Packages changed: ImageMagick (7.1.1.9 -> 7.1.1.10) MozillaFirefox (113.0.1 -> 113.0.2) apache2-mod_php8 freetype2 gnutls guile (3.0.8 -> 3.0.9) highway libqt5-qtbase (5.15.9+kde151 -> 5.15.9+kde154) libreoffice (7.5.3.1 -> 7.5.3.2) libstorage-ng (4.5.109 -> 4.5.110) mariadb (10.11.2 -> 10.11.3) openSUSE-build-key php8 python-Twisted shim-leap wxWidgets-3_2-nostl xen (4.17.1_02 -> 4.17.1_04) === Details === ==== ImageMagick ==== Version update (7.1.1.9 -> 7.1.1.10) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.10 * fixes CVE-2023-2157 [bsc#1211601] https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-10---2023-05-21 ==== MozillaFirefox ==== Version update (113.0.1 -> 113.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 113.0.2 (boo#1211696) * Fixed: Fixed a bug which could cause Firefox to freeze on some pages when loading them with the Developer Tools Web Console open (bmo#1828026) * Fixed: Fixed a bug which would cause the bookmarks and history sidebars to not properly react to the browser window being vertically resized (bmo#1831535) ==== apache2-mod_php8 ==== - repack the tarball temporarily [bsc#1211648] - also MIT license (systzdata patch, ext/date/lib/parse_posix.c) [https://build.suse.de/request/show/298230] ==== freetype2 ==== - Do not limit ftdump conflict to < version-release, but only to version. Ftdump is built in a second build flavor and as such the release counters are not guaranteed to be in sync. ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - FIPS: Skip the fixed HMAC verification for nettle, hogweed and gmp libraries. These calculated HMACs change for every build of each of these packages, we only have to verify that for gnutls. * Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476] - FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116] ==== guile ==== Version update (3.0.8 -> 3.0.9) Subpackages: guile-modules-3_0 libguile-3_0-1 - Add key from Ludovic Courtē«s to guile.keyring, who released 3.0.9 - Update to version 3.0.9 * New interfaces and functionality * * New `spawn' procedure to spawn child processes * * `open-file' now supports an "e" flag for O_CLOEXEC * * `pipe' now takes flags as an optional argument * * Bindings to `openat' and friends * * Abstract Unix-domain sockets are supported * * New socket-related constants defined * * New `bytevector-slice' procedure * * Disassembler now shows intrinsic names * * Linker and assembler consume less memory * Bug fixes (for more see the NEWS file) * * JIT compilation is now supported on Apple M1 processors * * libguile/srfi-14.i.c is now longer shipped and is instead built from source * * Cross-compilation supports triplets with empty vendor strings * * 'system*' honors output/error port redirects (https://bugs.gnu.org/52835) * * 'open-input-pipe' & co. are now much faster (https://bugs.gnu.org/59321) - Refresh patches: * disable-test-out-of-memory.patch * guile-3.0-gc_pkgconfig_private.patch - Remove no longer used guile-rpmlintrc - skip checks for qemu-user-space-builds (tries to close filedescriptors that qemu relies on) ==== highway ==== - Update memory limiter from 900 to 1400/process. ==== libqt5-qtbase ==== Version update (5.15.9+kde151 -> 5.15.9+kde154) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.9+kde154: * Hsts: match header names case insensitively (CVE-2023-32762) * Fix specific overflow in qtextlayout (CVE-2023-32763) * QDnsLookup/Unix: make sure we don't overflow the buffer ==== libreoffice ==== Version update (7.5.3.1 -> 7.5.3.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.5.3.2: https://wiki.documentfoundation.org/Releases/7.5.3/RC2 - Refresh patches: * 0002-Revert-Require-HarfBuzz-5.1.0.patch * bsc1200085.patch - Fix bsc#1200085 - LO-L3: FILEOPEN PPTX: extra paragraph after some 2-line text with link * bsc1200085.patch ==== libstorage-ng ==== Version update (4.5.109 -> 4.5.110) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.110 ==== mariadb ==== Version update (10.11.2 -> 10.11.3) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Refresh gcc13-fix.patch - Update to 10.11.3: * release notes and changelog: https://mariadb.com/kb/en/mariadb-10-11-3-release-notes/ https://mariadb.com/kb/en/mariadb-10-11-3-changelog/ * fixes for the following security vulnerabilities: 10.11.3: CVE-2022-47015 (bsc#1207404) ==== openSUSE-build-key ==== - Added a new 4096 openSUSE container key - build-container-202304-d684afec-64390cff.asc - build-container-202304-d684afec-64390cff.pem - Removed and obsoleted old 2048 build key of Tumbleweed - gpg-pubkey-3dbdc284-53674dd4.asc ==== php8 ==== Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - repack the tarball temporarily [bsc#1211648] - also MIT license (systzdata patch, ext/date/lib/parse_posix.c) [https://build.suse.de/request/show/298230] ==== python-Twisted ==== Subpackages: python310-Twisted python310-Twisted-tls - Switch documentation to be within the main package. ==== shim-leap ==== - Remove the sym-links in /usr/lib64/efi for the newer distro versions since we don't use them anymore ==== wxWidgets-3_2-nostl ==== Subpackages: libwx_baseu-suse-nostl9_0_0 libwx_baseu_net-suse-nostl9_0_0 libwx_baseu_xml-suse-nostl9_0_0 libwx_gtk3u_core-suse-nostl9_0_0 libwx_gtk3u_html-suse-nostl9_0_0 libwx_gtk3u_qa-suse-nostl9_0_0 - Use more pkgconfig(..) in BuildRequires - Remove pre-SLE15 building blocks ==== xen ==== Version update (4.17.1_02 -> 4.17.1_04) Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest SSBD selection on AMD hardware (XSA-431) 64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch