Removed rpms ============ Added rpms ========== - kimageformats - libKF5Archive5 - libKF5Archive5-lang - libQt5PrintSupport5 - libhwy1 - libjxl0_8 - libmng2 - libqt5-qtimageformats Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 102.11.0 ESR + Placeholder changelog-entry (bsc#1211175) + - Placeholder changelog-entry (bsc#1210212) + * Fixed: Various security fixes. + MFSA 2023-14 (bsc#1210212) + * CVE-2023-29531 (bmo#1794292) + Out-of-bound memory access in WebGL on macOS + * CVE-2023-29532 (bmo#1806394) + Mozilla Maintenance Service Write-lock bypass + * CVE-2023-29533 (bmo#1798219, bmo#1814597) + Fullscreen notification obscured + * CVE-2023-1999 (bmo#1819244) + Double-free in libwebp + * CVE-2023-29535 (bmo#1820543) + Potential Memory Corruption following Garbage Collector + compaction + * CVE-2023-29536 (bmo#1821959) + Invalid free from JavaScript code + * CVE-2023-29539 (bmo#1784348) + Content-Disposition filename truncation leads to Reflected + File Download + * CVE-2023-29541 (bmo#1810191) + Files with malicious extensions could have been downloaded + unsafely on Linux + * CVE-2023-29542 (bmo#1810793, bmo#1815062) + Bypass of file download extension restrictions + * CVE-2023-29545 (bmo#1823077) + Windows Save As dialog resolved environment variables + * CVE-2023-1945 (bmo#1777588) + Memory Corruption in Safe Browsing Code + * CVE-2023-29548 (bmo#1822754) + Incorrect optimization result on ARM64 + * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, + bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, + bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, + bmo#1824828) + Memory safety bugs fixed in Firefox 112 and Firefox ESR + 102.10 MozillaThunderbird +- Mozilla Thunderbird 102.10.1 + * fixed: Messages with missing or corrupt "From:" header did + not display message header buttons (bmo#1793918) + * fixed: Composer repeatedly prompted for S/MIME smartcard + signing/encryption password (bmo#1828366) + * fixed: Address Book integration did not work with macOS 11.4 + Bug Sur (bmo#1720257) + * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug + 1826146) was incomplete (bmo#1827503) +- Mozilla Thunderbird 102.10 + * changed: New messages will automatically select S/MIME if + configured and OpenPGP is not (bmo#1793278) + * fixed: Calendar events with timezone America/Mexico_City + incorrectly applied Daylight Savings Time (bmo#1826146) + * fixed: Security fixes + MFSA 2023-15 (bsc#1210212) + * CVE-2023-29531 (bmo#1794292) + Out-of-bound memory access in WebGL on macOS + * CVE-2023-29532 (bmo#1806394) + Mozilla Maintenance Service Write-lock bypass + * CVE-2023-29533 (bmo#1798219, bmo#1814597) + Fullscreen notification obscured + * CVE-2023-1999 (bmo#1819244) + Double-free in libwebp + * CVE-2023-29535 (bmo#1820543) + Potential Memory Corruption following Garbage Collector + compaction + * CVE-2023-29536 (bmo#1821959) + Invalid free from JavaScript code + * CVE-2023-0547 (bmo#1811298) + Revocation status of S/Mime recipient certificates was not + checked + * CVE-2023-29479 (bmo#1824978) + Hang when processing certain OpenPGP messages + * CVE-2023-29539 (bmo#1784348) + Content-Disposition filename truncation leads to Reflected + File Download + * CVE-2023-29541 (bmo#1810191) + Files with malicious extensions could have been downloaded + unsafely on Linux + * CVE-2023-29542 (bmo#1810793, bmo#1815062) + Bypass of file download extension restrictions + * CVE-2023-29545 (bmo#1823077) + Windows Save As dialog resolved environment variables + * CVE-2023-1945 (bmo#1777588) + Memory Corruption in Safe Browsing Code + * CVE-2023-29548 (bmo#1822754) + Incorrect optimization result on ARM64 + * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, + bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, + bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, + bmo#1824828) + Memory safety bugs fixed in Thunderbird 102.10 + autofs +- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch + Fix off-by-one error in recursive map handling. (bsc#1209653) + cronie +- Allow to define the logger info and warning priority, fixes + jsc#PED-2551 + * run-crons + * sysconfig.cron + kernel-default +- x86: don't use REP_GOOD or ERMS for small memory clearing + (bsc#1211140). +- x86/cpufeatures: Add macros for Intel's new fast rep string + features (bsc#1211140). +- commit ff3ce03 + +- wifi: brcmfmac: slab-out-of-bounds read in + brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). +- commit 39854dd + ldb +- Update to version 2.6.2 + + CVE-2023-0614: Not-secret but access controlled LDAP attributes + can be discovered; (bso#15270); (bsc#1209485). + libfastjson +- fix CVE-2020-12762 integer overflow and out-of-bounds write via a + large JSON file (bsc#1171479) + add 0001-Fix-CVE-2020-12762.patch + libqt5-qtbase +- Amend patch to fix mouse grabbing as well (bsc#1211024): + * big-endian-scroll.patch + ncurses +- Modify patch ncurses-6.1.dif + * Secure writing terminfo entries by setfs[gu]id in s[gu]id + (boo#1210434, CVE-2023-29491) + * Reading is done since 2000/01/17 + openssh +- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: + This caused invalid and irrelevant environment assignments (bsc#1207014). + procps +- Add patch bsc1209122-a6c0795d.patch + * Fix for bsc#1209122 to allow `-ยด as leading character to ignore + possible errors on systctl entries + s390-tools +- Applied patches for ziomon: fix for SCSI devices of type disk without block dev + (bsc#1211008) + * s390-tools-sles15sp5-01-ziomon-ziorep_config-fix-missing-SG-major-minor-for-.patch + * s390-tools-sles15sp5-02-ziomon-ziorep_config-fix-for-SCSI-devices-of-type-di.patch + +- Applies a fix, splitting of rd.zdev-parameters, in + * s390-tools-ALP-zdev-live.patch + +- Tailored the .spec, added a patch + * s390-tools-ALP-zdev-live.patch + +- Allow activation of devices at boot via kernel command line + for live installation media (jsc#PED-2975) + * Added a Source dracut-zdev-live-20230321.tar + * Updated the .spec file for the new Source +- Amended read_value.c + samba +- Update to 4.17.7 + * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords + in cleartext; (bso#15315); (bsc#1209481). + * CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be + deleted by unprivileged authenticated users; (bso#15276); + (bsc#1209483). + * CVE-2023-0614: samba: Access controlled AD LDAP attributes can + be discovered; (bso#15270); (bsc#1209485). + * large_ldap test is inefficient; (bso#15332). + * CVE-2020-25720 [SECURITY] Create Child permission should not + allow full write to all attributes (additional changes); + (bso#14810). +- Update to 4.17.6 + * streams_xattr is creating unexpected locks on folders; + (bso#15314). + * Use of the Azure AD Connect cloud sync tool is now supported + for password hash synchronisation, allowing Samba AD Domains + to synchronise passwords with this popular cloud environment; + (bso#10635). + * Spotlight doesn't work with latest macOS Ventura; + (bso#15299). + * New samba-dcerpc architecture does not scale gracefully; + (bso#15310). + * vfs_ceph incorrectly uses fsp_get_io_fd() instead of + fsp_get_pathref_fd() in close and fstat; (bso#15307). + * With clustering enabled samba-bgqd can core dump due to use + after free; (bso#15293). + * fd_load() function implicitly closes the fd where it should + not; (bso#15311). +- Update to 4.17.5 + * smbc_getxattr() return value is incorrect; (bso#14808). + * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not + handled correctly; (bso#15172). + * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210). + * samba-tool gpo listall fails IPv6 only - finddcs() fails to + find DC when there is only an AAAA record for the DC in DNS; + (bso#15226). + * smbd crashes if an FSCTL request is done on a stream handle; + (bso#15236). + * DFS links don't work anymore on Mac clients since 4.17; + (bso#15277). + * vfs_virusfilter segfault on access, directory edgecase + (accessing NULL value); (bso#15283). + * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) + based SChannel on NETLOGON (additional changes); (bso#15240). + * %U for include directive doesn't work for share listing + (netshareenum); (bso#15243). + * Shares missing from netshareenum response in samba 4.17.4; + (bso#15266). + * ctdb: use-after-free in run_proc; (bso#15269). + * irpc_destructor may crash during shutdown; (bso#15280). + * auth3_generate_session_info_pac leaks wbcAuthUserInfo; + (bso#15286). + * smbclient segfaults with use after free on an optimized + build; (bso#15268). + * smbstatus leaking files in msg.sock and msg.lock; + (bso#15282). + * Leak in wbcCtxPingDc2; (bso#15164). + * Access based share enum does not work in Samba 4.16+; + (bso#15265). + * Crash during share enumeration; (bso#15267). + * rep_listxattr on FreeBSD does not properly check for reads + off end of returned buffer; (bso#15271). + * Avoid relying on C89 features in a few places; (bso#15281). + shadow +- bsc#1210507 (CVE-2023-29383): + Check for control characters +- Add shadow-CVE-2023-29383.patch + snapper +- avoid stale btrfs qgroups on transactional systems (bsc#1210151) + * added pr805.patch +- wait for existing btrfs quota rescans to finish (bsc#1210150) + * added pr790.patch + vim +- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim + * Revert the creation standalone xxd packages + +- Updated to version 9.0 with patch level 1443, fixes the following security problems + * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392 + * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402. + * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() +- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we + remove during %prep anyway. And this breaks quilt setup. +- for the complete list of changes see + https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443 + webkit2gtk3 +- Update to version 2.38.6 (boo#1210295 boo#1210731): + + Enable the Asynchronous Clipboard API to make certain pages + work (e.g. GithHub started recently requiring it). + + Support :has() CSS selectors in content filters. + + Apply basic font properties as font variation settings. + + The Bubblewrap sandbox no longer requires setting an + application identifier via GApplication to operate correctly. + Using GApplication is still recommended, but optional. + + Improvements to the GStreamer multimedia playback, in + particular around MSE, WebRTC, and seeking. + + Fix the build with journald support enabled when using elogind + instead of the systemd libraries. + + Fix the build with Link-Time Optimization enabled (-flto=auto). + + Fix context menus not working in the remote Web Inspector. + + Fix usage of the remote Web Inspector over HTTP. + + Fix debug logs not being emitted in release builds. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2022-0108, CVE-2023-28205, CVE-2022-32885, + CVE-2023-27932, CVE-2023-27954. + - + Security fixes: CVE-2022-32886, CVE-2022-32912. + + Security fixes: CVE-2022-32886, CVE-2022-32912, CVE-2023-25358, + CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. yast2-network +- Do not write the EAP auth attribute when writing a wireless + wicked configuration using the EAP mode as TLS (bsc#1211026) +- 4.5.20 + +- Fix summary crash when there is no interface available + (bsc#1209589, bsc#1211161). +- 4.5.19 + zlib +- Fix deflateBound() before deflateInit(), bsc#1210593, bsc#1211005 + bsc1210593.patch +