Packages changed: MicroOS-release (20240322 -> 20240325) MozillaFirefox (123.0.1 -> 124.0.1) createrepo_c (1.0.2 -> 1.1.0) docker-buildx (0.12.1 -> 0.13.1) ell (0.62 -> 0.63) google-noto-sans-cjk-fonts libX11 (1.8.7 -> 1.8.8) libXmu (1.1.4 -> 1.2.0) libcddb libpciaccess (0.18 -> 0.18.1) libxkbcommon (1.6.0 -> 1.7.0) libzypp (17.31.31 -> 17.32.0) llvm18 (18.1.1 -> 18.1.2) mozilla-nss (3.97 -> 3.98) openSUSE-build-key python-httpcore (1.0.2 -> 1.0.4) python-pycairo (1.25.1 -> 1.26.0) python311 python311-core sdbootutil (1+git20240320.8b35615 -> 1+git20240321.04bfbac) shadow (4.15.0 -> 4.15.1) snappy timezone xdm (1.1.14 -> 1.1.15) zypper (1.14.68 -> 1.14.70) === Details === ==== MicroOS-release ==== Version update (20240322 -> 20240325) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== MozillaFirefox ==== Version update (123.0.1 -> 124.0.1) - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2613 (bmo#1875701) Improper handling of QUIC ACK frame data could have led to OOM * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438) Memory safety bugs fixed in Firefox 124 - requires NSS = 3.98 rust-cbindgen >= 0.26 ==== createrepo_c ==== Version update (1.0.2 -> 1.1.0) Subpackages: libcreaterepo_c1 python3-createrepo_c - update to 1.1.0: * add --no-pretty option to reduce metadata size * align compression level for zck * restore compatibilty with libxml2 2.12.0 * restore default to pretty_print in mergerepo_c and modifyrepo_c * add tests ==== docker-buildx ==== Version update (0.12.1 -> 0.13.1) - Update to version 0.13.1: * bake: fix output handling for push * tests: create remote with container helper * remote: fix connhelpers with custom dialer * docs: fix link to new target in dockerfile reference * ci(docs-release): manual trigger support * ci(docs-release): fix vendoring step - Update to version 0.13.0: * vendor: update to buildkit v0.13.0 * test: multi exporters * build: handle push/load shorthands for multi exporters * vendor: github.com/docker/docker v26.0.0-rc1 * Replace deprecated docker types usage * ci(fix): remove underscore in docs data dir * ci: fix docs-release workflow * imagetools: supress warnings for dsse mediatypes * Add support for DSSE envelope for attestation and provenance in imagetools * build: allow multiple exports if supported by buildkit * build(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 * remote: use winio DialPipeContext for named pipes * pin to go 1.21 * vendor: github.com/moby/buildkit v0.13.0-rc3 * commands: handle ctrl-c on active prompt * vendor: update compose-go to v2.0.0-rc.8 * vendor: github.com/moby/buildkit v0.13.0-rc2 * vendor: github.com/serialx/hashring 22c0c7ab6b1b (master) * vendor: update github.com/google/uuid to v1.6.0 * vendor: bump k8s dependencies to v0.29.2 * build: set build ref in response * test: build shm-size and ulimit * driver: set network.host entitlement by default for container drivers * driver: test bridge network mode * vendor: github.com/moby/buildkit 8e3fe35738c2 (v0.13.0-dev) * docs(driver): set buildkitd network mode * ci: set codecov token * build: enhance error message for unsupported attestations * driver: make buildkitd "config" and "flags" names consistent * ci: update docs-upstream workflow * metrics: measure context transfers for local source operations * vendor: github.com/moby/buildkit db304eb93126 (v0.13.0-dev) * bake: avoid evaluating parent targets before child LLB loaded * Fix typo in URL * docs: more context around shm-size and ulimit usage * bake: ulimits support * bake: shm-size support * test: fix message output * docs: update external link paths * vendor: github.com/docker/cli-docs-tool v0.7.0 * metricutil: remove BUILDX_EXPERIMENTAL from internal docker reporting * metrics: add build command duration metric * don't print build details when progress is rawjson * Add dial-stdio command * add npipe url scheme support - enables remote builder and buildx create on windows Signed-off-by: Ian King'ori * docker-container: restart-policy opt * Dockerfile: update to Docker Engine v25.0.2 * update xx to 1.4.0 * vendor: github.com/containerd/console v1.0.4 * vendor: github.com/moby/buildkit 6bd81372ad6f (v0.13.0-dev) * vendor: github.com/aws/aws-sdk-go-v2/config v1.26.6 * vendor: github.com/docker/cli v25.0.2 * vendor: github.com/docker/docker v25.0.2 * Upgrade buildkit to v0.12.5 * ci: bump codecov/codecov-action to 4 * vendor: github.com/containerd/console 8f6c4e4 * bake: fix definitions merge order * fix: avoid modifying source during resolver.Copy * build(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 * chore: ignore docker/docs deps with dependabot * test: revert non-deterministic compose context path * vendor: update compose-go to v2.0.0-rc.3 * otel: include service instance id attribute to resource and move to metricutil package * vendor: github.com/spf13/cobra v1.8.0 * vendor: github.com/moby/buildkit 6bd81372ad6f (master) * vendor: github.com/docker/cli v25.0.1 * vendor: github.com/docker/docker v25.0.1 * vendor: github.com/moby/sys/mountinfo v0.7.1 * vendor: golang.org/x/tools v0.14.0, golang.org/x/mod v0.13.0, golang.org/x/sync v0.4.0 * vendor: golang.org/x/sys v0.16.0 * vendor: github.com/google/uuid v1.5.0 * vendor: github.com/google/go-cmp v0.6.0 * vendor: github.com/containerd/containerd v1.7.12 * bump gotest-annotations to fa6141aedf23596fb8bdcceab9cce8dadaa31bd9 * ci(docs-upstream): pin reusable workflow * bump actions/upload-artifact and actions/download-artifact to 4 * build(deps): bump actions/setup-go from 4 to 5 * gitutil: check git bash env when testing * build: resolve 8.3 filename format to long one on Windows * ci: test-unit job matrix for win/macos/ubuntu * Dockerfile: update to Docker Engine v25.0.1 ... changelog too long, skipping 58 lines ... * build(deps): bump actions/github-script from 6 to 7 ==== ell ==== Version update (0.62 -> 0.63) - Update to version 0.63 * Fix issue with handling ending boundary of the PEM. ==== google-noto-sans-cjk-fonts ==== Subpackages: google-noto-sans-jp-fonts google-noto-sans-kr-fonts google-noto-sans-sc-fonts google-noto-sans-tc-fonts - add missing %reconfigure_fonts_prereq to some subpackages ==== libX11 ==== Version update (1.8.7 -> 1.8.8) Subpackages: libX11-6 libX11-data libX11-xcb1 - update to 1.8.8 * Fix XIM input sometimes jumbled (#198, !236) * Fix _XkbReadGetDeviceInfoReply for nButtons == dev->buttons (!237) * Drop ifdefs for platforms that are no longer supported (!242, !243) * Assorted memory handling cleanups ==== libXmu ==== Version update (1.1.4 -> 1.2.0) Subpackages: libXmu6 libXmuu1 - Update to version 1.2.0 * This release raises the minimum version of libXt required to 1.1.0 (released in 2011), and for those builders who need to regenerate the autoconf files, raises the minimum version of autoconf required to 2.70 (released in 2020). ==== libcddb ==== - Add pointer-types.patch to fix compilation error with GCC 14 (bsc#1221698). ==== libpciaccess ==== Version update (0.18 -> 0.18.1) - Update to version 0.18.1 * meson: allow building static library, not just shared ==== libxkbcommon ==== Version update (1.6.0 -> 1.7.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.7 * Added early detection of invalid encodings and BOM for keymaps, rules & Compose. Also added a hint that the expected encoding must be UTF-8 compatible. * Updated keysyms using latest xorgproto (cd33097fc779f280925c6d6bbfbd5150f93ca5bc): For the sake of compatibility, this reintroduces some deleted keysyms and postpones the effective deprecation of others that had landed in xkbcommon 1.6.0. * Reverted removal of some XKB_KEYs and fixed inconsistencies in names. Details see upstream changelog. * ``xkbcli compile-compose``: added new CLI utility to test Compose files. * ``xkbcli interactive-evdev``: added a ``--verbose`` option. * ``xkbcli interactive-x11``: added support for Compose. * ``xkbcli interactive-wayland``: added support for Compose. ==== libzypp ==== Version update (17.31.31 -> 17.32.0) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Tests: fix vsftpd.conf where SUSE and Fedora use different defaults (fixes #522) - Add default stripe minimum (#529) - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config. - version 17.32.0 (32) - ProblemSolution::skipsPatchesOnly overload to handout the patches. - Remove https->http redirection exceptions for download.opensuse.org. - version 17.31.32 (22) ==== llvm18 ==== Version update (18.1.1 -> 18.1.2) - Update to version 18.1.2. * This release contains bug-fixes for the LLVM 18.1.0 release. This release is API and ABI compatible with 18.1.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-normally-versioned-libllvm.patch - Prefer ld.bfd for now to get THP-compatible section layout. ==== mozilla-nss ==== Version update (3.97 -> 3.98) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.98 * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA decryption in TLS * bmo#1879513 - Certificate Compression: enabling the check that the compression was advertised * bmo#1831552 - Move Windows workers to nss-1/b-win2022-alpha * bmo#1879945 - Remove Email trust bit from OISTE WISeKey Global Root GC CA * bmo#1877344 - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * bmo#1548723 - Certificate Compression: Updating nss_bogo_shim to support Certificate compression * bmo#1548723 - TLS Certificate Compression (RFC 8879) Implementation * bmo#1875356 - Add valgrind annotations to freebl kyber operations for constant-time execution tests * bmo#1870673 - Set nssckbi version number to 2.66 * bmo#1874017 - Add Telekom Security roots * bmo#1873095 - Add D-Trust 2022 S/MIME roots * bmo#1865450 - Remove expired Security Communication RootCA1 root * bmo#1876179 - move keys to a slot that supports concatenation in PK11_ConcatSymKeys * bmo#1876800 - remove unmaintained tls-interop tests * bmo#1874937 - bogo: add support for the -ipv6 and -shim-id shim flags * bmo#1874937 - bogo: add support for the -curves shim flag and update Kyber expectations * bmo#1874937 - bogo: adjust expectation for a key usage bit test * bmo#1757758 - mozpkix: add option to ignore invalid subject alternative names * bmo#1841029 - Fix selfserv not stripping `publicname:` from -X value * bmo#1876390 - take ownership of ecckilla shims * bmo#1874458 - add valgrind annotations to freebl/ec.c * bmo#864039 - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * bmo#1875965 - Update zlib to 1.3.1 - Add crypto-policies support [bsc#1211301] deactivated for now ==== openSUSE-build-key ==== - Requires(post): coreutils is missing * instead of adding it, change the post scriptlet: do not use touch, use shell redirection ==== python-httpcore ==== Version update (1.0.2 -> 1.0.4) - update to 1.0.4: * Add `target` request extension. * Fix support for connection `Upgrade` and `CONNECT` when some data in the stream has been read. * Fix support for async cancellations. * Fix trace extension when used with socks proxy. * Fix SSL context for connections using the "wss" scheme ==== python-pycairo ==== Version update (1.25.1 -> 1.26.0) - update to 1.26.0: * Bump minimum required meson version from 0.56.0 to 0.64.0 * Various meson related cleanups :pr:`350` * Fix header file being installed to the wrong location with meson on some systems :pr:`350` * Adds a new ``wheel`` meson build option as preparation for meson-python support :pr:`350` :pr:`345` * Update dependencies (libpng, pixman, zlib) of the Windows wheels :pr:`358` * Various maintenance related updates :pr:`360` :pr:`359` :pr:`361` :pr:`362` ==== python311 ==== Subpackages: python311-curses python311-dbm - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. - Because of bsc#1189495 we have to revert use of %autopatch. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. - Because of bsc#1189495 we have to revert use of %autopatch. ==== sdbootutil ==== Version update (1+git20240320.8b35615 -> 1+git20240321.04bfbac) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240321.04bfbac: * Warning if make-policy do not register all PCRs ==== shadow ==== Version update (4.15.0 -> 4.15.1) Subpackages: libsubid4 login_defs - Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 - Drop shadow-4.15.0-fix-definition.patch ==== snappy ==== - Fix build with GTest 1.14.0 by using C++14, bsc#1221872 ==== timezone ==== - Unify SLE-15-SP6 and Factory packages (PED#8158). This is still related to bsc#1213470. We're applying this fix for SLE-15-SP6 too. This changelog entry is meant to bring over the SLE information, so the same package can be used for both code streams. - This patch has long been removed on Factory but was never mentioned explicitly, it was related to ticket bsc#1202310, a minor update to reflect Chile's DST change back in 2022. * bsc1202310.patch - Use /bin/sh for tzselect. Used to require bash for the 'select' builtin but has a fallback meanwhile so no need for explicit bash anymore. ==== xdm ==== Version update (1.1.14 -> 1.1.15) - Update to release 1.1.15 * This release fixes a failure to build with the upcoming gcc 14, cleans up several other compiler warnings, fixes a bug in the generation of the xdm.service file for systemd, and removes a lot of dead code checks for platforms & features that have not been supported since the conversion from Imake to autoconf in 2005. - supersedes u_gcc14-fix.patch ==== zypper ==== Version update (1.14.68 -> 1.14.70) Subpackages: zypper-log zypper-needs-restarting - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) - version 1.14.70 - info,summary: Support VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - BuildRequires: libzypp-devel >= 17.32.0. API cleanup and changes for VendorSupportSuperseded. - Show active dry-run/download-only at the commit propmpt. - patch: Add --skip-not-applicable-patches option (closes #514) - Fix printing detailed solver problem description. The problem description() is one rule out possibly many in completeProblemInfo() the solver has chosen to represent the problem. So either description or completeProblemInfo should be printed, but not both. - Fix bash-completion to work with right adjusted numbers in the 1st column too (closes #505) - Set libzypp shutdown request signal on Ctrl+C (fixes #522) - lr REPO: In the detailed view show all baseurls not just the first one (bsc#1218171) - version 1.14.69