Removed rpms ============ Added rpms ========== Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 115.10.0 ESR + Placeholder changelog-entry (bsc#1222535) + ca-certificates +- Update to version 2+git20240416.98ae794 (bsc#1221184): + * Use flock to serialize calls (boo#1188500) + * Make certbundle.run container friendly + * Create /var/lib/ca-certificates if needed + emacs +- Again fix %{%ext_info} to %{ext_info} (boo#1221769) + +- Modify patch CVE-2024-30205.patch (bsc#1222050) + * Add backport of (org--should-fetch-remote-resource-p) to be + sure that remote file locations will be checked by the user + * Use this in (org-file-contents) + +- Modify patch CVE-2024-30204.patch + * Backport the variable definition untrusted-content in lisp/files.el + +- Add patch CVE-2024-30203.patch + * Fix bsc#1222053 -- Gnus treats inline MIME contents as trusted +- Add patch CVE-2024-30204.patch + * Fix bsc#1222052 -- LaTeX preview is enabled by default for e-mail attachments +- Add patch CVE-2024-30205.patch + * Fix bsc#1222050 -- Org mode considers contents of remote files to be trusted + +- fix typo in %{ext_info} macro usage + graphviz +- VUL-0: CVE-2023-46045: graphviz: out-of-bounds read via a crafted config6a file + bsc#1219491 + A gvc-detect-plugin-installation-failure-and-display-an-error.patch + ibus-pinyin +- Add ibus-pinyin-avoid-superkey-conflict.patch: + Make system could respond to Super key to swith input engine after + input Chinese in ibus-pinyin. + (bsc#1220235) + +- Add ibus-pinyin-use-single-quote-for-sqlite-3.41.0.patch: + Backporting ffe471c9 from upstream, Use single quote inside SQL to + avoid the sqlite latest than 3.41.0's syntax fault during building + process. + -- ibus-pinyin-support-set-content-type-method.patch: - Fix visible password entry in GNOME lock screen (CVE-2013-4509, - bnc#847718); taken from Fedora package - -- add python-xdg as Requires - jasper +- bsc#1223155 CVE-2024-31744: + Add missing check to jpc_dec_process_sod() + Add jasper-CVE-2024-31744.patch + libzypp +- Fix creation of sibling cache dirs with too restrictive mode + (bsc#1222398) + Some install workflows in YAST may lead to too restrictive (0700) + raw cache directories in case of newly created repos. Later + commands running with user privileges may not be able to access + these repos. +- version 17.32.4 (32) + +- Update RepoStatus fromCookieFile according to the files mtime + (bsc#1222086) +- TmpFile: Don't call chmod if makeSibling failed. +- version 17.32.3 (32) + +- Fixup New VendorSupportOption flag VendorSupportSuperseded + (jsc#OBS-301, jsc#PED-8014) + Fixed the name of the keyword to "support_superseded" as it was + agreed on in jsc#OBS-301. +- version 17.32.2 (32) + +- Add resolver option 'removeUnneeded' to file weak remove jobs + for unneeded packages (bsc#1175678) +- version 17.32.1 (32) + +- Add resolver option 'removeOrphaned' for distupgrade + (bsc#1221525) +- New VendorSupportOption flag VendorSupportSuperseded + (jsc#OBS-301, jsc#PED-8014) +- Tests: fix vsftpd.conf where SUSE and Fedora use different + defaults (fixes #522) +- Add default stripe minimum (#529) +- Don't expose std::optional where YAST/PK explicitly use c++11. +- Digest: Avoid using the deprecated OPENSSL_config. +- version 17.32.0 (32) + +- ProblemSolution::skipsPatchesOnly overload to handout the + patches. +- Remove https->http redirection exceptions for + download.opensuse.org. +- version 17.31.32 (22) + manpages-l10n +- Remove conflicting files with xz-lang(from SLE15) +- Remove conflicting files with procps-lang(from SLE15) + polkit +- Change permissions for rules folders (bsc#1209282) + python-idna +- Add CVE-2024-3651.patch, backported from upstream commit + gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 + (bsc#1222842, CVE-2024-3651) + systemd-default-settings +- Import 0.10 + 5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123) + +- Import 0.9 + bb859bf user@.service: Disable controllers by default (jsc#PED-2276) + +- The usage of drop-ins is now the official way for configuring systemd and its + various daemons on Factory/ALP. Hence the early drop-ins SUSE specific + "feature" has been abandoned. + +- Import 0.8 + f34372f User priority '26' for SLE-Micro + c8b6f0a Revert "Convert more drop-ins into early ones" + +- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2 + 6b8dde1 Convert more drop-ins into early ones + vim +- Updated to version 9.1 with patch level 0330, fixes the following problems + * Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1 +- refreshed vim-7.3-filetype_spec.patch +- refreshed vim-7.3-filetype_ftl.patch +- Update spec.skeleton to use autosetup in place of setup macro. +- for the complete list of changes see + https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330 + +- Updated to version 9.1 with patch level 0111, fixes the following security problems + * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close() + * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol() + * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command + * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count + * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing + * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number + * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line + * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute + * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c + * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix +- for the complete list of changes see + https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 + zypper +- Do not try to refresh repo metadata as non-root user + (bsc#1222086) + Instead show refresh stats and hint how to update them. +- man: Explain how to protect orphaned packages by collecting + them in a plaindir repo. +- packages: Add --autoinstalled and --userinstalled options to + list them. +- Don't print 'reboot required' message if download-only or + dry-run (fixes #529) + Instead point out that a reboot would be required if the option + was not used. +- Resepect zypper.conf option `showAlias` search commands + (bsc#1221963) + Repository::asUserString (or Repository::label) respects the + zypper.conf option, while name/alias return the property. +- version 1.14.71 + +- dup: New option --remove-orphaned to remove all orphaned + packages in dup (bsc#1221525) +- version 1.14.70 + +- info,summary: Support VendorSupportOption flag + VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) +- BuildRequires: libzypp-devel >= 17.32.0. + API cleanup and changes for VendorSupportSuperseded. +- Show active dry-run/download-only at the commit propmpt. +- patch: Add --skip-not-applicable-patches option (closes #514) +- Fix printing detailed solver problem description. + The problem description() is one rule out possibly many in + completeProblemInfo() the solver has chosen to represent the + problem. So either description or completeProblemInfo should be + printed, but not both. +- Fix bash-completion to work with right adjusted numbers in the + 1st column too (closes #505) +- Set libzypp shutdown request signal on Ctrl+C (fixes #522) +- lr REPO: In the detailed view show all baseurls not just the + first one (bsc#1218171) +- version 1.14.69 +