Packages changed: MozillaFirefox (129.0.1 -> 130.0.1) git (2.46.0 -> 2.46.1) libsamplerate openSUSE-release (20240920 -> 20240922) wpa_supplicant xml-commons-apis yast2-storage-ng (5.0.17 -> 5.0.18) === Details === ==== MozillaFirefox ==== Version update (129.0.1 -> 130.0.1) Subpackages: MozillaFirefox-translations-common - Firefox 130.0.1 Release https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes * Enterprise: Added an enterprise policy to disable the * Firefox Labs* section in *Settings*. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch - Mozilla Firefox 130.0 https://www.mozilla.org/en-US/firefox/130.0/releasenotes MFSA 2024-39 (bsc#1229821) * CVE-2024-8385 (bmo#1911909) WASM type confusion involving ArrayTypes * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970, bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326, bmo#1894891, bmo#1897648) Fullscreen notice on Android could be hidden under various panels and OS prompts * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8383 (bmo#1908496) Firefox did not ask before openings news: links in an external application * CVE-2024-8384 (bmo#1911288) Garbage collection could mis-color cross-compartment objects in OOM conditions * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529) SelectElements could be shown over another site if popups are allowed * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009) Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 * CVE-2024-8389 (bmo#1907230, bmo#1909367) Memory safety bugs fixed in Firefox 130 - requires NSS 3.103 - removed obsolete patches mozilla-bmo1898476.patch mozilla-bmo1907511.patch - added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500) - Update dependency on clang-devel from LLVM15 to LLVM18 - Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling ==== git ==== Version update (2.46.0 -> 2.46.1) Subpackages: git-core git-email git-svn git-web perl-Git - Update to version 2.46.1; * "git checkout --ours" (no other arguments) complained that the option is incompatible with branch switching, which is technically correct, but found confusing by some users. It now says that the user needs to give pathspec to specify what paths to checkout. * It has been documented that we avoid "VAR=VAL shell_func" and why. * "git add -p" by users with diff.suppressBlankEmpty set to true failed to parse the patch that represents an unmodified empty line with an empty line (not a line with a single space on it), which has been corrected. * "git rebase --help" referred to "offset" (the difference between the location a change was taken from and the change gets replaced) incorrectly and called it "fuzz", which has been corrected. * "git notes add -m '' --allow-empty" and friends that take prepared data to create notes should not invoke an editor, but it started doing so since Git 2.42, which has been corrected. * An expensive operation to prepare tracing was done in re-encoding code path even when the tracing was not requested, which has been corrected. * Perforce tests have been updated. * The credential helper to talk to OSX keychain sometimes sent garbage bytes after the username, which has been corrected. * A recent update broke "git ls-remote" used outside a repository, which has been corrected. * "git config --value=foo --fixed-value section.key newvalue" barfed when the existing value in the configuration file used the valueless true syntax, which has been corrected. * "git reflog expire" failed to honor annotated tags when computing reachable commits. * A flakey test and incorrect calls to strtoX() functions have been fixed. * Follow-up on 2.45.1 regression fix. * "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should behave more or less like "git log -p --remerge-diff" but instead it crashed, forgetting to prepare a temporary object store needed. * The patch parser in "git patch-id" has been tightened to avoid getting confused by lines that look like a patch header in the log message. * "git bundle unbundle" outside a repository triggered a BUG() unnecessarily, which has been corrected. * The code forgot to discard unnecessary in-core commit buffer data for commits that "git log --skip=" traversed but omitted from the output, which has been corrected. * "git verify-pack" and "git index-pack" started dying outside a repository, which has been corrected. * A corner case bug in "git stash" was fixed. ==== libsamplerate ==== - Use a constant profile dir for reproducible builds (boo#1062303) ==== openSUSE-release ==== Version update (20240920 -> 20240922) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== wpa_supplicant ==== - Revert "Mark authorization completed on driver indication during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection problems with brcmfmac wifi hardware. (bsc#1230797) [+ Revert-Mark-authorization-completed-on-driver-indica.patch] ==== xml-commons-apis ==== - Use SOURCE_DATE_EPOCH for reproducible builds ==== yast2-storage-ng ==== Version update (5.0.17 -> 5.0.18) - Extend the API to resize partitions during a proposal (required by gh#openSUSE/agama#1599). - 5.0.18