support for new decoder Zstandard o Switch from Net::LibIDN to Net::LibIDN2. As Net::LibIDN (based on GNU libidn) supports only IDNA 2003 (and its upstream declares libidn2 as successor), the newer Net::LibIDN2 (based on GNU libidn2) supporting IDNA 2008 and TR46 is being used preferred, if available. o Recognize 7-Zip.org's command line utility 7zz o Recognize 'ACE archive' file type. o Add file(1) short type mapping for MS Office CDF format. o Add attachment file name information to structured report. o Introduce option to add an extra header containing the Amavis category. o Introduce $ip_repu_score_limit option to define an upper limit for the redis ip reputation score feature. o Make sanity limit inside macro_tests configurable. o Add support for SpamAssassin subjprefix keyword. SpamAssassin 3.4.3 introduced a subjprefix keyword and a _SUBJPREFIX_ template tag which may be used in SpamAssassin rules. The template tag is now also injected into Amavis for usage inside subject_tag related confvars. o Deprecate $daemon_group confvar by @daemon_groups, which allows joining multiple supplementary groups when dropping privileges. The first element of @daemon_groups determines the EGID. If $daemon_group is defined it will be put ahead implicitly. If @daemon_groups are empty, they default to the system-provided groups of $daemon_user. BUG FIXES o Ignore [$@]daemon_group(s) settings during config test when amavis is running unprivileged already. o Resolve "can't obtain a tainted string" warning. o Resolve start_SSL fail to set SSL_verifycn_name. Additionally provide an explicit choice of common names via %smtp_tls_client_verifycn_name_maps. OTHER o Add support for Sophos Protection for Linux on @av_scanners_backup. o Declare Sanesecurity.Foxhole.Mail_tar infection as false positive. o Factor out various Amavis packages into own module files. o Introduce tests via Gitlab CI. o Convert source to CPAN module file structure. o Update example scanners and documentation. o Add IKARUS scan.server configuration example. o Add contribution guideline. o Remove IO::Stringy dependency. o Add a docker-compose testing environment. o Add support for F-Secure Linux Security 64 on @av_scanners. - Rebase and rename patch: amavisd-new-2.10.1-myhostname.patch -> amavisd-new-2.3.0-myhostname.patch - Remove patch. ClamAV is in new version already avtivated activate_virus_scanner.diff - Remove deprecated stuff from spec file. - Use build method provided by amavis ==== dmidecode ==== - dmioem-hpe-oem-record-237-firmware-change.patch: Fix the decoding of the last field of HPE OEM record type 237 (DIMM Vendor Information). ==== drbd-utils ==== - crm-fence-peer incompatible with Pacemaker 2.1 and needs backports (bsc#1209783) * 0001-crm-fence-peer-fix-timeout-with-Pacemaker-2.1-milli-.patch * 0002-crm-fence-peer-fix-timeout-with-Pacemaker-2.0.5-mill.patch ==== gstreamer-plugins-rs ==== Version update (0.10.4 -> 0.10.5) - Update to version 0.10.5: + gtk4: Fix build with OpenGL support on macOS. + threadshare: Fix symbol conflicts when statically linking the plugin. - Enable LTO as it works fine now (use FAT lto objects). ==== hwdata ==== Version update (0.368 -> 0.369) - update to 0.369: * Update pci, usb and vendor ids ==== libqt5-qtbase ==== Version update (5.15.8+kde183 -> 5.15.8+kde185) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.8+kde185: * QFSFileEngine: fix overflow bug when using lseek64 * Add QImage null check when QOpenGLTexture converts - Add patch to fix return key handling in QGroupBox on GNOME (bsc#1209364): * 0001-Revert-QGnomeTheme-Allow-Space-Return-Enter-and-Sele.patch - Add patch to fix XInput2 events in big-endian X11 clients (bsc#1204883, QTBUG-105157): * big-endian-scroll.patch ==== mdadm ==== - sysconfig.mdadm: Remove ServiceRestart line to mdadm since there is not such systemd service. (bsc#1203491) ==== pam-config ==== Version update (2.2 -> 2.4) - Update to version 2.4 - Read postlogin files, too - Update to version 2.3 - Add silent_if option for pam_lastlog2 ==== python-cryptography ==== - rebase patch remove_python_3_6_deprecation_warning.patch ==== python-importlib-metadata ==== - Remove unneeded BuildRequires on pep517. ==== systemd ==== Version update (253.1 -> 253.2) Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-container systemd-coredump systemd-lang udev - Import commit 03cfbe767327d01d5a71131d91bf06fdc0047ca1 03cfbe7673 test: use setpriv instead of su for user switch from root 857843834c test: wrap mkfs.*/mksquashfs/mkswap binaries when running w/ ASan be7388f8c5 test: do not remove state directory on failure 1b2885bd16 test: fix regexp in testsuite-74.mount.sh 41142f8013 test: drop extraneous bracket in testsuite-74.mount.sh - systemd.spec: add files.coredump - Import commit b63f58661b08037d8cb04ed97b5e39d9bf415fdc (merge of v253.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8b01686dd20124efc300d21ef38d85c1f75c372f...b63f58661b08037d8cb04ed97b5e39d9bf415fdc - Move systemd-fsck stuff to udev sub-package. - Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741) That way "systemd --user" instances get their own session keyring instead of the user default session keyring. For some reasons cifscreds refuses to work with the latter. That's what is expected for every PAM session anyway. - Import commit 8b01686dd20124efc300d21ef38d85c1f75c372f 8b01686dd2 test: don't export $TOOLS_DIR 7a56b1b2f0 test: clean up $STATEDIR too 324bb19eb8 test: $STATEDIR should not point to /usr/lib/systemd/tests when NO_BUILD=1 2251735482 test: install symlinks with valid targets on SUSE and Debian c30905a269 test: on openSUSE install the collection of unit test binaries in the target only for TEST-02-UNITTESTS 797ced15d8 meson: make sure the unit test scripts find testdata/ even if they are not installed in the same directory 04dc5b44b7 meson: define testdata_dir globally 69643c6c96 test: install unit tests in a dedicated subdirectory below '$testsdir' ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Fixes for bsc#1209283 * Drop chown vnc:vnc calls in with-vnc-key.sh * Add TLSNone to -securitytypes to increase security in xvnc@.service ==== webkit2gtk3 ==== Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add fix-gst-crash.patch: Fix crash in webkit_media_stream_src_class_init(). https://bugs.webkit.org/show_bug.cgi?id=254025 - Add reproducibility.patch: Make build more reproducible. Still not there yet though. Inject fixed year in file. ==== webkit2gtk3-soup2 ==== Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add fix-gst-crash.patch: Fix crash in webkit_media_stream_src_class_init(). https://bugs.webkit.org/show_bug.cgi?id=254025 - Add reproducibility.patch: Make build more reproducible. Still not there yet though. Inject fixed year in file. ==== wsdd ==== Version update (0.7.0 -> 0.7.1) - Force the use of python 3.10 for openSUSE Leap - Update to version 0.7.1 * GitHub workflow for static analyses added (syntax, format, and type checks are performed). * Added EnvironmentFile and according example for systemd-based distros. * Make wsdd work (again) on MacOS (#139). Thanks to Eugene Gershnik. * Application profile for UFW has been added (#169) * Use of implicitly present async I/O loop instead created one for API servers. Fixes regression due to changed API in Python 3.10 (see #162) * Source code is spiced with type hints now. * man page moved to section 8. ==== xdm ==== Subpackages: xdm-xsession - Create two set of pam configuration files: + *.sle15 are for SLES15 and older + add postlogin-* includes to the others as required by new openSUSE's PAM config policy ==== yast2-installation ==== Version update (4.6.1 -> 4.6.2) - yupdate - improved Live ISO detection, added "--force" option (related to bsc#1206927) - 4.6.2 ==== yast2-storage-ng ==== Version update (4.6.3 -> 4.6.4) - AutoYaST: export thin LVM volumes when cloning (bsc#1209725) - 4.6.4 ==== yast2-trans ==== Version update (84.87.20230324.a3dfeee0c1 -> 84.87.20230401.d443fd75ae) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230401.d443fd75ae: * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) ==== yast2-users ==== Version update (4.6.0 -> 4.6.1) - Stop mangling the value of "Create as Btrfs Subvolume" for new users when clicking on "Edit -> Details" (bsc#1209377). - 4.6.1 - AutoYaST: Fix creation of home for system users (bsc#1202974).