Removed rpms
============

 - kimageformats
 - libhwy1
 - libjxl0_8

Added rpms
==========


Package Source Changes
======================

MozillaFirefox
+- Firefox Extended Support Release 102.11.0 ESR
+  Placeholder changelog-entry (bsc#1211175)
+
-  Placeholder changelog-entry (bsc#1210212)
+  * Fixed: Various security fixes.
+  MFSA 2023-14 (bsc#1210212)
+  * CVE-2023-29531 (bmo#1794292)
+    Out-of-bound memory access in WebGL on macOS
+  * CVE-2023-29532 (bmo#1806394)
+    Mozilla Maintenance Service Write-lock bypass
+  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
+    Fullscreen notification obscured
+  * CVE-2023-1999 (bmo#1819244)
+    Double-free in libwebp
+  * CVE-2023-29535 (bmo#1820543)
+    Potential Memory Corruption following Garbage Collector
+    compaction
+  * CVE-2023-29536 (bmo#1821959)
+    Invalid free from JavaScript code
+  * CVE-2023-29539 (bmo#1784348)
+    Content-Disposition filename truncation leads to Reflected
+    File Download
+  * CVE-2023-29541 (bmo#1810191)
+    Files with malicious extensions could have been downloaded
+    unsafely on Linux
+  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
+    Bypass of file download extension restrictions
+  * CVE-2023-29545 (bmo#1823077)
+    Windows Save As dialog resolved environment variables
+  * CVE-2023-1945 (bmo#1777588)
+    Memory Corruption in Safe Browsing Code
+  * CVE-2023-29548 (bmo#1822754)
+    Incorrect optimization result on ARM64
+  * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498,
+    bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493,
+    bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413,
+    bmo#1824828)
+    Memory safety bugs fixed in Firefox 112 and Firefox ESR
+    102.10
MozillaThunderbird
+- Mozilla Thunderbird 102.10.1
+  * fixed: Messages with missing or corrupt "From:" header did
+    not display message header buttons (bmo#1793918)
+  * fixed: Composer repeatedly prompted for S/MIME smartcard
+    signing/encryption password (bmo#1828366)
+  * fixed: Address Book integration did not work with macOS 11.4
+    Bug Sur (bmo#1720257)
+  * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug
+    1826146) was incomplete (bmo#1827503)
+- Mozilla Thunderbird 102.10
+  * changed: New messages will automatically select S/MIME if
+    configured and OpenPGP is not (bmo#1793278)
+  * fixed: Calendar events with timezone America/Mexico_City
+    incorrectly applied Daylight Savings Time (bmo#1826146)
+  * fixed: Security fixes
+  MFSA 2023-15 (bsc#1210212)
+  * CVE-2023-29531 (bmo#1794292)
+    Out-of-bound memory access in WebGL on macOS
+  * CVE-2023-29532 (bmo#1806394)
+    Mozilla Maintenance Service Write-lock bypass
+  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
+    Fullscreen notification obscured
+  * CVE-2023-1999 (bmo#1819244)
+    Double-free in libwebp
+  * CVE-2023-29535 (bmo#1820543)
+    Potential Memory Corruption following Garbage Collector
+    compaction
+  * CVE-2023-29536 (bmo#1821959)
+    Invalid free from JavaScript code
+  * CVE-2023-0547 (bmo#1811298)
+    Revocation status of S/Mime recipient certificates was not
+    checked
+  * CVE-2023-29479 (bmo#1824978)
+    Hang when processing certain OpenPGP messages
+  * CVE-2023-29539 (bmo#1784348)
+    Content-Disposition filename truncation leads to Reflected
+    File Download
+  * CVE-2023-29541 (bmo#1810191)
+    Files with malicious extensions could have been downloaded
+    unsafely on Linux
+  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
+    Bypass of file download extension restrictions
+  * CVE-2023-29545 (bmo#1823077)
+    Windows Save As dialog resolved environment variables
+  * CVE-2023-1945 (bmo#1777588)
+    Memory Corruption in Safe Browsing Code
+  * CVE-2023-29548 (bmo#1822754)
+    Incorrect optimization result on ARM64
+  * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498,
+    bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493,
+    bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413,
+    bmo#1824828)
+    Memory safety bugs fixed in Thunderbird 102.10
+
autofs
+- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
+  Fix off-by-one error in recursive map handling. (bsc#1209653)
+
cronie
+- Allow to define the logger info and warning priority, fixes
+  jsc#PED-2551
+  * run-crons
+  * sysconfig.cron
+
ffmpeg
+- Add ffmpeg-CVE-2022-48434.patch: Backport from upstream to fix
+  use after free in libavcodec/pthread_frame.c (bsc#1209934).
+
ffmpeg-4
+- Add ffmpeg-CVE-2022-48434.patch: Backport from upstream to fix
+  use after free in libavcodec/pthread_frame.c (bsc#1209934).
+
grantlee5
+- Add patch to fix test failures on Leap 15:
+  * 0001-Add-a-call-to-registerComparators-in-testbuiltins.patch
+
+- Update to 5.3.1
+  * Use C++11 nullptr where appropriate
+  * Use QRandomGenerator instead of deprecated qRand
+  * Increase compatibility with Qt 6 APIs
+  * Add CMake option to build with Qt 6 - GRANTLEE_BUILD_WITH_QT6
+  * Support enum introspection on Q_GADGET
+  * filesizeformat implementation as well as localized filesize
+  * Make enums comparable with more operations
+  * Add "truncatechars" filter
+  * Fix concatenation of string lists
+- Refreshed patches:
+  * includes.diff
+  * grantlee-5.2.0-fix-ctest-ld-library-path.patch
+- Add patch to fix tests on i586 (gh#steveire/grantlee#85):
+  * fix-i586-precision.patch
+- Add keyring for GPG source verification
+
-- Update to 5.0.0 final:
-  * No changelog since rc1 provided
-
kernel-default
+- x86: don't use REP_GOOD or ERMS for small memory clearing
+  (bsc#1211140).
+- x86/cpufeatures: Add macros for Intel's new fast rep string
+  features (bsc#1211140).
+- commit ff3ce03
+
+- wifi: brcmfmac: slab-out-of-bounds read in
+  brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
+- commit 39854dd
+
kernel-kvmsmall
+- x86: don't use REP_GOOD or ERMS for small memory clearing
+  (bsc#1211140).
+- x86/cpufeatures: Add macros for Intel's new fast rep string
+  features (bsc#1211140).
+- commit ff3ce03
+
+- wifi: brcmfmac: slab-out-of-bounds read in
+  brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
+- commit 39854dd
+
ldb
+- Update to version 2.6.2
+  + CVE-2023-0614: Not-secret but access controlled LDAP attributes
+    can be discovered; (bso#15270); (bsc#1209485).
+
libfastjson
+- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
+  large JSON file (bsc#1171479)
+  add 0001-Fix-CVE-2020-12762.patch
+
libqt5-qtbase
+- Amend patch to fix mouse grabbing as well (bsc#1211024):
+  * big-endian-scroll.patch
+
ncurses
+- Modify patch ncurses-6.1.dif
+  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
+    (boo#1210434, CVE-2023-29491)
+  * Reading is done since 2000/01/17
+
open-iscsi
+- Remove "--strip" in SPEC file for meson build, so that
+  debuginfo is generated. (from mwilck) (bsc#1210536)
+
+- Build system: meson builds were ignoring optflags, and other
+  passed in compiler options.
+
+- Update iscsid.service so it starts iscsid.socket, if needed
+  (bsc#1206132).
+
openssh
+- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
+  This caused invalid and irrelevant environment assignments (bsc#1207014).
+
procps
+- Add patch bsc1209122-a6c0795d.patch
+  * Fix for bsc#1209122 to allow `-´ as leading character to ignore
+    possible errors on systctl entries
+
protobuf-c
+- ec3d9000.patch: fixes unsigned integer overflow
+  (bsc#1210323, CVE-2022-48468)
+
-- update to 0.15
-  - make protobuf_c_message_init() into a function (Issue #49, daveb)
-  - Fix for freeing memory after unpacking bytes w/o a default-value.
-    (Andrei Nigmatulin)
-  - minor windows portability issues (use ProtobufC_FD) (Pop Stelian)
-  - --with-endianness={little,big} (Pop Stelian)
-  - bug setting up values of has_idle in public dispatch,
-    make protobuf_c_dispatch_run() use only public members (daveb)
-  - provide cmake support and some Windows compatibility (Nikita Manovich)
-
samba
+- Update to 4.17.7
+  * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
+    in cleartext; (bso#15315); (bsc#1209481).
+  * CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
+    deleted by unprivileged authenticated users; (bso#15276);
+    (bsc#1209483).
+  * CVE-2023-0614: samba: Access controlled AD LDAP attributes can
+    be discovered; (bso#15270); (bsc#1209485).
+  * large_ldap test is inefficient; (bso#15332).
+  * CVE-2020-25720 [SECURITY] Create Child permission should not
+    allow full write to all attributes (additional changes);
+    (bso#14810).
+- Update to 4.17.6
+  * streams_xattr is creating unexpected locks on folders;
+    (bso#15314).
+  * Use of the Azure AD Connect cloud sync tool is now supported
+    for password hash synchronisation, allowing Samba AD Domains
+    to synchronise passwords with this popular cloud environment;
+    (bso#10635).
+  * Spotlight doesn't work with latest macOS Ventura;
+    (bso#15299).
+  * New samba-dcerpc architecture does not scale gracefully;
+    (bso#15310).
+  * vfs_ceph incorrectly uses fsp_get_io_fd() instead of
+    fsp_get_pathref_fd() in close and fstat; (bso#15307).
+  * With clustering enabled samba-bgqd can core dump due to use
+    after free; (bso#15293).
+  * fd_load() function implicitly closes the fd where it should
+    not; (bso#15311).
+- Update to 4.17.5
+  * smbc_getxattr() return value is incorrect; (bso#14808).
+  * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not
+    handled correctly; (bso#15172).
+  * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210).
+  * samba-tool gpo listall fails IPv6 only - finddcs() fails to
+    find DC when there is only an AAAA record for the DC in DNS;
+    (bso#15226).
+  * smbd crashes if an FSCTL request is done on a stream handle;
+    (bso#15236).
+  * DFS links don't work anymore on Mac clients since 4.17;
+    (bso#15277).
+  * vfs_virusfilter segfault on access, directory edgecase
+    (accessing NULL value); (bso#15283).
+  * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
+    based SChannel on NETLOGON (additional changes); (bso#15240).
+  * %U for include directive doesn't work for share listing
+    (netshareenum); (bso#15243).
+  * Shares missing from netshareenum response in samba 4.17.4;
+    (bso#15266).
+  * ctdb: use-after-free in run_proc; (bso#15269).
+  * irpc_destructor may crash during shutdown; (bso#15280).
+  * auth3_generate_session_info_pac leaks wbcAuthUserInfo;
+    (bso#15286).
+  * smbclient segfaults with use after free on an optimized
+    build; (bso#15268).
+  * smbstatus leaking files in msg.sock and msg.lock;
+    (bso#15282).
+  * Leak in wbcCtxPingDc2; (bso#15164).
+  * Access based share enum does not work in Samba 4.16+;
+    (bso#15265).
+  * Crash during share enumeration; (bso#15267).
+  * rep_listxattr on FreeBSD does not properly check for reads
+    off end of returned buffer; (bso#15271).
+  * Avoid relying on C89 features in a few places; (bso#15281).
+
shadow
+- bsc#1210507 (CVE-2023-29383):
+  Check for control characters
+- Add shadow-CVE-2023-29383.patch
+
snapper
+- avoid stale btrfs qgroups on transactional systems (bsc#1210151)
+  * added pr805.patch
+- wait for existing btrfs quota rescans to finish (bsc#1210150)
+  * added pr790.patch
+
vim
+- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
+  * Revert the creation standalone xxd packages
+
+- Updated to version 9.0 with patch level 1443, fixes the following security problems
+  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
+  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
+  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
+- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
+  remove during %prep anyway. And this breaks quilt setup.
+- for the complete list of changes see
+  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
+
webkit2gtk3
+- Update to version 2.38.6 (boo#1210295 boo#1210731):
+  + Enable the Asynchronous Clipboard API to make certain pages
+    work (e.g. GithHub started recently requiring it).
+  + Support :has() CSS selectors in content filters.
+  + Apply basic font properties as font variation settings.
+  + The Bubblewrap sandbox no longer requires setting an
+    application identifier via GApplication to operate correctly.
+    Using GApplication is still recommended, but optional.
+  + Improvements to the GStreamer multimedia playback, in
+    particular around MSE, WebRTC, and seeking.
+  + Fix the build with journald support enabled when using elogind
+    instead of the systemd libraries.
+  + Fix the build with Link-Time Optimization enabled (-flto=auto).
+  + Fix context menus not working in the remote Web Inspector.
+  + Fix usage of the remote Web Inspector over HTTP.
+  + Fix debug logs not being emitted in release builds.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2022-0108, CVE-2023-28205, CVE-2022-32885,
+    CVE-2023-27932, CVE-2023-27954.
+
-  + Security fixes: CVE-2022-32886, CVE-2022-32912.
+  + Security fixes: CVE-2022-32886, CVE-2022-32912, CVE-2023-25358,
+    CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
yast2-network
+- Do not write the EAP auth attribute when writing a wireless
+  wicked configuration using the EAP mode as TLS (bsc#1211026)
+- 4.5.20
+
+- Fix summary crash when there is no interface available
+  (bsc#1209589, bsc#1211161).
+- 4.5.19
+
zlib
+- Fix deflateBound() before deflateInit(), bsc#1210593, bsc#1211005
+  bsc1210593.patch
+