Packages changed: MozillaFirefox (142.0.1 -> 143.0) argyllcms (3.3.0 -> 3.4.1) autofs gdbm (1.24 -> 1.26) glibc libstorage-ng (4.5.274 -> 4.5.275) mozilla-nspr (4.36 -> 4.37) openSUSE-release (20250918 -> 20250919) pragha protobuf rlwrap (0.46.2 -> 0.47) sac texlive === Details === ==== MozillaFirefox ==== Version update (142.0.1 -> 143.0) Subpackages: MozillaFirefox-branding-upstream MozillaFirefox-translations-common - Mozilla Firefox 143.0 https://www.firefox.com/en-US/firefox/143.0/releasenotes MFSA 2025-73 (bsc#1249391) * CVE-2025-10527 (bmo#1984825) Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 (bmo#1986185) Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 (bmo#1970490) Same-origin policy bypass in the Layout component * CVE-2025-10530 (bmo#1974025) Spoofing issue in the WebAuthn component in Firefox for Android * CVE-2025-10531 (bmo#1978453) Mitigation bypass in the Web Compatibility: Tooling component * CVE-2025-10532 (bmo#1979502) Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 (bmo#1980788) Integer overflow in the SVG component * CVE-2025-10534 (bmo#1665334) Spoofing issue in the Site Permissions component * CVE-2025-10535 (bmo#1979918) Information disclosure, mitigation bypass in the Privacy component in Firefox for Android * CVE-2025-10536 (bmo#1981502) Information disclosure in the Networking: Cache component * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280, bmo#1981283, bmo#1984505, bmo#1985067) Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 - requires NSPR 4.37 NSS 3.115.1 - remove obsolete mozilla-nongnome-proxies.patch - Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed build. ==== argyllcms ==== Version update (3.3.0 -> 3.4.1) - Update to 3.4.1: * Enabled support for JETI specbos extra adapter heads. * Turned off erroneous strip read debugging in munki driver. * Fixed printtarg -T option to work again. * Add delay to ArgyllCMS_install_USB.exe and ArgyllCMS_uninstall_USB.exe exit so that messages can be read. * Changed chartread unexpected patch value warning threshold to dE 95 when no targen -c profile. - Update to 3.4.0: * Added support for Spyder and SpyderPRO (2024) * Renamed proposed CIE 2012 2 and 10 degree to standard CIE 2015 2 and 10 degree observers, as per CIE 170-2:2015. * Added -Y c: option to colprof and invprofcheck to allow setting/overriding alibration curves for setting final ink limits. * Added -Y c: option to xicclu to allow setting/overriding calibration curves for setting final ink limits, and added -T flag to show ink limits. * Fixed Spyder X and X2 to not make Device Disconect noise (if such sounds are enabled) on MSWin. * Fixed bug in colprof -nI failing for CMYK profiles. * Enhanced strip reader patch recognition to reject strips that don't start and end on the media, as well as adding some speed compensation to the patch recognition for non-zerbra ruler measurements. * Fixed bug in i1Pro3 strip reading where it would return bad values if the zerbra stripe wasn't used. * Changed chartread so that it will issue warnings of possible bad row or patch reading even when .ti2 reference measurement is not accurate (i.e. no preconditioning profile used in targen.) * Increased emphasis of making sure that there is contrast between patches at the end of rows in printtarg patch ordering for strip instruments. * Added -C parameter to targen to allow overriding any calibration curves found in the ICC profile, used to estimage the total ink limit from that in the ICC profile. Also better enforces final raw computes ink limits. * Modified ccxxmake so that it checks that it has actually found a white seeming patch to use as the L*a*b* white reference, and the patch to de-weight. If there is no white patch (i.e. just RGB patches) then it will use D65 as the L*a*b* conversion reference. ccxxmake will fail if there are less than 3 patches. * Fixed ICC profile writing so that it clips rather than failing when writing a ColorantTable PCS value that is out of range. A warning to stderr will be issued. * Changed ColorMunki driver so that it is more forgiving about unexpected version string lengths. * Fixed dispcal and dispread so that they won't error out if there is no instrument but the -M parameter is provided. ==== autofs ==== - Link against ldap.so instead of ldap_r.so; the former now provides thread-safety and the latter is a symlink which may not exist (bsc#1249966) * drop autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch ==== gdbm ==== Version update (1.24 -> 1.26) Subpackages: gdbm-lang libgdbm6 libgdbm_compat4 - version update to 1.26 * New function: gdbm_open_ext * Fixed build on musl libc * Fixed build on MacOS * Improved testsuite - removed patches * gdbm-gcc15.patch (upstreamed) ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-gconv-modules-extra glibc-gconv-modules-extra-32bit glibc-lang glibc-locale glibc-locale-base - inet-fortified-namespace.patch: inet-fortified: fix namespace violation (BZ #33227) - abort-fork-lock-init.patch: stdlib: resolve a double lock init issue after fork (BZ #32994) - ld.so-load-segment-gaps.patch: elf: Handle ld.so with LOAD segment gaps in _dl_find_object (BZ #31943) - cancelable-syscall-return-value.patch: nptl: Fix SYSCALL_CANCEL for return values larger than INT_MAX (BZ #33245) - ctype-tls-IE.patch: Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables (BZ #33234) - i386-gnu-tls-abi-tag.patch: i386: Add GLIBC_ABI_GNU_TLS version (BZ [#33221]) - x86-64-gnu2-tls-abi-tag.patch: x86-64: Add GLIBC_ABI_GNU2_TLS version (BZ #33129) - x86-64-dt-x86-64-plt-abi-tag.patch: x86-64: Add GLIBC_ABI_DT_X86_64_PLT (BZ #33212) - i386-gnu2-tls-abi-tag.patch: i386: Also add GLIBC_ABI_GNU2_TLS version (BZ #33129) - aarch64-sve-powf.patch: AArch64: Fix SVE powf routine (BZ #33299) - For cross builds use the version-suffixed gcc and g++ executable names. ==== libstorage-ng ==== Version update (4.5.274 -> 4.5.275) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#1039 - improve memory managment - 4.5.275 ==== mozilla-nspr ==== Version update (4.36 -> 4.37) - update to version 4.37 * bmo#1890927 - PR_GetUniqueIdentity asserts on the 32767th call * bmo#1880254 - error LNK2019: unresolved external symbol _InterlockedCompareExchange * bmo#1905990 - initclk deadline elapsed macOS * bmo#1921087 - Remove prwin.h (formerly known as prwin16.h) * bmo#1939333 - Use builtin atomic functions on RISC-V32/64 * bmo#1917446 - PR_FormatTimeUSEnglish() doesn't support "%e" format specifier ==== openSUSE-release ==== Version update (20250918 -> 20250919) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pragha ==== Subpackages: pragha-lang pragha-plugins - Drop rygel-devel BuildRequires, what pragha checks for is pkgconfig(rygel-server-2.6), and currently rygel-devel provides pkgconfig(rygel-server-2.8). ==== protobuf ==== Subpackages: libprotobuf-lite32_0_0 libprotobuf32_0_0 libutf8_range-32_0_0 - Add upstream patch to fix build on armv9: * protobuf-gh23194.patch ==== rlwrap ==== Version update (0.46.2 -> 0.47) - Update to 0.47 * Bug fix - use libptytty by default and add --with-libptytty option to configure. Keep the original ptytty.c code as a fallback. - add libtinfow to the list of libraries that are checked for the presence of tgetent() - only look for filters in $RLWRAP_FILTERDIR and don't add this directory to filter's PATH - have rlwrap source conform to POSIX.1c (as we cannot use Polarhome anymore to test on ancient systems) - extend testclient with a test that spawns a child and then dies (testing the effect of --skip-setctty) - make configure backdate src/completion.rb a few seconds to prevent spurious calls to rbgen ==== sac ==== - Fix build with older JDKs where jar tool does not have long options ==== texlive ==== - Add boost2.dif * Make texlive build with boost 1.89 (boo#1249956)