Packages changed:
MozillaFirefox (124.0.2 -> 125.0.2)
dracut (059+suse.563.g4900899a -> 059+suse.581.g19b7c06c)
ffmpeg-4
ffmpeg-6
google-noto-coloremoji-fonts (20230315 -> 20240424)
libupnp (1.14.18 -> 1.14.19)
openSUSE-release (20240425 -> 20240426)
pcsc-lite (2.0.3 -> 2.1.0)
sqlite3 (3.45.2 -> 3.45.3)
systemd-presets-branding-Aeon
thin-provisioning-tools
tracker (3.7.1 -> 3.7.2)
tracker-miners (3.7.1 -> 3.7.2)
yast2-storage-ng (5.0.12 -> 5.0.13)
=== Details ===
==== MozillaFirefox ====
Version update (124.0.2 -> 125.0.2)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems with a
feature that proactively blocked downloads from potentially
untrustworthy URLs
* New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video
streaming providers
* New: The Firefox PDF viewer now supports text highlighting.
* New: Firefox View now displays pinned tabs in the Open tabs
section. Tab indicators have also been added to Open tabs, so
users can do things like see which tabs are playing media and
quickly mute or unmute across windows. Indicators were also
added for bookmarks, tabs with notifications, and more!
their addresses upon submitting an address form, allowing
Firefox to autofill stored address information in the future.
* New: The URL Paste Suggestion feature provides a convenient
way for users to quickly visit URLs copied to the clipboard
in the address bar of Firefox. When the clipboard contains a
URL and the URL bar is focused, an autocomplete result
appears automatically. Activating the clipboard suggestion
will navigate the user to the URL with 1 click.
* New: Users of tab-specific Container add-ons can now search
in the Address Bar for tabs that are open in different
containers. Special thanks to volunteer contributor atararx
for kicking off the work on this feature!
* New: Firefox now provides an option to enable Web Proxy Auto-
Discovery (WPAD) while configured to use system proxy
settings.
* Changed: In a group of radio buttons where no option is
selected, the tab key now only reaches the first option
rather than cycling through all available options. The arrow
keys navigate between options as they do when there is a
selected option. This makes keyboard navigation more
efficient and consistent
* HTML5: Firefox now supports the `popover` global attribute
used for designating an element as a popover element. The
element won't be rendered until it is made visible, after
which it will appear on top of other page content.
* HTML5: WebAssembly multi-memory is now enabled by default.
Wasm multi-memory allows wasm modules to use and import
multiple independent linear memories. This enables more
efficient interoperability between modules and provides
better polyfills for upcoming wasm standards, such as the
component model.
* HTML5: Added support for Unicode Text Segmentation to
JavaScript.
* HTML5: Added support for `contextlost` and `contextrestored`
events on HTMLCanvasElement and OffscreenCanvas to allow user
code to recover from context loss with hardware accelerated
2d canvas.
* HTML5: Firefox now supports the
`navigator.clipboard.readText()` web API. A paste context
menu will appear for the user to confirm when attempting to
read clipboard data not provided by the same-origin page.
* HTML5: Added support for the `content-box` and `stroke-box`
keywords of the `transform-box` CSS property.
* HTML5: The `align-content` property now works in block
layout, allowing block direction alignment without needing a
flex or grid container.
* HTML5: Support for `SVGAElement.text` was removed in favor of
the more widely-implemented `SVGAElement.textContent` method.
* Developer: Following several requests, we have reintroduced
the option to disable the Pause Debugger Overlay
(`devtools.debugger.features.overlay`). This overlay appears
over the page content when the debugger pauses JavaScript
execution. In certain scenarios, the overlay can be
intrusive, making it challenging to interact with the page,
for instance, evaluating shades of color underneath.
* Developer: We've added a new drop-down menu button at the
bottom of the source view in the Debugger panel, specifically
designed for Source Map related actions. Users can now easily
disable or enable Source Maps support, open the Source Map
file in a new tab, switch between the original source and the
generated bundle, toggle the "open original source by
default" option, and view the Source Map status such as
errors, loading status, etc.
MFSA 2024-18 (bsc#1221327)
* CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object
* CVE-2024-3853 (bmo#1884427)
Use-after-free if garbage collection runs during realm initialization
* CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3855 (bmo#1885828)
Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
* CVE-2024-3856 (bmo#1885829)
Use-after-free in WASM garbage collection
* CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during
garbage collection
* CVE-2024-3858 (bmo#1888892)
Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
* CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer
* CVE-2024-3860 (bmo#1881417)
Crash when tracing empty shape lists
* CVE-2024-3861 (bmo#1883158)
Potential use-after-free due to AlignedBuffer self-move
... changelog too long, skipping 16 lines ...
- add mozilla-libproxy-fix.patch to fix with-libproxy build variant
==== dracut ====
Version update (059+suse.563.g4900899a -> 059+suse.581.g19b7c06c)
- Update to version 059+suse.581.g19b7c06c:
* fix(dracut): move hooks directory from /usr/lib to /var/lib (bsc#1218068)
* feat(tpm2-tss): add tpm2.target and systemd-tpm2-generator
* fix(systemd): explicitly install some libs that will not be statically included
* fix(dracut-lib): only remove initqueue/finished scripts, not the hook dir
* fix(dracut-util): avoid memory leak
* fix(dracut-install): memory leak in two `hashmap_put` calls if key exists
* fix(dracut-install): release memory allocated for regular expressions
* fix(dracut-install): memory leak in `--modalias` option
* refactor(dracut-install): strerror(errno) -> %m
* perf(dracut-install): don't strdup() environment block
* perf(dracut-install): don't reallocate {src,dst}path in hmac_install()
* perf(dracut-install): don't strdup() excessively for dracut_install()
* perf(dracut-install): stat() w/unused buf -> access(F_OK) in dracut-install
* perf(dracut-install): multiple single-character strstr()s -> strpbrk()
==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9
- Add ffmpeg-CVE-2023-51793.patch:
Backporting 0ecc1f0e from upstream, Fix odd height handling.
(CVE-2023-51793 bsc#1223272)
- Add ffmpeg-CVE-2023-49502.patch:
Backporting 737ede40 from upstream, account for chroma sub-sampling
in min size calculation.
(CVE-2023-49502 bsc#1223235)
- Address boo#1223304/CVE-2023-51798: add patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
==== ffmpeg-6 ====
Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7
- Add ffmpeg-CVE-2023-50008.patch:
Backporting 5f87a68c from upstream, Fix memory leaks.
(CVE-2023-50008 bsc#1223254)
- Add ffmpeg-CVE-2023-50007.patch:
Backporting b1942734 from upstream, Fix crash with EOF handling.
(CVE-2023-50007 bsc#1223253)
==== google-noto-coloremoji-fonts ====
Version update (20230315 -> 20240424)
- Update to v2.042
* Unicode 15.1 update
==== libupnp ====
Version update (1.14.18 -> 1.14.19)
Subpackages: libixml11 libupnp17
- Update to release 1.14.19
* Fix some memory allocations in the "TvDevice" example
==== openSUSE-release ====
Version update (20240425 -> 20240426)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== pcsc-lite ====
Version update (2.0.3 -> 2.1.0)
Subpackages: libpcsclite1
- Update the spec for building with version 2.1.0
- version 2.1.0
* LIBPCSCLITE_DELEGATE is used to redirect to another libpcsclite library
* setup_spy.sh displays the LIBPCSCLITE_DELEGATE value to use for spying
* provides libfake.c as a sample source code
* Some other minor improvements-
==== sqlite3 ====
Version update (3.45.2 -> 3.45.3)
Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl
- Update to release 3.45.3:
* Fix a long-standing bug (going back to version 3.24.0) that
might (rarely) cause the "old.*" values of an UPDATE trigger
to be incorrect if that trigger fires in response to an UPSERT.
* Reduce the scope of the NOT NULL strength reduction
optimization that was added as item 8e in version 3.35.0. The
optimization was being attempted in some contexts where it did
not work, resulting in incorrect query results.
- Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream.
==== systemd-presets-branding-Aeon ====
- Remove redundant services formerly from MicroOS
- Remove sshd from presets (we're a desktop OS)
==== thin-provisioning-tools ====
- Update vendored dependencies
==== tracker ====
Version update (3.7.1 -> 3.7.2)
Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0
- Update to version 3.7.2:
+ Fix runtime issue introduced by SQLite 3.45.3.
+ Fix possible inconsistency in the handling of DELETE WHERE
queries.
+ Updated translations.
==== tracker-miners ====
Version update (3.7.1 -> 3.7.2)
Subpackages: tracker-miner-files tracker-miners-lang
- Update to version 3.7.2:
+ Fixes to data deletion after removing an indexed folder
from configuration.
+ Fixed glib/inotify based monitors to not follow symlinks in
some circumstances.
+ Added a build-time option for fanotify.
+ Fix build with musl libc.
+ Updated translations.
==== yast2-storage-ng ====
Version update (5.0.12 -> 5.0.13)
- GuidedProposal: refine the :bigger_resize SpaceMaker strategy
(gh#openSUSE/agama#1164).
- Fixed a bug related to the calculation of partitions required
for booting when RAID is involved.
- 5.0.13