Packages changed: MozillaFirefox (130.0.1 -> 131.0) ell (0.67 -> 0.69) grub2 javapackages-tools (6.3.1 -> 6.3.2) openSUSE-release (20241005 -> 20241006) python-argcomplete python-pycurl qcoro-qt6 (0.10.0 -> 0.11.0) update-bootloader (1.15 -> 1.16) virtiofsd xwayland (24.1.2 -> 24.1.3) === Details === ==== MozillaFirefox ==== Version update (130.0.1 -> 131.0) Subpackages: MozillaFirefox-translations-common - Firefox 131.0 https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ MFSA 2024-46 (bsc#1230979) * CVE-2024-9391 (bmo#1892407) Prevent users from exiting full-screen mode in Firefox Focus for Android * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-9395 (bmo#1906024) Specially crafted filename could be used to obscure download type * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9403 (bmo#1917807) Memory safety bugs fixed in Firefox 131 and Thunderbird 131 - requires NSS 3.104 - rebased patches - Don't use clang18-devel on Leap as they don't have that version. ==== ell ==== Version update (0.67 -> 0.69) - Update to version 0.69 * Add support for getting remaining microseconds left on a timer. * Add support for setting link MTU on a network interface. version 0.68: * Fix issue with string allocation growth strategy. * Add support for netlink helper functions. ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix missng menu entry "Start bootloader from a read-only snapshot" by ensuring grub2-snapper-plugin is installed when both snapper and grub2-common are installed (bsc#1231271) - Fix OOM error in loading loopback file (bsc#1230840) * 0001-tpm-Skip-loopback-image-measurement.patch - Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263) * 0001-efinet-Skip-virtual-VLAN-devices-during-card-enumera.patch - Fix grub screen is filled with artifects from earlier post menu (bsc#1224465) * grub2-SUSE-Add-the-t-hotkey.patch * 0001-fix-grub-screen-filled-with-post-screen-artifects.patch ==== javapackages-tools ==== Version update (6.3.1 -> 6.3.2) Subpackages: javapackages-filesystem - Upgrade to upstream version 6.3.2 * Changes + spec: Update Obsoletes versions + Search for JAVACMD under JAVA_HOME only if it's set + Obsolete set_jvm and set_jvm_dirs functions + Drop unneeded _set_java_home function + Remove JAVA_HOME check from check_java_env function + Bump codecov/codecov-action from 2.0.2 to 4.6.0 + Bump actions/setup-python from 4 to 5 + Bump actions/checkout from 2 to 4 + Add custom dependabot config + Remove the test for JAVA_HOME and error if it is not set + java-functions: Remove unneeded local variables + Fix build status shield - Removed patch: * 0001-Double-quote-to-avoid-substitution-during-build.patch + Fixed differently in this version ==== openSUSE-release ==== Version update (20241005 -> 20241006) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-argcomplete ==== - Add skip-failing-tests-3_12_7.patch as a temporary workaround, skip failing tests (gh#kislyuk/argcomplete#507). ==== python-pycurl ==== - Switching off test_multi_ tests, they are just too unrealiable. When running the test cycle in cycle I have never managed to make it pass ten times without this change. ==== qcoro-qt6 ==== Version update (0.10.0 -> 0.11.0) Subpackages: libQCoro6Core0 libQCoro6DBus0 - Update to 0.11.0 * Suppress Clang error when building against Android NDK <= 25 * Add QtGui dependency if QCORO_WITH_QTQUICK=ON * Fix wrong result of QCoroIODevice::write() * Add override to fix build failure due to -Werror -Wsuggest-override * Fix coroutine being resumed on a wrong thread after timeout * Implement QCoroFuture::takeResult * #include , needed by std::exception_ptr * waitFor(QCoro::Task): Do not require T to be default constructible * Add QCORO_BUILD_TESTING to allow overriding BUILD_TESTING * Use refcount to track when to destroy coroutine * Drop support for older compilers * Implement LazyTask * Use QueuedConnection for signals in QCoroNetworkReply * Awaiting a default-constructed or moved-from Task will hang * Add a backround task example ==== update-bootloader ==== Version update (1.15 -> 1.16) - merge gh#openSUSE/perl-bootloader#173 - grub2-bls: adjust config script test - grub2-bls: adjust install script test - grub2-bls: prefer sdbootutil over bootctl in install script - adjust test environment - grub2-bls: add default script - grub2-bls, systemd-boot: add default script test - grub2-bls: use bootctl to get default settings - adjust default-settings tests - update test result data - add emacs config - log efi boot manager config after install - adjust test data - support new grub2-bls package - 1.16 ==== virtiofsd ==== - Spec: Add direct dependency on cargo in addition to cargo-packaging. This fixes build errors on 15SP7 where the inherited version of Rust is too old ==== xwayland ==== Version update (24.1.2 -> 24.1.3) - Update to bugfix release 24.1.3 * dix: check for calloc() failure in Xi event conversion routines * dix: PolyText: fully initialize local_closure * dix: SetFontPath: don't set errorValue on Success * dix: enterleave.c: fix implicit fallthrough warnings * dix: CreateScratchGC: avoid dereference of pointer we just set to NULL * dix: InitPredictableAccelerationScheme: avoid memory leak on failure * dix: dixChangeWindowProperty: don't call memcpy if malloc failed * dix: ProcListProperties: skip unneeded work if numProps is 0 * dix: HashResourceID: use unsigned integers for bit shifting * dix: GetPairedDevice: check if GetMaster returned NULL * dix: FindBestPixel: fix implicit fallthrough warning * CI: clone libdecor from fd.o instead of gnome.org * CI: update libdecor from 0.1.0 to 0.1.1 * Don't crash if the client argv or argv[0] is NULL. * Return NULL in *cmdname if the client argv or argv[0] is NULL * xwayland: connect to the wl display before calling into EGL * xwayland: Report correct mode size when rootful * build: Move epoll dependency check * build: Add epoll to Xwayland for DragonFly and OpenBSD * build: Fix DRI3 on DragonFly and OpenBSD * os: Fix NULL pointer dereference * dix: don't push the XKB state to a non-existing master keyboard * Xi: when removing a master search for a disabled paired device