Packages changed: MozillaFirefox (115.0.1 -> 115.0.2) audacity audit (3.0.9 -> 3.1.1) audit-secondary (3.0.9 -> 3.1.1) bind cryptsetup glibc iproute2 (6.3 -> 6.4) kernel-source (6.4.2 -> 6.4.3) libHX (4.13 -> 4.14) libbpf (1.2.0 -> 1.2.2) libguestfs libnftnl (1.2.5 -> 1.2.6) libshumate (1.0.3 -> 1.0.4) libvirt (9.4.0 -> 9.5.0) python-libvirt-python (9.4.0 -> 9.5.0) python311-pyparsing (3.0.9 -> 3.1.0) qpdf (11.4.0 -> 11.5.0) redis (7.0.11 -> 7.0.12) rpm-config-SUSE (20220926 -> 20230712) snapper texlive unixODBC util-linux util-linux-systemd === Details === ==== MozillaFirefox ==== Version update (115.0.1 -> 115.0.2) - Mozilla Firefox 115.0.2 * Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) * Fixed a bug with broken audio rendering on some websites (bmo#1841982) * Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) MFSA 2023-26 (bsc#1213230) * CVE-2023-3600 (bmo#1839703) Use-after-free in workers ==== audacity ==== Subpackages: audacity-lang - Update constraints for riscv64 ==== audit ==== Version update (3.0.9 -> 3.1.1) Subpackages: libaudit1 libauparse0 - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Enable livepatching on main library on x86_64. - Update to 3.1: * Disable ProtectControlGroups in auditd.service by default * Fix rule checking for exclude filter * Make audit_rule_syscallbyname_data work correctly outside of auditctl * Add new record types * Add io_uring support * Add support for new FANOTIFY record fields * Add keyword, this-hour, to ausearch/report start/end options * Add Requires.private to audit.pc file * Try to interpret OPENAT2 fields correctly ==== audit-secondary ==== Version update (3.0.9 -> 3.1.1) Subpackages: audit python3-audit system-group-audit - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 3.1: * Disable ProtectControlGroups in auditd.service by default * Fix rule checking for exclude filter * Make audit_rule_syscallbyname_data work correctly outside of auditctl * Add new record types * Add io_uring support * Add support for new FANOTIFY record fields * Add keyword, this-hour, to ausearch/report start/end options * Add Requires.private to audit.pc file * Try to interpret OPENAT2 fields correctly ==== bind ==== Subpackages: bind-doc bind-utils - Enable dnstap support ==== cryptsetup ==== Subpackages: cryptsetup-doc libcryptsetup12 - luksFormat: Handle system with low memory and no swap space [bsc#1211079] * Check for physical memory available also in PBKDF benchmark. * Try to avoid OOM killer on low-memory systems without swap. * Use only half of detected free memory on systems without swap. * Add patches: - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (BZ #30151) - system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously (BZ #30163) - gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow (BZ #29444) - check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup handler (BZ #20975) - powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64 - realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only growing requests (BZ #30579) - dl-find-object-return.patch: elf: _dl_find_object may return 1 during early startup (BZ #30515) - Need to build with GCC 12 as minimum - fix-locking-in-_IO_cleanup.patch: Update to final version ==== iproute2 ==== Version update (6.3 -> 6.4) Subpackages: iproute2-bash-completion - Update to release 6.4 * bridge: mdb: added underlay destination IP support, UDP destination port support, destination VNI support, source VNI support, outgoing interface support * macvlan: added the "bclim" parameter ==== kernel-source ==== Version update (6.4.2 -> 6.4.3) Subpackages: kernel-64kb kernel-default - Linux 6.4.3 (bsc#1012628). - mm: call arch_swap_restore() from do_swap_page() (bsc#1012628). - bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page (bsc#1012628). - commit 5fb5b21 ==== libHX ==== Version update (4.13 -> 4.14) - Update to release 4.14 * socket: make HX_addrport_split work on portless bracketed hostspec ==== libbpf ==== Version update (1.2.0 -> 1.2.2) - update to v1.2.2: * fix a regression in perf tool caused by libbpf resetting its custom catch-all SEC() handler on explicit bpf_program__set_type() call * fix possible double-free in USDT-related libbpf code, which happens when libbpf runs out of space in __bpf_usdt_specs map due to having too many unique USDT specs ==== libguestfs ==== Subpackages: libguestfs-xfs libguestfs0 - bsc#1212972 - cannot find any suitable libguestfs supermin libguestfs.spec ==== libnftnl ==== Version update (1.2.5 -> 1.2.6) - Update to release 1.2.6 * expr: meta: introduce broute meta expression ==== libshumate ==== Version update (1.0.3 -> 1.0.4) Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update to version 1.0.4: + Throttle tile download during animations. ==== libvirt ==== Version update (9.4.0 -> 9.5.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-libs - libxl: Improve handling of errors across migration phases bsc#1213186 - apparmor: Support local overrides in all profiles and abstractions spec: Don't replace /etc/apparmor.d/ on package upgrade spec: No longer package empty /etc/apparmor.d/local/* files bsc#1211472 - Update to libvirt 9.5.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v9-5-0-2023-07-03 - Add upstream commit 5f7f6ceb47 to fix builds on Leap 15.x - Drop downstream commit adding SUSE-specific migration parameters ==== python-libvirt-python ==== Version update (9.4.0 -> 9.5.0) - Update to 9.5.0 - Add all new APIs and constants in libvirt 9.5.0 ==== python311-pyparsing ==== Version update (3.0.9 -> 3.1.0) - Add upstream patch limit-error-messages.patch as a part of a workaround for boo#1213007 - update to 3.1.0 * API ENHANCEMENT: `Optional(expr)` may now be written as `expr | ""` * Added new class property `identifier` to all Unicode set classes in `pyparsing.unicode`, using the class's values for `cls.identchars` and `cls.identbodychars`. * ParseResults` now has a new method `deepcopy()`, in addition to the current `copy()` method. * Reworked `delimited_list` function into the new `DelimitedList` class. * Added new class method `ParserElement.using_each` * Added new builtin `python_quoted_string`, which will match any form of single-line or multiline quoted strings defined in Python. * `ParserElement.validate()` is deprecated. * Added bool `embed` argument to `ParserElement.create_diagram()`. * Added support for Python 3.12. * Updated `create_diagram()` code to be compatible with railroad-diagrams package version 3.0. * Many other changes, see upstream CHANGES ==== qpdf ==== Version update (11.4.0 -> 11.5.0) - Update to 11.5.0: * When copying the same page more than once, ensure that annotations are copied and not shared among multiple pages. * Add new method Buffer::copy and deprecate Buffer copy constructor and assignment operator. Buffer copies are expensive and should be done explicitly. * The source code was reformatted to 100 columns instead of 80. Numerous cosmetic changes and changes suggested by clang-tidy were made. ==== redis ==== Version update (7.0.11 -> 7.0.12) - redis 7.0.12: * (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (bsc#1213193) * (CVE-2023-36824) Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249) * Re-enable downscale rehashing while there is a fork child * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction * Fix WAIT to be effective after a blocked module command being unblocked * Avoid unnecessary full sync after master restart in a rare case ==== rpm-config-SUSE ==== Version update (20220926 -> 20230712) - Update to version 20230712: * Add more prjconf macros * update comment about _lto_cflags * drop %usrmerged macro (boo#1206798) * Fix SLE sbat macros used on Leap (bsc#1198458) ==== snapper ==== Subpackages: libsnapper7 snapper-zypp-plugin - document disadvantage of using network users and order services after nss-user-lookup (gh#openSUSE/snapper#823) ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - The rungs lua script belongs to texlive-scripts(-bin) only ==== unixODBC ==== - Add missing requires for glibc-locale-base, required for utf16 codec (bsc#1213242) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Add patch to detect MD array as container of LUKS properly (boo#1213227, gh#util-linux/util-linux#2373): * 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch ==== util-linux-systemd ==== - Add patch to detect MD array as container of LUKS properly (boo#1213227, gh#util-linux/util-linux#2373): * 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch