Packages changed: MozillaFirefox (115.0.3 -> 116.0.2) NetworkManager (1.42.8 -> 1.44.0) bluez (5.66 -> 5.68) dracut (059+suse.488.g81715832 -> 059+suse.491.g87f19c22) glibc (2.37 -> 2.38) gspell (1.12.1 -> 1.12.2) libcloudproviders (0.3.1 -> 0.3.2) libgweather4 (4.2.0 -> 4.3.2) liborcus opensuse-welcome (0.1.9+git.0.66be0d8 -> 0.1.9+git.35.4b9444a) podman (4.6.0 -> 4.6.1) signon (8.60 -> 8.61) systemd (253.7 -> 253.8) === Details === ==== MozillaFirefox ==== Version update (115.0.3 -> 116.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 116.0.2 * fixes for other platforms - Fix OOM when linking on 32-bit - Mozilla Firefox 116.0.1 * fixes for other platforms - ship vaapitest binary for supported archs - re-enable ppc64le - ship v4l2test binary for supported archs - drop obsolete mozilla-bmo1775202.patch - Mozilla Firefox 116.0 * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/ MFSA 2023-29 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4051 (bmo#1821884) Full screen notification obscured by file open dialog * CVE-2023-4052 (bmo#1824420) File deletion and privilege escalation through Firefox uninstaller * CVE-2023-4053 (bmo#1839079) Full screen notification obscured by external program * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-4057 (bmo#1841682) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 * CVE-2023-4058 (bmo#1819160, bmo#1828024) Memory safety bugs fixed in Firefox 116 - require NSS 3.91 - remove obsolete mozilla-fix-top-level-asm.patch - re-enable LTO ==== NetworkManager ==== Version update (1.42.8 -> 1.44.0) Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.44.0: + Introduce a new "link" setting that holds properties related to the kernel link such as "tx-queue-length", "gso-max-size", "gso-max-segments", "gro-max-size". + Support sending a DHCPv6 prefix delegation hint via the "ipv6.dhcp-pd-hint" connection property. + Support new bond options: "arp_missed_max", "lacp_active", "ns_ip6_target". + Add new "initial-eps-bearer-configure" and "initial-eps-bearer-apn" properties in the GSM setting. + Setting "connection.stable-id=default${CONNECTION}" changed behavior to be identical to the built-in default value when the stable-id is not set. + Add a "[keyfile].rename" option to NetworkManager.conf to force renaming profiles on disk when their name changes. + The ifcfg-rh plugin is deprecated; it will only receive bugfixes and no new features. A warning is emitted the log when a connection in ifcfg-rh format is found. + To automatically migrate existing ifcfg-rh connections to the keyfile format, a new configuration option "main.migrate-ifcfg-rh" is provided. Migration is disabled by default, but the default value can be changed at build time via "--with-config-migrate-ifcfg-rh-default=yes". + When configuring hostnames in non-public TLD (like "example.local"), use the TLD as default search domain instead of the full hostname. + Always apply DNS options from the [global-dns] configuration section + The NetworkManager daemon now acquires the D-Bus name only after populating the D-Bus tree. This can add a delay during startup but it is required to avoid race conditions with other services depending on NM. + Add a "version-id" argument to the Update2() D-Bus call to guard against concurrent modifications of profiles. + Don't use tentative IPv6 addresses to resolve the system hostname via DNS. + Track the number of autoconnect retries left for each device and connection. Previously it was tracked only per connection and this lead to unexpected behaviors in case of multiconnect profiles. + Set VLAN filtering options on bridge via netlink instead of sysfs. + nm-cloud-setup now supports IMDSv2 on Amazon EC2. + nmtui now allows to enable or disable Wi-Fi and WWAN radios. + Honor ignore-carrier=no for bond/bridge/team devices. + Add version mismatch warning when running nmcli commands. - Rebase patches with quilt. ==== bluez ==== Version update (5.66 -> 5.68) Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch be removed by Timo Jyrinki when updating to 5.68. I saw some reasons: - Upstream didn't take this patch: https://www.spinics.net/lists/linux-bluetooth/msg40136.html - Fedora also marked this patch in bluez.spec since bluez-5.68-2.fc39 https://src.fedoraproject.org/rpms/bluez/blob/2b133d795f4f823c8b22ef5a07569792ad7ce6aa/f/bluez.spec We didn't put any bug number of this patch when it be introduced to bluez.spec since Nov 23, 2021. So, let's remove this patch unless upstream or Fedora add it back. - update to 5.68 * Fix issue with A2DP and handling of Transport.Acquire. * Fix issue with BAP and initiating QoS and Enable procedures. * Fix issue with BAP and detaching streams when PAC is removed. * Fix issue with BAP and reading all instances of PAC. * Fix issue with BAP and not being able to reconfigure. * Fix issue with BAP and transport configuration changes. * Fix issue with BAP and handling unexpected disconnect. * Fix issue with GATT and not removing pending services. * Fix issue with GATT and client ready handling. * Fix issue with handling fallback to transient hostname. * Add support for SecureConnections configuration option. * Add support for Mesh Remove Provisioning. * Add support for Mesh Private Beacons. - Remove patches that are not needed with the new upstream. ==== dracut ==== Version update (059+suse.488.g81715832 -> 059+suse.491.g87f19c22) Subpackages: dracut-ima - Update to version 059+suse.491.g87f19c22: * fix(dracut-install): protect against broken links pointing to themselves * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081) ==== glibc ==== Version update (2.37 -> 2.38) Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - Update to glibc 2.38 * When C2X features are enabled and the base argument is 0 or 2, the following functions support binary integers prefixed by 0b or 0B as input * PRIb*, PRIB* and SCNb* macros from C2X have been added to <inttypes.h>. * printf-family functions now support the wN format length modifiers for arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t and the wfN format length modifiers for arguments of type int_fastN_t or uint_fastN_t, as specified in draft ISO C2X * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable Transparent Huge Pages (THP) in stack allocation at pthread_create * Vector math library libmvec support has been added to AArch64 * The strlcpy and strlcat functions have been added * CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an <apostrophe> (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size - Enable build with _FORTIFY_SOURCE - glibc-2.3.90-langpackdir.diff: avoid reference to __strcpy_chk - iconv-error-verbosity.patch: iconv: restore verbosity with unrecognized encoding names (BZ #30694) - printf-grouping.patch, strftime-time64.patch, getlogin-no-loginuid.patch, fix-locking-in-_IO_cleanup.patch, gshadow-erange-rhandling.patch, system-sigchld-block.patch, gmon-buffer-alloc.patch, check-pf-cancel-handler.patch, powerpc64-fcntl-lock.patch, realloc-limit-chunk-reuse.patch, dl-find-object-return.patch; Removed ==== gspell ==== Version update (1.12.1 -> 1.12.2) Subpackages: gspell-lang libgspell-1-2 - Update to version 1.12.2: + Small code maintenance: don't use g_slice_*(). ==== libcloudproviders ==== Version update (0.3.1 -> 0.3.2) - Update to version 0.3.2: + No upstream changes provided. ==== libgweather4 ==== Version update (4.2.0 -> 4.3.2) Subpackages: gweather4-data libgweather-4-0 libgweather4-lang typelib-1_0-GWeather-4_0 - Update to version 4.3.2: + Fix fallback metric unit detection logic + Documentation fixes + Performance improvements for nearest location lookups + Location database changes + Updated translations. ==== liborcus ==== - Removed patches: * liborcus-filesystem.patch * liborcus-tests.patch + reworked in order to send them upstream - Added patches: * 0001-Possibility-to-build-against-a-host-of-filesystem-im.patch * 0003-Allow-running-tests-with-python-3.4.patch * 0002-Allow-using-older-boost-filesystem.patch + split into chunks per topic so that upsteam can decide what to do ==== opensuse-welcome ==== Version update (0.1.9+git.0.66be0d8 -> 0.1.9+git.35.4b9444a) - Update to version 0.1.9+git.35.4b9444a: * panellayouter: use QTemporaryFile for applyLayout() (bsc#1213708, CVE-2023-32184). * Translation updates. ==== podman ==== Version update (4.6.0 -> 4.6.1) - Update to version 4.6.1: * Bump to v4.6.1 * Release notes for v4.6.1 * Vendor buildah v1.31.2 * [4.6] vendor c/common v0.55.3 * [v4.6] Remove zstd:chunked reference * [v4.6] bump golang.org/x/net to v0.13.0 * do not redefine gobuild for eln * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream * [v4.6] [CI:BUILD] RPM: separate out gvproxy for copr and fedora >= 38 * System tests: add test tags * API: kill: return 409 on invalid state * Mention TimeoutStartSec in quadlet man page * If quadlets have same name, only use first * Bump to v4.6.1-dev ==== signon ==== Version update (8.60 -> 8.61) Subpackages: libsignon-qt5-1 signon-plugins signond signond-libs - Update to 8.61 * Port away from QHash::unite * Don't emit QObject::destroyed() within Identity::destroy() * Build: remove unnecessary qmake options * Don't use -fno-rtti * Run test script with Busybox compatible mktemp * Fix typos in logs * Tests: add missing parameter to mkdir command * Fix deprecation warning * signond: register the adaptors in SignonDaemonAdaptor * signond: get appId of peer in SignonIdentityAdapter * signond: add Error class * signond: add ErrorAdaptor class * signond: use ErrorAdaptor in SignonSessionCore * signond: reduce usage of D-Bus in SignonIdentity class * signond: introduce PeerContext class * signond: reduce D-Bus usage in SignonAuthSession * signond: register the adaptors, not the object itself * signond: destroy adapter when Identity gets unregistered * Fix Unicode $HOME dir - Drop patch, merged upstream: * 0001-Don-t-use-fno-rtti.patch - Drop the unneeded baselibs.conf ==== systemd ==== Version update (253.7 -> 253.8) Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev - Import commit fcdb2dd2c921db3c6b7c28465dbda314f4469d17 (merge of v253.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/2dac0aff9ced1eca0cd11c24e264b33095ee5a5e...fcdb2dd2c921db3c6b7c28465dbda314f4469d17