Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190527
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (66.0.5 -> 67.0)
kernel-firmware (20190502 -> 20190514)
opus (1.3 -> 1.3.1)
pipewire (0.2.5 -> 0.2.6)
polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
python-kiwi (9.17.37 -> 9.17.39)
python-pexpect (4.6.0 -> 4.7.0)
python-pyasn1-modules (0.2.4 -> 0.2.5)
python-requests (2.21.0 -> 2.22.0)
ruby2.6
spandsp
webkit2gtk3 (2.24.1 -> 2.24.2)
wireshark (3.0.1 -> 3.0.2)
yast2-add-on (4.1.11 -> 4.1.12)
=== Details ===
==== MozillaFirefox ====
Version update (66.0.5 -> 67.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-...
* Tabs can now be pinned from the Page Actions menu in the address bar
* Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We?ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices
and with Firefox. Personalize the appearance of the menu with your
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
MFSA 2019-13 (boo#1135824)
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821 (bmo#1539125)
Use-after-free in AssertWorkerThread
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11695 (bmo#1445844)
Custom cursor can render over user interface outside of web content
* CVE-2019-11696 (bmo#1392955)
Java web start .JNLP files are not recognized as executable files
for download prompts
* CVE-2019-11697 (bmo#1440079)
Pressing key combinations can bypass installation prompt delays and
install extensions
* CVE-2019-11698 (bmo#1543191)
Theft of user history data through drag and drop of hyperlinks
to and from bookmarks
* CVE-2019-11700 (bmo#1549833) (Windows only)
res: protocol can be used to open known local files
* CVE-2019-11699 (bmo#1528939)
Incorrect domain name highlighting during page navigation
* CVE-2019-11701 (bmo#1518627)
webcal: protocol default handler loads vulnerable web page
* CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
Memory safety bugs fixed in Firefox 67
* CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
bmo#1532465, bmo#1533554, bmo#1541580)
Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32
* mozilla-nspr >= 4.21
* mozilla-nss >= 3.43
* rust-cbindgen >= 0.8.2
- rebased patches
- KDE integration for default browser detection is broken in this revision
- Fix armv7 build with:
* mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
==== kernel-firmware ====
Version update (20190502 -> 20190514)
Subpackages: ucode-amd
- Update to version 20190514:
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 22161
* amlogic: add video decoder firmwares
* iwlwifi: update -46 firmwares for 22260 and 9000 series
* iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
* iwlwifi: add -46.ucode firmwares for 9000 series
==== opus ====
Version update (1.3 -> 1.3.1)
- Update to version 1.3.1
* This release fixes an issue with the analysis on files with
digital silence (all zeros), especially on x87 builds
(mostly affects 32-bit builds).
* Two new features:
+ A new OPUS_GET_IN_DTX query to know if the encoder is in
DTX mode (last frame was either a comfort noise frame or
not encoded at all)
+ A new (and still experimental) CMake-based build system
that is eventually meant to replace the VS2015 build
system (the autotools one will stay).
==== pipewire ====
Version update (0.2.5 -> 0.2.6)
Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools
- Update to version 0.2.6:
+ Improve error checking for threads.
+ Fix some memory and fd leaks.
+ Fix compilation with C++ compilers and clang.
+ DISABLE_RTKIT should now not try to use dbus at all.
+ Camera Portal fixes:
- add Camera media.role.
- Rename module-flatpak to module-portal.
- Use the portal permissions store for camera checks.
+ Actually use the passed fd in pipewiresrc.
+ Make properties with "pipewire." prefix read-only.
+ Add security label to client object.
+ Enforce link permissions.
+ Permissions of objects are now combined with parent
permissions.
+ Remove libv4l2 dependency, it is not used.
+ Improve format negotiation in autolink #146.
+ Try to avoid list corruption with event emmission #143.
+ Fix destroy of client-node memory corruption.
+ Various small improvements.
- Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup
of build dependencies.
- Drop avoid-invalid-conversion-error-with-C++.patch: fixed
upstream.
==== polkit-default-privs ====
Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
- Update to version 13.2+20190523.efe368f:
* polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)
==== python-kiwi ====
Version update (9.17.37 -> 9.17.39)
- Bump version: 9.17.38 ? 9.17.39
- Update obs docs per review by Tom
- Disable check-valid-until with repository_gpgcheck
This commit is two fold:
* From one side fixes a wrong use of the `trusted` option for
apt repositories. `trusted=no` does not force to run the gpg checks
it just forces the repository to be considered untrusted regardless
the result of the security checks.
* From the other side it disables the option `check-valid-until` in
case gpg checks are disabled using the `repository_gpgcheck`. It
works at repository level. This enables using unmaintained or
expired repositories for the build.
Fixes #1028
- Simplify shell pipe expression with shell builtin
Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE}
shell builtin as suggested by Codacy
- Make mediacheck runtime check arch independent
The check_mediacheck_only_for_x86_arch runtime check fails on
non x86 architectures but the tagmedia toolchain exists independent
of the platform architecture. This Fixes #1091
- Set home as protected path
Along with adding home to the protection list, cleanup
the prepare instance cleanup code in a way that it only
runs if a root_bind object exists which needs to call
its cleanup path
- Extend docs about building multiple profiles on OBS
- Remove FIXME from the runtime configuration file example
- Improve the documentation about building in the Build Service
Co-Authored-By: Thomas Schraitle