Removed rpms ============ Added rpms ========== Package Source Changes ====================== ImageMagick + fix CVE-2023-1289 [bsc#1209141], segmentation fault and possible DoS via specially crafted SVG + + ImageMagick-CVE-2023-1289.patch + +- security update +- added patches MozillaThunderbird +- Mozilla Thunderbird 102.9.1 + * fixed: Thunderbird was unable to open file URLs from command + line (URLs beginning with "file://") (bmo#1816343) + * fixed: Source strings for localized builds not uploaded to + FTP as expected (bmo#1817086) + * fixed: Visual and theme improvements + (bmo#1821358,bmo#1822286) + * fixed: Security fixes + MFSA 2023-12 (bsc#1209953) + * CVE-2023-28427 (bmo#1822595) + Matrix SDK bundled with Thunderbird vulnerable to denial-of- + service attack + +- Mozilla Thunderbird 102.9 + * fixed: Notification about a sender's changed OpenPGP key was + not immediately visible (bmo#1814003) + * fixed: TLS Certificate Override dialog did not appear when + retrieving messages via IMAP using "Get Messages" context + menu (bmo#1816596) + * fixed: Spellcheck dictionaries were missing from localized + Thunderbird builds that should have included them + (bmo#1818257) + * fixed: Tooltips for "Show/Hide" calendar toggle did not + display (bmo#1809557) + * fixed: Various security fixes + MFSA 2023-11 (bsc#1209173) + * CVE-2023-25751 (bmo#1814899) + Incorrect code generation during JIT compilation + * CVE-2023-28164 (bmo#1809122) + URL being dragged from a removed cross-origin iframe into the + same tab triggered navigation + * CVE-2023-28162 (bmo#1811327) + Invalid downcast in Worklets + * CVE-2023-25752 (bmo#1811627) + Potential out-of-bounds when accessing throttled streams + * CVE-2023-28163 (bmo#1817768) + Windows Save As dialog resolved environment variables + * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, + bmo#1817442, bmo#1818674) + Memory safety bugs fixed in Thunderbird 102.9 + bind +- Update to release 9.16.38 + Bug Fixes: + * A constant stream of zone additions and deletions via rndc + reconfig could cause increased memory consumption due to + delayed cleaning of view memory. This has been fixed. + * The speed of the message digest algorithms (MD5, SHA-1, SHA-2), + and of NSEC3 hashing, has been improved. + * Building BIND 9 failed when the --enable-dnsrps switch for + ./configure was used. This has been fixed. + [jsc#SLE-24600] +- Updated keyring and signature + firewalld +- Fix firewall-offline-cmd fails with ERROR: Calling pre func + Added following patch (bsc#1206928) + [+ 0003-firewall-offline-cmd-fail-fix.patch] + gdm +- Update gdm-fingerprint.pamd and gdm-smartcard.pamd: Before this + they do not really support fingerprint and smartcard, just put + correct configuration to make them work (bsc#1205664). +- Enable split authentication because we have correct + gdm-fingerprint.pamd and gdm-smartcard.pamd. + +- Update gdm-disable-gnome-initial-setup.patch: Refactoring to + disable it on SLE runtime, so with the same executable it is + still possible to run on Leap (jsc#PED-1719). + glibc +- amd-cacheinfo.patch: x86: Cache computation for AMD architecture + (bsc#1207957) + +- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow + (CVE-2023-0687, bsc#1207975, BZ #29444) + +- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition + check (bsc#1208358, BZ #25933) + +- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work + (bsc#1207571, BZ #16272) +- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors + with recent GCC + google-noto-sans-cjk-fonts +- Fix bsc#1203741: Add _constraint file to make it build (taken from Factory) +- Use %license to store OFL license text + kernel-default +- net: tls: fix possible race condition between + do_tls_getsockopt_conf() and do_tls_setsockopt_conf() + (bsc#1209366 CVE-2023-28466). +- commit 3a1702c + +- mm: memcontrol: deprecate charge moving (bsc#1209801). +- commit a953603 + +- netdevice: add the case if dev is NULL (bsc#1208628). +- Refresh + patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. +- commit 726a950 + +- Rename + patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. +- commit 37a8307 + +- Rename + patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. +- commit f080340 + +- Refresh + patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. +- commit af52be6 + +- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) + linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, + they dropped *-71.ucode, hence the workaround leads to the firmware load + failure. Drop the old workaround now. +- commit dc4368f + +- net/sched: tcindex: update imperfect hash filters respecting + rcu (CVE-2023-1281 bsc#1209634). +- commit aced962 + +- Update + patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch + (git-fixes bsc#1208921). +- commit b2c9582 + +- prlimit: do_prlimit needs to have a speculation check + (bsc#1209256 CVE-2017-5753). +- commit b7234d1 + +- Revert "block: freeze the queue earlier in del_gendisk" + (git-fixes). +- commit 6b26f6b + libheif +- security update +- added patches + fix CVE-2023-0996 [bsc#1208640], buffer overflow in heif_js_decode_image in libheif + + libheif-CVE-2023-0996.patch + +- fixed CVE-2020-23109 [bsc#1192382] + (bca0162018df9a32d21c05aad1fa203881fa7813) libqt5-qtbase +- Update to version 5.15.8+kde185: + * QFSFileEngine: fix overflow bug when using lseek64 + * Add QImage null check when QOpenGLTexture converts +- Add patch to fix return key handling in QGroupBox on GNOME (bsc#1209364): + * 0001-Revert-QGnomeTheme-Allow-Space-Return-Enter-and-Sele.patch +- Add patch to fix XInput2 events in big-endian X11 clients (bsc#1204883, QTBUG-105157): + * big-endian-scroll.patch + libstorage-ng +- Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) +- 4.5.92 + +- merge gh#openSUSE/libstorage-ng#922 +- add PCIe as disk transport +- 4.5.91 + +- merge gh#openSUSE/libstorage-ng#921 +- fixed setting sysfs-name for partitions on nvme disks +- 4.5.90 + +- Translated using Weblate (Georgian) (bsc#1149754) +- 4.5.89 + +- Translated using Weblate (Polish) (bsc#1149754) +- 4.5.88 + mdadm +- sysconfig.mdadm: Remove ServiceRestart line to mdadm since there + is not such systemd service. (bsc#1203491) + openssl-1_1 +- Security Fix: [CVE-2023-0465, bsc#1209878] + * Invalid certificate policies in leaf certificates are silently ignored + * Add openssl-CVE-2023-0465.patch +- Security Fix: [CVE-2023-0466, bsc#1209873] + * Certificate policy check not enabled + * Add openssl-CVE-2023-0466.patch + +- Security Fix: [CVE-2023-0464, bsc#1209624] + * Excessive Resource Usage Verifying X.509 Policy Constraints + * Add openssl-CVE-2023-0464.patch + +- FIPS: Service-level indicator [bsc#1208998] + * Add additional check required by FIPS 140-3. Minimum values for + PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for + iteration count and 20 characters for password. + * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch + smartmontools +- fix smartctl crash for an NVMe on big endian systems [bsc#1208905] +- added patches + fix https://www.smartmontools.org/changeset/5448 + + smartmontools-smartctl-NVMe-big-endian.patch + systemd +- Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16) + +- Fix return non-zero value when disabling SysVinit service (bsc#1208432) + +- Drop build requirement on libpci, it's not more needed since udev hwdb was + introduced 11 years ago. + +- Move systemd-boot and all components managing (secure) UEFI boot into udev + sub-package: they may deserve a dedicated sub-package in the future but for + now move them to udev so they aren't installed in systemd based containers. + tigervnc +- Fixes for bsc#1209283 + * Drop chown vnc:vnc calls in with-vnc-key.sh + * Add TLSNone to -securitytypes to increase security in xvnc@.service + xorg-x11-server +- U_xserver-composite-Fix-use-after-free-of-the-COW.patch + * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866, + bsc#1209543) + yast2-snapper +- Fixed translations: Moved variable message part out of _(...) + (bsc#1209956) +- 4.5.1 + yast2-storage-ng +- Fix the translation of widgets titles in the dialog to select + a partitioning scheme (bsc#1209697). +- 4.5.19 + yast2-users +- Stop mangling the value of "Create as Btrfs Subvolume" for new + users when clicking on "Edit -> Details" (bsc#1209377). +- 4.5.4 + +- AutoYaST: Fix creation of home for system users (bsc#1202974). + zstd +- Fix CVE-2022-4899, bsc#1209533 + * Fix buffer underflow when dir1 == "" + * Disallow empty string as an argument for --output-dir-flat="" + and --output-dir-mirror="". +- Added patches: + * Disallow-empty-output-directory.patch + * Fix-buffer-underflow-for-null-dir1.patch +