18241 important openSUSE Backports SLE-15-SP5 Update This update for deepin-reader fixes the following issues: - CVE-2023-50254: Fixed RCE via file overwrite via crafted docx document (boo#1218382). deepin-reader-5.10.23-bp155.2.3.1.src.rpm deepin-reader-5.10.23-bp155.2.3.1.x86_64.rpm deepin-reader-lang-5.10.23-bp155.2.3.1.noarch.rpm libdeepin-pdfium1-5.10.23-bp155.2.3.1.x86_64.rpm deepin-reader-5.10.23-bp155.2.3.1.aarch64.rpm libdeepin-pdfium1-5.10.23-bp155.2.3.1.aarch64.rpm 18371 important openSUSE Backports SLE-15-SP5 Update This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240) * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229) * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238) * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239) * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231) * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241) * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236) * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235) * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237) * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230) * Improve PHP 8.3 support * When importing packages via command line, data source profile could not be selected * When changing password, returning to previous page does not always work * When using LDAP authentication the first time, warnings may appear in logs * When editing/viewing devices, add IPv6 info to hostname tooltip * Improve speed of polling when Boost is enabled * Improve support for Half-Hour time zones * When user session not found, device lists can be incorrectly returned * On import, legacy templates may generate warnings * Improve support for alternate locations of Ping * Improve PHP 8.1 support for Installer * Fix issues with number formatting * Improve PHP 8.1 support when SpikeKill is run first time * Improve PHP 8.1 support for SpikeKill * When using Chinese to search for graphics, garbled characters appear. * When importing templates, preview mode will not always load * When remote poller is installed, MySQL TimeZone DB checks are not performed * When Remote Poller installation completes, no finish button is shown * Unauthorized agents should be recorded into logs * Poller cache may not always update if hostname changes * When using CMD poller, Failure and Recovery dates may have incorrect values * Saving a Tree can cause the tree to become unpublished * Web Basic Authentication does not record user logins * When using Accent-based languages, translations may not work properly * Fix automation expressions for device rules * Improve PHP 8.1 Support during fresh install with boost * Add a device "enabled/disabled" indicator next to the graphs * Notify the admin periodically when a remote data collector goes into heartbeat status * Add template for Aruba Clearpass * Add fliter/sort of Device Templates by Graph Templates - cacti-spine 1.2.27: * Restore AES Support cacti-spine-1.2.27-bp155.2.9.1.src.rpm cacti-spine-1.2.27-bp155.2.9.1.x86_64.rpm cacti-1.2.27-bp155.2.9.1.noarch.rpm cacti-1.2.27-bp155.2.9.1.src.rpm cacti-spine-1.2.27-bp155.2.9.1.i586.rpm cacti-spine-1.2.27-bp155.2.9.1.aarch64.rpm cacti-spine-1.2.27-bp155.2.9.1.ppc64le.rpm cacti-spine-1.2.27-bp155.2.9.1.s390x.rpm 18375 important openSUSE Backports SLE-15-SP5 Update This update for apptainer fixes the following issues: - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers ecosystem are always validated. This prevents attackers from triggering unexpected authenticated registry accesses. (CVE-2024-3727, boo#1224114). - Updated apptainer to version 1.3.0 * FUSE mounts are now supported in setuid mode, enabling full functionality even when kernel filesystem mounts are insecure due to unprivileged users having write access to raw filesystems in containers. When allow `setuid-mount extfs = no` (the default) in apptainer.conf, then the fuse2fs image driver will be used to mount ext3 images in setuid mode instead of the kernel driver (ext3 images are primarily used for the `--overlay` feature), restoring functionality that was removed by default in Apptainer 1.1.8 because of the security risk. The allow `setuid-mount squashfs` configuration option in `apptainer.conf` now has a new default called `iflimited` which allows kernel squashfs mounts only if there is at least one `limit container` option set or if Execution Control Lists are activated in ecl.toml. If kernel squashfs mounts are are not allowed, then the squashfuse image driver will be used instead. `iflimited` is the default because if one of those limits are used the system administrator ensures that unprivileged users do not have write access to the containers, but on the other hand using FUSE would enable a user to theoretically bypass the limits via `ptrace()` because the FUSE process runs as that user. The `fuse-overlayfs` image driver will also now be tried in setuid mode if the kernel overlayfs driver does not work (for example if one of the layers is a FUSE filesystem). In addition, if `allow setuid-mount encrypted = no` then the unprivileged gocryptfs format will be used for encrypting SIF files instead of the kernel device-mapper. If a SIF file was encrypted using the gocryptfs format, it can now be mounted in setuid mode in addition to non-setuid mode. * Change the default in user namespace mode to use either kernel overlayfs or fuse-overlayfs instead of the underlay feature for the purpose of adding bind mount points. That was already the default in setuid mode; this change makes it consistent. The underlay feature can still be used with the `--underlay` option, but it is deprecated because the implementation is complicated and measurements have shown that the performance of underlay is similar to overlayfs and fuse-overlayfs. For now the underlay feature can be made the default again with a new `preferred` value on the `enable underlay` configuration option. Also the `--underlay` option can be used in setuid mode or as the root user, although it was ignored previously. * Prefer again to use kernel overlayfs over fuse-overlayfs when a lower layer is FUSE and there's no writable upper layer, undoing the change from 1.2.0. Another workaround was found for the problem that change addressed. This applies in both setuid mode and in user namespace mode. * `--cwd` is now the preferred form of the flag for setting the container's working directory, though `--pwd` is still supported for compatibility. * The way `--home` is handled when running as root (e.g. sudo apptainer) or with `--fakeroot` has changed. Previously, we were only modifying the `HOME` environment variable in these cases, while leaving the container's `/etc/passwd` file unchanged (with its homedir field pointing to `/root`, regardless of the value passed to `--home`). With this change, both value of HOME and the contents of `/etc/passwd` in the container will reflect the value passed to `--home` if the container is readonly. If the container is writable, the `/etc/passwd` file is left alone because it can interfere with commands that want to modify it. * The `--vm` and related flags to start apptainer inside a VM have been removed. This functionality was related to the retired Singularity Desktop / SyOS projects. * The keyserver-related commands that were under `remote` have been moved to their own, dedicated `keyserver` command. Run `apptainer help keyserver` for more information. * The commands related to OCI/Docker registries that were under `remote` have been moved to their own, dedicated `registry` command. Run `apptainer help registry` for more information. * The the `remote list` subcommand now outputs only remote endpoints (with keyservers and OCI/Docker registries having been moved to separate commands), and the output has been streamlined. * Adding a new remote endpoint using the `apptainer remote add` command will now set the new endpoint as default. This behavior can be suppressed by supplying the `--no-default` (or `-n`) flag to `remote add`. * Skip parsing build definition file template variables after comments beginning with a hash symbol. * The global `/tmp` directory is no longer used for gocryptfs mountpoints. - New Features & Functionality * The `remote status` command will now print the username, realname, and email of the logged-in user, if available. * Add monitoring feature support, which requires the usage of an additional tool named `apptheus`, this tool will put apptainer starter into a newly created cgroup and collect system metrics. * A new `--no-pid` flag for `apptainer run/shell/exec` disables the PID namespace inferred by `--containall` and `--compat`. * Added `--config` option to `keyserver` commands. * Honor an optional remoteName argument to the `keyserver list` command. * Added the `APPTAINER_ENCRYPTION_PEM_DATA` env var to allow for encrypting and running encrypted containers without a PEM file. * Adding `--sharens` mode for `apptainer exec/run/shell`, which enables to run multiple apptainer instances created by the same parent using the same image in the same user namespace. - Make 'gocryptfs' an optional dependency. - Make apptainer definition templates version dependent. - Fix 'apptainer build' using signed packages from the SUSE Registry (boo#1221364). - Updated apptainer to version 1.2.5 * Added `libnvidia-nvvm` to `nvliblist.conf`. Newer NVIDIA Drivers (known with >= 525.85.05) require this lib to compile OpenCL programs against NVIDIA GPUs, i.e. `libnvidia-opencl` depends on `libnvidia-nvvm`. * Disable the usage of cgroup in instance creation when `--fakeroot` is passed. * Disable the usage of cgroup in instance creation when `hidepid` mount option on `/proc` is set. * Fixed a regression introduced in 1.2.0 where the user's password file information was not copied in to the container when there was a parent root-mapped user namespace (as is the case for example in `cvmfsexec`). * Added the upcoming NVIDIA driver library `libnvidia-gpucomp.so` to the list of libraries to add to NVIDIA GPU-enabled containers. Fixed missing error handling during the creation of an encrypted image that lead to the generation of corrupted images. * Use `APPTAINER_TMPDIR` for temporary files during privileged image encryption. * If rootless unified cgroups v2 is available when starting an image but `XDG_RUNTIME_DIR` or `DBUS_SESSION_BUS_ADDRESS` is not set, print an info message that stats will not be available instead of exiting with a fatal error. * Allow templated build arguments to definition files to have empty values. - Package .def templates separately for different SPs. - Do not build squashfuse, require it as a dependency. - Replace awkward 'Obsoletes: singularity-*' as well as the 'Provides: Singularity' by 'Conflicts:' and drop the provides - the versioning scheme does not match and we do not automatically migrate from one to the other. - Exclude platforms which do not provide all build dependencies. - updated to 1.2.3 with following changes: * The apptainer push/pull commands now show a progress bar for the oras protocol like there was for docker and library protocols. * The --nv and --rocm flags can now be used simultaneously. * Fix the use of APPTAINER_CONFIGDIR with apptainer instance start and action commands that refer to instance://. * Fix the issue that apptainer would not read credentials from the Docker fallback path ~/.docker/config.json if missing in the apptainer credentials. - updated to 1.2.2 with following changes: * Fix $APPTAINER_MESSAGELEVEL to correctly set the logging level. * Fix build failures when in setuid mode and unprivileged user namespaces are unavailable and the --fakeroot option is not selected. - updated to 1.2.1 to fix CVE-2023-38496 although not relevant as package is compiled with setuid - update to 1.2.0 with following changes: * binary is built reproducible which disables plugins * Create the current working directory in a container when it doesn't exist. This restores behavior as it was before singularity 3.6.0. As a result, using --no-mount home won't have any effect when running apptainer from a home directory and will require --no-mount home,cwd to avoid mounting that directory. * Handle current working directory paths containing symlinks both on the host and in a container but pointing to different destinations. If detected, the current working directory is not mounted when the destination directory in the container exists. * Destination mount points are now sorted by shortest path first to ensure that a user bind doesn't override a previous bind path when set in arbitrary order on the CLI. This is also applied to image binds. * When the kernel supports unprivileged overlay mounts in a user namespace, the container will be constructed by default using an overlay instead of an underlay layout for bind mounts. A new --underlay action option can be used to prefer underlay instead of overlay. * sessiondir maxsize in apptainer.conf now defaults to 64 MiB for new installations. This is an increase from 16 MiB in prior versions. * The apptainer cache is now architecture aware, so the same home directory cache can be shared by machines with different architectures. * Overlay is blocked on the panfs filesystem, allowing sandbox directories to be run from panfs without error. * Lookup and store user/group information in stage one prior to entering any namespaces, to fix an issue with winbind not correctly looking up user/group information when using user namespaces. - New features / functionalities * Support for unprivileged encryption of SIF files using gocryptfs. This is not compatible with privileged encryption, so containers encrypted by root need to be rebuilt by an unprivileged user. * Templating support for definition files. Users can now define variables in definition files via a matching pair of double curly brackets. Variables of the form {{ variable }} will be replaced by a value defined either by a variable=value entry in the %arguments section of the definition file or through new build options --build-arg or --build-arg-file. * Add a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript. * The sign and verify commands now support signing and verification with non-PGP key material by specifying the path to a private key via the --key flag. * The verify command now supports verification with X.509 certificates by specifying the path to a certificate via the --certificate flag. By default, the system root certificate pool is used as trust anchors unless overridden via the --certificate-roots flag. A pool of intermediate certificates that are not trust anchors, but can be used to form a certificate chain, can also be specified via the --certificate-intermediates flag. * Support for online verification checks of X.509 certificates using OCSP protocol via the new verify --ocsp-verify option. * The instance stats command displays the resource usage every second. The --no-stream option disables this interactive mode and shows the point-in-time usage. * Instances are now started in a cgroup by default, when run as root or when unified cgroups v2 with systemd as manager is configured. This allows apptainer instance stats to be supported by default when possible. * The instance start command now accepts an optional --app <name> argument which invokes a start script within the %appstart <name> section in the definition file. The instance stop command still only requires the instance name. * The instance name is now available inside an instance via the new APPTAINER_INSTANCE environment variable. * The --no-mount flag now accepts the value bind-paths to disable mounting of all bind path entries in apptainer.conf. Support for DOCKER_HOST parsing when using docker-daemon:// DOCKER_USERNAME and DOCKER_PASSWORD supported without APPTAINER_ prefix. Add new Linux capabilities CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE. * The remote get-login-password command allows users to retrieve a remote's token. This enables piping the secret directly into docker login while preventing it from showing up in a shell's history. * Define EUID in %environment alongside UID. * In --rocm mode, the whole of /dev/dri is now bound into the container when --contain is in use. This makes /dev/dri/render devices available, required for later ROCm versions. - update to 1.1.9 with following changes: * Remove warning about unknown xino=on option from fuse-overlayfs, introduced in 1.1.8. * Ignore extraneous warning from fuse-overlayfs about a readonly /proc. * Fix dropped "n" characters on some platforms in definition file stored as part of SIF metadata. * Remove duplicated group ids. * Fix not being able to handle multiple entries in LD_PRELOAD when binding fakeroot into container during apptainer startup for --fakeroot with fakeroot command. - Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root installations of Apptainer iwhich was not active in the recent openSUSE packages. Still this is included for completenss. The fix adds allow setuid-mount configuration options encrypted, squashfs, and extfs, and makes the default for extfs be "no". That disables the use of extfs mounts including for overlays or binds while in the setuid-root mode, while leaving it enabled for unprivileged user namespace mode. The default for encrypted and squashfs is "yes". - Other bug fixes: * Fix loop device 'no such device or address' spurious errors when using shared loop devices. * Add xino=on mount option for writable kernel overlay mount points to fix inode numbers consistency after kernel cache flush (not applicable to fuse-overlayfs). - updated to 1.1.7 with following changes: * Allow gpu options such as --nv to be nested by always inheriting all libraries bound in to a parent container's /.singularity.d/libs. * Map the user's home directory to the root home directory by default in the non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both action commands and building containers from definition files. * Make the error message more helpful in another place where a remote is found to have no library client. * Avoid incorrect error when requesting fakeroot network. * Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where unsquashfs on host uses libraries in non-default paths. apptainer-1.3.0-bp155.3.3.2.src.rpm apptainer-1.3.0-bp155.3.3.2.x86_64.rpm apptainer-leap-1.3.0-bp155.3.3.2.noarch.rpm apptainer-sle15_5-1.3.0-bp155.3.3.2.noarch.rpm apptainer-sle15_6-1.3.0-bp155.3.3.2.noarch.rpm libsquashfuse0-0.5.0-bp155.2.1.x86_64.rpm libsquashfuse0-debuginfo-0.5.0-bp155.2.1.x86_64.rpm squashfuse-0.5.0-bp155.2.1.src.rpm squashfuse-0.5.0-bp155.2.1.x86_64.rpm squashfuse-debuginfo-0.5.0-bp155.2.1.x86_64.rpm squashfuse-debugsource-0.5.0-bp155.2.1.x86_64.rpm squashfuse-devel-0.5.0-bp155.2.1.x86_64.rpm squashfuse-tools-0.5.0-bp155.2.1.x86_64.rpm squashfuse-tools-debuginfo-0.5.0-bp155.2.1.x86_64.rpm libsquashfuse0-0.5.0-bp155.2.1.i586.rpm libsquashfuse0-debuginfo-0.5.0-bp155.2.1.i586.rpm squashfuse-0.5.0-bp155.2.1.i586.rpm squashfuse-debuginfo-0.5.0-bp155.2.1.i586.rpm squashfuse-debugsource-0.5.0-bp155.2.1.i586.rpm squashfuse-devel-0.5.0-bp155.2.1.i586.rpm squashfuse-tools-0.5.0-bp155.2.1.i586.rpm squashfuse-tools-debuginfo-0.5.0-bp155.2.1.i586.rpm apptainer-1.3.0-bp155.3.3.2.aarch64.rpm libsquashfuse0-0.5.0-bp155.2.1.aarch64.rpm libsquashfuse0-debuginfo-0.5.0-bp155.2.1.aarch64.rpm squashfuse-0.5.0-bp155.2.1.aarch64.rpm squashfuse-debuginfo-0.5.0-bp155.2.1.aarch64.rpm squashfuse-debugsource-0.5.0-bp155.2.1.aarch64.rpm squashfuse-devel-0.5.0-bp155.2.1.aarch64.rpm squashfuse-tools-0.5.0-bp155.2.1.aarch64.rpm squashfuse-tools-debuginfo-0.5.0-bp155.2.1.aarch64.rpm libsquashfuse0-0.5.0-bp155.2.1.ppc64le.rpm libsquashfuse0-debuginfo-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-debuginfo-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-debugsource-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-devel-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-tools-0.5.0-bp155.2.1.ppc64le.rpm squashfuse-tools-debuginfo-0.5.0-bp155.2.1.ppc64le.rpm libsquashfuse0-0.5.0-bp155.2.1.s390x.rpm libsquashfuse0-debuginfo-0.5.0-bp155.2.1.s390x.rpm squashfuse-0.5.0-bp155.2.1.s390x.rpm squashfuse-debuginfo-0.5.0-bp155.2.1.s390x.rpm squashfuse-debugsource-0.5.0-bp155.2.1.s390x.rpm squashfuse-devel-0.5.0-bp155.2.1.s390x.rpm squashfuse-tools-0.5.0-bp155.2.1.s390x.rpm squashfuse-tools-debuginfo-0.5.0-bp155.2.1.s390x.rpm 18391 important openSUSE Backports SLE-15-SP5 Update This update for python-aiosmtpd fixes the following issues: - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS (boo#1224467) - CVE-2024-27305: Fixed SMTP smuggling (boo#1221328) python-aiosmtpd-1.2.1-bp155.3.3.1.src.rpm python3-aiosmtpd-1.2.1-bp155.3.3.1.noarch.rpm 18414 moderate openSUSE Backports SLE-15-SP5 Update This update for sngrep fixes the following issues: - CVE-2024-35434: Fixed heap buffer overflow in rtp_check_packet (boo#1225638) sngrep-1.8.1-bp155.2.6.1.src.rpm sngrep-1.8.1-bp155.2.6.1.x86_64.rpm sngrep-1.8.1-bp155.2.6.1.i586.rpm sngrep-1.8.1-bp155.2.6.1.aarch64.rpm sngrep-1.8.1-bp155.2.6.1.ppc64le.rpm sngrep-1.8.1-bp155.2.6.1.s390x.rpm 18426 moderate openSUSE Backports SLE-15-SP5 Update This update for gh fixes the following issues: Update to version 2.51.0: * Gracefully degrade when fetching annotations fails due to 403 (#9113) * replaced deprecated --json-result flag with --format=json in the gh at docstring. * Specify rpm repository to avoid conflicts with community repositories * Add `signer-repo` and `signer-workflow` flags to `gh attestation verify` (#9137) * Ensure signed RPMs have attestations Update to version 2.50.0: * Add build provenance for gh CLI releases (#9087) * Add integration tests for `gh attestation verify` shared workflow use case (#9107) * Update readme about MacOS pkg * Remove `v` prefix when `pkgmacos` is called * Integrate argument array to remove duplicate code * Added native min os version blocking * Fix distribution.xml + min macos version requirements * Fix directory already exists * Add a `gh variable get FOO` command (#9106) * Add comment to pr diff regex * Update regex in changedFilesNames to handle quoted paths * fix: rename the `Attempts` field to `Attempt`; expose in `gh run view` and `gh run ls` (#8905) * Change minimum build script macOS version * Cleanup pkgmacos build script * Removed redundant specifications * Undo goreleaser change * feat: add support for stateReason in `gh pr view` (#9080) * Update choice title * Update pkg title * remove no-op if clause that returns 'No Aliases' * Conditionalize references, remove redundant alias * list the various alias permutations for the command and subcommands * Remove TODO and add comment on LoginFlow tests * Comment the purpose of the helper config contract * Test git credentials are configured in LoginFlow * Add HelperConfig contract test and FakeHelperConfig * Inject GitCredentialFlow to LoginFlow as test seam * Removed unused param flagDryRun from upgradeFunc * Added summary TTY message to tests * Added TTY message to summarize checking extension upgrades * Add Helper test for Windows * Add tests for gitcredentials Updater * Fix mistaken git installation error check * Move gitcredentials HelperConfig and add tests * Comment the new gitcredentials package * Comment the git credential flow * Remove unnecessary credential setup private method * Use tighter interface in setup-git * Rename gitcredentials Configure to ConfigureOurs * Make gitcredential helper smarter * Move fetching configured helper into gitcredentials * Extract units for configuring and updating git credential helpers * Implement ExportData to filter json fields * fix: rename fields list * feat: add json output for PR checks * Fix doc bug for gh run watch gh-2.51.0-bp155.2.9.2.src.rpm gh-2.51.0-bp155.2.9.2.x86_64.rpm gh-bash-completion-2.51.0-bp155.2.9.2.noarch.rpm gh-fish-completion-2.51.0-bp155.2.9.2.noarch.rpm gh-zsh-completion-2.51.0-bp155.2.9.2.noarch.rpm gh-2.51.0-bp155.2.9.2.i586.rpm gh-2.51.0-bp155.2.9.2.aarch64.rpm gh-2.51.0-bp155.2.9.2.ppc64le.rpm gh-2.51.0-bp155.2.9.2.s390x.rpm 18430 moderate openSUSE Backports SLE-15-SP5 Update This update for roundcubemail fixes the following issues: Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. * Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. CHANGELOG * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) * Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) * Fix bug in collapsing/expanding folders with some special characters in names (#9324) * Fix PHP8 warnings (#9363, #9365, #9429) * Fix missing field labels in CSV import, for some locales (#9393) * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences * Fix command injection via crafted im_convert_path/im_identify_path on Windows Update to 1.6.6: * Fix regression in handling LDAP search_fields configuration parameter (#9210) * Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 * Fix page jump menu flickering on click (#9196) * Update to TinyMCE 5.10.9 security release (#9228) * Fix PHP8 warnings (#9235, #9238, #9242, #9306) * Fix saving other encryption settings besides enigma's (#9240) * Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) * Fix TinyMCE localization installation (#9266) * Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257) * Fix IMAP GETMETADATA command with options - RFC5464 Update to 1.6.5 (boo#1216895): * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download CVE-2023-47272 Other changes: * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) roundcubemail-1.6.7-bp155.2.9.1.noarch.rpm roundcubemail-1.6.7-bp155.2.9.1.src.rpm 18431 moderate openSUSE Backports SLE-15-SP5 Update This update for keepassxc fixes the following issues: Update to 2.7.9: - Changes: - Passkeys: Ability to easily remove a passkey from an entry [#10777] - Snap: Use new desktop portal for native messaging integration [#10906] - Fixes: - Improve entry placeholder/reference feature [#10846] - Improve CSV importing when title field isn't specified [#10843] - Improve encrypted Bitwarden importing [#10800] - Improve database settings UX [#10821] - Improve handling of clipboard actions from entry preview [#10810] - Improve group/entry view resize behavior and set sensible defaults [#10641] - Passkeys: Fix incorrect username fill [#10874] - Passkeys: Return additional data to the extension [#10857] - Fix password clear timer inconsistency on unlock view [#10708] - Fix portability check [#10760] - Fix page overflow on HTML exports [#10735] - Fix broken builds when using system provided zxcvbn [#10717] - Fix copy password button when text is selected [#10853] - Fix tab ordering on application settings pages [#10907] - SSH Agent: Fix broken decrypt button [#10638] - Flatpak: Fix configuration settings off-by-one error [#10688] keepassxc-2.7.9-bp155.2.12.1.src.rpm keepassxc-2.7.9-bp155.2.12.1.x86_64.rpm keepassxc-lang-2.7.9-bp155.2.12.1.noarch.rpm keepassxc-2.7.9-bp155.2.12.1.aarch64.rpm keepassxc-2.7.9-bp155.2.12.1.ppc64le.rpm keepassxc-2.7.9-bp155.2.12.1.s390x.rpm 18433 moderate openSUSE Backports SLE-15-SP5 Update This update for php81 fixes the following issue: - Version update to 8.1.29 [bsc#1226073] - Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) php81-8.1.29-bp155.11.1.src.rpm php81-8.1.29-bp155.11.1.x86_64.rpm php81-bcmath-8.1.29-bp155.11.1.x86_64.rpm php81-bz2-8.1.29-bp155.11.1.x86_64.rpm php81-calendar-8.1.29-bp155.11.1.x86_64.rpm php81-cli-8.1.29-bp155.11.1.x86_64.rpm php81-ctype-8.1.29-bp155.11.1.x86_64.rpm php81-curl-8.1.29-bp155.11.1.x86_64.rpm php81-dba-8.1.29-bp155.11.1.x86_64.rpm php81-devel-8.1.29-bp155.11.1.x86_64.rpm php81-dom-8.1.29-bp155.11.1.x86_64.rpm php81-enchant-8.1.29-bp155.11.1.x86_64.rpm php81-exif-8.1.29-bp155.11.1.x86_64.rpm php81-ffi-8.1.29-bp155.11.1.x86_64.rpm php81-fileinfo-8.1.29-bp155.11.1.x86_64.rpm php81-ftp-8.1.29-bp155.11.1.x86_64.rpm php81-gd-8.1.29-bp155.11.1.x86_64.rpm php81-gettext-8.1.29-bp155.11.1.x86_64.rpm php81-gmp-8.1.29-bp155.11.1.x86_64.rpm php81-iconv-8.1.29-bp155.11.1.x86_64.rpm php81-intl-8.1.29-bp155.11.1.x86_64.rpm php81-ldap-8.1.29-bp155.11.1.x86_64.rpm php81-mbstring-8.1.29-bp155.11.1.x86_64.rpm php81-mysql-8.1.29-bp155.11.1.x86_64.rpm php81-odbc-8.1.29-bp155.11.1.x86_64.rpm php81-opcache-8.1.29-bp155.11.1.x86_64.rpm php81-openssl-8.1.29-bp155.11.1.x86_64.rpm php81-pcntl-8.1.29-bp155.11.1.x86_64.rpm php81-pdo-8.1.29-bp155.11.1.x86_64.rpm php81-pgsql-8.1.29-bp155.11.1.x86_64.rpm php81-phar-8.1.29-bp155.11.1.x86_64.rpm php81-posix-8.1.29-bp155.11.1.x86_64.rpm php81-readline-8.1.29-bp155.11.1.x86_64.rpm php81-shmop-8.1.29-bp155.11.1.x86_64.rpm php81-snmp-8.1.29-bp155.11.1.x86_64.rpm php81-soap-8.1.29-bp155.11.1.x86_64.rpm php81-sockets-8.1.29-bp155.11.1.x86_64.rpm php81-sodium-8.1.29-bp155.11.1.x86_64.rpm php81-sqlite-8.1.29-bp155.11.1.x86_64.rpm php81-sysvmsg-8.1.29-bp155.11.1.x86_64.rpm php81-sysvsem-8.1.29-bp155.11.1.x86_64.rpm php81-sysvshm-8.1.29-bp155.11.1.x86_64.rpm php81-tidy-8.1.29-bp155.11.1.x86_64.rpm php81-tokenizer-8.1.29-bp155.11.1.x86_64.rpm php81-xmlreader-8.1.29-bp155.11.1.x86_64.rpm php81-xmlwriter-8.1.29-bp155.11.1.x86_64.rpm php81-xsl-8.1.29-bp155.11.1.x86_64.rpm php81-zip-8.1.29-bp155.11.1.x86_64.rpm php81-zlib-8.1.29-bp155.11.1.x86_64.rpm apache2-mod_php81-8.1.29-bp155.11.1.src.rpm apache2-mod_php81-8.1.29-bp155.11.1.x86_64.rpm php81-embed-8.1.29-bp155.11.1.src.rpm php81-embed-8.1.29-bp155.11.1.x86_64.rpm php81-fastcgi-8.1.29-bp155.11.1.src.rpm php81-fastcgi-8.1.29-bp155.11.1.x86_64.rpm php81-fpm-8.1.29-bp155.11.1.src.rpm php81-fpm-8.1.29-bp155.11.1.x86_64.rpm php81-fpm-apache-8.1.29-bp155.11.1.noarch.rpm php81-test-8.1.29-bp155.11.1.src.rpm php81-test-8.1.29-bp155.11.1.x86_64.rpm php81-8.1.29-bp155.11.1.i586.rpm php81-bcmath-8.1.29-bp155.11.1.i586.rpm php81-bz2-8.1.29-bp155.11.1.i586.rpm php81-calendar-8.1.29-bp155.11.1.i586.rpm php81-cli-8.1.29-bp155.11.1.i586.rpm php81-ctype-8.1.29-bp155.11.1.i586.rpm php81-curl-8.1.29-bp155.11.1.i586.rpm php81-dba-8.1.29-bp155.11.1.i586.rpm php81-devel-8.1.29-bp155.11.1.i586.rpm php81-dom-8.1.29-bp155.11.1.i586.rpm php81-enchant-8.1.29-bp155.11.1.i586.rpm php81-exif-8.1.29-bp155.11.1.i586.rpm php81-ffi-8.1.29-bp155.11.1.i586.rpm php81-fileinfo-8.1.29-bp155.11.1.i586.rpm php81-ftp-8.1.29-bp155.11.1.i586.rpm php81-gd-8.1.29-bp155.11.1.i586.rpm php81-gettext-8.1.29-bp155.11.1.i586.rpm php81-gmp-8.1.29-bp155.11.1.i586.rpm php81-iconv-8.1.29-bp155.11.1.i586.rpm php81-intl-8.1.29-bp155.11.1.i586.rpm php81-ldap-8.1.29-bp155.11.1.i586.rpm php81-mbstring-8.1.29-bp155.11.1.i586.rpm php81-mysql-8.1.29-bp155.11.1.i586.rpm php81-odbc-8.1.29-bp155.11.1.i586.rpm php81-opcache-8.1.29-bp155.11.1.i586.rpm php81-openssl-8.1.29-bp155.11.1.i586.rpm php81-pcntl-8.1.29-bp155.11.1.i586.rpm php81-pdo-8.1.29-bp155.11.1.i586.rpm php81-pgsql-8.1.29-bp155.11.1.i586.rpm php81-phar-8.1.29-bp155.11.1.i586.rpm php81-posix-8.1.29-bp155.11.1.i586.rpm php81-readline-8.1.29-bp155.11.1.i586.rpm php81-shmop-8.1.29-bp155.11.1.i586.rpm php81-snmp-8.1.29-bp155.11.1.i586.rpm php81-soap-8.1.29-bp155.11.1.i586.rpm php81-sockets-8.1.29-bp155.11.1.i586.rpm php81-sodium-8.1.29-bp155.11.1.i586.rpm php81-sqlite-8.1.29-bp155.11.1.i586.rpm php81-sysvmsg-8.1.29-bp155.11.1.i586.rpm php81-sysvsem-8.1.29-bp155.11.1.i586.rpm php81-sysvshm-8.1.29-bp155.11.1.i586.rpm php81-tidy-8.1.29-bp155.11.1.i586.rpm php81-tokenizer-8.1.29-bp155.11.1.i586.rpm php81-xmlreader-8.1.29-bp155.11.1.i586.rpm php81-xmlwriter-8.1.29-bp155.11.1.i586.rpm php81-xsl-8.1.29-bp155.11.1.i586.rpm php81-zip-8.1.29-bp155.11.1.i586.rpm php81-zlib-8.1.29-bp155.11.1.i586.rpm apache2-mod_php81-8.1.29-bp155.11.1.i586.rpm php81-embed-8.1.29-bp155.11.1.i586.rpm php81-fastcgi-8.1.29-bp155.11.1.i586.rpm php81-fpm-8.1.29-bp155.11.1.i586.rpm php81-test-8.1.29-bp155.11.1.i586.rpm php81-8.1.29-bp155.11.1.aarch64.rpm php81-bcmath-8.1.29-bp155.11.1.aarch64.rpm php81-bz2-8.1.29-bp155.11.1.aarch64.rpm php81-calendar-8.1.29-bp155.11.1.aarch64.rpm php81-cli-8.1.29-bp155.11.1.aarch64.rpm php81-ctype-8.1.29-bp155.11.1.aarch64.rpm php81-curl-8.1.29-bp155.11.1.aarch64.rpm php81-dba-8.1.29-bp155.11.1.aarch64.rpm php81-devel-8.1.29-bp155.11.1.aarch64.rpm php81-dom-8.1.29-bp155.11.1.aarch64.rpm php81-enchant-8.1.29-bp155.11.1.aarch64.rpm php81-exif-8.1.29-bp155.11.1.aarch64.rpm php81-ffi-8.1.29-bp155.11.1.aarch64.rpm php81-fileinfo-8.1.29-bp155.11.1.aarch64.rpm php81-ftp-8.1.29-bp155.11.1.aarch64.rpm php81-gd-8.1.29-bp155.11.1.aarch64.rpm php81-gettext-8.1.29-bp155.11.1.aarch64.rpm php81-gmp-8.1.29-bp155.11.1.aarch64.rpm php81-iconv-8.1.29-bp155.11.1.aarch64.rpm php81-intl-8.1.29-bp155.11.1.aarch64.rpm php81-ldap-8.1.29-bp155.11.1.aarch64.rpm php81-mbstring-8.1.29-bp155.11.1.aarch64.rpm php81-mysql-8.1.29-bp155.11.1.aarch64.rpm php81-odbc-8.1.29-bp155.11.1.aarch64.rpm php81-opcache-8.1.29-bp155.11.1.aarch64.rpm php81-openssl-8.1.29-bp155.11.1.aarch64.rpm php81-pcntl-8.1.29-bp155.11.1.aarch64.rpm php81-pdo-8.1.29-bp155.11.1.aarch64.rpm php81-pgsql-8.1.29-bp155.11.1.aarch64.rpm php81-phar-8.1.29-bp155.11.1.aarch64.rpm php81-posix-8.1.29-bp155.11.1.aarch64.rpm php81-readline-8.1.29-bp155.11.1.aarch64.rpm php81-shmop-8.1.29-bp155.11.1.aarch64.rpm php81-snmp-8.1.29-bp155.11.1.aarch64.rpm php81-soap-8.1.29-bp155.11.1.aarch64.rpm php81-sockets-8.1.29-bp155.11.1.aarch64.rpm php81-sodium-8.1.29-bp155.11.1.aarch64.rpm php81-sqlite-8.1.29-bp155.11.1.aarch64.rpm php81-sysvmsg-8.1.29-bp155.11.1.aarch64.rpm php81-sysvsem-8.1.29-bp155.11.1.aarch64.rpm php81-sysvshm-8.1.29-bp155.11.1.aarch64.rpm php81-tidy-8.1.29-bp155.11.1.aarch64.rpm php81-tokenizer-8.1.29-bp155.11.1.aarch64.rpm php81-xmlreader-8.1.29-bp155.11.1.aarch64.rpm php81-xmlwriter-8.1.29-bp155.11.1.aarch64.rpm php81-xsl-8.1.29-bp155.11.1.aarch64.rpm php81-zip-8.1.29-bp155.11.1.aarch64.rpm php81-zlib-8.1.29-bp155.11.1.aarch64.rpm apache2-mod_php81-8.1.29-bp155.11.1.aarch64.rpm php81-embed-8.1.29-bp155.11.1.aarch64.rpm php81-fastcgi-8.1.29-bp155.11.1.aarch64.rpm php81-fpm-8.1.29-bp155.11.1.aarch64.rpm php81-test-8.1.29-bp155.11.1.aarch64.rpm php81-8.1.29-bp155.11.1.ppc64le.rpm php81-bcmath-8.1.29-bp155.11.1.ppc64le.rpm php81-bz2-8.1.29-bp155.11.1.ppc64le.rpm php81-calendar-8.1.29-bp155.11.1.ppc64le.rpm php81-cli-8.1.29-bp155.11.1.ppc64le.rpm php81-ctype-8.1.29-bp155.11.1.ppc64le.rpm php81-curl-8.1.29-bp155.11.1.ppc64le.rpm php81-dba-8.1.29-bp155.11.1.ppc64le.rpm php81-devel-8.1.29-bp155.11.1.ppc64le.rpm php81-dom-8.1.29-bp155.11.1.ppc64le.rpm php81-enchant-8.1.29-bp155.11.1.ppc64le.rpm php81-exif-8.1.29-bp155.11.1.ppc64le.rpm php81-ffi-8.1.29-bp155.11.1.ppc64le.rpm php81-fileinfo-8.1.29-bp155.11.1.ppc64le.rpm php81-ftp-8.1.29-bp155.11.1.ppc64le.rpm php81-gd-8.1.29-bp155.11.1.ppc64le.rpm php81-gettext-8.1.29-bp155.11.1.ppc64le.rpm php81-gmp-8.1.29-bp155.11.1.ppc64le.rpm php81-iconv-8.1.29-bp155.11.1.ppc64le.rpm php81-intl-8.1.29-bp155.11.1.ppc64le.rpm php81-ldap-8.1.29-bp155.11.1.ppc64le.rpm php81-mbstring-8.1.29-bp155.11.1.ppc64le.rpm php81-mysql-8.1.29-bp155.11.1.ppc64le.rpm php81-odbc-8.1.29-bp155.11.1.ppc64le.rpm php81-opcache-8.1.29-bp155.11.1.ppc64le.rpm php81-openssl-8.1.29-bp155.11.1.ppc64le.rpm php81-pcntl-8.1.29-bp155.11.1.ppc64le.rpm php81-pdo-8.1.29-bp155.11.1.ppc64le.rpm php81-pgsql-8.1.29-bp155.11.1.ppc64le.rpm php81-phar-8.1.29-bp155.11.1.ppc64le.rpm php81-posix-8.1.29-bp155.11.1.ppc64le.rpm php81-readline-8.1.29-bp155.11.1.ppc64le.rpm php81-shmop-8.1.29-bp155.11.1.ppc64le.rpm php81-snmp-8.1.29-bp155.11.1.ppc64le.rpm php81-soap-8.1.29-bp155.11.1.ppc64le.rpm php81-sockets-8.1.29-bp155.11.1.ppc64le.rpm php81-sodium-8.1.29-bp155.11.1.ppc64le.rpm php81-sqlite-8.1.29-bp155.11.1.ppc64le.rpm php81-sysvmsg-8.1.29-bp155.11.1.ppc64le.rpm php81-sysvsem-8.1.29-bp155.11.1.ppc64le.rpm php81-sysvshm-8.1.29-bp155.11.1.ppc64le.rpm php81-tidy-8.1.29-bp155.11.1.ppc64le.rpm php81-tokenizer-8.1.29-bp155.11.1.ppc64le.rpm php81-xmlreader-8.1.29-bp155.11.1.ppc64le.rpm php81-xmlwriter-8.1.29-bp155.11.1.ppc64le.rpm php81-xsl-8.1.29-bp155.11.1.ppc64le.rpm php81-zip-8.1.29-bp155.11.1.ppc64le.rpm php81-zlib-8.1.29-bp155.11.1.ppc64le.rpm apache2-mod_php81-8.1.29-bp155.11.1.ppc64le.rpm php81-embed-8.1.29-bp155.11.1.ppc64le.rpm php81-fastcgi-8.1.29-bp155.11.1.ppc64le.rpm php81-fpm-8.1.29-bp155.11.1.ppc64le.rpm php81-test-8.1.29-bp155.11.1.ppc64le.rpm php81-8.1.29-bp155.11.1.s390x.rpm php81-bcmath-8.1.29-bp155.11.1.s390x.rpm php81-bz2-8.1.29-bp155.11.1.s390x.rpm php81-calendar-8.1.29-bp155.11.1.s390x.rpm php81-cli-8.1.29-bp155.11.1.s390x.rpm php81-ctype-8.1.29-bp155.11.1.s390x.rpm php81-curl-8.1.29-bp155.11.1.s390x.rpm php81-dba-8.1.29-bp155.11.1.s390x.rpm php81-devel-8.1.29-bp155.11.1.s390x.rpm php81-dom-8.1.29-bp155.11.1.s390x.rpm php81-enchant-8.1.29-bp155.11.1.s390x.rpm php81-exif-8.1.29-bp155.11.1.s390x.rpm php81-ffi-8.1.29-bp155.11.1.s390x.rpm php81-fileinfo-8.1.29-bp155.11.1.s390x.rpm php81-ftp-8.1.29-bp155.11.1.s390x.rpm php81-gd-8.1.29-bp155.11.1.s390x.rpm php81-gettext-8.1.29-bp155.11.1.s390x.rpm php81-gmp-8.1.29-bp155.11.1.s390x.rpm php81-iconv-8.1.29-bp155.11.1.s390x.rpm php81-intl-8.1.29-bp155.11.1.s390x.rpm php81-ldap-8.1.29-bp155.11.1.s390x.rpm php81-mbstring-8.1.29-bp155.11.1.s390x.rpm php81-mysql-8.1.29-bp155.11.1.s390x.rpm php81-odbc-8.1.29-bp155.11.1.s390x.rpm php81-opcache-8.1.29-bp155.11.1.s390x.rpm php81-openssl-8.1.29-bp155.11.1.s390x.rpm php81-pcntl-8.1.29-bp155.11.1.s390x.rpm php81-pdo-8.1.29-bp155.11.1.s390x.rpm php81-pgsql-8.1.29-bp155.11.1.s390x.rpm php81-phar-8.1.29-bp155.11.1.s390x.rpm php81-posix-8.1.29-bp155.11.1.s390x.rpm php81-readline-8.1.29-bp155.11.1.s390x.rpm php81-shmop-8.1.29-bp155.11.1.s390x.rpm php81-snmp-8.1.29-bp155.11.1.s390x.rpm php81-soap-8.1.29-bp155.11.1.s390x.rpm php81-sockets-8.1.29-bp155.11.1.s390x.rpm php81-sodium-8.1.29-bp155.11.1.s390x.rpm php81-sqlite-8.1.29-bp155.11.1.s390x.rpm php81-sysvmsg-8.1.29-bp155.11.1.s390x.rpm php81-sysvsem-8.1.29-bp155.11.1.s390x.rpm php81-sysvshm-8.1.29-bp155.11.1.s390x.rpm php81-tidy-8.1.29-bp155.11.1.s390x.rpm php81-tokenizer-8.1.29-bp155.11.1.s390x.rpm php81-xmlreader-8.1.29-bp155.11.1.s390x.rpm php81-xmlwriter-8.1.29-bp155.11.1.s390x.rpm php81-xsl-8.1.29-bp155.11.1.s390x.rpm php81-zip-8.1.29-bp155.11.1.s390x.rpm php81-zlib-8.1.29-bp155.11.1.s390x.rpm apache2-mod_php81-8.1.29-bp155.11.1.s390x.rpm php81-embed-8.1.29-bp155.11.1.s390x.rpm php81-fastcgi-8.1.29-bp155.11.1.s390x.rpm php81-fpm-8.1.29-bp155.11.1.s390x.rpm php81-test-8.1.29-bp155.11.1.s390x.rpm 18435 moderate openSUSE Backports SLE-15-SP5 Update This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. kbfs-6.2.8-bp155.2.3.1.x86_64.rpm kbfs-git-6.2.8-bp155.2.3.1.x86_64.rpm kbfs-tool-6.2.8-bp155.2.3.1.x86_64.rpm keybase-client-6.2.8-bp155.2.3.1.src.rpm keybase-client-6.2.8-bp155.2.3.1.x86_64.rpm kbfs-6.2.8-bp155.2.3.1.i586.rpm kbfs-git-6.2.8-bp155.2.3.1.i586.rpm kbfs-tool-6.2.8-bp155.2.3.1.i586.rpm keybase-client-6.2.8-bp155.2.3.1.i586.rpm kbfs-6.2.8-bp155.2.3.1.aarch64.rpm kbfs-git-6.2.8-bp155.2.3.1.aarch64.rpm kbfs-tool-6.2.8-bp155.2.3.1.aarch64.rpm keybase-client-6.2.8-bp155.2.3.1.aarch64.rpm kbfs-6.2.8-bp155.2.3.1.ppc64le.rpm kbfs-git-6.2.8-bp155.2.3.1.ppc64le.rpm kbfs-tool-6.2.8-bp155.2.3.1.ppc64le.rpm keybase-client-6.2.8-bp155.2.3.1.ppc64le.rpm kbfs-6.2.8-bp155.2.3.1.s390x.rpm kbfs-git-6.2.8-bp155.2.3.1.s390x.rpm kbfs-tool-6.2.8-bp155.2.3.1.s390x.rpm keybase-client-6.2.8-bp155.2.3.1.s390x.rpm