Packages changed: MozillaFirefox (118.0.1 -> 119.0) glibc gnu-unifont-fonts (15.1.03 -> 15.1.04) libbluray linux-glibc-devel (6.5 -> 6.6) ncurses (6.4.20231007 -> 6.4.20231021) protobuf python-pyudev qpdf (11.6.2 -> 11.6.3) shadow (4.14.1 -> 4.14.2) strace (6.5 -> 6.6) suse-module-tools (16.0.37 -> 16.0.38) systemd thunar (4.18.7 -> 4.18.8) thunar-plugin-archive (0.5.1 -> 0.5.2) webrtc-audio-processing === Details === ==== MozillaFirefox ==== Version update (118.0.1 -> 119.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 119.0 https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) Memory safety bugs fixed in Firefox 119 - requires NSS 3.94 - Mozilla Firefox 118.0.2 * Fix games not loading on betsoft.com (bmo#1856145) * Fix printing issues for some SVG images (bmo#1853727) * Fix CORS XHR with authentication no longer working (bmo#1855650) * Fix h264 WebRTC video not working in some contexts (bmo#1855636) * Fix Firefox Translations not working on some pages (bmo#1841656, bmo#1855307) * Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637) - Activate KDE integration again, included rebased and updated patches, firefox-kde.patch and mozilla-kde.patch, (upstream removed special files handling for preferences but that has no effect since we haven't shipped obsolete kde.js for a while) (boo#1216027) ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ==== gnu-unifont-fonts ==== Version update (15.1.03 -> 15.1.04) - update to 15.1.04: * Default and Japanese versions have larger supersets of Plane 2 and Plane 3 glyphs * Updates for U+266D..U+266F and U+26BC ==== libbluray ==== - Added patch: * libbluray-java18plus.patch + allow building with JDK 18 and newer (using source/target levels 8) + fixes build with the new OpenJDK 21 LTSS ==== linux-glibc-devel ==== Version update (6.5 -> 6.6) - Update to kernel headers 6.6 ==== ncurses ==== Version update (6.4.20231007 -> 6.4.20231021) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231021 + use oldxterm+sm+1006 in vte-2014 (report by Benno Schulenberg) -TD + add ansi+apparrows -TD + change defaults for configure opaque and widec options (prompted by discussion with Branden Robinson). + minor cleanup of compiler- and manpage-warnings. - Correct offsets off some hunks in patches * ncurses-5.9-ibm327x.dif * ncurses-6.4.dif - Add ncurses patch 20231016 + make the recent change to setupterm optional "--enable-check-size" (Debian #1054022). - Add ncurses patch 20231014 + improve formatting/style of manpages (patches by Branden Robinson). + updated configure script macro CF_XOPEN_SOURCE, for uClibc-ng + update config.guess, config.sub ==== protobuf ==== Subpackages: libprotobuf-lite23_4_0 libprotobuf23_4_0 - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time ==== python-pyudev ==== - update hypothesis_settings.patch: * Extend deadline for test_child_of_parents that fails on ppc64le (bsc#1216607) ==== qpdf ==== Version update (11.6.2 -> 11.6.3) - update to 11.6.3: * Tweak linearization code to better handle files between 2 GB and 4 GB in size. Fixes #1023. * Fix data loss bug: qpdf could discard a the character after an escaped octal string consisting of less than three digits. For content, this would only happen with QDF or when normalizing content. Outside of content, it could have happened in any binary string, such as /ID, if the encoding software used octal escape strings with less than three digits. This bug was introduced between 10.6.3 and 11.0.0. ==== shadow ==== Version update (4.14.1 -> 4.14.2) Subpackages: libsubid4 login_defs - Update to 4.14.2: * libshadow: + Fix build with musl libc. + Avoid NULL dereference. + Update utmp at an initial login * useradd(8): + Set proper SELinux labels for def_usrtemplate * Manual: + Document --prefix in chage(1), chpasswd(8), and passwd(1) - Drop upstreamed shadow-4.14.0-selinux-labels.patch ==== strace ==== Version update (6.5 -> 6.6) - Update to strace 6.6 * Implemented --kill-on-exit option that instructs the tracer to set PTRACE_O_EXITKILL option to all tracee processes and not to detach them on cleanup so they will not be left running after the tracer exit. * Implemented automatic activation of --kill-on-exit option when - -seccomp-bpf is enabled and -p/--attach option is not used. * Implemented decoding of map_shadow_stack syscall. * Implemented decoding of FSCONFIG_CMD_CREATE_EXCL fsconfig command. * Implemented decoding of IFLA_BRPORT_BACKUP_NHID netlink attribute. * Implemented decoding of SECCOMP_IOCTL_NOTIF_SET_FLAGS ioctl. * Implemented decoding of UFFDIO_CONTINUE, UFFDIO_POISON, and UFFDIO_WRITEPROTECT ioctls. * Updated lists of ARCH_*, BPF_*, DEVCONF_*, IORING_*, KEXEC_*, MAP_*, NT_*, PTRACE_*, QFMT_*, SEGV_*, UFFD_*, V4L2_*, and XDP_* constants. * Updated lists of ioctl commands from Linux 6.6. - Remove haveged build requirement and usage in test suite as it is not needed anymore (jsc#PED-6184). ==== suse-module-tools ==== Version update (16.0.37 -> 16.0.38) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.38: * modprobe.d: use softdep to load sd_mod and sg (boo#1216070) ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-coredump systemd-lang udev - Fix typo in /etc/systemd/user.confd.d (bsc#1216676) ==== thunar ==== Version update (4.18.7 -> 4.18.8) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.18.8: * thunar-settings: Let Thunar guess the right display to use * Fix criticals about unset GIO attributes (#1063) * Support ipv6 remote URLs (#864) * Translation Updates ==== thunar-plugin-archive ==== Version update (0.5.1 -> 0.5.2) Subpackages: thunar-plugin-archive-lang - Update to version 0.5.2 * Add/fix support for bz2 and bz3 files (#20) * Add a few more compression mimetypes, sort the list. ==== webrtc-audio-processing ==== - ExcludeArch s390, s390x and ppc64 since big endian support is not implemented.