Packages changed: MozillaFirefox (131.0.3 -> 132.0.1) MozillaFirefox-branding-openSUSE ibus-m17n (1.4.32 -> 1.4.34) libnice (0.1.21 -> 0.1.22) libwebp openSUSE-release (20241109 -> 20241111) rebootmgr === Details === ==== MozillaFirefox ==== Version update (131.0.3 -> 132.0.1) Subpackages: MozillaFirefox-translations-common - require xdg-desktop-portal (boo#1233166) - Mozilla Firefox 132.0.1 * Fixed issues causing intermittent video playback problems on some sites. (bmo#1928484, bmo#1928798) - remove KDE integration patches - mozilla-kde.patch - firefox-kde.patch on KDE use these settings instead widget.use-xdg-desktop-portal.file-picker=1 widget.use-xdg-desktop-portal.mime-handler=1 (those are set by the latest branding package as well) - Mozilla Firefox 132.0 https://www.mozilla.org/en-US/firefox/132.0/releasenotes MFSA 2024-55 (bsc#1231879) * CVE-2024-10458 (bmo#1921733) Permission leak via embed or object elements * CVE-2024-10459 (bmo#1919087) Use-after-free in layout with accessibility * CVE-2024-10460 (bmo#1912537) Confusing display of origin for external protocol handler prompt * CVE-2024-10461 (bmo#1914521) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 (bmo#1920423) Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 (bmo#1920800) Cross origin video frame leak * CVE-2024-10468 (bmo#1914982) Race conditions in IndexedDB * CVE-2024-10464 (bmo#1913000) History interface could have been used to cause a Denial of Service condition in the browser * CVE-2024-10465 (bmo#1918853) Clipboard "paste" button persisted across tabs * CVE-2024-10466 (bmo#1924154) DOM push subscription message could hang Firefox * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 - requires NSS 3.105 - rebased patches ==== MozillaFirefox-branding-openSUSE ==== - do not use XDG for mime-handler as it does not handle the default browser check correctly - add properties to use xdg-desktop-portal (boo#1226112) ==== ibus-m17n ==== Version update (1.4.32 -> 1.4.34) - Update to 1.4.34 * Add the “S-†prefix to msymbols for non-ASCII characters only if the character “is not graph†(Resolves: #90) ==== libnice ==== Version update (0.1.21 -> 0.1.22) Subpackages: gstreamer-libnice libnice10 - Update to version 0.1.22: + API: Make nice_address_is_local() available to applications + Make padding be all zeros to conform to RFC8489 + Fix interface listing on Android + Include TURN sockets in the list from nice_agent_get_sockets() + Set consent refresh timeout in line with RFC 7675 + Fix ifr_ifindex build with cland and OpenBSD - Drop 4b63250c.patch: Fixed upstream. - Rebase patch with quilt. ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - switch to cmake based build as other packages now require the cmake finders ==== openSUSE-release ==== Version update (20241109 -> 20241111) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== rebootmgr ==== - Add compatibility symlink for rebootmgrctl to sbin