openSUSE Factory
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
November 2019
- 95 participants
- 89 discussions
[opensuse-factory] startx via xinit no longer works with the intel driver on a Dell Precision 5530
by Dan Cermak 12 Nov '19
by Dan Cermak 12 Nov '19
12 Nov '19
Hi list,
about a week ago I have rebooted into the (at that point) newest
snapshot and since then I can no longer use xinit to launch i3 on
Tumbleweed from a tty as an ordinary user. `startx` fails with the
following error message:
xf86OpenConsole: Cannot open virtual console 1 (Permission denied)
(this is also the only error in ~/.local/share/xorg/Xorg.0.log)
To make this even stranger: switching the graphics driver to Nvidia via
`prime-select nvidia` makes X start again (unfortunately with all the
Nvidia related downsides).
Switching back to the intel driver via `prime-select intel` breaks
`startx` again.
Does anyone have an idea what might be the cause of this?
Thanks in advance,
Dan
--
Dan Čermák <dcermak(a)suse.com>
Software Engineer Development tools
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg
Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer
12
42
# rpm -qa | grep LLVM
libLLVM8-8.0.1-5.1.x86_64
libLLVM9-9.0.0-3.1.x86_64
# inxi -S
System: Host: gb250 Kernel: 5.2.14-1-default x86_64 bits: 64 Console: tty 3 Distro: openSUSE Tumbleweed 20191109
This seems to be a regular happening whenever a major libLLVM version change
occurs, happened 5>6, 6>7, 7>8 IIRC. Shouldn't the old be removed by the zypper
dup that provides the new?
--
Evolution as taught in public schools is religion, not science.
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
6
5
[opensuse-factory] TW : DOSEMU will not start : LOWRAM mmap: Invalid argument
by ellanios82 11 Nov '19
by ellanios82 11 Nov '19
11 Nov '19
TW :
- after this morning's "zypper dup" , dosemu refuses to start , and
leaves error message:
/usr/bin/dosemu
LOWRAM mmap: Invalid argument
.....
- any ideas please how to fix
thanks
....
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
4
6
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&bui…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&q…
When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3…
to record your testing efforts and use bugzilla to report bugs.
Packages changed:
ImageMagick
MozillaFirefox (60.8.0 -> 68.2.0)
MozillaThunderbird (68.1.1 -> 68.2.1)
aaa_base
autoyast2 (4.2.12 -> 4.2.19)
bluedevil5 (5.17.1 -> 5.17.2)
breeze (5.17.1 -> 5.17.2)
breeze-gtk (5.17.1 -> 5.17.2)
breeze4-style (5.17.1 -> 5.17.2)
cpupower (4.19 -> 5.1)
digikam (6.0.0 -> 6.3.0)
discover (5.17.1 -> 5.17.2)
drkonqi5 (5.17.1 -> 5.17.2)
ethtool (4.13 -> 5.3)
inkscape
kactivitymanagerd (5.17.1 -> 5.17.2)
kbd
kde-cli-tools5 (5.17.1 -> 5.17.2)
kde-gtk-config5 (5.17.1 -> 5.17.2)
kde-user-manager (5.17.1 -> 5.17.2)
kdepim-runtime
kgamma5 (5.17.1 -> 5.17.2)
khotkeys5 (5.17.1 -> 5.17.2)
kinfocenter5 (5.17.1 -> 5.17.2)
kmenuedit5 (5.17.1 -> 5.17.2)
kscreen5 (5.17.1 -> 5.17.2)
kscreenlocker (5.17.1 -> 5.17.2)
ksshaskpass5 (5.17.1 -> 5.17.2)
ksysguard5 (5.17.1 -> 5.17.2)
ktexteditor
ktouch (19.08.1 -> 19.08.2)
kwayland-integration (5.17.1 -> 5.17.2)
kwin5 (5.17.1 -> 5.17.2)
kwrited5 (5.17.1 -> 5.17.2)
libgnomekbd (3.26.0 -> 3.26.1)
libkdecoration2 (5.17.1 -> 5.17.2)
libkscreen2 (5.17.1 -> 5.17.2)
libksysguard5 (5.17.1 -> 5.17.2)
libqt5-qtbase
libssh2_org
libstorage-ng (4.2.18 -> 4.2.23)
milou5 (5.17.1 -> 5.17.2)
ovmf (2017+git1510945757.b2662641d5 -> 201908)
oxygen5 (5.17.1 -> 5.17.2)
php7
plasma-nm5 (5.17.1 -> 5.17.2)
plasma5-addons (5.17.1 -> 5.17.2)
plasma5-desktop (5.17.1 -> 5.17.2)
plasma5-integration (5.17.1 -> 5.17.2)
plasma5-openSUSE
plasma5-pa (5.17.1 -> 5.17.2)
plasma5-workspace (5.17.1 -> 5.17.2)
pmdk (1.5 -> 1.7)
polkit-kde-agent-5 (5.17.1 -> 5.17.2)
poppler (0.62.0 -> 0.79.0)
poppler-qt5 (0.62.0 -> 0.79.0)
powerdevil5 (5.17.1 -> 5.17.2)
qqc2-desktop-style (5.55.0 -> 5.63.0)
re2 (20190301 -> 20190901)
samba (4.9.5+git.187.71edee57d5a -> 4.9.5+git.210.ab0549acb05)
scout (0.2.1+20181004.20a0aae -> 0.2.2+20190613.e6c2668)
snapper (0.8.5 -> 0.8.6)
systemsettings5 (5.17.1 -> 5.17.2)
texlive
xfce4-screenshooter (1.9.6 -> 1.9.7)
xfce4-whiskermenu-plugin (2.3.3 -> 2.3.4)
yast2-installation (4.2.19 -> 4.2.20)
yast2-packager (4.2.30 -> 4.2.31)
yast2-pkg-bindings (4.2.0 -> 4.2.1)
yast2-ruby-bindings (4.2.3 -> 4.2.4)
yast2-schema (4.2.5 -> 4.2.6)
yast2-storage-ng (4.2.50 -> 4.2.54)
yast2-update (4.2.7 -> 4.2.10)
=== Details ===
==== ImageMagick ====
Subpackages: ImageMagick-config-7-SUSE libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6
- security update
- added patches
CVE-2019-16713 [bsc#1151786]
+ ImageMagick-CVE-2019-16713.patch
CVE-2019-16711 [bsc#1151784]
+ ImageMagick-CVE-2019-16711.patch
CVE-2019-16712 [bsc#1151785]
+ ImageMagick-CVE-2019-16712.patch
CVE-2019-16710 [bsc#1151783]
+ ImageMagick-CVE-2019-16710.patch
CVE-2019-16708 [bsc#1151781], CVE-2019-16709 [bsc#1151782]
+ ImageMagick-CVE-2019-16708,16709.patch
- security update
- added patches
CVE-2019-15139 [bsc#1146213]
+ ImageMagick-CVE-2019-15139.patch
CVE-2019-15140 [bsc#1146212]
+ ImageMagick-CVE-2019-15140.patch
CVE-2019-15141 [bsc#1146211]
+ ImageMagick-CVE-2019-15141.patch
CVE-2019-14980 [bsc#1146068]
+ ImageMagick-CVE-2019-14980.patch
CVE-2019-14981 [bsc#1146065]
+ ImageMagick-CVE-2019-14981.patch
==== MozillaFirefox ====
Version update (60.8.0 -> 68.2.0)
Subpackages: MozillaFirefox-translations-common MozillaFirefox-translations-other
- Resolved issues fixed earlier:
* [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20
* [bsc#1129528] SLES15 - IBM s390-tools-2.1.0 Maintenance Patches (#6)
* [bsc#1137990] Firefox 60.7 ESR changed the user interface language
- Firefox Extended Support Release 68.2.0 ESR
* Enterprise: New administrative policies were added. More
information and templates are available at the Policy
Templates page.
* Fixed: Various security fixes
MFSA 2019-33 (bsc#1154738)
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11758 (bmo#1536227)
Potentially exploitable crash due to 360 Total Security
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-
property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
bmo#1586845)
Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed now upstream patches:
* mozilla-bmo1573381.patch
* mozilla-bmo1512162.patch
- Add patch to lower python requirement to 3.4 in order to
build on SLE-12:
* mozilla-sle12-lower-python-requirement.patch
- Add Provides-line for translations-common (bsc#1153423)
- Moved some settings from branding-package here (bsc#1153869)
- add patch to fix LTO build (w/o PGO):
* mozilla-fix-top-level-asm.patch
- remove obsolete kde.js setting (boo#1151186) and related patch:
* firefox-add-kde.js-in-order-to-survive-PGO-build.patch
* modified firefox-kde.patch for the removal of kde.js
- Update mozilla-bmo1512162.patch to the patch now commited upstream
* No more -O1 builds for ppc64le necessary
- Disable DoH by default
* Not yet officially active in ESR, but just to make sure
- Mozilla Firefox ESR 68.1
Resolves the following bigendian s390x issues:
* [bsc#1109465] Latest Firefox update not released for s390x
* [bsc#1117473] Firefox segmentation fault on s390vsl082
* [bsc#1123482] openQA test fails in firefox - firefox doesn't start
* [bsc#1124525] Firefox is core dumping on SLES15 s390x
* [bsc#1133810] Firefox: Segmentation fault (core dumped)
MFSA 2019-26 (bsc#1149323)
* CVE-2019-11751 (bmo#1572838)
Malicious code execution through command line parameters
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using
innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to
steal cross-origin images
* CVE-2019-11736 (bmo#1551913, bmo#1552206)
File manipulation and privilege escalation in Mozilla
Maintenance Service
* CVE-2019-11753 (bmo#1574980)
Privilege escalation with Mozilla Maintenance Service in
custom Firefox installation location
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-9812 (bmo#1538008, bmo#1538015)
Sandbox escape through Firefox Sync
* CVE-2019-11743 (bmo#1560495,
bmo#https://w3c.github.io/navigation-timing)
Cross-origin access to unload event attributes
* CVE-2019-11748 (bmo#1564588)
Persistence of WebRTC permissions in a third party context
* CVE-2019-11749 (bmo#1565374)
Camera information available without prompting using
getUserMedia
* CVE-2019-11750 (bmo#1568397)
Type confusion in Spidermonkey
* CVE-2019-11738 (bmo#1452037)
Content security policy bypass through hash-based sources in
directives
* CVE-2019-11747 (bmo#1564481)
'Forget about this site' removes sites from pre-loaded HSTS
list
* CVE-2019-11735 (bmo#1561404, bmo#1561484, bmo#1561912,
bmo#1565744, bmo#1568047, bmo#1568858, bmo#1570358)
Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
* CVE-2019-11740 (bmo#1563133, bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and
Firefox ESR 60.9
- Mozilla Firefox ESR 68.0.2
* Fixed: Fixed a bug causing some special characters to be cut
off from the end of the search terms when searching from the
URL bar (bmo#1560228)
* Fixed: Allow fonts to be loaded via file:// URLs when opening
a page locally (bmo#1565942)
* Fixed: Printing emails from the Outlook web app no longer
prints only the header and footer (bmo#1567105)
* Fixed: Fixed a bug causing some images not to be displayed on
reload, including on Google Maps (bmo#1565542)
* Fixed: Fixed an error when starting external applications
configured as URI handlers (bmo#1567614)
* Fixed: Security fixes
- MFSA 2019-24 (bsc#1145665)
* CVE-2019-11733 (bmo#1565780)
Stored passwords in 'Saved Logins' can be copied without
master password entry
- Mozilla Firefox ESR 68.0.1
* macOS releases are now signed by the Apple notary service,
allowing Firefox to properly run on macOS 10.15 Beta releases
* Fixed missing Full Screen button when watching videos in full
screen mode on HBO GO (bmo#1562837)
* Fixed a bug causing incorrect messages to appear for some
locales when sites try to request the use of the Storage
Access API (bmo#1558503)
* Users in Russian regions may have their default search engine
changed (bmo#1565315)
* Built-in search engines in some locales do not function
correctly (bmo#1565779)
* SupportMenu policy doesn't always work (bmo#1553290)
* Allow the new ExtensionSettings policy to work with GPO on
Windows (bmo#1553586)
* Allow the privacy.file_unique_origin pref to be controlled by
policy (bmo#1563759)
- Mozilla Firefox ESR 68.0
* Dark mode in reader view
* Improved extension security and discovery
* Cryptomining and fingerprinting protections are added to strict
content blocking settings in Privacy & Security preferences
* Camera and microphone access now require an HTTPS connection
MFSA 2019-21 (bsc#1140868)
* CVE-2019-9811 (bmo#1523741, bmo#1538007, bmo#1539598,
bmo#1539759, bmo#1563327)
Sandbox escape via installation of malicious language pack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11714 (bmo#1542593)
NeckoChild can trigger crash when accessed off of main thread
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a
segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11716 (bmo#1552632)
globalThis not enumerable until accessed
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11718 (bmo#1408349)
Activity Stream writes unsanitized content to innerHTML
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11720 (bmo#1556230)
Character encoding XSS vulnerability
* CVE-2019-11721 (bmo#1256009)
Domain spoofing through unicode latin 'kra' character
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having
the same-origin
* CVE-2019-11723 (bmo#1528335)
Cookie leakage during add-on fetching across private browsing
boundaries
* CVE-2019-11724 (bmo#1512511)
Retired site input.mozilla.org has remote troubleshooting
permissions
* CVE-2019-11725 (bmo#1483510)
Websocket resources bypass safebrowsing protections
* CVE-2019-11727 (bmo#1552208)
PKCS#1 v1.5 signatures can be used for TLS 1.3
* CVE-2019-11728 (bmo#1552993)
Port scanning through Alt-Svc header
* CVE-2019-11710 (bmo#1507696, bmo#1510345, bmo#1533842,
bmo#1535482, bmo#1535848, bmo#1537692, bmo#1540590,
bmo#1544180, bmo#1547472, bmo#1547760, bmo#1548611,
bmo#1549768, bmo#1551907)
Memory safety bugs fixed in Firefox 68
* CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
bmo#1550498, bmo#1550498)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
- removed patches that are now upstream
* mozilla-bmo1375074.patch
* mozilla-bmo1436242.patch
* mozilla-bmo256180.patch
* mozilla-i586-DecoderDoctorLogger.patch
* mozilla-i586-domPrefs.patch
* mozilla-bmo1464766.patch
* mozilla-bigendian_bit_flags_alias.patch
- removed workaround-patch for build memory consumption on i586;
other mitigations meanwhile introduced (mainly parallelity)
will be sufficient
* mozilla-reduce-files-per-UnifiedBindings.patch
- added patch to make builds reproducible
* mozilla-bmo1568145.patch
- added a bunch of patches mainly for big endian platforms
* mozilla-bmo1504834-part1.patch
* mozilla-bmo1504834-part2.patch
* mozilla-bmo1504834-part3.patch
* mozilla-bmo1511604.patch
* mozilla-bmo1512162.patch
* mozilla-bmo1554971.patch
* mozilla-bmo1573381.patch
* mozilla-nestegg-big-endian.patch
- added patches to fix build on armv7:
* mozilla-bmo1463035.patch
* mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
- added patch to fix non-return function
* mozilla-cubeb-noreturn.patch
- added patch to fix aarch64 build:
* mozilla-fix-aarch64-libopus.patch (bmo#1539737)
- added patch to enable PGO for x86_64.
* firefox-add-kde.js-in-order-to-survive-PGO-build.patch
- added patch to reduce build-load
* mozilla-reduce-rust-debuginfo.patch
- Mozilla Firefox Firefox 60.7.2
MFSA 2019-19 (bsc#1138872)
* CVE-2019-11708 (bmo#1559858)
sandbox escape using Prompt:Open
- Build Firefox with gcc instead of clang (bsc#1138688)
- Mozilla Firefox Firefox 60.7.1
MFSA 2019-18 (bsc#1138614)
* CVE-2019-11707 (bmo#1544386)
Type confusion in Array.pop
- Added the new Mozilla's GPG key with subkey fingerprint
097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, expiring on
2021-05-29 to the mozilla.keyring file
- Fix broken language plugins (bsc#1137792)
- update to Firefox ESR 60.7 (bsc#1135824)
* Font and date adjustments to accommodate the new Reiwa era
in Japan
* MFSA 2019-14/CVE-2019-9817
(bmo#1540221)
Stealing of cross-domain images using canvas
* MFSA 2019-14/CVE-2019-9800
(bmo#1499108, bmo#1499719, bmo#1516325, bmo#1532465,
bmo#1533554, bmo#1534593, bmo#1535194, bmo#1535612,
bmo#1538042, bmo#1538619, bmo#1538736, bmo#1540136,
bmo#1540166, bmo#1541580, bmo#1542097, bmo#1542324,
bmo#1546327)
Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* MFSA 2019-14/CVE-2019-9816
(bmo#1536768)
Type confusion with object groups and UnboxedObjects
* MFSA 2019-14/CVE-2019-9815
(bmo#1546544, bmo#https://mdsattacks.com/)
Disable hyperthreading on content JavaScript threads on macOS
* MFSA 2019-14/CVE-2019-11698
(bmo#1543191)
Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
* MFSA 2019-14/CVE-2019-11692
(bmo#1544670)
Use-after-free removing listeners in the event listener
manager
* MFSA 2019-14/CVE-2019-11693
(bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* MFSA 2019-14/CVE-2019-7317
(bmo#1542829)
Use-after-free in png_image_free of libpng library
* MFSA 2019-14/CVE-2019-9820
(bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* MFSA 2019-14/CVE-2019-9818
(bmo#1542581)
Use-after-free in crash generation server
* MFSA 2019-14/CVE-2019-11691
(bmo#1542465)
Use-after-free in XMLHttpRequest
* MFSA 2019-14/CVE-2019-9819
(bmo#1532553)
Compartment mismatch with fetch API
* MFSA 2019-14/CVE-2019-11694
(bmo#1534196)
Uninitialized memory memory leakage in Windows sandbox
- Sync with Devel:Desktop:Mozilla:*:next
- Enable Firefox to build with Rust >= 1.30 with fix. See below.
- update to 60.6.3 (bmo#1549249)
* Further improvements to re-enable web extensions which had been
disabled for users with a master password set.
- update to 60.6.2 (bsc#1134126)
* Repaired certificate chain to re-enable web extensions that
had been disabled.
- Update BuildRequires rust >= 1.30 from 1.24
* Upstream Firefox ESR presumes rust version stable at release (1.24).
SUSE currently uses improved packaging for rust >= 1.30.
* boo#1130694 rust 1.33.0 breaks Firefox and Thunderbird
due to missing macro comment docs in Firefox rust sources
bmo#1539901 ESR 60 build fails with Rust 1.33 due to missing documentation on macros in stylo
bmo#1519629 Stylo fails with --enable-warnings-as-errors using Rust 1.33
* Fix build using RUSTFLAGS="--cap-lints allow"
Preferred alternative to patching and revendoring stylo rust crates
Revisit with intent to remove in next Firefox ESR 68.0 2019-07-09
- Fixed translations provides
- update to Firefox ESR 60.6.1 (bsc#1130262)
* MFSA 2019-10/CVE-2019-9813
(bmo#1538006)
Ionmonkey type confusion with __proto__ mutations
* MFSA 2019-10/CVE-2019-9810
(bmo#1537924)
IonMonkey MArraySlice has incorrect alias information
- update to Firefox ESR 60.6 (bsc#1129821)
* MFSA 2019-08/CVE-2018-18506
(bmo#1503393)
Proxy Auto-Configuration file can define localhost access to
be proxied
* MFSA 2019-08/CVE-2019-9801
(bmo#1527717)
Windows programs that are not 'URL Handlers' are exposed to
web content
* MFSA 2019-08/CVE-2019-9788
(bmo#1506665, bmo#1516834, bmo#1518001, bmo#1518774,
bmo#1521214, bmo#1521304, bmo#1523362, bmo#1524214,
bmo#1524755, bmo#1529203)
Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
* MFSA 2019-08/CVE-2019-9790
(bmo#1525145)
Use-after-free when removing in-use DOM elements
* MFSA 2019-08/CVE-2019-9791
(bmo#1530958)
Type inference is incorrect for constructors entered through
on-stack replacement with IonMonkey
* MFSA 2019-08/CVE-2019-9792
(bmo#1532599)
IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
* MFSA 2019-08/CVE-2019-9793
(bmo#1528829)
Improper bounds checks when Spectre mitigations are disabled
* MFSA 2019-08/CVE-2019-9794
(bmo#1530103)
Command line arguments not discarded during execution
* MFSA 2019-08/CVE-2019-9795
(bmo#1514682)
Type-confusion in IonMonkey JIT compiler
* MFSA 2019-08/CVE-2019-9796
(bmo#1531277)
Use-after-free with SMIL animation controller
- Fix for [bsc#1127987] MozillaFirefox-translations-common causing
error on update
- Mozilla Firefox 60.5.2esr:
* Fix a frequent crash when reading various Reuters news articles
(bmo#1505844)
- Update to Firefox ESR 60.5.1
MFSA-2019-05 (bsc#1125330)
* CVE-2018-18356 (bmo#1525817)
A use-after-free vulnerability in the Skia library can occur when
creating a path, leading to a potentially exploitable crash.
* CVE-2019-5785 (bmo#1525433)
An integer overflow vulnerability in the Skia library can occur
after specific transform operations, leading to a potentially
exploitable crash.
* CVE-2018-18335 (bmo#1525815)
A buffer overflow vulnerability in the Skia library can occur with
Canvas 2D acceleration on macOS. This issue was addressed by
disabling Canvas 2D acceleration in Firefox ESR. Note: this does
not affect other versions and platforms where Canvas 2D
acceleration is already disabled by default.
- Update to Firefox ESR 60.5
MFSA 2019-02 (bsc#1122983)
* CVE-2018-18501 (bmo#1460619, bmo#1502871, bmo#1512450,
bmo#1513201, bmo#1516514, bmo#1516738, bmo#1517542)
Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
* CVE-2018-18500 (bmo#1510114)
Use-after-free parsing HTML5 stream
* CVE-2018-18505 (bmo#1087565, bmo#1497749)
Privilege escalation through IPC channel messages
- Removed obsolete patches:
[mozilla-no-stdcxx-check.patch] Applied upstream
[mozilla-s390-nojit.patch] Applied upstream
- Fix for language pack build error (bsc#1120374)
- Revert dependency for branding package back to >= 60 due to dependency
issues.
- Depend on branding package version >= 60.0
- Mozilla Firefox 60.4.0esr:
* Updated list of currency codes to include Unidad Previsional (UYW)
(bmo#1499028)
MFSA 2018-30 (bsc#1119105)
* CVE-2018-17466 bmo#1488295
Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
* CVE-2018-18492 bmo#1499861
Use-after-free with select element
* CVE-2018-18493 bmo#1504452
Buffer overflow in accelerated 2D canvas with Skia
* CVE-2018-18494 bmo#1487964
Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
* CVE-2018-18498 bmo#1500011
Integer overflow when calculating buffer sizes for images
* CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
- requires NSS >= 3.36.6
- Removed obsolete patch:
[mozilla-update-cc-crate.patch] Applied upstream
- Mozilla Firefox 60.3.0esr:
* Various stability and regression fixes
MFSA 2018-27 bsc#1112852
* CVE-2018-12392 bmo#1492823
Crash with nested event loops
* CVE-2018-12393 bmo#1495011
Integer overflow during Unicode conversion while loading
JavaScript
* CVE-2018-12395 bmo#1467523
WebExtension bypass of domain restrictions through header
rewriting
* CVE-2018-12396 bmo#1483602
WebExtension content scripts can execute in disallowed
contexts
* CVE-2018-12397 bmo#1487478
WebExtension local file access vulnerability
* CVE-2018-12389 bmo#1498460, bmo#1499198
Memory safety bugs fixed in Firefox ESR 60.3
* CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159
bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803
bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699
bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844
Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- Drop mozilla-bmo1472538-update-bindgen.patch which was already
merged upstream
- Update mozilla-update-cc-crate.patch, since cc was updated to 1.0.9
upstream, but this patch still updates it to a newer version
- Update create-tar.sh and source-stamp.txt as should be done
with every version update.
- Mozilla Firefox 60.2.2esr:
MFSA 2018-24
* CVE-2018-12386 (bsc#1110506, bmo#1493900)
Type confusion in JavaScript allowed remote code execution
* CVE-2018-12387 (bsc#1110507, bmo#1493903)
Array.prototype.push stack pointer vulnerability may enable
exploits in the sandboxed content process
- Avoid undefined behavior in IPC fd-passing code with
mozilla-bmo1436242.patch (boo#1094767, bmo#1436242)
- Mozilla Firefox 60.2.1esr:
MFSA 2018-23
* CVE-2018-12385 (boo#1109363, bmo#1490585)
Crash in TransportSecurityInfo due to cached data
* CVE-2018-12383 (boo#1107343, bmo#1475775)
Setting a master password did not delete unencrypted
previously stored passwords
* Fixed a startup crash affecting users migrating from older ESR
releases
* Clean up old NSS DB files after upgrading
- Fix typo in an old changelog entry which mentioned a wrong patch file
and really remove mozilla-glibc-getrandom.patch as should have
been done some weeks ago.
- bsc#1109465 - Add mozilla-bmo1472538-update-bindgen.patch and
mozilla-update-cc-crate.patch. This fixes an endianness problem in
bindgen's handling of bitfields, which was causing Firefox to crash
on startup on big-endian machines. Also, updates the cc crate,
which was buggy in the version that was originally vendored in.
- added patch
[mozilla-bigendian_bit_flags_alias.patch] (bmo#1488552)
- update to Firefox ESR 60.2 (bsc#1107343)
* MFSA 2018-20/CVE-2018-12381
(bmo#1435319)
Dragging and dropping Outlook email message results in page
navigation
* MFSA 2018-20/CVE-2017-16541
(bmo#1412081)
Proxy bypass using automount and autofs
* MFSA 2018-20/CVE-2018-12376
(bmo#1450989, bmo#1466577, bmo#1466991, bmo#1467363,
bmo#1467889, bmo#1468738, bmo#1469309, bmo#1469914,
bmo#1471953, bmo#1472925, bmo#1473161, bmo#1478575,
bmo#1478849, bmo#1480092, bmo#1480517, bmo#1480521,
bmo#1481093, bmo#1483120)
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
* MFSA 2018-20/CVE-2018-12377
(bmo#1470260)
Use-after-free in refresh driver timers
* MFSA 2018-20/CVE-2018-12378
(bmo#1459383)
Use-after-free in IndexedDB
* MFSA 2018-20/CVE-2018-12379
(bmo#1473113)
Out-of-bounds write with malicious MAR file
- removed obsolete patches:
[mozilla-glibc-getrandom.patch]
[firefox-no-default-ualocale.patch]
[mozilla-bmo1005640.patch]
[mozilla-language.patch]
[mozilla-shared-nss-db.patch]
- added patches
sync with openSUSE:
[mozilla-bmo1005535.patch]
[mozilla-bmo1375074.patch]
[mozilla-bmo1464766.patch]
[mozilla-bmo256180.patch]
[mozilla-i586-DecoderDoctorLogger.patch]
[mozilla-i586-domPrefs.patch]
additional architecture enablement:
[mozilla-ppc-altivec_static_inline.patch]
[mozilla-s390-context.patch]
- update to Firefox ESR 52.9 (bsc#1098998)
* MFSA 2018-17/CVE-2018-5188
(bmo#1392739, bmo#1437842, bmo#1442722, bmo#1450688,
bmo#1451297, bmo#1452576, bmo#1456189, bmo#1456975,
bmo#1458048, bmo#1458264, bmo#1458270, bmo#1463494,
bmo#1464063, bmo#1464079, bmo#1464829, bmo#1465108,
bmo#1465898)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and
Firefox ESR 52.9
* MFSA 2018-17/CVE-2018-12368
(bmo#1468217, bmo#https://posts.specterops.io/the-tale-of-
settingcontent-ms-files-f1ea253e4d39)
No warning when opening executable SettingContent-ms files
* MFSA 2018-17/CVE-2018-12366
(bmo#1464039)
Invalid data handling during QCMS transformations
* MFSA 2018-17/CVE-2018-12365
(bmo#1459206)
Compromised IPC child process can list local filenames
* MFSA 2018-17/CVE-2018-12364
(bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* MFSA 2018-17/CVE-2018-12363
(bmo#1464784)
Use-after-free when appending DOM nodes
* MFSA 2018-17/CVE-2018-12362
(bmo#1452375)
Integer overflow in SSSE3 scaler
* MFSA 2018-17/CVE-2018-12360
(bmo#1459693)
Use-after-free when using focus()
* MFSA 2018-17/CVE-2018-5156
(bmo#1453127)
Media recorder segmentation fault when track type is changed
during capture
* MFSA 2018-17/CVE-2018-12359
(bmo#1459162)
Buffer overflow using computed size of canvas element
- update to Firefox 52.8.1 (bsc#1096449)
* MFSA 2018-14/CVE-2018-6126
(bmo#1462682)
Heap buffer overflow rasterizing paths in SVG with Skia
- update to Firefox 52.8.0:
* Various stability and regression fixes
* Performance improvements to the Safe Browsing service to avoid
slowdowns while updating site classification data
- Security fixes (bsc#1092548, MFSA 2018-12):
* CVE-2018-5183 (bmo#1454692)
Backport critical security fixes in Skia
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898)
Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075)
Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5168 (bmo#1449548)
Lightweight themes can be installed without user interaction
* CVE-2018-5178 (bmo#1443891)
Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
* CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,
bmo#1426129)
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- fix release tag and tarball to correctly identify 52.7.3esr
- update to Firefox 52.7.3
MFSA 2018-10 (bsc#1087059)
* CVE-2018-5148 (bmo#1440717)
Use-after-free in compositor
- removed obsolete patch mozilla-bmo1446062.patch
- update to Firefox 52.7.2 (bsc#1085671)
MFSA 2018-08
* CVE-2018-5146 (bmo#1446062)
Out of bounds memory write in libvorbis
* CVE-2018-5147 (bmo#1446365)
Out of bounds memory write in libtremor
(in mozilla-bmo1446062.patch)
- Firefox 52.7.1 fixes
- issues with the IT locale (bmo#1445278)
- update to Firefox 52.7esr (bsc#1085130, MFSA 2018-07):
* CVE-2018-5127 (bmo#1430557)
Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5129 (bmo#1428947)
Out-of-bounds write with malformed IPC messages
* CVE-2018-5130 (bmo#1433005)
Mismatched RTP payload type can trigger memory corruption
* CVE-2018-5131 (bmo#1440775)
Fetch API improperly returns cached copies of no-store/no-cache
resources
* CVE-2018-5144 (bmo#1440926)
Integer overflow during Unicode conversion
* CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
bmo#1443865,bmo#1425520)
Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
* CVE-2018-5145 (bmo#1261175,bmo#1348955)
Memory safety bugs fixed in Firefox ESR 52.7
- correct requires and provides handling (boo#1076907)
- update to Firefox 52.6esr (bsc#1077291)
MFSA 2018-01
* Speculative execution side-channel attack ("Spectre")
MFSA 2018-03
* CVE-2018-5091 (bmo#1423086)
Use-after-free with DTMF timers
* CVE-2018-5095 (bmo#1418447)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-5096 (bmo#1418922)
Use-after-free while editing form elements
* CVE-2018-5097 (bmo#1387427)
Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400)
Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878)
Use-after-free with widget listener
* CVE-2018-5102 (bmo#1419363)
Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159)
Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000)
Use-after-free during font face manipulation
* CVE-2018-5117 (bmo#1395508)
URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5089
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- remove obsolete patch mozilla-ucontext.patch
- official NSS requirement is >= 3.28.6 therefore putting 3.29.5
into an ifarch
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main package's version'.
- Added additional patches and configurations to fix
builds on s390 and PowerPC.
* Added firefox-glibc-getrandom.patch effecting builds on
s390 and PowerPC
* Added mozilla-s390-bigendian.patch along with icudt58b.dat
bigendian ICU data file for running Firefox on bigendian
architectures (bmo#1322212 and bmo#1264836)
* Added mozilla-s390-nojit.patch to enable atomic operations
used by the JS engine when JIT is disabled on s390
* Build configuration options specific to s390
* Requires NSS >= 3.29.5
- Update to Firefox 52.5.3esr:
* Fix a crash reporting issue that inadvertently sends background
tab crash reports to Mozilla without user opt-in (bmo#1427111,
bsc#1074235)
- Add BuildRequires python-xml to fix build on TW/SLE15.
- update to Firefox 52.5.2esr (MFSA 2017-28):
* CVE-2017-7843 (bsc#1072034, bmo#1410106)
Web worker in Private Browsing mode can write IndexedDB data
- update to Firefox 52.5.0esr (boo#1068101)
MFSA 2017-25
* CVE-2017-7828 (bmo#1406750. bmo#1412252)
Use-after-free of PressShell while restyling layout
* CVE-2017-7830 (bmo#1408990)
Cross-origin URL information leak through Resource Timing API
* CVE-2017-7826
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
used /usr/lib/browser-plugins/.
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
looks for.
- update to Firefox 52.4esr (boo#1060445)
* requires NSS >= 3.28.6
MFSA 2017-22
* CVE-2017-7793 (bmo#1371889)
Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723)
Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292)
Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381)
Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036)
Blob and data URLs bypass phishing and malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
OS X fonts render some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320)
CSP sandbox directive did not create a unique origin
* CVE-2017-7810
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- fixed language accept header to use correct locale
(mozilla-bmo1005640.patch, boo#1029917)
- Add alsa-devel BuildRequires: we care for ALSA support to be
built and thus need to ensure we get the dependencies in place.
In the past, alsa-devel was pulled in by accident: we
buildrequire libgnome-devel. This required esound-devel and that
in turn pulled in alsa-devel for us. libgnome is being fixed to
no longer require esound-devel.
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
- update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
* CVE-2017-7798 (bmo#1371586, bmo#1372112)
XUL injection in the style editor in devtools
* CVE-2017-7800 (bmo#1374047)
Use-after-free in WebSockets during disconnection
* CVE-2017-7801 (bmo#1371259)
Use-after-free with marquee during window resizing
* CVE-2017-7784 (bmo#1376087)
Use-after-free with image observers
* CVE-2017-7802 (bmo#1378147)
Use-after-free resizing image elements
* CVE-2017-7785 (bmo#1356985)
Buffer overflow manipulating ARIA attributes in DOM
* CVE-2017-7786 (bmo#1365189)
Buffer overflow while painting non-displayable SVG
* CVE-2017-7753 (bmo#1353312)
Out-of-bounds read with cached style data and pseudo-elements#
* CVE-2017-7787 (bmo#1322896)
Same-origin policy bypass with iframes through page reloads
* CVE-2017-7807 (bmo#1376459)
Domain hijacking through AppCache fallback
* CVE-2017-7792 (bmo#1368652)
Buffer overflow viewing certificates with an extremely long OID
* CVE-2017-7804 (bmo#1372849)
Memory protection bypass through WindowsDllDetourPatcher
* CVE-2017-7791 (bmo#1365875)
Spoofing following page navigation with data: protocol and modal alerts
* CVE-2017-7782 (bmo#1344034)
WindowsDllDetourPatcher allocates memory without DEP protections
* CVE-2017-7803 (bmo#1377426)
CSP containing 'sandbox' improperly applied
* CVE-2017-7779
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
- Mozilla Firefox 52.2.1esr:
* Printing text does not work on Windows when Direct2D is
disabled (bmo#1318845)
- update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
* CVE-2017-5472 (bmo#1365602)
Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749 (bmo#1355039)
Use-after-free during docshell reloading
* CVE-2017-7750 (bmo#1356558)
Use-after-free with track elements
* CVE-2017-7751 (bmo#1363396)
Use-after-free with content viewer listeners
* CVE-2017-7752 (bmo#1359547)
Use-after-free with IME input
* CVE-2017-7754 (bmo#1357090)
Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7755 (bmo#1361326)
Privilege escalation through Firefox Installer with same
directory DLL files (Windows only)
* CVE-2017-7756 (bmo#1366595)
Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757 (bmo#1356824)
Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777
Vulnerabilities in the Graphite 2 library
* CVE-2017-7758 (bmo#1368490)
Out-of-bounds read in Opus encoder
* CVE-2017-7760 (bmo#1348645)
File manipulation and privilege escalation via callback parameter
in Mozilla Windows Updater and Maintenance Service (Windows only)
* CVE-2017-7761 (bmo#1215648)
File deletion and privilege escalation through Mozilla Maintenance
Service helper.exe application (Windows only)
* CVE-2017-7764 (bmo#1364283)
Domain spoofing with combination of Canadian Syllabics and other
unicode blocks
* CVE-2017-7765 (bmo#1273265)
Mark of the Web bypass when saving executable files (Windows only)
* CVE-2017-7766 (bmo#1342742)
File execution and privilege escalation through updater.ini,
Mozilla Windows Updater, and Mozilla Maintenance Service
(Windows only)
* CVE-2017-7767 (bmo#1336964)
Privilege escalation and arbitrary file overwrites through Mozilla
Windows Updater and Mozilla Maintenance Service (Windows only)
* CVE-2017-7768 (bmo#1336979)
32 byte arbitrary file read through Mozilla Maintenance Service
(Windows only)
* CVE-2017-5470
Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
- requires NSS 3.28.5
- remove -fno-inline-small-functions and explicitely optimize with
- O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
- update to Firefox 52.1.1
MFSA 2017-14
* CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
(Windows only, Linux not affected)
- switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
firefox.js
- fixed KDE integration to avoid crash caused by filepicker
(boo#1015998)
- update to Firefox 52.1.0esr (boo#1035082)
MFSA 2017-12
* CVE-2017-5443 (bmo#1342661)
Out-of-bounds write during BinHex decoding
* CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
Firefox ESR 52.1
* CVE-2017-5464 (bmo#1347075)
Memory corruption with accessibility and DOM manipulation
* CVE-2017-5465 (bmo#1347617)
Out-of-bounds read in ConvolvePixel
* CVE-2017-5466 (bmo#1353975)
Origin confusion when reloading isolated data:text/html URL
* CVE-2017-5467 (bmo#1347262)
Memory corruption when drawing Skia content
* CVE-2017-5460 (bmo#1343642)
Use-after-free in frame selection
* CVE-2017-5461 (bmo#1344380)
Out-of-bounds write in Base64 encoding in NSS
* CVE-2017-5448 (bmo#1346648)
Out-of-bounds write in ClearKeyDecryptor
* CVE-2017-5449 (bmo#1340127)
Crash during bidirectional unicode manipulation with animation
* CVE-2017-5446 (bmo#1343505)
Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
* CVE-2017-5447 (bmo#1343552)
Out-of-bounds read during glyph processing
* CVE-2017-5444 (bmo#1344461)
Buffer overflow while parsing application/http-index-format content
* CVE-2017-5445 (bmo#1344467)
Uninitialized values used while parsing application/http-index-format
content
* CVE-2017-5442 (bmo#1347979)
Use-after-free during style changes
* CVE-2017-5469 (bmo#1292534)
Potential Buffer overflow in flex-generated code
* CVE-2017-5440 (bmo#1336832)
Use-after-free in txExecutionState destructor during XSLT processing
* CVE-2017-5441 (bmo#1343795)
Use-after-free with selection during scroll events
* CVE-2017-5439 (bmo#1336830)
Use-after-free in nsTArray Length() during XSLT processing
* CVE-2017-5438 (bmo#1336828)
Use-after-free in nsAutoPtr during XSLT processing
* CVE-2017-5437 (bmo#1343453)
Vulnerabilities in Libevent library
* CVE-2017-5436 (bmo#1345461)
Out-of-bounds write with malicious font in Graphite 2
* CVE-2017-5435 (bmo#1350683)
Use-after-free during transaction processing in the editor
* CVE-2017-5434 (bmo#1349946)
Use-after-free during focus handling
* CVE-2017-5433 (bmo#1347168)
Use-after-free in SMIL animation functions
* CVE-2017-5432 (bmo#1346654)
Use-after-free in text input selection
* CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
* CVE-2017-5459 (bmo#1333858)
Buffer overflow in WebGL
* CVE-2017-5462 (bmo#1345089)
DRBG flaw in NSS
* CVE-2017-5455 (bmo#1341191)
Sandbox escape through internal feed reader APIs
* CVE-2017-5454 (bmo#1349276)
Sandbox escape allowing file system read access through file
picker
* CVE-2017-5456 (bmo#1344415)
Sandbox escape allowing local file system access
* CVE-2017-5451 (bmo#1273537)
Addressbar spoofing with onblur event
- requires NSS 3.28.4
- rebased patches
- switch package to use ESR52 branch
* enables plugin support by default
* service workers are disabled by default
* push notifications are disabled by default
* WebAssembly (wasm) is disabled
* Less use of multiprocess architecture Electrolysis (e10s)
- update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
* Fix loading tab icons on session restore (bmo#1338009)
* Fix a crash on startup on Linux (bmo#1345413)
* Fix new installs erroneously not prompting to change the default
browser setting (bmo#1343938)
- disable rust usage for everything but x86(-64)
- explicitely add libffi build requirement
- update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
- reenable ALSA support which was removed by default upstream
- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
* MFSA 2017-05
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5403: Use-after-free using addRange to add range to an
incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5406: Segmentation fault in Skia with canvas operations
(bmo#1306890)
CVE-2017-5407: Pixel and history stealing via floating-point
timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage
collection incremental sweeping (bmo#1330687)
CVE-2017-5408: Cross-origin reading of video captions in violation
of CORS (bmo#1313711)
CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
CVE-2017-5413: Segmentation fault during bidirectional operations
(bmo#1337504)
CVE-2017-5414: File picker can choose incorrect default directory
(bmo#1319370)
CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
(bmo#791597)
CVE-2017-5426: Gecko Media Plugin sandbox is not started if
seccomp-bpf filter is running (bmo#1257361)
CVE-2017-5427: Non-existent chrome.manifest file loaded during
startup (bmo#1295542)
CVE-2017-5418: Out of bounds read when parsing HTTP digest
authorization responses (bmo#1338876)
CVE-2017-5419: Repeated authentication prompts lead to DOS
attack (bmo#1312243)
CVE-2017-5420: Javascript: URLs can obfuscate addressbar
location (bmo#1284395)
CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports (bmo#1336699)
CVE-2017-5421: Print preview spoofing (bmo#1301876)
CVE-2017-5422: DOS attack by using view-source: protocol
repeatedly in one hyperlink (bmo#1295002)
CVE-2017-5399: Memory safety bugs fixed in Firefox 52
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
Firefox ESR 45.8
- removed obsolete patches
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-disable-skia-be.patch
* mozilla-skia-overflow.patch
* mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed
- Mozilla Firefox 51.0.1:
- Multiprocess incompatibility did not correctly register with
some add-ons (bmo#1333423)
- update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
* Added support for FLAC (Free Lossless Audio Codec) playback
* Added support for WebGL 2
* Added Georgian (ka) and Kabyle (kab) locales
* Support saving passwords for forms without 'submit' events
* Improved video performance for users without GPU acceleration
* Zoom indicator is shown in the URL bar if the zoom level is not
at default level
* View passwords from the prompt before saving them
* Remove Belarusian (be) locale
* Use Skia for content rendering (Linux)
* MFSA 2017-01
CVE-2017-5375: Excessive JIT code allocation allows bypass of
ASLR and DEP (bmo#1325200, boo#1021814)
CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
CVE-2017-5377: Memory corruption with transforms to create
gradients in Skia (bmo#1306883, boo#1021826)
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
(bmo#1312001, bmo#1330769, boo#1021818)
CVE-2017-5379: Use-after-free in Web Animations
(bmo#1309198,boo#1021827)
CVE-2017-5380: Potential use-after-free during DOM manipulations
(bmo#1322107, boo#1021819)
CVE-2017-5390: Insecure communication methods in Developer Tools
JSON viewer (bmo#1297361, boo#1021820)
CVE-2017-5389: WebExtensions can install additional add-ons via
modified host requests (bmo#1308688, boo#1021828)
CVE-2017-5396: Use-after-free with Media Decoder
(bmo#1329403, boo#1021821)
CVE-2017-5381: Certificate Viewer exporting can be used to navigate
and save to arbitrary filesystem locations
(bmo#1017616, boo#1021830)
CVE-2017-5382: Feed preview can expose privileged content errors
and exceptions (bmo#1295322, boo#1021831)
CVE-2017-5383: Location bar spoofing with unicode characters
(bmo#1323338, bmo#1324716, boo#1021822)
CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
(bmo#1255474, boo#1021832)
CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
response headers (bmo#1295945, boo#1021833)
CVE-2017-5386: WebExtensions can use data: protocol to affect other
extensions (bmo#1319070, boo#1021823)
CVE-2017-5394: Android location bar spoofing using fullscreen and
JavaScript events (bmo#1222798)
CVE-2017-5391: Content about: pages can load privileged about: pages
(bmo#1309310, boo#1021835)
CVE-2017-5392: Weak references using multiple threads on weak proxy
objects lead to unsafe memory usage (bmo#1293709)
(Android only)
CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
mozAddonManager (bmo#1309282, boo#1021837)
CVE-2017-5395: Android location bar spoofing during scrolling
(bmo#1293463) (Android only)
CVE-2017-5387: Disclosure of local file existence through TRACK
tag error messages (bmo#1295023, boo#1021839)
CVE-2017-5388: WebRTC can be used to generate a large amount of
UDP traffic for DDOS attacks
(bmo#1281482, boo#1021840)
CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
Firefox ESR 45.7 (boo#1021824)
- switch Firefox to Gtk3 for Tumbleweed
- removed obsolete patches
* mozilla-flex_buffer_overrun.patch
- updated RPM locale support tag
- improve recognition of LANGUAGE env variable (boo#1017174)
- add upstream patch to fix PPC64LE (bmo#1319389)
(mozilla-skia-ppc-endianess.patch)
- fix build without skia (big endian archs) (bmo#1319374)
(mozilla-disable-skia-be.patch)
- update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94
CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
CVE-2016-9899: Use-after-free while manipulating DOM events and
audio elements (bmo#1317409)
CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
CVE-2016-9898: Use-after-free in Editor while manipulating
DOM subtrees (bmo#1314442)
CVE-2016-9900: Restricted external resources can be loaded by
SVG images through data URLs (bmo#1319122)
CVE-2016-9904: Cross-origin information leak in shared atoms
(bmo#1317936)
CVE-2016-9901: Data from Pocket server improperly sanitized
before execution (bmo#1320057)
CVE-2016-9902: Pocket extension does not validate the origin
of events (bmo#1320039)
CVE-2016-9903: XSS injection vulnerability in add-ons SDK
(bmo#1315435)
CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
Firefox ESR 45.6
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
- update to Firefox 50.0.2
* Firefox crashes with 3rd party Chinese IME when using IME text
(50.0.1)
security fixes (in 50.0.1): (boo#1012807)
* MFSA 2016-91
CVE-2016-9078: data: URL can inherit wrong origin after an
HTTP redirect (bmo#1317641)
security fixes (in 50.0.2) (boo#1012964)
* MFSA 2016-92
CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
- update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
new features
* Updates to keyboard shortcuts
Set a preference to have Ctrl+Tab cycle through tabs in recently
used order
View a page in Reader Mode by using Ctrl+Alt+R
* Added option to Find in page that allows users to limit search to
whole words only
* Added download protection for a large number of executable file
types on Windows, Mac and Linux
* Fixed rendering of dashed and dotted borders with rounded corners
(border-radius)
* Added a built-in Emoji set for operating systems without native
Emoji fonts (Windows 8.0 and lower and Linux)
* Blocked versions of libavcodec older than 54.35.1
* additional locale
security fixes:
* MFSA 2016-89
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bmo#1292443)
CVE-2016-5292: URL parsing causes crash (bmo#1288482)
CVE-2016-5293: Write to arbitrary file with updater and moz
maintenance service using updater.log hardlink
(Windows only) (bmo#1246945)
CVE-2016-5294: Arbitrary target directory for result files of
update process (Windows only) (bmo#1246972)
CVE-2016-5297: Incorrect argument length checking in Javascript
(bmo#1303678)
CVE-2016-9064: Addons update must verify IDs match between
current and new versions (bmo#1303418)
CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
(Android only) (bmo#1306696)
CVE-2016-9066: Integer overflow leading to a buffer overflow in
nsScriptLoadHandler (bmo#1299686)
CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
(bmo#1301777, bmo#1308922 (CVE-2016-9069))
CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
(bmo#1300083) (Windows only)
CVE-2016-9075: WebExtensions can access the mozAddonManager API
and use it to gain elevated privileges (bmo#1295324)
CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
to cross-origin images, allowing timing attacks on them
(bmo#1298552)
CVE-2016-5291: Same-origin policy violation using local HTML file
and saved shortcut file (bmo#1292159)
CVE-2016-5295: Mozilla Maintenance Service: Ability to read
arbitrary files as SYSTEM (Windows only) (bmo#1247239)
CVE-2016-5298: SSL indicator can mislead the user about the real
URL visited (bmo#1227538) (Android only)
CVE-2016-5299: Firefox AuthToken in broadcast protected with
signature-level permission can be accessed by an
application installed beforehand that defines the
same permissions (bmo#1245791) (Android only)
CVE-2016-9061: API Key (glocation) in broadcast protected with
signature-level permission can be accessed by an
application installed beforehand that defines the
same permissions (Android only) (bmo#1245795)
CVE-2016-9062: Private browsing browser traces (android) in
browser.db and wal file (Android only) (bmo#1294438)
CVE-2016-9070: Sidebar bookmark can have reference to chrome window
(bmo#1281071)
CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
(bmo#1289273)
CVE-2016-9074: Insufficient timing side-channel resistance in
divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
CVE-2016-9076: select dropdown menu can be used for URL bar
spoofing on e10s (bmo#1276976)
CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
in expat (bmo#1274777)
CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
(bmo#1285003)
CVE-2016-5289: Memory safety bugs fixed in Firefox 50
CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
- make aarch64 build more similar to x86_64 build (remove conditionals
that don't seem to be necessary anymore)
- Mozilla Firefox 49.0.2:
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
* CVE-2016-5288: Web content can read cache entries (bsc#1006476)
* Asynchronous rendering of the Flash plugins is now enabled by
default
* Change D3D9 default fallback preference to prevent graphical
artifacts
* Network issue prevents some users from seeing the Firefox UI on
startup
* Web compatibility issue with file uploads
* Web compatibility issue with Array.prototype.values
* Diagnostic information on timing for tab switching
* Fix a Canvas filters graphics issue affecting HTML5 apps
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
and fixes have been incorporated by upstream.
- Mozilla Firefox 49.0.1:
* Mitigate a startup crash issue caused by Websense - bmo#1304783
- update to Firefox 49.0 (boo#999701)
new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
HTTP logins.
* Added features to Reader Mode that make it easier on the eyes and
the ears
* Improved video performance for users on systems that support
SSE3 without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users
loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage
security related
* MFSA 2016-85
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
nsCaseTransformTextRunFactory::TransformString
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
PropertyProvider::GetSpacingInternal
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
CVE-2016-5273 (bmo#1280387) - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList
CVE-2016-5274 (bmo#1282076) - use-after-free in
nsFrameManager::CaptureFrameState
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
nsBMPEncoder::AddImageFrame
CVE-2016-5279 (bmo#1249522) - Full local path of files is available
to web pages after drag and drop
CVE-2016-5280 (bmo#1289970) - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
from non-whitelisted schemes
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
reveal cross-origin data
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- removed obsolete patches:
* mozilla-aarch64-48bit-va.patch
* mozilla-exclude-nametablecpp.patch
* mozilla-old_configure-bmo1282843.patch
- added patch mozilla-skia-overflow.patch (bmo#1304114)
- requires NSS 3.25
- Mozilla Firefox 48.0.2:
* Mitigate a startup crash issue caused on Windows (bmo#1291738)
- Mozilla Firefox 48.0.1:
* Fix an audio regression impacting some major websites
(bmo#1295296)
* Fix a top crash in the JavaScript engine (bmo#1290469)
* Fix a startup crash issue caused by Websense (bmo#1291738)
* Fix a different behavior with e10s / non-e10s on <select> and
mouse events (bmo#1291078)
* Fix a top crash caused by plugin issues (bmo#1264530)
* Fix a shutdown issue (bmo#1276920)
* Fix a crash in WebRTC
- added upstream patch so system plugins/extensions are correctly
loaded again on x86-64 (bmo#1282843)
(mozilla-old_configure-bmo1282843.patch)
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
[mozilla-flex_buffer_overrun.patch]
- Update mozilla-gtk3_20.patch to latest version from Fedora.
- update to Firefox 48.0 (boo#991809)
* requires NSS 3.24
* Process separation (e10s) is enabled for some of you
* Add-ons that have not been verified and signed by Mozilla will not load
* WebRTC embetterments
* The media parser has been redeveloped using the Rust programming
language
* better Canvas performance with speedy Skia support
security fixes:
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
Miscellaneous memory safety hazards
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
Favicon network connection can persist when page is closed
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
Buffer overflow rendering SVG with bidirectional content
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
* MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
Location bar spoofing via data URLs with malformed/invalid mediatypes
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
Stack underflow during 2D graphics rendering
* MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
Out-of-bounds read during XML parsing in Expat library
* MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
Arbitrary file manipulation by local user through Mozilla updater
and callback application path parameter (Windows-only)
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
Use-after-free when using alt key and toplevel menus
* MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
Crash in incremental garbage collection in JavaScript
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
Use-after-free in DTLS during WebRTC session shutdown
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
Use-after-free in service workers with nested sync events
* MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
Form input type change from password to text can store plain
text password in session restore file
* MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
Integer overflow in WebSockets during data buffering
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
Scripts on marquee tag can execute in sandboxed iframes
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
Buffer overflow in ClearKey Content Decryption Module (CDM)
during video playback
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
Type confusion in display transformation
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
Use-after-free when applying SVG effects
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
Same-origin policy violation using local HTML file and saved shortcut file
* MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
Information disclosure and local file manipulation through drag and drop
* MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
Addressbar spoofing with right-to-left characters on Firefox for Android
(Android only)
* MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
Spoofing attack through text injection into internal error pages
* MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
Information disclosure through Resource Timing API during page navigation
- removed obsolete mozilla-gcc6.patch
- Update description and screenshots in appdata.xml file.
- Fix Firefox crash on startup on i586 (boo#986541):
* Add -fno-delete-null-pointer-checks and
- fno-inline-small-functions to CFLAGS
- Update the appdata.xml file (replace Windows XP screenshot)
- Mozilla Firefox 47.0.1:
* Selenium WebDriver may cause Firefox to crash at startup
(bmo#1280854)
- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)
- Update mozilla-gtk3_20.patch to latest version from Fedora.
- Fix running on 48bit va aarch64 (bsc#984126)
* add patch mozilla-aarch64-48bit-va.patch
- fix XUL dialog button order under KDE session (boo#984403)
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
* MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
Incorrect icon displayed on permissions notifications
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
Entering fullscreen and persistent pointerlock without user
permission
* MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
Information disclosure of disabled plugins through CSS
pseudo-classes
* MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
Java applets bypass CSP protections
* MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
bmo#1221620, bmo#1241034, bmo#1241037)
Network Security Services (NSS) vulnerabilities
fixed by requiring NSS 3.23
packaging changes:
* cleanup configure options (boo#981695):
- notably remove GStreamer support which is gone from FF
* remove obsolete patches
- mozilla-libproxy.patch
- mozilla-repo.patch
- The conditional testing for gcc was failing for different
openSUSE versions, drop it and apply patches unconditionally.
- Add patches to fix building with gcc6:
+ mozilla-gcc6.patch: fix building with gcc >= 6.1; patch
taken from upstream:
https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
+ mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp
from unified compilation because #include <cmath> in other
source files causes gcc6 compilation failure; patch taken from
upstream:
https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
- enable build with PIE and full relro on x86_64 (boo#980384)
- update to Firefox 46.0.1
Fixed:
* Search plugin issue for various locales
* Add-on signing certificate expiration
* Service worker update issue
* Build issue when jit is disabled
* Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch
- add mozilla-jit_branch64.patch to avoid PowerPC build failure
(from bmo#1266366)
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
version from Fedora).
- update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
* WebRTC fixes to improve performance and stability
* Added support for document.elementsFromPoint
* Added HKDF support for Web Crypto API
* requires NSPR 4.12 and NSS 3.22.3
* added patch to fix unchecked return value
mozilla-check_return.patch
* Gtk3 builds not supported at the moment
security fixes:
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
(boo#977373, boo#977375, boo#977376)
Miscellaneous memory safety hazards
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
Privilege escalation through file deletion by Maintenance Service updater
(Windows only)
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
Content provider permission bypass allows malicious application
to access data (Android only)
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
(bmo#1252330, bmo#1261776, boo#977379)
Use-after-free and buffer overflow in Service Workers
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
Disclosure of user actions through JavaScript with motion and
orientation sensors (only affects mobile variants)
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
Buffer overflow in libstagefright with CENC offsets
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
CSP not applied to pages sent with multipart/x-mixed-replace
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
Elevation of privilege with chrome.tabs.update API in web extensions
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
Write to invalid HashMap entry through JavaScript.watch()
* MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)
Firefox Health Reports could accept events from untrusted domains
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under
gtk >= 3.20 (patch synced to Fedora's version).
- Compile against gtk3 depending on whether the macro
%firefox_use_gtk3 is defined or not (e.g., at the prjconf
level); macro is undefined by default and so gtk2 is used as the
default toolkit.
- Add BuildRequires for additional packages needed when building
against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
patch taken from Fedora (bmo#1230955).
- Mozilla Firefox 45.0.2:
* Fix an issue impacting the cookie header when third-party
cookies are blocked (bmo#1257861)
* Fix a web compatibility regression impacting the srcset
attribute of the image tag (bmo#1259482)
* Fix a crash impacting the video playback with Media Source
Extension (bmo#1258562)
* Fix a regression impacting some specific uploads (bmo#1255735)
* Fix a regression with the copy and paste with some old versions
of some Gecko applications like Thunderbird (bmo#1254980)
- Mozilla Firefox 45.0.1:
* Fix a regression causing search engine settings to be lost in
some context (bmo#1254694)
* Bring back non-standard jar: URIs to fix a regression in IBM
iNotes (bmo#1255139)
* XSLTProcessor.importStylesheet was failing when <import> was
used (bmo#1249572)
* Fix an issue which could cause the list of search provider to
be empty (bmo#1255605)
* Fix a regression when using the location bar (bmo#1254503)
* Fix some loading issues when Accept third-party cookies: was
set to Never (bmo#1254856)
* Disabled Graphite font shaping library
- update to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
* Tabs synced via Firefox Accounts from other devices are now shown
in dropdown area of Awesome Bar when searching
* Introduce a new preference (network.dns.blockDotOnion) to allow
blocking .onion at the DNS level
* Tab Groups (Panorama) feature removed
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Local file overwriting and potential privilege escalation through
CSP reports
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
CSP reports fail to strip location information for embedded iframe pages
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
Linux video memory DOS with Intel drivers
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Memory leak in libstagefright when deleting an array during MP4
processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Displayed page address can be overridden
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
Service Worker Manager out-of-bounds read in Service Worker Manager
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
Memory corruption when modifying a file being read by FileReader
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
Addressbar spoofing though history navigation and Location protocol
property
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
Same-origin policy violation using perfomance.getEntries and
history navigation with session restore
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
Buffer overflow in Brotli decompression
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
Memory corruption with malicious NPAPI plugin
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
CVE-2016-1976/CVE-2016-1972
WebRTC and LibVPX vulnerabilities found through code inspection
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
Use-after-free in GetStaticInstance in WebRTC
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
Out-of-bounds read in HTML parser following a failed allocation
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
Buffer overflow during ASN.1 decoding in NSS
(fixed by requiring 3.21.1)
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
Use-after-free during processing of DER encoded keys in NSS
(fixed by requiring 3.21.1)
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Font vulnerabilities in the Graphite 2 library
- Remove B_CNT from symbols.zip filename to reduce build-compare noise
- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
Same-origin-policy violation using Service Workers with plugins
* Fix issue which could lead to the removal of stored passwords
under certain circumstances (bmo#1242176)
* Allows spaces in cookie names (bmo#1244505)
* Disable opus/vorbis audio with H.264 (bmo#1245696)
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
* Fix a crash in cache networking (bmo#1244076)
* Fix using WebSockets in service worker controlled pages (bmo#1243942)
- build fixes for arm/aarch64:
* disable webrtc for arm/aarch64
* switch away from openGL-ES backend to default for arm/aarch64
since it almost never builds
* reenable neon
- reenable webrtc for powerpc as it seems to build
- update to Firefox 44.0
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
Miscellaneous memory safety hazards
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
Out of Memory crash when parsing GIF format images
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
Buffer overflow in WebGL after out of memory allocation
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
Firefox allows for control characters to be set in cookie names
* MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
Missing delay following user click events in protocol handler dialog
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
Errors in mp_div and mp_exptmod cryptographic functions in NSS
(fixed by requiring NSS 3.21)
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
Addressbar spoofing attacks boo#963643
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
(bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
Unsafe memory manipulation found through code inspection
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
Application Reputation service disabled in Firefox 43
* requires NSPR 4.11
* requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches
- Mozilla Firefox 43.0.4:
* Re-enable SHA-1 certificates to prevent outdated
man-in-the-middle security devices from interfering with
properly secured SSL/TLS connections (bmo#1236975)
* Fix for startup crash for users of a third party antivirus tool
(bmo#1235537)
- The following change was previously in the package as a patch:
* Multi-user GNU/Linux download folders can be created
(bmo#1233434), removed mozilla-bmo1233434.patch
- update to Firefox 43.0.3
* requires NSS 3.20.2 to fix
MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
server signature
* various changes to support Windows update (SHA-1 vs. SHA-2)
* workaround Youtube user agent detection issue (bmo#1233970)
- fix file download regression for multi user systems
(bmo#1233434) (mozilla-bmo1233434.patch)
- explicitely requires libXcomposite-devel
- update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
* Users can opt-in to receive search suggestions from the Awesome Bar
* WebRTC streaming on multiple monitors
* User selectable second block list for Private Browsing's Tracking
Protection
security fixes:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)
Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs
- rebased patches
- Add desktop menu action for private browsing window to desktop
file (boo#954747)
- remove obsolete patch mozilla-bmo1005535.patch completely from
source package to avoid automatic check failures
- update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web
elements that could be used to record your behavior across sites
* Control Center that contains site security and privacy controls
* Login Manager improvements
* WebRTC improvements
* Indicator added to tabs that play audio with one-click muting
* Media Source Extension for HTML5 video available for all sites
security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
Certain escaped characters in host of Location-header are being
treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
* mozilla-arm-disable-edsp.patch
* mozilla-icu-strncat.patch
* mozilla-skia-be-le.patch
* toolkit-download-folder.patch
- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
- update to Firefox 41.0.2 (bnc#950686)
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)
- do not build with --enable-stdcxx-compat
(this starts to fail build on various toolchain combinations
and is not required for openSUSE builds in general
- update to Firefox 41.0.1
* Fix a startup crash related to Yandex toolbar and Adblock Plus
(bmo#1209124)
* Fix potential hangs with Flash plugins (bmo#1185639)
* Fix a regression in the bookmark creation (bmo#1206376)
* Fix a startup crash with some Intel Media Accelerator 3150
graphic cards (bmo#1207665)
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
- update to Firefox 41.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
Site attribute spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only)
Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API
- rebased patches
- removed obsolete patches
* mozilla-arm64-libjpeg-turbo.patch
- update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
* Fix a segmentation fault in the GStreamer support (bmo#1145230)
* Fix a regression with some Japanese fonts used in the <input>
field (bmo#1194055)
* On some sites, the selection in a select combox box using the
mouse could be broken (bmo#1194733)
security fixes
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
Use-after-free when resizing canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
Add-on notification bypass through data URLs
- update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories
from your recent browsing history
* Hello allows adding a link to conversations to provide context
on what the conversation will be about
* New style for add-on manager based on the in-content
preferences style
* Improved scrolling, graphics, and video playback performance
with off main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges
can be specified, limiting the number of devices blocked
security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
Feed protocol with POST bypasses mixed content protections
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
Crash when using shared memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
Heap overflow in gdk-pixbuf when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
Mozilla Content Security Policy allows for asterisk wildcards
in violation of CSP specification
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
Use-after-free in XMLHttpRequest with shared workers
- added mozilla-no-stdcxx-check.patch
- removed obsolete patches
* mozilla-add-glibcxx_use_cxx11_abi.patch
* firefox-multilocale-chrome.patch
- rebased patches
- requires version 40 of the branding package
- removed browser/searchplugins/ location as it's not valid anymore
- security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
Same origin violation and local file stealing via PDF reader
- update to Firefox 39.0 (bnc#935979)
* Share Hello URLs with social networks
* Support for 'switch' role in ARIA 1.1 (web accessibility)
* SafeBrowsing malware detection lookups enabled for downloads
(Mac OS X and Linux)
* Support for new Unicode 8.0 skin tone emoji
* Removed support for insecure SSLv3 for network communications
* Disable use of RC4 except for temporarily whitelisted hosts
* NPAPI Plug-in performance improved via asynchronous initialization
security fixes:
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
Miscellaneous memory safety hazards
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
Type confusion in Indexed Database Manager
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
Out-of-bound read while computing an oscillator rendering range in Web Audio
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
Use-after-free in Content Policy due to microtask execution error
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
ECDSA signature validation fails to handle some signatures correctly
(this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
Use-after-free in workers while using XMLHttpRequest
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
Vulnerabilities found through code inspection
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
Key pinning is ignored when overridable errors are encountered
* MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
OS X crash reports may contain entered key press information
(not relevant under Linux)
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
Privilege escalation in PDF.js
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
NSS accepts export-length DHE keys with regular DHE cipher suites
(this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
NSS incorrectly permits skipping of ServerKeyExchange
(this fix is shipped by NSS 3.19.1 externally)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
likely not worth maintaining further
- rebased patches
- require NSS 3.19.2
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
- update to Firefox 38.0.6
* fixes bmo#1171730 which is not really relevant to oS builds
- fix KDE regression from 38.0.5 builds (bsc#933439)
- update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
* Clean formatting for articles and blog posts with Reader View
* Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
- update to Firefox 38.0.1
stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards
may crash on start-up
* Users who import cookies from Google Chrome can end up with
broken websites
* Large animated images may fail to play and may stop other
images from loading
- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995)
Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
Buffer overflow with SVG content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
Referrer policy ignored when links opened by middle-click and
context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
Out-of-bounds read and write in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
Use-after-free during text processing with vertical text enabled
* MFSA 2015-53/CVE-2015-2715 (bmo#988698)
Use-after-free due to Media Decoder Thread creation during shutdown
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
Buffer overflow when parsing compressed XML
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
Buffer overflow and out-of-bounds read while parsing MP4 video
metadata
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
Untrusted site hosting trusted page can intercept webchannel
responses
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
Privilege escalation through IPC channel messages
- requires NSS 3.18.1
- removed obsolete patches:
* mozilla-skia-bmo1136958.patch
- remove gnomevfs build options as it is removed from sources
- rebased patches
- update to Firefox 37.0.2 (bnc#928116)
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
Memory corruption during failed plugin initialization
- update to Firefox 37.0.1 (bnc#926166)
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
Loading privileged content through Reader mode
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
Certificate verification bypass through the HTTP/2 Alt-Svc header
- update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL
centralized certificate revocation
* Opportunistically encrypt HTTP traffic where the server supports
HTTP/2 AltSvc
* some more behaviour changes for TLS
security fixes:
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
Add-on lightweight theme installation approval bypassed through
MITM attack
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
Out of bounds read in QCMS library
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
Cursor clickjacking with flash and images (OS X only)
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
Incorrect memory management for simple-type arrays in WebRTC
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
Memory corruption crashes in Off Main Thread Compositing
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
Use-after-free due to type confusion flaws
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
Same-origin bypass through anchor navigation
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
PRNG weakness allows for DNS poisoning on Android (only)
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
Windows can retain access to privileged content on navigation
to unprivileged pages
- removed obsolete patches
* mozilla-bmo1088588.patch
* mozilla-bmo1108834.patch
- requires NSPR 4.10.8
- Fix builds with skia on Power
mozilla-skia-be-le.patch (patch from #bmo1136958)
mozilla-bmo1108834.patch
mozilla-bmo1005535.patch
- update to Firefox 36.0.4 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination
- Copy the icons to /usr/share/icons instead of symlinking them:
in preparation for containerized apps (e.g. xdg-app) as well as
AppStream metadata extraction, there are a couple locations that
need to be real files for system integration (.desktop files,
icons, mime-type info).
- update to Firefox 36.0.1
Bugfixes:
* Disable the usage of the ANY DNS query type (bmo#1093983)
* Hello may become inactive until restart (bmo#1137469)
* Print preferences may not be preserved (bmo#1136855)
* Hello contact tabs may not be visible (bmo#1137141)
* Accept hostnames that include an underscore character ("_")
(bmo#1136616)
* WebGL may use significant memory with Canvas2d (bmo#1137251)
* Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
ARM and PPC
- update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
* added libclearkey.so media plugin
* Pinned tiles on the new tab page can be synced
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
more scalable, and more responsive web.
* Locale added: Uzbek (uz)
security fixes:
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
UI Tour whitelisted sites in background tab can spoof foreground
tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398)
Caja Compiler JavaScript sandbox bypass
- rebased patches
- requires NSS 3.17.4
- update to Firefox 35.0.1
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
* Kerberos authentication did not work with alias (bmo#1108971)
* SVG / CSS animation had a regression causing rendering issues on
websites like openstreemap.org (bmo#1083079)
* On Godaddy webmail, Firefox could crash (bmo#1113121)
* document.baseURI did not get updated to document.location after
base tag was removed from DOM for site with a CSP (bmo#1121857)
* With a Right-to-left (RTL) version of Firefox, the text selection
could be broken (bmo#1104036)
* CSP had a change in behavior with regard to case sensitivity
resources loading (bmo#1122445)
- update to Firefox 35.0 (bnc#910669)
notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)
security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- rebased patches
- dropped explicit support for everything older than 12.3
(including SLES11)
* merge firefox-kde.patch and firefox-kde-114.patch
* dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)
- fix bashism in mozilla.sh script
- update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
* Default search engine changed to Yandex for Belarusian, Kazakh,
and Russian locales
* Improved search bar (en-US only)
* Firefox Hello real-time communication client
* Easily switch themes/personas directly in the Customizing mode
* Implementation of HTTP/2 (draft14) and ALPN
* Disabled SSLv3
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86
- rebased patches
- update to Firefox 33.1
* Adding DuckDuckGo as a search option (upstream)
* Forget Button added
* Enhanced Tiles
* Privacy tour introduced
- fix typo in GStreamer Recommends
- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM
- use proper macros for ARM
- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
linking on arm.
- update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers
33.0.1
* Firefox displays a black screen at start-up with certain
graphics drivers
- adjusted _constraints for ARM
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)
- use Firefox default optimization flags instead of -Os
- specfile cleanup
- fix build for all ppc by not enabling elf-hack
(bnc#901213)
==== MozillaThunderbird ====
Version update (68.1.1 -> 68.2.1)
Subpackages: MozillaThunderbird-translations-common MozillaThunderbird-translations-other
- Mozilla Thunderbird 68.2.1
* new: A language for the user interface can now be chosen in
the advanced settings (multilingual UI) (bmo#1590206)
* fixed: Problem with Google authentication (OAuth2)
(bmo#1592407)
* fixed: Selected or unread messages not shown in the correct
color in the thread pane (message list) under some
circumstances (bmo#1585765)
* fixed: When using a language pack, names of standard folders
weren't localized (bmo#1575512, boo#1149126)
* fixed: Address book default startup directory in preferences
panel not persisted (bmo#1591364)
* fixed: Various visual glitches: Conditions in filter editor
not high enough, folder location widget not showing folder
name, problem with menubar customization, add-on home page
links accumulating, theme issues on Windows 7 (bmo#1590666)
* fixed: Issues when upgrading from a 32bit version of
Thunderbird to a 64bit version. Note: If your profile is
still not recognised, selected it by visiting about:profiles
in the Troubleshooting Information. (bmo#1587067)
* fixed: Chat: Extended context menu on Instant messaging
status dialog (Show Accounts) (bmo#1591506)
- added mozilla-bmo1504834-part4.patch to fix some visual issues
on big endian platforms
- Mozilla Thunderbird 68.2
* new: Message Display WebExtension API
* new: Message Search WebExtension API
* Bugfixes
Better visual feedback for unread messages when using the
dark theme
Various issues when editing mailing lists
Integration with macOS addressbook and notifications not working
after introduction of notarization
Application windows not maintaining their size after restart
Issues when upgrading from a 32bit version of Thunderbird to a
64bit version.
* various security fixes
MFSA 2019-33/2019-35 (bsc#1154738)
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11758 (bmo#1536227)
Potentially exploitable crash due to 360 Total Security
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-
property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
bmo#1586845)
Memory safety bugs fixed in Thunderbird 68.2
- removed upstream patches:
* mozilla-bmo1512162.patch
* mozilla-bmo1573381.patch
* mozilla-bmo1585099.patch
- Mozilla Thunderbird 68.1.2 (bsc#1153879)
Bugfixes
* Some attachments couldn't be opened in messages originating from
MS Outlook 2016
* Address book import from CSV
* Performance problem in message body search
* Ctrl+Enter to send a message would open an attachment if the
attachment pane had focus
* Calendar: Issues with "Today Pane" start-up
* Calendar: Glitches with custom repeat and reminder number input
* Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
- updated translations-other locale list
- remove kde.js since disabling instantApply breaks extensions and
is obsolete with the move to HTML views for preferences (boo#1151186)
- Update create-tar.sh (bsc#1152778)
- Update mozilla-bmo1512162.patch to the patch now commited upstream
* No more -O1 builds for ppc64le necessary
- Deactivate currently useless crashreporter for the last remaining
arch
==== aaa_base ====
Subpackages: aaa_base-extras aaa_base-malloccheck
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
* service: check if there is a second argument before using it
(bsc#1051143)
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
* check if variables can be set before modifying them
to avoid warnings on login with a restricted shell
(bsc#1138869)
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
* Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
* Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
* fix string test to arithmetic test in /etc/profile.d/wsl.sh
==== autoyast2 ====
Version update (4.2.12 -> 4.2.19)
Subpackages: autoyast2-installation
- report wrong type of param-list instead of crash (bsc#1143260)
- 4.2.19
- Fix autoinstallation on online medium (bsc#1156058)
- 4.2.18
- Update schema to support setting the encryption method through
the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.17
- AutoYaST support for the Full installation medium
(jsc#SLE-7101)
- 4.2.16
- fix auto-adding required packages for autoyast sections (bsc#1153746)
- don't run kdump autoyast config in 2nd stage
- 4.2.15
- bnc#1154855 - During firstboot ayast_setup will not be executed.
- 4.2.14
- Do not crash when using the online medium without the
registration section in the AY XML profile, display an error
message with some hints (bsc#1154988)
- 4.2.13
==== bluedevil5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: bluedevil5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== breeze ====
Version update (5.17.1 -> 5.17.2)
Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers libbreezecommon5-5
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== breeze-gtk ====
Version update (5.17.1 -> 5.17.2)
Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* [GTK3] Revert checkbox recolouring (kde#412078)
==== breeze4-style ====
Version update (5.17.1 -> 5.17.2)
Subpackages: libbreezecommon4-5
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== cpupower ====
Version update (4.19 -> 5.1)
Subpackages: libcpupower0
- Update turbostat to latest version 19.08.31
- Add intel-speed-select tool (jsc#SLE-5364)
A intel-speed-select-1.0.tar.bz2
A intel-speed-select_remove_DATE_TIME.patch
- Fix missing governors when running cpupower frequency-info (bsc#1117709)
M rapl_monitor.patch
- jira#5244 Turbostat for Ice Lake
- Remove very old cpufrequtils provides and requires (predecessor)
- Update libcpupower description
- Sidenote about fate#321274 - This feature is on the kernel side
and got wrongly mentioned in cpupower in a released product.
- Update to latest kernel HEAD sources
(5.1-rc4, 15ade5d2e7775667cf191cf2f94327a4889f8b9d)
Patches included mainline:
D cpupower_fix_compilation_and_sysfs_read_file_mess.patch
D cpupower_bash-completion_for_cpupower_tool.patch
Adjusted patches:
M turbostat_makefile_fix_asm_header.patch
M x86_perf_makefile_fix_asm_header.patch
M rapl_monitor.patch
M cpupower_rapl.patch
- Description updates.
- Run spec-cleaner
- Don't disable as-needed, it works now.
- Add bash completion for cpupower command (from mainline submit)
A cpupower_bash-completion_for_cpupower_tool.patch
- Fix static compilation and sysfs_read_file mess
A cpupower_fix_compilation_and_sysfs_read_file_mess.patch
==== digikam ====
Version update (6.0.0 -> 6.3.0)
Subpackages: digikam-lang libdigikamcore6 showfoto
- Do not enable Faces Engine DNN for ppc64le to avoid build error
- Update to 6.3.0
* https://www.digikam.org/news/2019-09-08-6.3.0_release_announcement/
- New features (from NEWS):
General : Internal Libraw updated to last stable 0.19.5.
General : First version of exported DPlugin API for future
external contributions.
ImageEditor: new external plugin based on GMicQt included in all
bundles (https://github.com/c-koi/gmic-qt)
- 193 bugs fixed
- bsc#1144232 - Drop jasper dependency from Digikam:
Disable JPEG2000 support due to removal of jasper
- Add BuildRequires libjpeg8 for regular JPEG support
- Update to 6.2.0
* https://www.digikam.org/news/2019-08-04-6.2.0_release_announcement/
- New features (from NEWS):
IconView : HiDPI support for 4K screens.
General : Internal Libraw updated to last stable 0.19.3.
New camera supported:
Canon A560, FujiFilm X-T30, Nikon Coolpix A1000, Z6, Z7,
Olympus E-M1X, Sony ILCE-6400, Several dng files from
phones and drones.
Full camera List supported:
https://www.libraw.org/supported-cameras-snapshot-201903
- 310 bugs fixed
- Drop patches merged upstream:
* Fix-compilation-with-Qt-5.6.patch
* Fix-build-with-QtWebEngine-5.6.patch
- Refresh 0001-Disable-detection-of-OpenGL-for-GLES-platforms.patch
- Drop Lower-minimum-exiv2-version.patch, the latest digikam
version just crashes on start with exiv2-0.25 (kde#407022)
- Update to 6.1.0
* https://www.digikam.org/news/2019-04-14-6.1.0_release_announcement/
- New features (from NEWS):
General : New plugins interface for digiKam and Showfoto named
dplugins.
General : All export tools become generic plugins and are
shared with Showfoto.
General : Update internal libpgf to last 07193.
General : Add compatiblity with OpenCV version 4.
General : MacOS and AppImage bundles are now published with Qt
5.11.3.
General : Add new optional configuration option to compile with
Faces Engine Neural Network.
General : Add optional support to ImageMagick codecs to support
extra image formats as XCF, FITS, HEIC, etc.
BQM : Add new advanced settings in resize tool.
BQM : All Batch Queue Manager tools become Bqm plugins.
Editor : All Image Editor tools become Editor plugins and are
shared with Showfoto.
Item View : Add sort items by modification date.
DPlugin : New plugin to copy items to a local storage.
DPlugin : New plugin to set image as Linux desktop wallpaper.
- 138 bugs fixed
- Add digikam-devel subpackage
- Add digikam-plugins subpackage that contains all the plugins
- Move plugins' icons to the -plugins subpackage
- Move enblend-enfuse and hugin Recommends to the -plugins package
as the functionality has been moved to the plugins
- Add pkgconfig(Magic++) BuildRequires to enable the new
ImageMagick support
- Add patches to fix build on Leap 42.3:
* Fix-compilation-with-Qt-5.6.patch
* Fix-build-with-QtWebEngine-5.6.patch
- Refresh 0001-Disable-detection-of-OpenGL-for-GLES-platforms.patch
==== discover ====
Version update (5.17.1 -> 5.17.2)
Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* notifier: make it possible to replace the instance
* app delegate: improve on narrow windows (kde#411828)
* flatpak: oops
* pk: notify about problems regarding file listing
* appstream: support more formats of appstream urls (kde#408419)
* notifier: don't autostart outside of Plasma (kde#413235)
* snap: fix cancelling (kde#404358)
* pk: readability
* pk: Make action buttons translatable
* notifier: Make action buttons translatable
* pk: don't show redundant packages on updates
==== drkonqi5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: drkonqi5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* typo--
==== ethtool ====
Version update (4.13 -> 5.3)
- upgrade to upstream version 5.3 (jsc#SLE-7328)
* drop mainline backports contained in v5.3
Revert-ethtool-Add-DMA-Coalescing-support.patch
ethtool-Support-for-FEC-encoding-control.patch
ethtool-add-support-for-extra-RSS-contexts-and-RSS-s.patch
ethtool-better-syntax-for-combinations-of-FEC-modes.patch
ethtool-copy.h-sync-with-net-next-2.patch
ethtool-copy.h-sync-with-net-next.patch
ethtool-correct-VF-index-values-for-the-ring_cookie-.patch
ethtool-correct-display-of-VF-when-showing-vf-queue-.patch
ethtool-don-t-fall-back-to-grxfhindir-when-context-w.patch
ethtool-fix-MFLCN-register-dump-for-82599-and-newer.patch
ethtool-fix-stack-clash-in-do_get_phy_tunable-and-do.patch
ethtool-show-VF-and-queue-in-the-help-for-N.patch
ethtool-support-combinations-of-FEC-modes.patch
ethtool.8-Document-RSS-context-control-and-RSS-filte.patch
* provide bash completion
- minor specfile cleanup
==== inkscape ====
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang
- Add patches from upstream (some with slight modifications to apply
correctly) to adapt to poppler 0.79 (boo#1155596):
* 0001-Fix-compilation-with-poppler-0.64.patch
* 0002-Fix-compilation-with-poppler-0.65.patch
* 0003-Modified-fix-for-compatibility-with-poppler-0.64.patch
* 0004-fix-1789208-poppler-0.69.patch
* 0005-fix-poppler-0.71.0-build.patch
* 0006-fix-poppler-0.72.0-build.patch
* 0007-Tentative-fix-for-poppler-0.76.patch
==== kactivitymanagerd ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kactivitymanagerd-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kbd ====
Subpackages: kbd-legacy
- Allow YaST to select Iranian (Persian, Farsi) keyboard layout
(bsc#1092920)
- fbtest.c: include <sys/sysmacros.h> for major/minor
- Use %license instead of %doc [bsc#1082318]
- Disable characters >=U+F000. These do not work properly
(bsc#1085432#c15, kbd-unicode-fxxx.patch).
- Do not cause error on UNICODE characters >= 0xF000 (e. g.
ligature fi) (bsc#1085432, kbd-unicode-fxxx.patch).
- Move initial NumLock handling from systemd back to kbd:
* Add kbdsettings service written by Thomas Blume (boo#1010880,
kbdsettings, kbdsettings.service, numlockbios.c,
update sysconfig.console and sysconfig.keyboard).
* Exclude numlockbios support for non x86 platforms
(kbdsettings-nox86.patch).
- Drop references to KEYTABLE and COMPOSETABLE (boo#1010880#c32,
boo#1010880#c54, sysconfig.keyboard.del, README.SUSE,
drop kbd.fillup).
- Fix paths in kbd.pl.
- Drop from some fill-up templates, a couple of sysconfig variables no
more read by systemd (fate#319454)
So the relevant settings can be defined in only one place.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Add vlock.pamd PAM file (bsc#1056449#c8).
- Clean spec file.
- Version update to 2.0.4:
* translation updates
* support for U+202F
* minor fixes and code cleanup
* minor improvements and more characters support
- Enable vlock (bsc#1056449, FATE#261).
- call gzip -n to make build fully reproducible
- Revert dropping of kdb-legacy Requires: There are still packages
and installation flows that needs this to be present
(boo#1027379).
- Drop kdb-legacy Requires: No longer needed, and was always meant
to be temporary.
- Version update to 2.0.3:
* Various small updates
- Obsolete merged patch:
* kbd-1.15.5-br-abnt2-slash-question.patch
- Quickly run over with spec-cleaner
- Remove arch check for alpha and other unused platforms
- Drop kbd.fillup.nonpc as it should not be needed nowdays
- Fix data/keymaps/i386/querty/br-abnt2.map
(boo#984958, kbd-1.15.5-br-abnt2-slash-question.patch)
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Rename conflicting legacy keymaps:
* dvorak/no.map -> dvorak/no-dvorak.map
* fgGIod/trf.map -> fgGIod/trf-fgGIod.map
* olpc/pt.map -> olpc/pt-olpc.map
* qwerty/cz.map -> qwerty/cz-qwerty.map
- i386/qwerty/sr-latin links to sr-cy
- add compose rules to cz layout (rh#1181581)
- genmap4systemd.sh: use 'abnt2' model for 'br' layouts, 'jp106'
model for 'jp' layouts and 'microsoftpro' for anything else
(instead of 'pc105' before) (FATE#318426)
- added genmap4systemd.sh tool, which generates entries for
systemd's /usr/share/systemd/kbd-model-map table from
xkeyboard-config converted keymaps; entries are written to
/usr/share/systemd/kbd-model-map.xkb-generated, so these can
easily be added to /usr/share/systemd/kbd-model-map by systemd
package (FATE#318426)
- Include xkb layouts from xkeyboard-config converted to console
keymaps, (FATE#318426)
* Rename Finnish xkb converted layout
* Add xkb and legacy keymaps subdirs to loadkyes search path
(kbd-1.15.5-loadkeys-search-path.patch), remove symlinks,
Don't convert layouts that can't input ASCII,
* Original keymaps moved to legacy dir, created symlinks to xkb
keymaps
- For the previos change to wok, we need to buildrequire
suse-module-tools to get the initrd rpm macros.
- Regenerate the initrd if this package changes as it is
included there for early console setup.
- Convert changelog to utf8
- fix bashisms in scripts
- add patches:
* kbd-2.0.2-fix-bashisms.patch
- update patches:
* kbd-1.15.2-unicode_scripts.patch
==== kde-cli-tools5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kde-cli-tools5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kde-gtk-config5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kde-gtk-config5-gtk2 kde-gtk-config5-gtk3 kde-gtk-config5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kde-user-manager ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kde-user-manager-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kdepim-runtime ====
Subpackages: kdepim-runtime-lang
- Update build requirements
==== kgamma5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kgamma5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== khotkeys5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: khotkeys5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kinfocenter5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kinfocenter5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kmenuedit5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kmenuedit5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* Create directory when saving the menu file (kde#413079)
==== kscreen5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kscreen5-lang kscreen5-plasmoid
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kscreenlocker ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kscreenlocker-lang libKScreenLocker5
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== ksshaskpass5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: ksshaskpass5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== ksysguard5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: ksysguard5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== ktexteditor ====
Subpackages: ktexteditor-lang
- Add 0001-fix-crash-in-variableexpansionhelpers.patch to fix a crash
when adding a variable to swap file name (kde#413474)
==== ktouch ====
Version update (19.08.1 -> 19.08.2)
Subpackages: ktouch-lang
- Update to 19.08.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/announce-applications-19.08.2.php
- No code change since 19.08.1
==== kwayland-integration ====
Version update (5.17.1 -> 5.17.2)
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== kwin5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: kwin5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* Dmabuf recovery on EGL reset (kde#411980)
* [kcmkwin/kwindecoration] Fix default window size in KCMShell This also fixes a binding loop. (kde#413557)
* [kcmkwin/desktop] Elide "Show animation when switching" checkbox text (kde#403151)
* [kcmkwin/kwinvirtualdesktops] Improve default window size when opened in kcmshell
* [scripting] Provide conversion functions for AbstractClient (kde#413044)
* Don't use MESA_EGL_NO_X11_HEADERS
* [kcmkwin/kwindecoration] Elide "theme default border size" CheckBox
==== kwrited5 ====
Version update (5.17.1 -> 5.17.2)
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== libgnomekbd ====
Version update (3.26.0 -> 3.26.1)
- Add explicit conflicts in typelib-1_0-Gkbd-3_0 and gnomekbd-tools
against libgnomekbd < 3.26.1, before package split was done.
- Make -lang package installable and ease upgrade: provide/obsolete
libgnomekbd by libgnomekbd8.
- Remove --with-pic which has no effect with --disable-static.
- Split package to SLPP standard:
+ Add sover define and set it to 8.
+ New subpackage gnomekbd-tools.
+ New subpackage libgnomekbd8.
+ New subpackage typelib-1_0-Gkbd-3_0.
+ Drop BUILD_FROM_VCS conditionals.
+ Add post(un) handling of the new shared library package.
+ Update URL to current GNOME gitlab home.
- Drop libgnomekbd-default-group-switch.patch: It does not seem to
make any noticeable change today.
- Modernize spec, run spec-cleaner, drop post(un) handling of
glib2_gsettings_schema_post(un) and desktop_database_post(un) and
glib2_gsettings_schema_requires macro.
- Update to version 3.26.1:
+ Fix build with new GLib.
+ Updated translations.
- Modernize spec-file by calling spec-cleaner
==== libkdecoration2 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private6
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== libkscreen2 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: libKF5Screen7 libkscreen2-plugin
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== libksysguard5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: libksysguard5-helper libksysguard5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Add patch to fix crash when running libQt5Core5.so.5 as executable
(boo#1155955):
* 0001-Fix-crash-when-running-QtCore-Stack-is-misaligned-on.patch
==== libssh2_org ====
- Security fix: [bsc#1154862, CVE-2019-17498]
* The SSH_MSG_DISCONNECT:packet.c logic has an integer overflow in
a bounds check that might lead to disclose sensitive information
or cause a denial of service
* Add patch libssh2_org-CVE-2019-17498.patch
==== libstorage-ng ====
Version update (4.2.18 -> 4.2.23)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Estonian) (bsc#1149754)
- 4.2.23
- Translated using Weblate (Estonian) (bsc#1149754)
- 4.2.22
- Translated using Weblate (Estonian) (bsc#1149754)
- 4.2.21
- Translated using Weblate (Estonian) (bsc#1149754)
- 4.2.20
- merge gh#openSUSE/libstorage-ng#676
- handle is_permanent() in possible_mount_bys() (bsc#1155566)
- simplified code
- 4.2.19
==== milou5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: milou5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== ovmf ====
Version update (2017+git1510945757.b2662641d5 -> 201908)
Subpackages: qemu-ovmf-x86_64
- Update to edk2-stable201908
+ Add TLS and IPv6 supports for ArmVirtQemu
+ Various fixes and updates for TPM2
+ Various fixes for OvmfPkg and the underlying infrastructures
+ Drop the build requirement of python2
+ Drop the obsolete IntelFrameworkPkg and IntelFrameworkModulePkg
+ Remove ShellBinPkg and move the platform packages out of edk2
- Update openssl to 1.1.1b
+ Add berkeley-softfloat-3-b64af41c3276f.tar.xz since arm7 needs
the softfloat implementation for openssl 1.1.1b
- Add ovmf-bsc1153072-fix-invalid-https-cert.patch to reject the
invalid server certificates for HTTPS Boot
(bsc#1153072, CVE-2019-14553)
- Build the varstore templates with EnrollDefaultKeys.efi
+ Create the iso files for key enrollment
- Add gen-key-enrollment-iso.sh to generate the iso file
+ Drop the non-upstream ovmf-embed-default-keys.patch
- Also drop owner-guid-zero.h
+ Drop the MS keys and dbx since they are already in
EnrollDefaultKeys.efi: MicCorKEKCA2011_2011-06-24.crt,
MicCorUEFCA2011_2011-06-27.crt, MicWinProPCA2011_2011-10-19.crt,
and dbxupdate.zip
- Also drop the related script strip_authinfo.pl
+ Add ovmf-set-fixed-enroll-time.patch to set the fixed enrolling
time to make the varstore template reproducible
+ Require qemu 3.0.0 for fw_cfg
- Enable TLS (HTTPS Boot) and TPM2 support
- Add the firmware descriptors for QEMU
- Update README to match the current settings
- Update the License tag to BSD-2-Clause-Patent
- Build SecureBoot firmwares for aarch64
- Add a new "smm" flavor to enable System Management Mode
+ Also add ovmf-add-exclude-shell-flag.patch to exclude shell
from the resultant SMM firmware files
- Retire the old openSUSE 4096 bit certificates since all those
programs are unmaintained.
- Drop upstreamed patches
+ ovmf-bsc1092943-fix-attributes-table.patch
+ ovmf-bsc1099193-fix-sev-flash-variables.patch
+ ovmf-bsc1115916-fix-timestamp-zeroing.patch
+ ovmf-bsc1115917-bounds-checking-for-ueficompress.patch
+ ovmf-bsc1127820-fix-blockio-buffer-overflow.patch
+ ovmf-bsc1127821-dns-check-packet-size.patch
+ ovmf-bsc1127822-fix-fv-parsing.patch
+ ovmf-bsc1128503-fix-stack-overflow-in-HiiImage-and-HiiDatabase.patch
+ ovmf-bsc1130267-overflow-in-partition-and-udf.patch
+ ovmf-bsc1131361-fix-stack-overflow-xhci.patch
- Refresh patches:
+ ovmf-add-exclude-shell-flag.patch
+ ovmf-disable-ia32-firmware-piepic.patch
+ ovmf-pie.patch
- Drop the requirement of xxd
==== oxygen5 ====
Version update (5.17.1 -> 5.17.2)
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== php7 ====
Subpackages: apache2-mod_php7 php7-ctype php7-dom php7-iconv php7-json php7-mysql php7-pdo php7-pgsql php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter
- security update
- added patches
CVE-2019-11043 [bsc#1154999]
+ php7-CVE-2019-11043.patch
==== plasma-nm5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== plasma5-addons ====
Version update (5.17.1 -> 5.17.2)
Subpackages: plasma5-addons-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== plasma5-desktop ====
Version update (5.17.1 -> 5.17.2)
Subpackages: plasma5-desktop-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* Fix force font DPI UI logic
==== plasma5-integration ====
Version update (5.17.1 -> 5.17.2)
Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE
- Update to 5.17.2
==== plasma5-pa ====
Version update (5.17.1 -> 5.17.2)
Subpackages: plasma5-pa-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== plasma5-workspace ====
Version update (5.17.1 -> 5.17.2)
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* [wallpapers/image] Randomise new batches of images in the slideshow (kde#413463)
* [wallpapers/image] Seed random number generator
* [Lock Screen] Don't use black shadows with black text (kde#413537)
* clear the cells before relayouting the items (kde#413019)
==== pmdk ====
Version update (1.5 -> 1.7)
Subpackages: libpmem1
- Update to PMDK 1.7 (jsc#SLE-9886)
- Introduces new APIs in libpmemobj for managing space used by transactions.
(see pmemobj_tx_log_append_buffer man page for details)
- Introduces new APIs in librpmem, splitting rpmem_persist into rpmem_flush
and rpmem_drain, allowing applications to use the flush + drain model
already known from libpmem. (libpmemobj does not use this feature yet)
- Optimizes large libpmemobj transactions by significantly reducing
the amount of memory modified at the commit phase.
- Optimizes tracking of libpmemobj reservations.
- Adds new flags for libpmemobj's pmemobj_tx_xadd_range[_direct] API:
POBJ_XADD_NO_SNAPSHOT and POBJ_XADD_ASSUME_INITIALIZED, allowing
applications to optimize how memory is tracked by the library.
- To support some of the above changes the libpmemobj on-media layout had
to be changed, which means that old pools have to be converted using
pmdk-convert >= 1.7.
- Disable Werror to deal with a new GCC 9 warning.
- Update to PMDK 1.6 (jsc#SLE-5400)
- See ChangeLog for details
- Disable LTO (boo#1133276).
==== polkit-kde-agent-5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: polkit-kde-agent-5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== poppler ====
Version update (0.62.0 -> 0.79.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- Update to version 0.79.0:
+ core:
- Fix regression on TextSelectionPainter.
- Fix parsing of DefaultAppearance.
- Fix memory leak in PostScriptFunction.
- Fix crashes in fuzzed files.
+ qt5:
- Implemented support for setIcon by changing appearance.
- Added option to set the form available to print.
- QString::null is deprecated, use QString().
- Replace deprecated qStableSort with std::stable_sort.
+ build system: Turn README into README.md and expand it.
- Update to version 0.78.0:
+ core:
- Fix line annotation arrows for usage in dimensioning.
- Handle Ink annots without an InkList but with an AP.
- Fix typos preventing parsing of Movie start and duration.
- Fix crash on malformed files.
+ glib:
- Add poppler_document_create_dests_tree().
- Don't use the deprecated g_type_class_add_private().
- Document the differences between render() and
render_for_printing().
- Fix introspection for poppler_document_new_from_data.
- Don't create PopplerInputStream with length 0.
- Document G_IO_ERROR as a possible error condition.
- Docs: Add index for API new in 0.78.
+ build system:
- Fixes cross compilation of gir in Void Linux.
- Add -Wshadow to the default warning flags.
- Install pkg-config pc files if pkg-config is found.
- Bump poppler_sover following upstream changes.
- Update to version 0.77.0:
+ core:
- Fix crash on signature handling. Issue #766
- Fix small memory leak in SignatureHandler::getCertificateInfo
- Splash: Restrict filling of overlapping boxes. Issue #750
- Fix crash on malformed files
+ qt5: Fix optional content handling with exclusive layers
+ cpp: Make render_page thread-safe
+ utils:
- pdfsig: Fix small memory leak
- pdftotext: Fix typo in manpage
- Changes from version 0.76.1:
+ core:
- Make the mul tables be calculated at compile time with constexpr.
- splash: Fix compile with SPLASH_CMYK enabled
- Some typo fixing in error messages
+ qt5: Fix regression in annotation handling
+ build system: Fix some typos in build system output and comments
- Changes from version 0.76.0:
+ core:
- Fix regression on case-insensitive search. Issue #743
- Remove GooList, use std::vector instead
- Fix radiobutton reporting wrong state. Issue #159
- Handle UTF16-LE strings
- Don't error out if there's no DA in FreeText annotation
- cairo:
. Compute correct coverage values for box filter.
. Constrain number of cycles in rescale filter.
- Read more fields from ViewerPreferences
. Introduce and use Ref::INVALID
. Fix crashes in broken files
. Fix mismatched free/delete
. Add missing include guards
+ utils: pdftohtml: Properly initialize HtmlOutputDev::page to
avoid SIGSEGV upon error exit.
- Changes from version 0.75.0:
+ core:
- Fix rendering of some annotations
- Fix crashes in broken files
- Small internal code improvements
+ cpp:
- Improve documentation
- tests: Add showing version information to poppler-dump
+ utils:
- pdfattach: new util
- pdftohtml: add -dataurls parameter
- pdftoppm: add -sep and -forcenum parameters
- pdftohtml: make singleHtml and stout not mutually exclusive
- pdfsig: fix use after free
- Bump poppler_sover following upstream changes.
- Update to version 0.74.0:
+ core:
- Remove support for obsolete systems.
- Include timezone in timeToDateString().
- Fix/silence some warnings.
- Fix issues with broken files.
+ build system:
- Fix linking in FreeBSD.
- Fix fseeko configure check on Android for API level < 24.
- Remove unused MacroPushRequiredVars.cmake.
+ qt5:
- Add API that lazily builds an outline by wrapping the
internal objects.
- Demo: Use new API to build Table Of Contents lazily.
+ glib:
- Improve documentation.
- Fix cast from 'GTime *' (aka 'int *') to 'time_t *'
(aka 'long *').
+ utils: pdfsig: add -nssdir option.
+ cpp: Add a way to get all the named destinations in a document.
- Bump poppler_sover following upstream changes.
- Update to version 0.73.0:
+ core:
- Fix regression reading some encrypted files.
- Add X509CertificateInfo classes.
- Add new 'IgnoreDiacritics' option to ::findText().
- Open files with CLOEXEC flag set.
- Remove Gulong, Guint, Gushort, Guchar typedefs.
- Fix handling of some broken files.
+ qt5:
- Expose X509CertificateInfo.
- Add the possibility of getting version.
- Add new 'IgnoreDiacritics' search flag.
- Make initialization of globalParams threadsafe.
- ArthurOutputDev: Remove all Splash code usage.
+ cpp:
- Make initialization of globalParams threadsafe.
- Fix page::text_list encoding issue.
- Improve handling of UTF-16 by considering Endianess.
- Add API to specify a custom data directory.
+ glib:
- add new 'POPPLER_FIND_IGNORE_DIACRITICS' find flag.
- Fix named destinations.
- Make PrintScaling preference available in API.
+ build system:
- Rename ENABLE_XPDF_HEADERS to
ENABLE_UNSTABLE_API_ABI_HEADERS.
- support enabling NSS on mingw.
- Windows: only set SOVERSION for shared libs.
- Bump poppler_sover following upstream changes.
- Pass ENABLE_UNSTABLE_API_ABI_HEADERS=on to cmake, replacing
ENABLE_XPDF_HEADERS=on we had before.
- Update to version 0.72.0:
+ core:
- Fix checkbox lacking AP not being able to change state.
- Draw line annotation endings (arrow, circle, ...).
- cairo: Don't use UNIQUE_ID for PS output, to avoid using PS
memory on cairo >= 1.5.10.
- Be more stubborn looking for a nssdb.
- GooString::fromInt: Repair the return value.
- Minor performance improvements.
- Avoid cycles in PDF parsing.
- Stream::makeFilter: Fix memory leak.
- Fix various issues with malformed files.
- Rename GooString::getCString to GooString::c_str.
- Regenerate UnicodeDecompTables.h from python 3.7.1.
+ utils:
- pdfdetach: Check for valid embedded file before trying to
save it.
- pdfdetach: Check for valid file name of embedded file before
using it to determine save path.
- Fix typos in utils.
+ glib:
- Fix missing PopplerAttachment destructor call.
- Support getting form widget additional actions.
- docs: Small improvements.
+ qt5: Internally compile with -DQT_NO_SIGNALS_SLOTS_KEYWORDS.
- Bump poppler_sover following upstream changes.
- Update to version 0.71.0:
+ core:
- Replace the implementation of GooString by std::string but
keep the exact interface intact.
- Replace GBool, gTrue, and gFalse by bool, true, false, resp.
- Splash: Fix crash if document is malformed (too wide).
+ qt5:
- Fix crash when adding Highlight Annotations.
- Default to hidden symbols.
- Fix two leaks in a test.
+ glib:
- demo: Fix build on Windows.
- demo: Align property labels to top of cell.
+ cpp: Fix typos in documentation.
+ build system:
- Enable searching for GTK on Windows
- Remove unused files
- Add fuzzer target from oss-fuzz project
- Changes from version 0.70.1:
+ glib: Install missing file.
- Changes from version 0.70.0:
+ core:
- FreeText annotations: default to font from default appearance
string.
- Splash: Speed improvements.
- Fix security issues found by oss-fuzz.
- Improve page lable parsing.
- Use std some std classes instead of self grown ones.
- Various internal improvements.
+ glib:
- Fix crash on missing embedded file.
- Add support for PDF subtype property.
- Only export symbols in the public API.
+ qt5:
- Add Page::index() method.
- Improve method to get the page from a label string.
+ utils: pdftohtml: Improve font handling.
- Bump poppler_sover following upstream changes.
- Update to version 0.69.0:
+ core:
- Add annotation font color
- Splash: Some speed improvements
- PSOutputDev: add native support for type 7 shadings when
using level 3
- Add support for PDF subtype property
- Link: Fix memory leak regarding next actions
- Fix handling of Signature Info Location and Reason
- Fix errors in computation of type3 glyphs transformation
matrix
- Reimplement Dict class in a more modern way
- Fix security issues found by oss-fuzz
- Fix memory issues in GfxImageColorMap copy ctor
- Don't abort if the SampleFunction has too many samples.
Issue glfdo#poppler/poppler#634
- Document the OutputDev::clip and OutputDev::oeClip methods
- Fix macOS compilation due to boolean define in jpeglib
- Split GDir and GDirEntry out of gfile.h.
Issue glfdo#poppler/poppler#370
+ qt5:
- Add annotation font color
+ utils:
- pdfinfo: Show PDF subtype
- pdftotext: Fix only outputs first page content with
- bbox-layout option. Issue glfdo#poppler/poppler#88
- pdftotext: Fix memory leak in printLine
+ build system
- Require C++14
- Update to version 0.68.0:
+ core:
- Add Reason and Location to SignatureInfo (fdo#107299).
- Fix memory misuse on signature handling
- Fix security issues found by oss-fuzz
- Don't give a warning when Marked value is false (fdo#107430).
+ qt5: Add Reason and Location to SignatureInfo (fdo#107299).
+ cpp:
- Add rotation() to text_box (fdo#106562).
- Fix build with MSVC
+ utils:
- pdftoppm: Add -jpegopt optimize option support
- pdftocairo: Add -jpegopt optimize option support
- pdftohtml:
. Add option to not round coordinates
. Fix possible crash (fdo#107316).
+ build system:
- Use OpenJpeg cmake config file instead of pkgconfig
- Remove wchar_t- on MSVC
- Changes from version 0.67.0:
+ core:
- Fix lots of security/leak issues found by oss-fuzz
- Splash:
. Optimize some files, making them 20% faster
. Correctly manipulate spot colors if SPOT_NCOMPS != 4
- Fix compilation with some strict compilers.
- Bump poppler_sover following upstream changes.
- Add openjpeg2 BuildRequires: New dependency.
- Update to version 0.66.0:
+ core:
- Fix lots of security/leak issues found by oss-fuzz
- Splash: Optimize some files, making them 20% faster
- Splash: Correctly manipulate spot colors if SPOT_NCOMPS != 4
- Fix compilation with some strict compilers
- Changes from version 0.65.0:
+ core:
- SplashOutputDev: Add the invisible character check
beginType3Char. (fdo#106244)
- XRef: Fix runtime undefined behaviour. (fdo#105970)
- Fix issues with malformed documents.
(fdo#104942), (fdo#103238)
- Remove GooHash after replacing it by std::unordered_map
- Add conversion methods between GooString and std::string.
+ cpp:
- Add newline after error message
- Expose more image modes, add option to select mode in
renderer. (fdo#105558)
+ build system:
- Fix compilation with libc++
- Small improvement to FindLIBOPENJPEG2.cmake
+ qt5:
- Add widget annot actions to FormFields
+ utils:
- pdffonts: Minor formatting changes in the man page.
(fdo#105194)
- Changes from version 0.64.0:
+ core:
- Workaround form field text not being drawn on broken files.
(fdo#103245)
- Add read only setter for form fields
- Add support for Link Hide action
- Add support for Next actions in Links
- Fix parsing of Annot focus out actions
- Fix PDFDoc::checkHeader() for PDFs smaller than 1 KiB.
(fdo#105674)
- Add const to several classes and members
- gfile: Fix build on some platforms
- Fix issues with on malformed documents.
(fdo#105972), (fdo#105969), (fdo#106059), (fdo#106061)
- Several small code improvements
+ qt5:
- Allow setting of Form visibility status
- Allow setting of Form read only status
- Add support for Link Hide action
- Add support for Next actions in Links
- ArthurOutputDev: Implement axialShadedFill
- ArthurOutputDev: Implement drawImageMask. (fdo#105531)
- ArthurOutputDev: Implement Type3 font support
+ utils:
- pdfsig: Add -dump which writes signatures to disk
(fdo#104881)
+ glib:
- less deprecated calls
+ build system:
- bring back the option to disable GObject introspection
- Add iconv include dir when compiling
- Make it possible to build poppler without fontconfig.
Default for Android.
- Bump soversion and data_version to 77 and 0.4.9 respectively.
- Update to version 0.63.0:
+ Core:
- CairoOutputDev: support embedding CCITT image data.
(fdo#103399)
- CairoOutputDev: limit image size when printing.
(fdo#103399)
- CairoOutputDev: use GOOD instead of BEST as the default
cairo filter for scaling. (fdo#103136)
- Error out on save if file has changed since we opened it.
(fdo#103793)
- PDFDoc: use %c instead of \x to output binary. (fdo#103873)
- Fix index out of bounds undefined behaviour in PSTokenizer.
(fdo#103583)
- Fix opening files with OutlineItem loops. (fdo#102914)
- Fix some bugs in StructTreeRoot parsing of parent tree.
(fdo#103912)
- Remove error for wrong child type for tagged pdf.
(fdo#103587)
- FoFiTrueType::readPostTable() from xpdf 4.00.
(fdo#102880)
- GfxFontDict: merge reference generation from xpdf 4.00.
(fdo#104565)
- Reset lastAbortCheck on updateLevel reset
- PDFDoc::setup: Fail early if base stream length is 0.
(fdo#103552)
- Check curStr is actually a Stream before doing Stream
operations. (fdo#104518)
- Fix new Object API porting bug. (fdo#104517)
- Check return code of getChar(), abort reading on error.
(fdo#104502)
- TextPage: Add horizontal scaling to font matrix.
(fdo#105259)
- Fix EmbedStream replay. (fdo#103446)
- Fix memory leak on error condition
- Fix assert on malformed documents. (fdo#104354)
- Fix abort in Gfx::opBeginMarkedContent if args[1] is not
a name. (fdo#104468)
- GfxGouraudTriangleShading::parse: Don't abort on malformed
documents. (fdo#104567)
- GfxFunctionShading::parse: Fix abort in malformed document.
(fdo#104581)
- Remove the extern C from glib.h. (fdo#103621)
- Don't let ArthurOutputDev be friend of SplashPath anymore
- Fix undefined sanitizer warning about qsort
- Form.h: include time.h for time_t
- Various code improvements
+ Qt5:
- Add cancellation support to renderToImage and textList
- Do not assume all Screen annotation actions are Renditions.
(kde#388175)
- qt5: Implement operator= for PageTransition
- ArthurOutputDev: 'clip' should intersect new and old clipping
path
- ArthurOutputDev: Implement updateBlendMode
- ArthurOutputDev: Replace the QPainter by a stack of QPainters
- ArthurOutputDev: Rudimentary support for transparency groups
- Remove stale libcms1 code. (fdo#104358)
- demo: don't crash if page is malformed
- Fix warnings due to the use of deprecated overloads of
Poppler::Page::Search in tests.
+ Utils:
- pdfimages: Fix for files with flate encoded inline images.
(fdo#103446)
- pdftocairo: Remove stale libcms1 code. (fdo#104358)
- pdfimages: Fix build without libtiff and libpng
- pdfseparate: Fix buffer size warning due to missing space
for null terminator
+ Build System:
- Enable building all libs as static libs
- Enable no-missing-field-initializers
- Remove unused FindLIBOPENJPEG.cmake
- Add "--owner root:0 --group root:0" options to tar command
in dist target. (fdo#104398)
- Add python3 support to gtkdoc.py
- gtkdoc.py: Make it work with newer gtk-doc. (fdo#105075)
+ Cpp:
- Add page::text_list
==== poppler-qt5 ====
Version update (0.62.0 -> 0.79.0)
- Update to version 0.79.0:
+ core:
- Fix regression on TextSelectionPainter.
- Fix parsing of DefaultAppearance.
- Fix memory leak in PostScriptFunction.
- Fix crashes in fuzzed files.
+ qt5:
- Implemented support for setIcon by changing appearance.
- Added option to set the form available to print.
- QString::null is deprecated, use QString().
- Replace deprecated qStableSort with std::stable_sort.
+ build system: Turn README into README.md and expand it.
- Update to version 0.78.0:
+ core:
- Fix line annotation arrows for usage in dimensioning.
- Handle Ink annots without an InkList but with an AP.
- Fix typos preventing parsing of Movie start and duration.
- Fix crash on malformed files.
+ glib:
- Add poppler_document_create_dests_tree().
- Don't use the deprecated g_type_class_add_private().
- Document the differences between render() and
render_for_printing().
- Fix introspection for poppler_document_new_from_data.
- Don't create PopplerInputStream with length 0.
- Document G_IO_ERROR as a possible error condition.
- Docs: Add index for API new in 0.78.
+ build system:
- Fixes cross compilation of gir in Void Linux.
- Add -Wshadow to the default warning flags.
- Install pkg-config pc files if pkg-config is found.
- Bump poppler_sover following upstream changes.
- Update to version 0.77.0:
+ core:
- Fix crash on signature handling. Issue #766
- Fix small memory leak in SignatureHandler::getCertificateInfo
- Splash: Restrict filling of overlapping boxes. Issue #750
- Fix crash on malformed files
+ qt5: Fix optional content handling with exclusive layers
+ cpp: Make render_page thread-safe
+ utils:
- pdfsig: Fix small memory leak
- pdftotext: Fix typo in manpage
- Changes from version 0.76.1:
+ core:
- Make the mul tables be calculated at compile time with constexpr.
- splash: Fix compile with SPLASH_CMYK enabled
- Some typo fixing in error messages
+ qt5: Fix regression in annotation handling
+ build system: Fix some typos in build system output and comments
- Changes from version 0.76.0:
+ core:
- Fix regression on case-insensitive search. Issue #743
- Remove GooList, use std::vector instead
- Fix radiobutton reporting wrong state. Issue #159
- Handle UTF16-LE strings
- Don't error out if there's no DA in FreeText annotation
- cairo:
. Compute correct coverage values for box filter.
. Constrain number of cycles in rescale filter.
- Read more fields from ViewerPreferences
. Introduce and use Ref::INVALID
. Fix crashes in broken files
. Fix mismatched free/delete
. Add missing include guards
+ utils: pdftohtml: Properly initialize HtmlOutputDev::page to
avoid SIGSEGV upon error exit.
- Changes from version 0.75.0:
+ core:
- Fix rendering of some annotations
- Fix crashes in broken files
- Small internal code improvements
+ cpp:
- Improve documentation
- tests: Add showing version information to poppler-dump
+ utils:
- pdfattach: new util
- pdftohtml: add -dataurls parameter
- pdftoppm: add -sep and -forcenum parameters
- pdftohtml: make singleHtml and stout not mutually exclusive
- pdfsig: fix use after free
- Bump poppler_sover following upstream changes.
- Update to version 0.74.0:
+ core:
- Remove support for obsolete systems.
- Include timezone in timeToDateString().
- Fix/silence some warnings.
- Fix issues with broken files.
+ build system:
- Fix linking in FreeBSD.
- Fix fseeko configure check on Android for API level < 24.
- Remove unused MacroPushRequiredVars.cmake.
+ qt5:
- Add API that lazily builds an outline by wrapping the
internal objects.
- Demo: Use new API to build Table Of Contents lazily.
+ glib:
- Improve documentation.
- Fix cast from 'GTime *' (aka 'int *') to 'time_t *'
(aka 'long *').
+ utils: pdfsig: add -nssdir option.
+ cpp: Add a way to get all the named destinations in a document.
- Bump poppler_sover following upstream changes.
- Update to version 0.73.0:
+ core:
- Fix regression reading some encrypted files.
- Add X509CertificateInfo classes.
- Add new 'IgnoreDiacritics' option to ::findText().
- Open files with CLOEXEC flag set.
- Remove Gulong, Guint, Gushort, Guchar typedefs.
- Fix handling of some broken files.
+ qt5:
- Expose X509CertificateInfo.
- Add the possibility of getting version.
- Add new 'IgnoreDiacritics' search flag.
- Make initialization of globalParams threadsafe.
- ArthurOutputDev: Remove all Splash code usage.
+ cpp:
- Make initialization of globalParams threadsafe.
- Fix page::text_list encoding issue.
- Improve handling of UTF-16 by considering Endianess.
- Add API to specify a custom data directory.
+ glib:
- add new 'POPPLER_FIND_IGNORE_DIACRITICS' find flag.
- Fix named destinations.
- Make PrintScaling preference available in API.
+ build system:
- Rename ENABLE_XPDF_HEADERS to
ENABLE_UNSTABLE_API_ABI_HEADERS.
- support enabling NSS on mingw.
- Windows: only set SOVERSION for shared libs.
- Bump poppler_sover following upstream changes.
- Pass ENABLE_UNSTABLE_API_ABI_HEADERS=on to cmake, replacing
ENABLE_XPDF_HEADERS=on we had before.
- Update to version 0.72.0:
+ core:
- Fix checkbox lacking AP not being able to change state.
- Draw line annotation endings (arrow, circle, ...).
- cairo: Don't use UNIQUE_ID for PS output, to avoid using PS
memory on cairo >= 1.5.10.
- Be more stubborn looking for a nssdb.
- GooString::fromInt: Repair the return value.
- Minor performance improvements.
- Avoid cycles in PDF parsing.
- Stream::makeFilter: Fix memory leak.
- Fix various issues with malformed files.
- Rename GooString::getCString to GooString::c_str.
- Regenerate UnicodeDecompTables.h from python 3.7.1.
+ utils:
- pdfdetach: Check for valid embedded file before trying to
save it.
- pdfdetach: Check for valid file name of embedded file before
using it to determine save path.
- Fix typos in utils.
+ glib:
- Fix missing PopplerAttachment destructor call.
- Support getting form widget additional actions.
- docs: Small improvements.
+ qt5: Internally compile with -DQT_NO_SIGNALS_SLOTS_KEYWORDS.
- Bump poppler_sover following upstream changes.
- Update to version 0.71.0:
+ core:
- Replace the implementation of GooString by std::string but
keep the exact interface intact.
- Replace GBool, gTrue, and gFalse by bool, true, false, resp.
- Splash: Fix crash if document is malformed (too wide).
+ qt5:
- Fix crash when adding Highlight Annotations.
- Default to hidden symbols.
- Fix two leaks in a test.
+ glib:
- demo: Fix build on Windows.
- demo: Align property labels to top of cell.
+ cpp: Fix typos in documentation.
+ build system:
- Enable searching for GTK on Windows
- Remove unused files
- Add fuzzer target from oss-fuzz project
- Changes from version 0.70.1:
+ glib: Install missing file.
- Changes from version 0.70.0:
+ core:
- FreeText annotations: default to font from default appearance
string.
- Splash: Speed improvements.
- Fix security issues found by oss-fuzz.
- Improve page lable parsing.
- Use std some std classes instead of self grown ones.
- Various internal improvements.
+ glib:
- Fix crash on missing embedded file.
- Add support for PDF subtype property.
- Only export symbols in the public API.
+ qt5:
- Add Page::index() method.
- Improve method to get the page from a label string.
+ utils: pdftohtml: Improve font handling.
- Bump poppler_sover following upstream changes.
- Update to version 0.69.0:
+ core:
- Add annotation font color
- Splash: Some speed improvements
- PSOutputDev: add native support for type 7 shadings when
using level 3
- Add support for PDF subtype property
- Link: Fix memory leak regarding next actions
- Fix handling of Signature Info Location and Reason
- Fix errors in computation of type3 glyphs transformation
matrix
- Reimplement Dict class in a more modern way
- Fix security issues found by oss-fuzz
- Fix memory issues in GfxImageColorMap copy ctor
- Don't abort if the SampleFunction has too many samples.
Issue glfdo#poppler/poppler#634
- Document the OutputDev::clip and OutputDev::oeClip methods
- Fix macOS compilation due to boolean define in jpeglib
- Split GDir and GDirEntry out of gfile.h.
Issue glfdo#poppler/poppler#370
+ qt5:
- Add annotation font color
+ utils:
- pdfinfo: Show PDF subtype
- pdftotext: Fix only outputs first page content with
- bbox-layout option. Issue glfdo#poppler/poppler#88
- pdftotext: Fix memory leak in printLine
+ build system
- Require C++14
- Update to version 0.68.0:
+ core:
- Add Reason and Location to SignatureInfo (fdo#107299).
- Fix memory misuse on signature handling
- Fix security issues found by oss-fuzz
- Don't give a warning when Marked value is false (fdo#107430).
+ qt5: Add Reason and Location to SignatureInfo (fdo#107299).
+ cpp:
- Add rotation() to text_box (fdo#106562).
- Fix build with MSVC
+ utils:
- pdftoppm: Add -jpegopt optimize option support
- pdftocairo: Add -jpegopt optimize option support
- pdftohtml:
. Add option to not round coordinates
. Fix possible crash (fdo#107316).
+ build system:
- Use OpenJpeg cmake config file instead of pkgconfig
- Remove wchar_t- on MSVC
- Changes from version 0.67.0:
+ core:
- Fix lots of security/leak issues found by oss-fuzz
- Splash:
. Optimize some files, making them 20% faster
. Correctly manipulate spot colors if SPOT_NCOMPS != 4
- Fix compilation with some strict compilers.
- Bump poppler_sover following upstream changes.
- Add openjpeg2 BuildRequires: New dependency.
- Update to version 0.66.0:
+ core:
- Fix lots of security/leak issues found by oss-fuzz
- Splash: Optimize some files, making them 20% faster
- Splash: Correctly manipulate spot colors if SPOT_NCOMPS != 4
- Fix compilation with some strict compilers
- Changes from version 0.65.0:
+ core:
- SplashOutputDev: Add the invisible character check
beginType3Char. (fdo#106244)
- XRef: Fix runtime undefined behaviour. (fdo#105970)
- Fix issues with malformed documents.
(fdo#104942), (fdo#103238)
- Remove GooHash after replacing it by std::unordered_map
- Add conversion methods between GooString and std::string.
+ cpp:
- Add newline after error message
- Expose more image modes, add option to select mode in
renderer. (fdo#105558)
+ build system:
- Fix compilation with libc++
- Small improvement to FindLIBOPENJPEG2.cmake
+ qt5:
- Add widget annot actions to FormFields
+ utils:
- pdffonts: Minor formatting changes in the man page.
(fdo#105194)
- Changes from version 0.64.0:
+ core:
- Workaround form field text not being drawn on broken files.
(fdo#103245)
- Add read only setter for form fields
- Add support for Link Hide action
- Add support for Next actions in Links
- Fix parsing of Annot focus out actions
- Fix PDFDoc::checkHeader() for PDFs smaller than 1 KiB.
(fdo#105674)
- Add const to several classes and members
- gfile: Fix build on some platforms
- Fix issues with on malformed documents.
(fdo#105972), (fdo#105969), (fdo#106059), (fdo#106061)
- Several small code improvements
+ qt5:
- Allow setting of Form visibility status
- Allow setting of Form read only status
- Add support for Link Hide action
- Add support for Next actions in Links
- ArthurOutputDev: Implement axialShadedFill
- ArthurOutputDev: Implement drawImageMask. (fdo#105531)
- ArthurOutputDev: Implement Type3 font support
+ utils:
- pdfsig: Add -dump which writes signatures to disk
(fdo#104881)
+ glib:
- less deprecated calls
+ build system:
- bring back the option to disable GObject introspection
- Add iconv include dir when compiling
- Make it possible to build poppler without fontconfig.
Default for Android.
- Bump soversion and data_version to 77 and 0.4.9 respectively.
- Update to version 0.63.0:
+ Core:
- CairoOutputDev: support embedding CCITT image data.
(fdo#103399)
- CairoOutputDev: limit image size when printing.
(fdo#103399)
- CairoOutputDev: use GOOD instead of BEST as the default
cairo filter for scaling. (fdo#103136)
- Error out on save if file has changed since we opened it.
(fdo#103793)
- PDFDoc: use %c instead of \x to output binary. (fdo#103873)
- Fix index out of bounds undefined behaviour in PSTokenizer.
(fdo#103583)
- Fix opening files with OutlineItem loops. (fdo#102914)
- Fix some bugs in StructTreeRoot parsing of parent tree.
(fdo#103912)
- Remove error for wrong child type for tagged pdf.
(fdo#103587)
- FoFiTrueType::readPostTable() from xpdf 4.00.
(fdo#102880)
- GfxFontDict: merge reference generation from xpdf 4.00.
(fdo#104565)
- Reset lastAbortCheck on updateLevel reset
- PDFDoc::setup: Fail early if base stream length is 0.
(fdo#103552)
- Check curStr is actually a Stream before doing Stream
operations. (fdo#104518)
- Fix new Object API porting bug. (fdo#104517)
- Check return code of getChar(), abort reading on error.
(fdo#104502)
- TextPage: Add horizontal scaling to font matrix.
(fdo#105259)
- Fix EmbedStream replay. (fdo#103446)
- Fix memory leak on error condition
- Fix assert on malformed documents. (fdo#104354)
- Fix abort in Gfx::opBeginMarkedContent if args[1] is not
a name. (fdo#104468)
- GfxGouraudTriangleShading::parse: Don't abort on malformed
documents. (fdo#104567)
- GfxFunctionShading::parse: Fix abort in malformed document.
(fdo#104581)
- Remove the extern C from glib.h. (fdo#103621)
- Don't let ArthurOutputDev be friend of SplashPath anymore
- Fix undefined sanitizer warning about qsort
- Form.h: include time.h for time_t
- Various code improvements
+ Qt5:
- Add cancellation support to renderToImage and textList
- Do not assume all Screen annotation actions are Renditions.
(kde#388175)
- qt5: Implement operator= for PageTransition
- ArthurOutputDev: 'clip' should intersect new and old clipping
path
- ArthurOutputDev: Implement updateBlendMode
- ArthurOutputDev: Replace the QPainter by a stack of QPainters
- ArthurOutputDev: Rudimentary support for transparency groups
- Remove stale libcms1 code. (fdo#104358)
- demo: don't crash if page is malformed
- Fix warnings due to the use of deprecated overloads of
Poppler::Page::Search in tests.
+ Utils:
- pdfimages: Fix for files with flate encoded inline images.
(fdo#103446)
- pdftocairo: Remove stale libcms1 code. (fdo#104358)
- pdfimages: Fix build without libtiff and libpng
- pdfseparate: Fix buffer size warning due to missing space
for null terminator
+ Build System:
- Enable building all libs as static libs
- Enable no-missing-field-initializers
- Remove unused FindLIBOPENJPEG.cmake
- Add "--owner root:0 --group root:0" options to tar command
in dist target. (fdo#104398)
- Add python3 support to gtkdoc.py
- gtkdoc.py: Make it work with newer gtk-doc. (fdo#105075)
+ Cpp:
- Add page::text_list
==== powerdevil5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: powerdevil5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- No code changes since 5.17.1
==== qqc2-desktop-style ====
Version update (5.55.0 -> 5.63.0)
- Update to 5.63.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.63.0.php
- Changes since 5.62.0:
* Fix several build system errors
* Fix typo
* take margins from qstyle
* [QQC2 Desktop Style] Port away from deprecated methods in Qt 5.14
* [Tab] Fix sizing (kde#409390)
- Update to 5.62.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.62.0.php
- Changes since 5.61.0:
* Prevent dragging QQC2 ComboBox contents outside menu
* metainfo.yaml: set fancy name, auto-name from cmake project() is not nice
* metainfo.yaml: remove bogus note about library to link to
- Replace foo-devel with cmake(KF5Foo) in build requirements
- Update to 5.61.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.61.0.php
- Changes since 5.60.0:
* Fix broken guard that prevents styling sliders with negative values
* Slow down the busy indicator's rotation speed
* Fix "Type error" when creating a TextField with focus: true
* [ComboBox] Set close policy to close on click outside instead of only outside parent (kde#408950)
* [SpinBox] Set renderType (kde#409888)
- Don't lower minimum Qt version anymore, it requires 5.11 now
- Drop patch to support Qt 5.9:
* 0001-Fix-MobileTextActionsToolBar.qml-with-Qt-5.9.patch
- Drop patch for Leap 42.3 which is EOL:
* fix-build-with-gcc48.patch
- Update to 5.60.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.60.0.php
- Changes since 5.59.0:
* Remove Qt 5.11 ifdef since we require that version now
* MobileTextActionsToolBar: fix runtime warnings when controlRoot isn't set yet (kde#408719)
* Show shortcut in menu item when specified (kde#405541)
* Add MenuSeparator
* Fix ToolButton remaining in a pressed state after press
* [ToolButton] Pass custom icon size to StyleItem
* honor visibility policy (kde#407014)
- Refreshed patches:
* 0001-Fix-MobileTextActionsToolBar.qml-with-Qt-5.9.patch
- Update to 5.59.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.59.0.php
- Changes since 5.58.0:
* Remove DefaultListItemBackground and MenuItem animation
* [QQC2 Slider Style] Fix wrong handle positioning when initial value is 1 (kde#405471)
* guard minimum and maximum for sliders
* ScrollBar: Make it work as a horizontal scroll bar as well (kde#390351)
- Update to 5.58.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.58.0.php
- Changes since 5.57.0:
* Avoid nesting Controls in TextField (kde#406851)
* make the mobile text toolbar appear only on press
* [TabBar] Update height when TabButtons are added dynamically
* refer to the proper id
* use the new Kirigami.WheelHandler
* Support custom icon size for ToolButton
* It compile fine without foreach
Refreshed patches:
* 0001-Fix-MobileTextActionsToolBar.qml-with-Qt-5.9.patch
- Update to 5.57.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.57.0.php
- Changes since 5.56.0:
* the plasma desktop style supports icon coloring
* [SpinBox] Improve mouse wheel behavior
* add a bit of padding in ToolBars
* fix RoundButton icons
* scrollbar based padding on all delegates
* look for a scrollview to take its scrollbar for margins
- Update to 5.56.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/kde-frameworks-5.56.0.php
- Changes since 5.55.0:
* Use PointingHand when hovering links in Label
* Respect the display property of buttons
* clicking on empty areas behaves like pgup/pgdown (kde#402578)
* Support icon on ComboBox
* support text positioning api
* Support icons from local files in buttons
* Use the correct cursor when hovering over the editable part of a spinbox
==== re2 ====
Version update (20190301 -> 20190901)
- update to 2019-09-01:
* build system fixes
- Update to 2019-08-01:
* Update Unicode data to 12.1.0
* Various developer visible changes
- Fix download url
- Update to 2019-07-01:
* developer visible changes
==== samba ====
Version update (4.9.5+git.187.71edee57d5a -> 4.9.5+git.210.ab0549acb05)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit samba-libs-python samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit
- CVE-2019-14847: User with "get changes" permission can
crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
separators; (bso#14071); (bsc#1144902);
- CVE-2019-14833: samba: Accent with "check script password"
Samba AD DC check password script does not receive the full
password; (bso#12438); (bsc#1154289).
- Fix broken username/password authentication with CUPS and
smbspool; (bsc#1152143); (bso#14128).
- Fix auth problems when printing via smbspool backend with kerberos;
(bnc#1148539); (bso#13832).
==== scout ====
Version update (0.2.1+20181004.20a0aae -> 0.2.2+20190613.e6c2668)
Subpackages: command-not-found
- Update to version 0.2.2+20190613.e6c2668:
* Bump version to 0.2.2
* Fix bug where sbin packages would print as bytes strings (boo#1135598)
* Newly generated po files (new line numbers).
* The make_trans script did not work, because strings were not marked because of eval
* Fix bash i18n support. The translations are expanded during definition of the function, when LANG is not yet set. Use eval to postpone it.
* Fix i18n support.
* Updated translations
==== snapper ====
Version update (0.8.5 -> 0.8.6)
Subpackages: libsnapper4 snapper-zypp-plugin
- add --machine-readable option for CSV and JSON outputs.
- add --columns option for selecting columns in the commands list,
list-configs and get-config.
- bsc#1149322
- version 0.8.6
==== systemsettings5 ====
Version update (5.17.1 -> 5.17.2)
Subpackages: systemsettings5-lang
- Update to 5.17.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.17.2.php
- Changes since 5.17.1:
* [sidebar] Add a hover effect to intro page icons
==== texlive ====
- Add patch poppler-fix-0.79.patch to fix compilation with poppler
0.79 which has many api incompatible changes aggregated since 0.63
(boo#1152776).
- Fix broken link to texlive-20170524-source-poppler059-1.patch .
==== xfce4-screenshooter ====
Version update (1.9.6 -> 1.9.7)
Subpackages: xfce4-screenshooter-lang
- Update to version 1.9.7
* Add warning notice to imgur upload option (bxo#15347)
* Fix cursor capture when near screen edge (bxo#9262)
* Improve wording (bxo#15429)
* Allow compilation with panel 4.15
* Restore libxfce4ui 4.12 compatibility
* Translation Updates
==== xfce4-whiskermenu-plugin ====
Version update (2.3.3 -> 2.3.4)
Subpackages: xfce4-whiskermenu-plugin-lang
- Update to 2.3.4
* Fix building against xfce4-panel 4.15.0
* Translation updates
==== yast2-installation ====
Version update (4.2.19 -> 4.2.20)
- Implement upgrade for the Full medium (jsc#SLE-7101)
- 4.2.20
==== yast2-packager ====
Version update (4.2.30 -> 4.2.31)
- Do not crash when the product licenses cannot be read
(bsc#1155454)
- 4.2.31
==== yast2-pkg-bindings ====
Version update (4.2.0 -> 4.2.1)
- Returning raw packages dependencies while calling
<Y2Packager::Resolvable>.deps (bsc#1132650).
- 4.2.1
==== yast2-ruby-bindings ====
Version update (4.2.3 -> 4.2.4)
- Added symbol for new UI CustomStatusItemSelector widget
(bsc#1084674)
- Added symbol for UI icon term
- 4.2.4
==== yast2-schema ====
Version update (4.2.5 -> 4.2.6)
- Update schema to support setting the encryption method through
the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.6
==== yast2-storage-ng ====
Version update (4.2.50 -> 4.2.54)
- AutoYaST: do not repeat filesystem related information when
cloning multidevice Btrfs filesystems (bsc#1148578).
- AutoYaST: do not export the enable_snapshots element for drives
which do not contain the root filesystem.
- 4.2.54
- AutoYaST: add support to set the encryption method (related to
jsc#SLE-7376).
- 4.2.53
- fix creation of secure key for new partitions (bsc#1154267)
- 4.2.52
- AutoYaST: consider CT_DMMULTIPATH an alias of CT_DISK (related
to bsc#1130988).
- 4.2.51
==== yast2-update ====
Version update (4.2.7 -> 4.2.10)
- Fixed too eager Rubocop cleanup resulting in "No fstab found"
error after selecting a partition to upgrade (related to
jsc#SLE-7101)
- 4.2.10
- Implement upgrade for Full medium (jsc#SLE-7101)
- 4.2.9
- Add support for online auto_upgrade (jsc#SLE-7214)
- 4.2.8
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
1
0
11 Nov '19
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaThunderbird (68.2.0 -> 68.2.1)
NetworkManager
PackageKit
a2ps
abcde
awesfx
boost-base
boost-extra
engrampa (1.23.0 -> 1.23.1)
gnome-shell (3.34.1+6 -> 3.34.1+7)
ipset (7.3 -> 7.4)
jack (1.9.12 -> 1.9.13)
jasper
kdevelop5 (5.4.3 -> 5.4.4)
mhvtl
ncurses
open-iscsi
opencv3 (3.4.6 -> 3.4.7)
perl-Archive-Zip (1.64 -> 1.67)
perl-Mojolicious (8.25 -> 8.26)
samba (4.11.0+git.95.c88b5f2c0c6 -> 4.11.2+git.99.f93cc798f2e)
soxr
sshfs (3.5.2 -> 3.6.0)
texlive
virtualbox
xfce4-screenshooter (1.9.6 -> 1.9.7)
xfce4-whiskermenu-plugin (2.3.3 -> 2.3.4)
xslide
=== Details ===
==== MozillaThunderbird ====
Version update (68.2.0 -> 68.2.1)
Subpackages: MozillaThunderbird-translations-common
- Mozilla Thunderbird 68.2.1
* A language for the user interface can now be chosen in the
advanced settings (multilingual UI)
* Fixed problem with Google authentication (OAuth2)
* Selected or unread messages were not shown in the correct color
in the thread pane (message list) under some circumstances
* When using a language pack, names of standard folders weren't
localized (boo#1149126)
* Address book default startup directory in preferences panel was
not persisted
* Chat: Extended context menu on Instant messaging status dialog
(Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
big endian platforms
==== NetworkManager ====
Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0
- Drop NetworkNanager-client recommends: this is no longer needed,
as NM itself ships a frontend by now (nmtui). If a DE has a
better way to manage NM (by means of applets or other way of
integration) it is up to the DE to depend on the applets.
==== PackageKit ====
Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0
- Remove zypp-Switch-to-doUpgrade-solver-when-required-by-distribution.patch,
rebase zypp-perform-actions-disallowed-by-update-in-upgrade-mode.patch,
add PackageKit-zypp-dont-set-upgrade-mode-on-updating-specific-packages.patch:
zypp: Don't set upgrade mode in update-packages
(gh#hughsie/PackageKit#345).
- Add PackageKit-zypp-get-updates-dup-or-up.patch: Fix get-updates
in Tumbleweed(gh#hughsie/PackageKit#343).
- Modify PackageKit-systemd-timers.patch: Port the cron
configuration variables to the script, and add -sendwait
parameter to mail in the script(bsc#1130306).
- Refresh patches with quilt.
- Drop PackageKit-cron-without-sleep.patch: Not needed for any
current version of openSUSE.
- Add PackageKit-drop-gtk2.patch: Port away from gtk2 dependency,
drop gtk2-devel BuildRequires (gh#/hughsie/PackageKit#333).
- Add autoconf-archive BuildRequires and run autogen.sh, needed as
above patch touches buildsystem.
- Add PackageKit-zypp-fix-what-provides-newest-filter.patch:
zypp: Add support for newest filter in what-provides(bsc#984865,
gh#hughsie/PackageKit#335).
- Rename PackageKit-remove-default-thread-check.patch to
PackageKit-add-mutex-lock-to-protect-backend-priv-eulas.patch,
and update it with the one accepted upstream.
- Add PackageKit-zypp-fix-newest-filter.patch: zypp: Emit installed
package for newest filter (bsc#1125434, gh#hughsie/PackageKit#329).
- Add zypp-perform-actions-disallowed-by-update-in-upgrade-mode.patch
to fix switch to upgrade mode in the backend
- Add PackageKit-remove-polkit-rules.patch: Remove polkit rules
file (bsc#1125434).
- Limit fdupes to the btrfs subvolume.
- Combine %service_* calls to reduce generated boilerplate.
- Redo summaries without em dashes.
- Reduce %systemd_requires to %systemd_ordering; %service_*
can deal with the absence of it.
- Modify PackageKit-systemd-timers.patch: Fix unit field in
packagekit-background.timer (boo#1126943).
- Add zypp-Switch-to-doUpgrade-solver-when-required-by-distribution.patch
so Tumbleweed can properly update
- Add PackageKit-systemd-timers.patch: Migrate from cron to
systemd timer (bsc#1115410).
- Drop PackageKit-avoid-endless-loop-on-autoupdate.patch: With
PackageKit-return-on-transactions-going-backwards.patch and
PackageKit-remove-default-thread-check.patch, EULA promt works
without any issue (bsc#1038425).
- Add PackageKit-remove-default-thread-check.patch: Remove the
pk_is_thread_default() check in pk_backend_is_eula_valid() so
that we can call it in zypp backend without any issue
(gh#hughsie/PackageKit#301, bsc#1038425).
- Add PackageKit-return-on-transactions-going-backwards.patch:
transaction: Return directly when its state is going backwards
(gh#hughsie/PackageKit#301, bsc#1038425).
- Update to version 1.1.12:
+ common: Handle quoted strings in /etc/os-release.
+ offline update: Fix translations to show up.
+ Backends:
- zypp: Implement GetFilesLocal in zypp backend.
- Various changes related to aptcc and dnf.
- Changes from version 1.1.11:
+ New Features:
- Add --autoremove option to pkcon.
- Shutdown the daemon on idle by default.
+ Bugfixes:
- De-register callbacks on PkClientHelper finalize.
- Don't complain if command-not-found get uninstalled while
running.
- Fix critical on idle shutdown.
- Fix issues with debconf helper not working.
- Never assert when an interactive TTY is not available.
- Schedule offline update service to run after
system-update-pre.target.
- Shut down services cleanly before rebooting after offline
updates.
+ Backends:
- Various changes related to aptcc, dnf and nix.
- Drop PackageKit-get-files-local.patch: fixed upstream.
- Add files/directories created by tmpfiles.d under /var as ghost
entries to the rpm filelist.
- Add PackageKit-get-files-local.patch: Implement GetFilesLocal
method in zypp backend (bsc#1097581).
- Add PackageKit.tmpfiles: Use tmpfile.d to make sure PackageKit
doesn't package files in /var (bsc#1098042).
- offline updates should be disabled in Leap too, just like SLE
- Update to version 1.1.10:
+ Notes: This release fixes CVE-2018-1106 which is a moderate
security issue (boo#1086936).
+ Backends:
- zypp:
. Implement GetDetailsLocal in zypp backend.
. Improve refresh-cache function in zypp backend.
- Various changes related to aptcc and dnf.
- Drop PackageKit-zypp-backend-improve-refresh-cache.patch and
PackageKit-zypp-backend-get-details-local.patch: Fixed upstream.
- Drop NetworkManager-devel BuildRequires: Not used since version
1.1.7.
- Disable offline-update when building for SLE.
- Remove pkgconfig(npapi-sdk) BuildRequires:, it is no longer
needed as browser plugin is not built since 1.1.0.
- Unconditionally enable translation-update-upstream: on
Tumbleweed, this results in a NOP and for Leap in SLE paid
translations being used (boo#1086036).
- Update to version 1.1.9:
+ Fix missing PK_STATUS_ENUM_RUN_HOOK in pk-enum.c.
+ Fix Qt annotation on DBus signature.
+ client: Fix an invalid read when cancelling races with Finish.
+ engine: Fix a memory leak when handling GetTransactionList.
+ Fix getting user session ID with D-Bus "user bus" model.
+ Fix g_object_ref() type cast warnings with glib 2.56.
+ Rename "Software Sources" to "Software Repositories".
+ transaction: Don't leak polkit authority.
+ transaction: Fix a memory leak when authorizing actions.
+ transaction: Log transaction completed messages on debug, not
info level.
+ Backends:
- zypp: remove memory leak from zypp backend.
- Various changes related to aptcc, dnf, slack and urpmi.
- Modernize spec-file by calling spec-cleaner
- Add PackageKit-zypp-backend-get-details-local.patch: Implement
GetDetailsLocal method in zypp backend (bsc#1008287).
- Update to version 1.1.8:
+ Notes: The Slackware backend was renamed from "katja" to
"slack".
+ Libraries:
- Add getters for PkEulaRequired.
- Add new pk_results_set_role() API.
+ New Features: Save transaction role to the offline update
results file.
+ Bugfixes:
- Various fixes to docs.
- Bring introspection and vapigen m4 macros into the source.
- command-not-found: Be more explicit when ignoring path
components.
- service: Use ConditionPathExists=!/run/ostree-booted.
+ Backends:
- zypp: Return error if invalid package IDs are detected.
- Various changes related to aptcc and slack.
- Drop PK-zypp-return-error-invalid-package-ids.patch: fixed
upstream.
- Drop autoconf-archive and automake BuildRequires and no longer
call autoreconf: no patch changes the build system.
- Replace --enable/disable-systemd-updates configure parameter with
- -enable/disable-offline-update: the relevant systemd-updates
parameters have not been valid since PackageKit 1.0.0.
- Drop --with-default-backend=zypp configure parameter: this has
not been udnerstood since PackageKit 1.0. PK just used the one
and only backend installed in the distro.
==== a2ps ====
Subpackages: liba2ps1
- Remove obsolete Groups tag (fate#326485)
==== abcde ====
- Remove obsolete Groups tag (fate#326485)
==== awesfx ====
- Remove obsolete Groups tag (fate#326485)
==== boost-base ====
Subpackages: boost-license1_71_0 boost1_71_0-jam libboost_date_time1_71_0 libboost_filesystem1_71_0 libboost_headers1_71_0-devel libboost_iostreams1_71_0 libboost_locale1_71_0 libboost_program_options1_71_0 libboost_regex1_71_0 libboost_thread1_71_0
- Use new openmpi-macros-devel package
==== boost-extra ====
- Use new openmpi-macros-devel package
==== engrampa ====
Version update (1.23.0 -> 1.23.1)
Subpackages: engrampa-lang
- Fix build error complaining about conflicting types for
g_ptr_array_copy by updating to 1.23.1.
- Update to version 1.23.1:
* Update translations
* glib-utils: Remove unused function - g_ptr_array_copy
* Remove some unused/deprecated functions
* Various smaller fixes
==== gnome-shell ====
Version update (3.34.1+6 -> 3.34.1+7)
Subpackages: gnome-shell-calendar gnome-shell-lang
- Rebase patch gnome-shell-domain.patch and
gnome-shell-1007468-lock-screen-SUSE-logo-missing.patch.
- Update to version 3.34.1+7:
* dnd: Skip drag target when its acceptDrop() throws an exception
==== ipset ====
Version update (7.3 -> 7.4)
Subpackages: libipset13
- Update to release 7.4
* Wildcard support for the "hash:net,iface" type.
==== jack ====
Version update (1.9.12 -> 1.9.13)
- Update to 1.9.13
* Meta-data API implementation. (and a few tools updated with support for it)
* Correct GPL licence to LGPL for files needed to build libjack.
* Remove FreeBoB backend (superseded by FFADO).
* define JACK_LIB_EXPORT, useful for internal clients.
* Mark jack_midi_reset_buffer as deprecated.
* Add example systemd unit file
* Signal to systemd when jackd is ready.
* Set "seq" alsa midi driver to maximum resolution possible.
* Fix loading internal clients from another internal client.
- Delete the following patches, as they were fixed upstream:
* 0001-Make-jack_control-python2-3-compatible.patch
* fix-mmap-return-value-check.patch
* jack-waf2.patch
- Add 0001-fix-complation-on-arm.patch
==== jasper ====
- bsc#1117507 CVE-2018-19541: Properly fix heap based overread
in jas_image_depalettize. Original fix caused segfaults.
Update jasper-CVE-2018-19541.patch
==== kdevelop5 ====
Version update (5.4.3 -> 5.4.4)
Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform54
- Update to 5.4.4
* Fix copyright date display in About KDevelop/KDevPlatform
dialogs (kde#413390)
* FindClang.cmake: also search LLVM version 9
* Clang: Workaround for empty problem ranges at start of document
==== mhvtl ====
- Change install of systemd generatos to /usr/lib/systemd/...
instead of /usr/libexec/systemd/..., which does not yet exist,
to fix build issue
==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen
- Add tack patch 1.08-20190721
* tack.c, edit.c, tack.h: gcc-8.x-warnings
* init.c, edit.c: gcc 4.x warning
* charset.c: update copyright
* charset.c: rewrite of set_attr resulted in off-by-one loop limit
* aclocal.m4:
add CF_CURSES_TERM_H to get proper ifdef's for the boolnames arrays
* configure.in: add CF_CURSES_TERM_H
* aclocal.m4: add CF_TERMIOS_TYPES, from xterm
* sysdep.c: use termios types such as tcflag_t
* configure.in: use CF_TERMIOS_TYPES
* tack.h: update copyright
* aclocal.m4: resync with my-autoconf
* package/debian/changelog, package/tack.spec, tack.h: bump
* config.sub: 2019-06-30
* config.guess: 2019-06-10
- Add ncurses patch 20191026
+ add a note in man/curs_add_wch.3x about Unicode terminology for the
line-drawing characters (report by Nick Black).
+ improve comment in lib_tgoto.c regarding the use of \200 where a
\0 would be intended by the caller (report by "64 bit", cf: 20000923).
+ modify linux-16color to accommodate Linux console driver change in
early 2018 (report by Dino Petrucci).
- Correct offsets of hunks of patch ncurses-6.1.dif for misc/terminfo.src
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix issue where CHAP was not working after latest update
(bsc#1155510), updating:
* open-iscsi-SUSE-latest.diff.bz2
==== opencv3 ====
Version update (3.4.6 -> 3.4.7)
- Update to 3.4.7
Maintenance release, no changelog provided
* Security fixes: CVE-2019-14491 (boo#1144352), CVE-2019-14492
(boo#1144348).
- Drop fix_processor_detection_for_32bit_on_64bit.patch: fixed
upstream.
- Add CVE-2019-15939.patch: add input check in HOG detector
(boo#1149742 CVE-2019-15939).
==== perl-Archive-Zip ====
Version update (1.64 -> 1.67)
- Update to 1.67
see /usr/share/doc/packages/perl-Archive-Zip/Changes
1.67 Sun 06 Oct 2019
- Fixed compatibility issues with zip64 format (defined-or, pack)
- Fixed hard-coded version fields introduced in version 1.66
- Fixed merge glitch with tests 26 and 27
- Fixed merge glitch with bzip passthrough
- Updated bzip test file to avoid zip bomb detection
- updated to 1.66
see /usr/share/doc/packages/perl-Archive-Zip/Changes
1.66 Mon 16 Sep 2019
- Refactored low-level methods for reading and writing zip files
in zip64 format. Added new parameters and return values to
most of these. Extended constants in Archive::Zip to cover
zip64 formats and lengths.
- Added public APIs
Archive::Zip::Archive::zip64
Archive::Zip::Archive::desiredZip64Mode
Archive::Zip::Archive::versionMadeBy
Archive::Zip::Archive::versionNeededToExtract
Archive::Zip::Member::zip64
Archive::Zip::Member::desiredZip64Mode
and constants
Archive::Zip::ZIP64_AS_NEEDED
Archive::Zip::ZIP64_EOCD
Archive::Zip::ZIP64_HEADERS
plus POD on these.
- Added tests for zip64 format in t/21_zip64.t and more test zip
files below t/data. Extended tests in t/02_main.t to perform
all existing tests in all possible desired zip64 modes.
- Extended methods
Archive::Zip::Member::localExtraField
Archive::Zip::Member::cdExtraField
to perform format checks when called as setters and to reject
any zip64 extended information extra fields passed by the user.
Extended POD and tests in t/02_main.t accordingly.
- Setting {'compressedSize'} after writing central directory
header.
- Added new optional parameter $noFormatError to method
Archive::Zip::_readSignature to silence any format errros when
testing for signatures.
- Added error handling for potentially failed object conversion
after calling method Archive::Zip::Member::_become. Factored
in method Archive::Zip::Member::_becomeDirectoryIfNecessary
into caller.
- Changed methods
Archive::Zip::Archive::contents
Archive::Zip::Member::contents
(and all inheriting from these) to consistently return a pair
($contents, $status) when called in list context and a scalar
$contents when called in scalar context. Extended tests in
t/02_main.t accordingly.
- Changed method Archive::Zip::Member::extractToFileHandle to
accept a file name instead of a file handle when extracting
symbolic links. Changed lower-level and higher-level methods
to use that feature. Cleaned up code related to the handling
of symbolic links. Added creation of intermediate directories
in method Archive::Zip::Member::extractToFileNamed for symbolic
links as well. Reporting errors from symlink call as AZ-error.
Added POD and test zip file t/data/symlink.zip and tests in
t/26_symlinks.t for these changes.
- Cleaned up code and added comment related to that highly
dubious (?) {'wasWritten'} logic.
- updated to 1.65
see /usr/share/doc/packages/perl-Archive-Zip/Changes
1.65 Sat 7 Sep 2019
- Fix for members using bzip compression [github/pmqs]
- NetBSD doesn't mind empty zips [github/pmqs]
- Solaris test failure, Add diag to failing test to collect data [github/pmqs]
- Test for presence of Test::MockModule [github/pmqs]
- Fix skip line for Windows [github/pmqs]
- Skip tests that assume /tmp on Windows [github/pmqs]
==== perl-Mojolicious ====
Version update (8.25 -> 8.26)
- updated to 8.26
see /usr/share/doc/packages/perl-Mojolicious/Changes
8.26 2019-11-02
- Removed deprecated slice method from Mojo::Collection.
- Moved HTML entities from Mojo::Util into a separate file. (rage311)
- Changed how the state of the event loop is determined in Mojo::Reactor::EV
to be more consistent with Mojo::Reactor::Poll.
==== samba ====
Version update (4.11.0+git.95.c88b5f2c0c6 -> 4.11.2+git.99.f93cc798f2e)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit
- Update to samba 4.11.2
+ CVE-2019-10218: Client code can return filenames containing
path separators; (bsc#1144902); (bso#14071).
+ CVE-2019-14833: Samba AD DC check password script does not
receive the full password; (bso#12438).
+ CVE-2019-14847: User with "get changes" permission can crash
AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
+ Overlinking libreplace against librt and pthread against every
binary or library causes issues; (bso#14140);
+ kpasswd fails when built with MIT Kerberos; (bso#14155);
+ Fix spnego fallback from kerberos to ntlmssp in smbd server;
(bso#14106);
+ Stale file handle error when using mkstemp on a share; (bso#14137);
+ non-AES schannel broken; (bso#14134);
+ Joining Active Directory should not use SAMR to set the password;
(bso#13884);
+ smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
call on an SMB2 connection; (bso#14152);
+ Deleted records can be resurrected during recovery; (bso#14147);
+ getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
(bso#14141);
+ winbind does not list forest trusts with additional trust
attributes; (bso#14130);
+ fault report points to outdated documentation; (bso#14139);
+ pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
trusted domains/forests; (bso#14124);
+ classicupgrade results in uncaught exception - a bytes-like object
is required, not 'str'; (bso#14136);
+ pod2man is not longer required, stop checking at build time;
(bso#14131);
+ Exit code of ctdb nodestatus should not be influenced by deleted
nodes; (bso#14129);
+ username/password authentication doesn't work with CUPS and
smbspool; (bso#14128);
+ smbc_readdirplus() is incompatible with smbc_telldir() and
smbc_lseekdir(); (bso#14094);
==== soxr ====
- Disable LTO (boo#1155011) for ARM targets.
==== sshfs ====
Version update (3.5.2 -> 3.6.0)
- Update to version 3.6.0
* Added "-o direct_io" option.
This option disables the use of page cache in kernel.
This is useful for example if the file size is not known before reading it.
For example if you mount /proc dir from a remote host without the direct_io
option, the read always will return zero bytes instead of actual data.
* Added --verbose option.
* Fixed a number of compiler warnings.
* Improved performance under OS X.
==== texlive ====
Subpackages: libkpathsea6 libsynctex2
- Add patch source-fix-axohelp.patch for bsc#1155411
* CVE-2019-18604: improper use of sprintf
- Add 0001-Updated-tests-after-U-C-upgrade-changed-sortinit-hashes.patch
from upstream (with context modifications to apply correctly) to update
biber tests after the Unicode::Collate upgrade from 1.25 to 1.27
changed sortinit hashes with (at least) perl 5.26, while using
perl 5.28 seems to work fine (boo#1152776)
==== virtualbox ====
Subpackages: virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default
- Try to fix unresolvable kernel version in Leap 15.2.
- Fix build errors in Leap 42.3
- Update "fixes_for_5.4.patch" for kernel API backport in openSUSE 15.2
==== xfce4-screenshooter ====
Version update (1.9.6 -> 1.9.7)
Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin
- Update to version 1.9.7
* Add warning notice to imgur upload option (bxo#15347)
* Fix cursor capture when near screen edge (bxo#9262)
* Improve wording (bxo#15429)
* Allow compilation with panel 4.15
* Restore libxfce4ui 4.12 compatibility
* Translation Updates
==== xfce4-whiskermenu-plugin ====
Version update (2.3.3 -> 2.3.4)
Subpackages: xfce4-whiskermenu-plugin-lang
- Update to 2.3.4
* Fix building against xfce4-panel 4.15.0
* Translation updates
==== xslide ====
- Stop loading xslide automatically because of conflicts with css-mode.el;
bsc#1080086.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
7
8
11 Nov '19
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ImageMagick (7.0.8.68 -> 7.0.9.1)
Mesa (19.2.1 -> 19.2.2)
Mesa-drivers (19.2.1 -> 19.2.2)
MozillaFirefox (69.0.3 -> 70.0.1)
freerdp
gawk
gdb
glib2-branding-openSUSE
grub2 (2.02 -> 2.04)
hwdata (0.326 -> 0.328)
java-11-openjdk (11.0.4.0 -> 11.0.5.0)
kdepim-runtime
kernel-source (5.3.7 -> 5.3.8)
khmeros-fonts ERROR: no changelog
libchamplain (0.12.19 -> 0.12.20)
libdrm (2.4.99 -> 2.4.100)
libglvnd
libical
libical-glib
libreoffice (6.3.3.1 -> 6.3.3.2)
mailutils (3.5 -> 3.7)
man-pages
mdadm
mozilla-nspr (4.21 -> 4.22)
mozilla-nss (3.45 -> 3.46.1)
myspell-dictionaries (20190423 -> 20191016)
perl-HTTP-Cookies (6.04 -> 6.05)
perl-Log-Dispatch (2.68 -> 2.69)
perl-Role-Tiny (2.001003 -> 2.001004)
perl-libwww-perl (6.39 -> 6.41)
php7 (7.3.10 -> 7.3.11)
python-Jinja2 (2.10.1 -> 2.10.3)
python-attrs (19.1.0 -> 19.3.0)
python-base (2.7.16 -> 2.7.17)
python-brotlipy
python-cffi (1.12.3 -> 1.13.0)
python-chardet
python-cryptography (2.7 -> 2.8)
python-ecdsa (0.13.2 -> 0.13.3)
python-jedi
python-matplotlib
python-mypy_extensions (0.4.1 -> 0.4.3)
python-numpy
python-olefile
python-pip (19.2.2 -> 19.3.1)
python-pyparsing
python-python-dateutil
python-requests
python-urllib3
systemd
tcpdump
twolame (0.3.13 -> 0.4.0)
valgrind
vim (8.1.2148 -> 8.1.2233)
wireshark (3.0.5 -> 3.0.6)
xen
yast2 (4.2.29 -> 4.2.30)
zlib
=== Details ===
==== ImageMagick ====
Version update (7.0.8.68 -> 7.0.9.1)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 perl-PerlMagick
- version update to 7.0.9.1
* Fixed numerous issues posted to GitHub (reference
https://github.com/ImageMagick/ImageMagick/issues)
* Support trim:background-color define for -trim option.
- modified sources
% baselibs.conf
==== Mesa ====
Version update (19.2.1 -> 19.2.2)
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Use %pkg_vcmp macro instead of llvm-config to detect LLVM 9.
- Update to version 19.2.2
* assortment of fixes in this release, notably a bunch of work
to get Solaris and illumos working with mesa, as well as more
work fixing issues in the migration of package-config and
headers being handled by libglvnd instead of mesa when mesa
is built with support for glvnd.
There's bunch of other changes here, with radv and intel
leading the pack, otherwise just a few things here and there.
- n_add-Mesa-headers-again.patch
* add Mesa headers again despite of building it against libglvnd;
those headers turned out not to be usable; in addition packaging
headers with libglvnd make dependancies problematic ...
==== Mesa-drivers ====
Version update (19.2.1 -> 19.2.2)
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2
- Use %pkg_vcmp macro instead of llvm-config to detect LLVM 9.
- Update to version 19.2.2
* assortment of fixes in this release, notably a bunch of work
to get Solaris and illumos working with mesa, as well as more
work fixing issues in the migration of package-config and
headers being handled by libglvnd instead of mesa when mesa
is built with support for glvnd.
There's bunch of other changes here, with radv and intel
leading the pack, otherwise just a few things here and there.
- n_add-Mesa-headers-again.patch
* add Mesa headers again despite of building it against libglvnd;
those headers turned out not to be usable; in addition packaging
headers with libglvnd make dependancies problematic ...
==== MozillaFirefox ====
Version update (69.0.3 -> 70.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
dynamic JavaScript to fail to load. (bmo#1592136)
* Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
big endian platforms
- Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
* Firefox Lockwise passwordmanager
* Improvements to core engine components, for better browsing on more sites
* Improved privacy and security indicators
MFSA 2019-34
* CVE-2018-6156 (bmo#1480088)
Heap buffer overflow in FEC processing in WebRTC
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11765 (bmo#1562582)
Incorrect permissions could be granted to a website
* CVE-2019-17000 (bmo#1441468)
CSP bypass using object tag with data: URI
* CVE-2019-17001 (bmo#1587976)
CSP bypass using object tag when script-src 'none' is specified
* CVE-2019-17002 (bmo#1561056)
upgrade-insecure-requests was not being honored for links dragged and dropped
* CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
bmo#1583463, bmo#1586599)
Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- requires
rust/cargo >= 1.36
NSPR >= 4.22
NSS >= 3.46.1
rust-cbindgen >= 0.9.1
- removed obsolete patches
mozilla-bmo1573381.patch
mozilla-nestegg-big-endian.patch
==== freerdp ====
Subpackages: libfreerdp2 libwinpr2
- Add freerdp-Fix-realloc-return-handling.patch: Fix realloc return
handling that results in memory leaks (boo#1153163, boo#1153164,
gh#FreeRDP/FreeRDP#5645, CVE-2019-17177, CVE-2019-17178)
==== gawk ====
- Fix typo in Summary
- Stop overriding %_libexecdir with %_libdir
- Fix the backward compatibility of the inplace extension:
* Add gawk-inplace-namespace-part1.patch
* Add gawk-inplace-namespace-part2.patch
* Add gawk-inplace-namespace-part3.patch
- Run autoreconf as part of the build process
==== gdb ====
- Backport 2nd part of fix for swo#23657.
[bsc#1142772, swo#23657, CVE-2019-1010180]
* gdb-dwarf-reader-reject-sections-with-invalid-sizes.patch
- Add gdb-s390-handle-arch13.diff to handle most new s390 arch13
instructions. [fate#327369, jsc#ECO-368]
==== glib2-branding-openSUSE ====
- Add super+f1 key binding for help to match GNOME default.
==== grub2 ====
Version update (2.02 -> 2.04)
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen
- Disable btrfs zstd support for i386-pc to workaround core.img too large to be
embedded in btrfs bootloader area or MBR gap (boo#1154809)
* 0001-btrfs-disable-zstd-support-for-i386-pc.patch
- Fix grub2.sleep to load old kernel after hibernation (boo#1154783)
- Enable support for riscv64
- Backports from upstream:
* risc-v-fix-computation-of-pc-relative-relocation-offset.patch
* risc-v-add-clzdi2-symbol.patch
* grub-install-define-default-platform-for-risc-v.patch
- Version bump to 2.04
* removed
- translations-20170427.tar.xz
* grub2.spec
- Make signed grub-tpm.efi specific to x86_64-efi build, the platform
currently shipped with tpm module from upstream codebase
- Add shim_lock to signed grub.efi in x86_64-efi build
- x86_64: linuxefi now depends on linux, both will verify kernel via
shim_lock
- Remove translation tarball and po file hacks as it's been included in
upstream tarball
* rediff
- grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
- grub2-commands-introduce-read_file-subcommand.patch
- grub2-secureboot-add-linuxefi.patch
- 0001-add-support-for-UEFI-network-protocols.patch
- grub2-efi-HP-workaround.patch
- grub2-secureboot-install-signed-grub.patch
- grub2-linux.patch
- use-grub2-as-a-package-name.patch
- grub2-pass-corret-root-for-nfsroot.patch
- grub2-secureboot-use-linuxefi-on-uefi.patch
- grub2-secureboot-no-insmod-on-sb.patch
- grub2-secureboot-provide-linuxefi-config.patch
- grub2-secureboot-chainloader.patch
- grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch
- grub2-s390x-02-kexec-module-added-to-emu.patch
- grub2-s390x-04-grub2-install.patch
- grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
- grub2-efi-chainloader-root.patch
- grub2-ppc64le-disable-video.patch
- grub2-ppc64-cas-reboot-support.patch
- grub2-Fix-incorrect-netmask-on-ppc64.patch
- 0003-bootp-New-net_bootp6-command.patch
- 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
- 0012-tpm-Build-tpm-as-module.patch
- grub2-emu-4-all.patch
- grub2-btrfs-09-get-default-subvolume.patch
- grub2-ppc64le-memory-map.patch
- grub2-ppc64-cas-fix-double-free.patch
- 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
* drop upstream patches
- grub2-fix-locale-en.mo.gz-not-found-error-message.patch
- grub2-fix-build-with-flex-2.6.4.patch
- grub2-accept-empty-module.patch
- 0001-Fix-packed-not-aligned-error-on-GCC-8.patch
- 0001-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled-MMIO-da.patch
- unix-exec-avoid-atexit-handlers-when-child-exits.patch
- 0001-xfs-Accept-filesystem-with-sparse-inodes.patch
- grub2-binutils2.31.patch
- grub2-msdos-fix-overflow.patch
- 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
- grub2-efi-Move-grub_reboot-into-kernel.patch
- grub2-efi-Free-malloc-regions-on-exit.patch
- grub2-move-initrd-upper.patch
- 0002-Add-Virtual-LAN-support.patch
- 0001-ofnet-Initialize-structs-in-bootpath-parser.patch
- 0001-misc-fix-invalid-character-recongition-in-strto-l.patch
- 0001-tpm-Core-TPM-support.patch
- 0002-tpm-Measure-kernel-initrd.patch
- 0003-tpm-Add-BIOS-boot-measurement.patch
- 0004-tpm-Rework-linux-command.patch
- 0005-tpm-Rework-linux16-command.patch
- 0006-tpm-Measure-kernel-and-initrd-on-BIOS-systems.patch
- 0007-tpm-Measure-the-kernel-commandline.patch
- 0008-tpm-Measure-commands.patch
- 0009-tpm-Measure-multiboot-images-and-modules.patch
- 0010-tpm-Fix-boot-when-there-s-no-TPM.patch
- 0011-tpm-Fix-build-error.patch
- 0013-tpm-i386-pc-diskboot-img.patch
- grub2-freetype-pkgconfig.patch
- 0001-cpio-Disable-gcc9-Waddress-of-packed-member.patch
- 0002-jfs-Disable-gcc9-Waddress-of-packed-member.patch
- 0003-hfs-Fix-gcc9-error-Waddress-of-packed-member.patch
- 0004-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch
- 0005-acpi-Fix-gcc9-error-Waddress-of-packed-member.patch
- 0006-usbtest-Disable-gcc9-Waddress-of-packed-member.patch
- 0007-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch
- 0008-efi-Fix-gcc9-error-Waddress-of-packed-member.patch
- Consistently find btrfs snapshots on s390x. (bsc#1136970)
* grub2-s390x-04-grub2-install.patch
==== hwdata ====
Version update (0.326 -> 0.328)
- Update to version 0.328:
* Updated pci, usb and vendor ids.
==== java-11-openjdk ====
Version update (11.0.4.0 -> 11.0.5.0)
Subpackages: java-11-openjdk-headless
- Update to upstream tag jdk-11.0.5-10 (October 2019 CPU,
bsc#1154212)
* Security fixes:
+ S8209901: Canonical file handling
+ S8213429, CVE-2019-2933: Windows file handling redux
+ S8218573, CVE-2019-2945: Better socket support
+ S8218877: Help transform transformers
+ S8219914: Change the environment variable for Java Access
Bridge logging to have a directory.
+ S8220186: Improve use of font temporary files
+ S8220302, CVE-2019-2949: Better Kerberos ccache handling
+ S8221497: Optional Panes in Swing
+ S8221858, CVE-2019-2958: Build Better Processes
+ S8222684, CVE-2019-2964: Better support for patterns
+ S8222690, CVE-2019-2962: Better Glyph Images
+ S8223163: Better pattern recognition
+ S8223505, CVE-2019-2973: Better pattern compilation
+ S8223518, CVE-2019-2975: Unexpected exception in jjs
+ S8223886: Add in font table referene
+ S8223892, CVE-2019-2978: Improved handling of jar files
+ S8224025: Fix for JDK-8220302 is not complete
+ S8224062, CVE-2019-2977: Improve String index handling
+ S8224532, CVE-2019-2981: Better Path supports
+ S8224915, CVE-2019-2983: Better serial attributes
+ S8225286, CVE-2019-2987: Better rendering of native glyphs
+ S8225292, CVE-2019-2988: Better Graphics2D drawing
+ S8225298, CVE-2019-2989: Improve TLS connection support
+ S8225597, CVE-2019-2992: Enhance font glyph mapping
+ S8226765, CVE-2019-2999: Commentary on Javadoc comments
+ S8227601: Better collection of references
+ S8228825, CVE-2019-2894, bsc#1152856: Enhance ECDSA operations
* Other fixes:
+ S6996807: FieldReflectorKey hash code computation can be
improved
+ S8076988: reevaluate trivial method policy
+ S8087128: C2: Disallow definition split on MachCopySpill nodes
+ S8133489: Better messaging for PKIX path validation matching
+ S8139965: Hang seen when using
com.sun.jndi.ldap.search.replyQueueSize
+ S8147502: Digest is incorrectly truncated for ECDSA
signatures when the bit length of n is less than the field
size
+ S8148188: Enhance the security libraries to record events of
interest
+ S8163363: AArch64: Stack size in tools/launcher/Settings.java
needs to be adjusted
+ S8163511: Allocation of compile task fails with assert:
"Leaking compilation tasks?"
+ S8170639: [Linux] jsig is limited to a maximum of 64 signals
+ S8177899: Tests fail due to code cache exhaustion on machines
with many cores
+ S8180901: Transformer.reset() resets the state only once
+ S8193234: When using -Xcheck:jni an internally allocated
buffer can leak
+ S8194231: java/net/DatagramSocket/ReuseAddressTest.java
failed with java.net.BindException: Address already in use:
Cannot bind
+ S8196681: Java Access Bridge logging and debug flags
dynamically controlled
+ S8198411: [TEST_BUG] Two java2d tests are unstable in mach5
+ S8200365: TestOptionsWithRanges.java of
'-XX:TLABWasteTargetPercent=100' fails intermittently
+ S8200400: Restrict Sasl mechanisms
+ S8202035: Archive the set of ModuleDescriptor and
ModuleReference objects for observable system modules with
unnamed initial module.
+ S8202252: (aio) Closed AsynchronousSocketChannel keeps
completion handler alive
+ S8202952: C2: Unexpected dead nodes after matching
+ S8203629: Produce events in the JDK without a dependency on
jdk.jfr
+ S8204203: Many pkcs11 tests failed in Provider
initialization, after compiler on Windows changed
+ S8204521: compiler/jsr292/
/RedefineMethodUsedByMultipleMethodHandles.java fails trying
to delete temp file
+ S8205421: AARCH64: StubCodeMark should be placed after
alignment
+ S8205654: serviceability/dcmd/framework/HelpTest.java timed
out
+ S8206074: nsk/jdi/EventRequestManager/createStepRequest/
/crstepreq001/TestDescription.java is timing out
+ S8206879: Currency decimal marker incorrect for Peru
+ S8207965: C2-only debug build fails
+ S8208269: Javadoc does not support module-info in a
multi-release jar
+ S8208499: NMT: Missing memory tag for Safepoint polling page
+ S8208655: use JTreg skipped status in hotspot tests
+ S8208701: Fix for JDK-8208655 causes test failures in CI tier1
+ S8208706: compiler/tiered/ConstantGettersTransitionsTest.java
fails to compile
+ S8208780: (se) test
SelectWithConsumer.testReadableAndWriteable(): failure
+ S8209186: Rename SimpleThresholdPolicy to
TieredThresholdPolicy
+ S8209413: AArch64: NPE in clhsdb jstack command
+ S8209420: Track membars for volatile accesses so they can be
properly optimized
+ S8209684: Intrinsics that assume some input non null should
use GraphKit::must_be_not_null()
+ S8209939: [testbug][ppc] Test SafepointPollingPages fails
after 8208499 with UseSIGTRAP on.
+ S8210063: ZGC: Enable load barriers for IN_NATIVE runtime
barriers
+ S8210130: java/net/httpclient/UnknownBodyLengthTest.java
failed
+ S8210314: [aix] NMT does not show "Safepoint" memory type
+ S8210389: C2: assert(n->outcnt() != 0 || C->top() == n ||
n->is_Proj()) failed: No dead instructions after post-alloc
+ S8210390: C2 still crashes with "assert(mode ==
ControlAroundStripMined && use == sfpt) failed: missed a node"
+ S8210408: Refactor java.util.ResourceBundle:i18n shell tests
to plain java tests
+ S8210729: Clean up macosx static library handling
+ S8210919: Remove statically linked libjli on Windows
+ S8210926: vmTestbase/nsk/jvmti/scenarios/allocation/AP11/
/ap11t001/TestDescription.java failed with
JVMTI_ERROR_INVALID_CLASS in CDS mode
+ S8210985: Update the default SSL session cache size to 20480
+ S8211097: aix: fix build after JDK-8210919
+ S8211232: GraphKit::make_runtime_call() sometimes attaches
wrong memory state to call
+ S8211233: MemBarNode::trailing_membar() and
MemBarNode::leading_membar() need to handle dying subgraphs
better
+ S8211727: Adjust default concurrency settings for running
tests on Sparc
+ S8212528: Wrong cgroup subsystem being used for some CPU
Container Metrics
+ S8212970: TZ database in "vanguard" format support
+ S8212992: Change mirror accessor in Klass::verify_on() to use
AS_NO_KEEPALIVE
+ S8213017: jspawnhelper: need to handle pipe write failure
when sending return code
+ S8213117: adoptNode corrupts attribute values
+ S8213134: AArch64: vector shift failed with MaxVectorSize=8
+ S8213172: CDS and JFR tests fail with
assert(JdkJfrEvent::is(klass)) failed: invariant
+ S8213325: (props) Properties.loadFromXML does not fully
comply with the spec
+ S8213406: (fs) More than one instance of built-in FileSystem
observed in heap
+ S8213561: ZipFile/MultiThreadedReadTest.java timed out in
tier1
+ S8213734: SAXParser.parse(File, ..) does not close resources
when Exception occurs.
+ S8214003: Limit default test jobs based on memory size
+ S8214096: sun.security.util.SignatureUtil passes null
parameter, so JCE validation fails
+ S8214161: java.lang.IllegalAccessError: class
jdk.internal.event.X509CertificateEvent (in module java.base)
cannot access class jdk.jfr.internal.handlers.EventHandler
(in module jdk.jfr) because module java.base does not read
module jdk.jfr
+ S8214287: SpecJbb2005StressModule got uncaught exception
+ S8214579: JFrame does not paint content in XVFB / X11vnc
environment
+ S8214687: Optimize Collections.nCopies().hashCode() and
equals()
+ S8214702: Wrong text position for whitespaced string in
printing Swing text
+ S8214770: java/time/test/java/time/format/
/TestNonIsoFormatter.java failed in non-english locales.
+ S8214777: Avoid some GCC 8.X strncpy() errors in HotSpot
+ S8214857: "bad trailing membar" assert failure at
memnode.cpp:3220
+ S8215044: C2 crash in loopTransform.cpp with
assert(cl->trip_count() > 0) failed: peeling a fully unrolled
loop
+ S8215130: Fix errors in LittleCMS 2.9 reported by GCC 8
+ S8215265: C2: range check elimination may allow illegal out
of bound access
+ S8215281: Use String.isEmpty() when applicable in java.base
+ S8215380: Backout accidental change to String::length
+ S8215451: JNI IsSameObject should not keep objects alive
+ S8215483: Off heap memory accesses should be vectorized
+ S8215505: Cleanup jvm.cpp obsolete code after JDK-8210094:
Better loading of classloader classes
+ S8215534: [testbug] some jfr test don't check @requires
vm.hasJFR
+ S8215694: keytool cannot generate RSASSA-PSS certificates
+ S8215756: Memory leaks in the AWT on macOS
+ S8215792: AArch64: String.indexOf generates incorrect result
+ S8215879: AArch64: ReservedStackAccess may leave stack guard
in inconsistent state
+ S8215901: [TESTBUG] TestCheckedEnsureLocalCapacity.java fails
intermittently
+ S8215961: jdk/jfr/event/os/TestCPUInformation.java fails on
AArch64
+ S8215982: (tz) Upgrade time-zone data to tzdata2018i
+ S8216039: TLS with BC and RSASSA-PSS breaks
ECDHServerKeyExchange
+ S8216046: test/jdk/java/beans/PropertyEditor/Test6397609.java
failing
+ S8216155: C4819 warning at libfreetype sources on Windows
+ S8216199: Local variable arg defined but never used in
BCEscapeAnalyzer::compute_escape_for_intrinsic()
+ S8216205: Java API documentation formatting error in
System.getEnv
+ S8216261: Javap ignores default modifier on interfaces
+ S8216326: SSLSocket stream close() does not close the
associated socket
+ S8216375: Revert JDK-8145579 after JDK-8076988 is resolved
+ S8216401: Allow "file:" URLs in Class-Path of local JARs
+ S8216427: ciMethodData::load_extra_data() does not always
unpack the last entry
+ S8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/
/RuntimeThreadInheritanceLeak.java failing with Xcomp
+ S8216549: Mismatched unsafe access to non escaping object
fails
+ S8216562: UnknownBodyLength sometimes fails due to
"Connection reset by peer"
+ S8216987: ciMethodData::load_data() unpacks MDOs with
non-atomic copy
+ S8216989: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ S8217093: Support extended-length paths in parse_manifest.c
on windows
+ S8217344: Make comparison overflow-aware in
ECDHKeyAgreement.engineGenerateSecret()
+ S8217359: C2 compiler triggers SIGSEGV after transformation
in ConvI2LNode::Ideal
+ S8217364: Custom URLStreamHandler for jrt or file protocol
can override default handler
+ S8217366: ZoneStrings are not populated for all the Locales
+ S8217368: AArch64: C2 recursive stack locking optimisation
not triggered
+ S8217371: Incorrect LP64 guard in x86.ad after JDK-8210764
(Update avx512 implementation)
+ S8217576: C1 atomic access handlers use incorrect decorators
+ S8217676: Upgrade libpng to 1.6.37
+ S8217760: C2: Missing symbolic info on a call from intrinsics
when invoked through MethodHandle
+ S8217766: Container Support doesn't work for some Join
Controllers combinations
+ S8217785: Padding
ParallelTaskTerminator::_offered_termination variable
+ S8217896: Make better use of LCPUs when building on AIX
+ S8217990: C2 UseOptoBiasInlining: load of markword optimized
to 0 if running with -XX:-EliminateLocks
+ S8218163: C2: Continuous deoptimization w/
Reason_speculate_class_check and Action_none
+ S8218185: aarch64: missing LoadStore barrier in
TemplateTable::putfield_or_static
+ S8218201: Failures when vmIntrinsics::_getClass is not inlined
+ S8218280: LineNumberReader throws "Mark invalid" exception if
CRLF straddles buffer.
+ S8218553: Enhance keystore load debug output
+ S8218558: NMT stack traces in output should show mt component
for virtual memory allocations
+ S8218566: NMT: missing memory tag for assert poison page
+ S8218581: Incorrect exception message generation
+ S8218682: [TEST_BUG] DashOffset fails in mach5
+ S8218705: Test sun/tools/jcmd/TestJcmdDefaults.java fails on
Linux
+ S8218715: [TESTBUG]
TestUseOptoBiasInliningWithoutEliminateLocks needs to unlock
WhiteBoxAPI
+ S8218721: C1's CEE optimization produces safepoint poll with
invalid debug information
+ S8218723: Use SunJCE Mac in SecretKeyFactory PBKDF2
implementation
+ S8218780: Update MUSCLE PCSC-Lite header files
+ S8218879: Keep track of memory accesses originated from Unsafe
+ S8218966: AArch64: String.compareTo() can read memory after
string
+ S8219013: Update Apache Santuario (XML Signature) to version
2.1.3
+ S8219241: Provide basic virtualization related info in the
hs_error file on linux/windows x86_64
+ S8219244: NMT: Change ThreadSafepointState's allocation type
from mtInternal to mtThread
+ S8219370: NMT: Move synchronization primitives from
mtInternal to mtSynchronizer
+ S8219513: compiler/codegen/aes/
/TestCipherBlockChainingEncrypt.java timeout on Solaris-sparc
+ S8219517: assert(false) failed: infinite loop in
PhaseIterGVN::optimize
+ S8219562: Line of code in osContainer_linux.cpp L102 appears
unreachable
+ S8219583: Windows build failure after JDK-8214777 (Avoid some
GCC 8.X strncpy() errors in HotSpot)
+ S8219635: aarch64: missing LoadStore barrier in
TemplateTable::fast_storefield
+ S8219807: C2 crash in IfNode::up_one_dom(Node*, bool)
+ S8219919: RuntimeStub name lost with
PrintFrameConverterAssembly
+ S8219993: AArch64: Compiled CI stubs are unsafely modified
+ S8219997: [TESTBUG] Create test for JFR events in Docker
container: CPU, Memory and Process Info
+ S8220037: Inconsistencies of generated timezone files between
Windows and Linux
+ S8220072: GCC 8.3 reports errors in java.base
+ S8220173: assert(_handle_mark_nesting > 1) failed: memory
leak: allocating handle outside HandleMark
+ S8220227: Host Locale Provider getDisplayCountry returns
error message under non-English Win10
+ S8220313: [TESTBUG] Update base image for Docker testing to
OL 7.6
+ S8220341: Class redefinition fails with
assert(!is_unloaded()) failed: unloaded method on the stack
+ S8220355: Improve assertion texts and exception messages in
eventHandlerVMInit
+ S8220570: Additonal trace when native thread creation fails
+ S8220579: [Containers] SubSystem.java out of sync with
osContainer_linux.cpp
+ S8220657: JFR.dump does not work when filename is set
+ S8220672: [TESTBUG] TestCPUSets should check that cpuset does
not exceed available cores
+ S8220674: [TESTBUG] MetricsMemoryTester failcount test in
docker container only works with debug JVMs
+ S8220682: Heap dumping and inspection fails with JDK-8214712
+ S8220690: ATTRIBUTE_ALIGNED requires GNU extensions enabled
+ S8221120: CopyOnWriteArrayList.set should always have
volatile write semantics
+ S8221220: AArch64: Add StoreStore membar explicitly for
Volatile Writes in TemplateTable
+ S8221253: TLSv1.3 may generate TLSInnerPlainText longer than
2^14+1 bytes
+ S8221325: Add information about swap space to
print_memory_info() on MacOS
+ S8221340: [TESTBUG] TestCgroupMetrics.java fails after fix
for JDK-8219562
+ S8221342: [TESTBUG] Generate Dockerfile for docker testing
+ S8221407: Windows 32bit build error in
libsunmscapi/security.cpp
+ S8221408: Windows 32bit build build errors/warnings in hotspot
+ S8221411: NullPointerException in RasterPrinterJob without
PrinterResolution
+ S8221434: Fix typo in lib-x11 autoconf error message about
missing headers
+ S8221480: jcmd VM.metaspace shall print limits in basic mode
+ S8221497: Optional Panes in Swing
+ S8221527: [TESTBUG] DockerBasicTest.java contains hard-coded
reference to JDK 10
+ S8221529: [TESTBUG] Docker tests use old/deprecated image on
AArch64
+ S8221710: [TESTBUG] more configurable parameters for docker
testing
+ S8221725: AArch64 build failures after JDK-8221408 (Windows
32bit build build errors/warnings in hotspot)
+ S8221730: jcmd process name matching broken
+ S8221801: Update src/java.base/share/legal/public_suffix.md
+ S8221892: ThreadPoolExecutor: Thread.isAlive() is not
equivalent to not being startable
+ S8221894: Add comments for docker tests in the test doc
+ S8222108: Reduce minRefreshTime for updating remote printer
list on Windows
+ S8222154: upgrade gtest to 1.8.1
+ S8222280: Provide virtualization related info in the hs_error
file on AIX
+ S8222299: [TESTBUG] move hotspot container tests to
hotspot/containers
+ S8222362: Upgrade to Freetype 2.10.0
+ S8222387: Out-of-bounds access to CPU _family_id_xxx array
+ S8222415: Xerces 2.12.0: Parsing Configuration
+ S8222670: pathological case of JIT recompilation and code
cache bloat
+ S8222720: Provide extended VMWare/vSphere virtualization
related info in the hs_error file on linux/windows x86_64
+ S8222743: Xerces 2.12.0: DOM Implementation
+ S8222914: Partial backport of JDK-8218266
+ S8222968: ByteArrayPublisher is not thread-safe resulting in
broken re-use of HttpRequests
+ S8222980: Upgrade IANA Language Subtag Registry to Version
2019-04-03
+ S8222987: sun/security/tools/keytool/PSS.java times out on
Solaris-SPARC
+ S8222991: Xerces 2.12.0: Validation
+ S8223177: Data race on JvmtiEnvBase::_tag_map in
double-checked locking
+ S8223227: Rename acquire_tag_map() to tag_map_acquire() in
jvmtiEnvBase
+ S8223244: Fix usage of ARRAYCOPY_DISJOINT decorator
+ S8223336: Assert in
VirtualMemoryTracker::remove_released_region when running the
SharedArchiveConsistency.java test with
- XX:NativeMemoryTracking=detail
+ S8223482: Unsupported ciphersuites may be offered by a TLS
client
+ S8223518: Unexpected exception in jjs
+ S8223537: testlibrary_tests/ctw/ClassesListTest.java fails
with Agent timeout frequently
+ S8223553: Fix code constructs that do not compile with the
Eclipse Java Compiler
+ S8223572: ~ThreadInVMForHandshake() should call
handle_special_runtime_exit_condition()
+ S8223574: add more thread-related system settings info to
hs_error file on AIX
+ S8223660: jtreg: Decouple Unsafe from RTM tests
+ S8223814: SA: jhsdb common help needs to be more detailed
+ S8223886: Add in font table referene
+ S8224033: os::snprintf should be used in
virtualizationSupport.cpp
+ S8224034: [TESTBUG] runtime/ErrorHandlerTest/ErrorHandler
fails intermittently for case 13 on Windows
+ S8224090: [PPC64] Fix SLP patterns for filling an array with
double float literals
+ S8224165: [TESTBUG] Docker tests produce excessive output
+ S8224181: On child process spawn, child may write to random
file descriptor instead of the fail pipe
+ S8224202: Speed up Properties.load
+ S8224221: add memprotect calls to event log
+ S8224230: [PPC64, s390] Support AsyncGetCallTrace
+ S8224252: [TESTBUG]
hotspot/test/serviceability/sa/sadebugd/SADebugDTest.java is
timing out again after fix for JDK-8163805
+ S8224487: outputStream should not be copyable
+ S8224531: SEGV while collecting Klass statistics
+ S8224558: Fix replicateB encoding
+ S8224560: (tz) Upgrade time-zone data to tzdata2019a
+ S8224580: Matcher can cause oop field/array element to be
reloaded
+ S8224589: Improve startup behavior of SecurityProperties
+ S8224658: Unsafe access C2 compile fails with assert(flat !=
TypePtr::BOTTOM) failed: cannot alias-analyze an untyped ptr:
adr_type = NULL
+ S8224698: ConcurrentSkipListMap.java does not compile with
the Eclipse Java Compiler
+ S8224825: java/awt/Color/AlphaColorTest.java fails in
linux-x64 system
+ S8224838: Bump update version for OpenJDK: jdk-11.0.5
+ S8224991: Problemlist
javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java
+ S8225005: Xerces 2.12.0: License file
+ S8225141: Better handling of classes in error state in fast
class initialization checks
+ S8225178: [Solaris] os::signal() should call sigaction() with
SA_SIGINFO
+ S8225189: Multiple JNI calls within critical region in ZIP
Library
+ S8225257: sun/security/tools/keytool/PSS.java timed out
+ S8225286: Better rendering of native glyphs
+ S8225298: Improve TLS connection support
+ S8225347: [s390] Unexpected exit from stack overflow test
+ S8225386: test for JDK-8216261 fails in Windows
+ S8225388: Running jcmd Compiler.CodeHeap_Analytics all 0
cause crash.
+ S8225390: ProblemList sun/security/pkcs11/sslecc/
/ClientJSSEServerJSSE.java due to JDK-8161536
+ S8225423: GTK L&F: JSplitPane: There is no divider shown
+ S8225425: java.lang.UnsatisfiedLinkError: net.dll: Can't find
dependent libraries
+ S8225543: Jcmd fails to attach to the Java process on Linux
using the main class name if whitespace options were used to
launch the process
+ S8225580: tzdata2018i integration causes test failures on
jdk-13
+ S8225636: SA can't handle prelinked libraries
+ S8225644: C1 dumps incorrect class name in ClassCastException
message
+ S8225663: [testbug] Missing JNIEXPORT in XAbortProvoker
native function
+ S8225715: jhsdb jmap fails to write binary heap dump of a
jshell process
+ S8226409: Enable argument profiling for
sun.misc.Unsafe.put*/get*
+ S8226468: [aix] loadquery failed error message displayed
+ S8226530: ZipFile reads wrong entry size from ZIP64 entries
+ S8226543: Reduce GC pressure during message digest
calculations in password-based encryption
+ S8226607: Inconsistent info between pcsclite.md and MUSCLE
headers
+ S8226798: JVM crash in
klassItable::initialize_itable_for_interface(int,
InstanceKlass*, bool, Thread*)
+ S8226964: [Yaru] GTK L&F: There is no difference between menu
selected and de-selected
+ S8227011: Starting a JFR recording in response to JVMTI
VMInit and / or Java agent premain corrupts memory
+ S8227041: runtime/memory/RunUnitTestsConcurrently.java has a
memory leak
+ S8227117: normal interpreter table is not restored after
single stepping with TLH
+ S8227247: tools/sjavac/IdleShutdown.java fails with
AssertionError: Error too big on windows
+ S8227277: HeapInspection::find_instances_at_safepoint walks
dead objects
+ S8227392: Colors with alpha are painted incorrectly on Linux,
after JDK-8214579
+ S8227594: sadebugd/DebugdConnectTest.java fails due to
"java.rmi.NotBoundException: SARemoteDebugger"
+ S8227630: adjust format specifiers in loadlib_aix.cpp
+ S8227834: build.log output from failing commands : include
the hs_error file path in case of crashes in build
+ S8227869: fix wrong format specifiers in os_aix.cpp
+ S8227919: 8213232 causes crashes on solaris sparc64
+ S8228337: problemList failing/ignored manual tests in
security-libs
+ S8228400: Remove built-in AArch64 simulator
+ S8228469: (tz) Upgrade time-zone data to tzdata2019b
+ S8228485: JVM crashes when bootstrap method for condy
triggers loading of class whose static initializer throws
ve thread creation fails
+ S8220579: [Containers] SubSystem.ja exception
+ S8228501: java_props_macosx.c - provide missing CFRelease for
CFLocaleCopyCurrent
+ S8228578: fix CFData object leak in macosx KeystoreImpl.m
+ S8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java
- NumberFormatException because of large long values (memory
limit_in_bytes)
+ S8228596: Class redefinition fails when condy instructions
are removed
+ S8228601: AArch64: Fix interpreter code at JVMCI
deoptimization entry
+ S8228618: s390: c1/c2 fail to add a metadata relocation in
the static call stub.
+ S8228649: [PPC64] SA reads wrong slots from interpreter frames
+ S8228658: test GetTotalSafepointTime.java fails on fast Linux
machines with Total safepoint time 0 ms
+ S8228711: Path rendered incorrectly when it goes outside the
clipping region
+ S8228725: AArch64: Purge method call format support
+ S8228764: New library dependencies due to JDK-8222720
+ S8229118: [TESTBUG] serviceability/sa/ClhsdbFindPC fails on
AArch64
+ S8229352: Use of an uninitialized register in 32-bit ARM
template interpreter
+ S8229406: ZGC: Fix incorrect statistics
+ S8229767: Typo in java.security: Sasl.createClient and
Sasl.createServer
+ S8229773: Resolve permissions for code source URLs lazily
+ S8229887: (zipfs) zip file corruption when replacing an
existing STORED entry
+ S8229925: [s390, PPC64] Exception check missing in interpreter
+ S8230085: (fs) FileStore::isReadOnly is always true on macOS
Catalina
+ S8230099: Prepare for backport of JDK-8217368
+ S8230728: Thin stroked shapes are not rendered if affine
transform has flip bit
+ S8230850: Test sun/tools/jcmd/TestProcessHelper.java fails
intermittently
+ S8231693: Backout "8230728: Thin stroked shapes are not
rendered if affine transform has flip bit" from jdk11u
- Modified patch:
* system-pcsclite.patch
+ adapt to changed context
==== kdepim-runtime ====
Subpackages: kdepim-runtime-lang
- Update build requirements
==== kernel-source ====
Version update (5.3.7 -> 5.3.8)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms kernel-vanilla
- Refresh
patches.suse/stacktrace-don-t-skip-first-entry-on-noncurrent-task.patch.
v3 of the patch
- commit ea4c828
- Linux 5.3.8 (bnc#1151927).
- drm: Free the writeback_job when it with an empty fb
(bnc#1151927).
- drm: Clear the fence pointer when writeback job signaled
(bnc#1151927).
- clk: ti: dra7: Fix mcasp8 clock bits (bnc#1151927).
- ARM: dts: Fix wrong clocks for dra7 mcasp (bnc#1151927).
- nvme-pci: Fix a race in controller removal (bnc#1151927).
- scsi: ufs: skip shutdown if hba is not powered (bnc#1151927).
- scsi: megaraid: disable device when probe failed after enabled
device (bnc#1151927).
- scsi: qla2xxx: Silence fwdump template message (bnc#1151927).
- scsi: qla2xxx: Fix unbound sleep in fcport delete path
(bnc#1151927).
- scsi: qla2xxx: Fix stale mem access on driver unload
(bnc#1151927).
- scsi: qla2xxx: Fix N2N link reset (bnc#1151927).
- scsi: qla2xxx: Fix N2N link up fail (bnc#1151927).
- ARM: dts: Fix gpio0 flags for am335x-icev2 (bnc#1151927).
- ARM: OMAP2+: Fix missing reset done flag for am3 and am43
(bnc#1151927).
- ARM: OMAP2+: Add missing LCDC midlemode for am335x
(bnc#1151927).
- ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
(bnc#1151927).
- nvme-tcp: fix wrong stop condition in io_work (bnc#1151927).
- nvme-pci: Save PCI state before putting drive into deepest state
(bnc#1151927).
- nvme: fix an error code in nvme_init_subsystem() (bnc#1151927).
- nvme-rdma: Fix max_hw_sectors calculation (bnc#1151927).
- Added QUIRKs for ADATA XPG SX8200 Pro 512GB (bnc#1151927).
- nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T
(bnc#1151927).
- nvme: allow 64-bit results in passthru commands (bnc#1151927).
- drm/komeda: prevent memory leak in komeda_wb_connector_add
(bnc#1151927).
- nvme-rdma: fix possible use-after-free in connect timeout
(bnc#1151927).
- blk-mq: honor IO scheduler for multiqueue devices (bnc#1151927).
- ieee802154: ca8210: prevent memory leak (bnc#1151927).
- ARM: dts: am4372: Set memory bandwidth limit for DISPC
(bnc#1151927).
- net: dsa: qca8k: Use up to 7 ports for all operations
(bnc#1151927).
- MIPS: dts: ar9331: fix interrupt-controller size (bnc#1151927).
- xen/efi: Set nonblocking callbacks (bnc#1151927).
- loop: change queue block size to match when using DIO
(bnc#1151927).
- nl80211: fix null pointer dereference (bnc#1151927).
- mac80211: fix txq null pointer dereference (bnc#1151927).
- netfilter: nft_connlimit: disable bh on garbage collection
(bnc#1151927).
- net: mscc: ocelot: add missing of_node_put after calling
of_get_child_by_name (bnc#1151927).
- net: dsa: rtl8366rb: add missing of_node_put after calling
of_get_child_by_name (bnc#1151927).
- net: stmmac: xgmac: Not all Unicast addresses may be available
(bnc#1151927).
- net: stmmac: dwmac4: Always update the MAC Hash Filter
(bnc#1151927).
- net: stmmac: Correctly take timestamp for PTPv2 (bnc#1151927).
- net: stmmac: Do not stop PHY if WoL is enabled (bnc#1151927).
- net: ag71xx: fix mdio subnode support (bnc#1151927).
- RISC-V: Clear load reservations while restoring hart contexts
(bnc#1151927).
- riscv: Fix memblock reservation for device tree blob
(bnc#1151927).
- drm/amdgpu: fix multiple memory leaks in acp_hw_init
(bnc#1151927).
- drm/amd/display: memory leak (bnc#1151927).
- mips: Loongson: Fix the link time qualifier of 'serial_exit()'
(bnc#1151927).
- net: hisilicon: Fix usage of uninitialized variable in function
mdio_sc_cfg_reg_write() (bnc#1151927).
- net: stmmac: Avoid deadlock on suspend/resume (bnc#1151927).
- selftests: kvm: Fix libkvm build error (bnc#1151927).
- lib: textsearch: fix escapes in example code (bnc#1151927).
- s390/mm: fix -Wunused-but-set-variable warnings (bnc#1151927).
- r8152: Set macpassthru in reset_resume callback (bnc#1151927).
- net: phy: allow for reset line to be tied to a sleepy GPIO
controller (bnc#1151927).
- net: phy: fix write to mii-ctrl1000 register (bnc#1151927).
- namespace: fix namespace.pl script to support relative paths
(bnc#1151927).
- Convert filldir[64]() from __put_user() to unsafe_put_user()
(bnc#1151927).
- elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings
(bnc#1151927).
- Make filldir[64]() verify the directory entry filename is valid
(bnc#1151927).
- uaccess: implement a proper unsafe_copy_to_user() and switch
filldir over to it (bnc#1151927).
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries
(bnc#1151927).
- net_sched: fix backward compatibility for TCA_KIND
(bnc#1151927).
- net_sched: fix backward compatibility for TCA_ACT_KIND
(bnc#1151927).
- libata/ahci: Fix PCS quirk application (bnc#1151927).
- md/raid0: fix warning message for parameter default_layout
(bnc#1151927).
- Revert "drm/radeon: Fix EEH during kexec" (bnc#1151927).
- ocfs2: fix panic due to ocfs2_wq is null (bnc#1151927).
- nvme-pci: Set the prp2 correctly when using more than 4k page
(bnc#1151927).
- ipv4: fix race condition between route lookup and invalidation
(bnc#1151927).
- ipv4: Return -ENETUNREACH if we can't create route but saddr
is valid (bnc#1151927).
- net: avoid potential infinite loop in tc_ctl_action()
(bnc#1151927).
- net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
(bnc#1151927).
- net: bcmgenet: Set phydev->dev_flags only for internal PHYs
(bnc#1151927).
- net: i82596: fix dma_alloc_attr for sni_82596 (bnc#1151927).
- net/ibmvnic: Fix EOI when running in XIVE mode (bnc#1151927).
- net: ipv6: fix listify ip6_rcv_finish in case of forwarding
(bnc#1151927).
- net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
(bnc#1151927).
- rxrpc: Fix possible NULL pointer access in ICMP handling
(bnc#1151927).
- sched: etf: Fix ordering of packets with same txtime
(bnc#1151927).
- sctp: change sctp_prot .no_autobind with true (bnc#1151927).
- net: aquantia: temperature retrieval fix (bnc#1151927).
- net: aquantia: when cleaning hw cache it should be toggled
(bnc#1151927).
- net: aquantia: do not pass lro session with invalid tcp checksum
(bnc#1151927).
- net: aquantia: correctly handle macvlan and multicast
coexistence (bnc#1151927).
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs
(bnc#1151927).
- net: phy: micrel: Update KSZ87xx PHY name (bnc#1151927).
- net: avoid errors when trying to pop MLPS header on non-MPLS
packets (bnc#1151927).
- net/sched: fix corrupted L2 header with MPLS 'push' and 'pop'
actions (bnc#1151927).
- netdevsim: Fix error handling in nsim_fib_init and nsim_fib_exit
(bnc#1151927).
- net: ethernet: broadcom: have drivers select DIMLIB as needed
(bnc#1151927).
- net: phy: Fix "link partner" information disappear issue
(bnc#1151927).
- LSM: SafeSetID: Stop releasing uninitialized ruleset
(bnc#1151927).
- rxrpc: use rcu protection while reading sk->sk_user_data
(bnc#1151927).
- io_uring: fix bad inflight accounting for
SETUP_IOPOLL|SETUP_SQTHREAD (bnc#1151927).
- io_uring: Fix corrupted user_data (bnc#1151927).
- USB: legousbtower: fix memleak on disconnect (bnc#1151927).
- ALSA: hda/realtek - Add support for ALC711 (bnc#1151927).
- ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
(bnc#1151927).
- ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers
(bnc#1151927).
- ALSA: hda - Force runtime PM on Nvidia HDMI codecs
(bnc#1151927).
- usb: udc: lpc32xx: fix bad bit shift operation (bnc#1151927).
- USB: serial: ti_usb_3410_5052: fix port-close races
(bnc#1151927).
- USB: ldusb: fix memleak on disconnect (bnc#1151927).
- USB: usblp: fix use-after-free on disconnect (bnc#1151927).
- USB: ldusb: fix read info leaks (bnc#1151927).
- binder: Don't modify VMA bounds in ->mmap handler (bnc#1151927).
- MIPS: tlbex: Fix build_restore_pagemask KScratch restore
(bnc#1151927).
- staging: wlan-ng: fix exit return when sme->key_idx >=
NUM_WEPKEYS (bnc#1151927).
- scsi: zfcp: fix reaction on bit error threshold notification
(bnc#1151927).
- scsi: sd: Ignore a failure to sync cache due to lack of
authorization (bnc#1151927).
- scsi: core: save/restore command resid for error handling
(bnc#1151927).
- scsi: core: try to get module before removing device
(bnc#1151927).
- scsi: ch: Make it possible to open a ch device multiple times
again (bnc#1151927).
- Revert "Input: elantech - enable SMBus on new (2018+) systems"
(bnc#1151927).
- Input: da9063 - fix capability and drop KEY_SLEEP (bnc#1151927).
- Input: synaptics-rmi4 - avoid processing unknown IRQs
(bnc#1151927).
- Input: st1232 - fix reporting multitouch coordinates
(bnc#1151927).
- ASoC: rsnd: Reinitialize bit clock inversion flag for every
format setting (bnc#1151927).
- ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in
acpi_cppc_processor_exit() (bnc#1151927).
- ACPI: NFIT: Fix unlock on error in scrub_show() (bnc#1151927).
- iwlwifi: pcie: change qu with jf devices to use qu configuration
(bnc#1151927).
- mac80211: Reject malformed SSID elements (bnc#1151927).
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
(bnc#1151927).
- drm/ttm: Restore ttm prefaulting (bnc#1151927).
- drm/panfrost: Handle resetting on timeout better (bnc#1151927).
- drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not
set to 1 (bnc#1151927).
- drm/amdgpu/sdma5: fix mask value of POLL_REGMEM packet for
pipe sync (bnc#1151927).
- drm/i915/userptr: Never allow userptr into the mappable GGTT
(bnc#1151927).
- drm/i915: Favor last VBT child device with conflicting AUX
ch/DDC pin (bnc#1151927 bnc#1152971 fdo#112028).
- drm/amdgpu/vce: fix allocation size in enc ring test
(bnc#1151927).
- drm/amdgpu/vcn: fix allocation size in enc ring test
(bnc#1151927).
- drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)
(bnc#1151927).
- drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
(bnc#1151927).
- drm/amdgpu: user pages array memory leak fix (bnc#1151927).
- drivers/base/memory.c: don't access uninitialized memmaps in
soft_offline_page_store() (bnc#1151927).
- fs/proc/page.c: don't access uninitialized memmaps in
fs/proc/page.c (bnc#1151927).
- io_uring: Fix broken links with offloading (bnc#1151927).
- io_uring: Fix race for sqes with userspace (bnc#1151927).
- io_uring: used cached copies of sq->dropped and cq->overflow
(bnc#1151927).
- mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
(bnc#1151927).
- mmc: cqhci: Commit descriptors before setting the doorbell
(bnc#1151927).
- mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
(bnc#1151927).
- mm/memory-failure.c: don't access uninitialized memmaps in
memory_failure() (bnc#1151927).
- mm/slub: fix a deadlock in show_slab_objects() (bnc#1151927).
- mm/page_owner: don't access uninitialized memmaps when reading
/proc/pagetypeinfo (bnc#1151927).
- mm/memunmap: don't access uninitialized memmap in
memunmap_pages() (bnc#1151927).
- mm: memcg/slab: fix panic in __free_slab() caused by premature
memcg pointer release (bnc#1151927).
- mm, compaction: fix wrong pfn handling in
__reset_isolation_pfn() (bnc#1151927).
- mm: memcg: get number of pages on the LRU list in memcgroup
base on lru_zone_size (bnc#1151927).
- mm: memblock: do not enforce current limit for memblock_phys*
family (bnc#1151927).
- hugetlbfs: don't access uninitialized memmaps in
pfn_range_valid_gigantic() (bnc#1151927).
- mm/memory-failure: poison read receives SIGKILL instead of
SIGBUS if mmaped more than once (bnc#1151927).
- zram: fix race between backing_dev_show and backing_dev_store
(bnc#1151927).
- xtensa: drop EXPORT_SYMBOL for outs*/ins* (bnc#1151927).
- xtensa: fix change_bit in exclusive access option (bnc#1151927).
- s390/zcrypt: fix memleak at release (bnc#1151927).
- s390/kaslr: add support for R_390_GLOB_DAT relocation type
(bnc#1151927).
- lib/vdso: Make clock_getres() POSIX compliant again
(bnc#1151927).
- parisc: Fix vmap memory leak in ioremap()/iounmap()
(bnc#1151927).
- EDAC/ghes: Fix Use after free in ghes_edac remove path
(bnc#1151927).
- arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM
is set (bnc#1151927).
- arm64: Avoid Cavium TX2 erratum 219 when switching TTBR
(bnc#1151927).
- arm64: Enable workaround for Cavium TX2 erratum 219 when
running SMT (bnc#1151927).
- arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected
(bnc#1151927).
- CIFS: avoid using MID 0xFFFF (bnc#1151927).
- cifs: Fix missed free operations (bnc#1151927).
- CIFS: Fix use after free of file info structures (bnc#1151927).
- perf/aux: Fix AUX output stopping (bnc#1151927).
- tracing: Fix race in perf_trace_buf initialization
(bnc#1151927).
- fs/dax: Fix pmd vs pte conflict detection (bnc#1151927).
- dm cache: fix bugs when a GFP_NOWAIT allocation fails
(bnc#1151927).
- irqchip/sifive-plic: Switch to fasteoi flow (bnc#1151927).
- x86/apic/x2apic: Fix a NULL pointer deref when handling a
dying cpu (bnc#1151927).
- x86/hyperv: Make vapic support x2apic mode (bnc#1151927).
- pinctrl: cherryview: restore Strago DMI workaround for all
versions (bnc#1151927).
- pinctrl: armada-37xx: fix control of pins 32 and up
(bnc#1151927).
- pinctrl: armada-37xx: swap polarity on LED group (bnc#1151927).
- btrfs: block-group: Fix a memory leak due to missing
btrfs_put_block_group() (bnc#1151927).
- Btrfs: add missing extents release on file extent cluster
relocation error (bnc#1151927).
- btrfs: don't needlessly create extent-refs kernel thread
(bnc#1151927).
- Btrfs: fix qgroup double free after failure to reserve metadata
for delalloc (bnc#1151927).
- Btrfs: check for the full sync flag while holding the inode
lock during fsync (bnc#1151927).
- btrfs: tracepoints: Fix wrong parameter order for qgroup events
(bnc#1151927).
- btrfs: tracepoints: Fix bad entry members of qgroup events
(bnc#1151927).
- KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use
(bnc#1151927).
- memstick: jmb38x_ms: Fix an error handling path in
'jmb38x_ms_probe()' (bnc#1151927).
- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
(bnc#1151927).
- ceph: just skip unrecognized info in ceph_reply_info_extra
(bnc#1151927).
- xen/netback: fix error path of xenvif_connect_data()
(bnc#1151927).
- PCI: PM: Fix pci_power_up() (bnc#1151927).
- opp: of: drop incorrect lockdep_assert_held() (bnc#1151927).
- of: reserved_mem: add missing of_node_put() for proper
ref-counting (bnc#1151927).
- blk-rq-qos: fix first node deletion of rq_qos_del()
(bnc#1151927).
- RDMA/cxgb4: Do not dma memory off of the stack (bnc#1151927).
- Delete
patches.suse/Revert-drm-i915-bios-make-child-device-order-the-pri.patch.
- Update config files.
CAVIUM_TX2_ERRATUM_219=y (default)
- commit f0ffcb7
- x86/boot/64: Make level2_kernel_pgt pages invalid outside
kernel area (bnc#1153969).
- x86/boot/64: Round memory hole size up to next PMD page
(bnc#1153969).
- commit 3501dc2
- drm/amdgpu: Add DC feature mask to disable fractional pwm
(bsc#1154010).
- commit 6ffba6e
- stacktrace: don't skip first entry on noncurrent tasks
(bnc#1154866).
- commit 387f2bb
- kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).
- commit 7f1e881
- ARM: 8904/1: skip nomap memblocks while finding the
lowmem/highmem boundary (bsc#1122614).
- commit 9f59038
- rtlwifi: Fix potential overflow on P2P code (bsc#1154372
CVE-2019-17666).
- cfg80211: wext: avoid copying malformed SSIDs (bsc#1153158
CVE-2019-17133).
- commit e229e3d
- libertas: fix a potential NULL pointer dereference
(CVE-2019-16232,bsc#1150465).
- iwlwifi: pcie: fix rb_allocator workqueue allocation
(CVE-2019-16234,bsc#1150452).
- commit 23c6b73
- kernel-binary.spec.in: Obsolete kgraft packages only when not building
them.
- commit 25f7690
- kernel-subpackage-build: create zero size ghost for uncompressed vmlinux
(bsc#1154354).
It is not strictly necessary to uncompress it so maybe the ghost file
can be 0 size in this case.
- commit 4bf73c8
==== libchamplain ====
Version update (0.12.19 -> 0.12.20)
Subpackages: libchamplain-0_12-0 typelib-1_0-Champlain-0_12
- Update to version 0.12.20:
+ Remove autotools-based build and all the related files.
+ Fix gtk-doc module name.
+ Add missing gdk required dependency.
+ Make the build reproducible.
==== libdrm ====
Version update (2.4.99 -> 2.4.100)
Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1
- Update to version 2.4.100
* bugfixes (boo#1155382)
==== libglvnd ====
Subpackages: libglvnd-32bit
- 0001-include-install-GL-headers-when-GL-is-enabled.patch
* A typo made it depend on EGL instead.
- 0002-Add-a-configure-option-to-disable-glesv1-or-glesv2.patch
* Because mesa can be built without glesv1 so it breaks
autodetection. Fixes: https://bugs.archlinux.org/task/64032
('mesa-demos doesn't build, unable to find GLES/gl.h')
- 0003-egl-Sync-with-Khronos.patch
* Reserve enums 0x34A0..0x34AF for ANGLE project. (#93)
Closes: https://gitlab.freedesktop.org/glvnd/libglvnd/issues/193
==== libical ====
- Fix multibuild building. For baselibs.conf and _multibuild to
work correctly, we need to define all possible %package in the
spec file irrespective of the "flavor". Packages are not generated
if they do not have a %files section
- Add pkgconfig(libical) BuildRequires: pkg-config 0.29.2 is not
able to generate libical-glib pkgconfig dependency without
libical.pc.
==== libical-glib ====
- Fix multibuild building. For baselibs.conf and _multibuild to
work correctly, we need to define all possible %package in the
spec file irrespective of the "flavor". Packages are not generated
if they do not have a %files section
- Add pkgconfig(libical) BuildRequires: pkg-config 0.29.2 is not
able to generate libical-glib pkgconfig dependency without
libical.pc.
==== libreoffice ====
Version update (6.3.3.1 -> 6.3.3.2)
Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit
- Drop disable-kde4 switch as it is no longer known by configure
- Update to 6.3.3.2 jsc#SLE-8705:
* 6.3.3 stable release
==== mailutils ====
Version update (3.5 -> 3.7)
Subpackages: libmailutils5
- update to 3.7
- enable python3 instead of python2
* Support for the new mailbox format - dotmail
* Improve automatic mailbox format detection
* Rewrite mailcap (RFC1524) support
* imap4d: SEARCH command
* Improved SEARCH BODY and SEARCH TEXT commands
* Fixes in the 'mail' utility
* New mailbox notation @
* Sender addresses in message sets
* Fixes in IMAP client library
==== man-pages ====
- tcp.7: correct documentation of tcp_fack, document tcp_recovery
- added patches
[bsc#1154701]
+ man-pages-tcp_fack.patch
==== mdadm ====
- 0012-mdcheck-when-mdcheck_start-is-enabled-enable-mdcheck.patch
0013-mdcheck-use-to-pass-variable-to-mdcheck.patch
0014-SUSE-mdadm_env.sh-handle-MDADM_CHECK_DURATION.patch
Improve mdcheck (bsc#1153258)
==== mozilla-nspr ====
Version update (4.21 -> 4.22)
- update to version 4.22
* added support for the ARC architecture
* removed support for the following platforms:
OSF1/Tru64, DGUX, IRIX, Symbian, BeOS
* correctness and build fixes
==== mozilla-nss ====
Version update (3.45 -> 3.46.1)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.46.1
* required by Firefox 70.0
Notable changes in 3.46
* The following CA certificates were Removed:
expired Class 2 Primary root certificate
expired UTN-USERFirst-Client root certificate
expired Deutsche Telekom Root CA 2 root certificate
Swisscom Root CA 2 root certificate
* Significant improvements to AES-GCM performance on ARM
Many bugfixes
Bug fixes in 3.46.1
* Soft token MAC verification not constant time (bmo#1582343)
* Remove arbitrary HKDF output limit by allocating space as needed
(bmo#1577953)
- requires NSPR 4.22
==== myspell-dictionaries ====
Version update (20190423 -> 20191016)
Subpackages: myspell-cs_CZ myspell-da_DK myspell-de myspell-de_DE myspell-el_GR myspell-en myspell-en_GB myspell-en_US myspell-es myspell-es_ES myspell-fr_FR myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-pl_PL myspell-pt_BR myspell-ru_RU
- Update to 20191016:
* Updated Slovenian thesaurus
* Update the da_DK dictionary
* Remove abbreviations from Thai hunspell dictionary
* Updated the English dictionaries: GB
* Fix logo management for "ca"
==== perl-HTTP-Cookies ====
Version update (6.04 -> 6.05)
- updated to 6.05
see /usr/share/doc/packages/perl-HTTP-Cookies/Changes
6.05 2019-10-24 02:21:51Z
- Fix GH#32 by checking for " as well as ; when splitting. (GH#49) (colinnewell)
- Fix GH#48 update documentation about $version (GH#55) (Dave Menninger)
- Fix broken README badge (GH#54) (Alex Peters)
- Whenever possible, use an absolute four digit year for Time::Local (GH#52) (Olaf Alders)
- Add test case for Issue #26 (GH#45) (George-NG)
- Long numbers (GH#47) (pludlamCVL)
- Cookies.pm: die if close on $fh in ->save fails (GH#46) (MCRayRay)
- Replace "use vars" with "our" (GH#43) (James Raspass)
- Fixed minor typo in the pod for HTTP::Cookies. (GH#39) (Mohammad S Anwar)
==== perl-Log-Dispatch ====
Version update (2.68 -> 2.69)
- updated to 2.69
see /usr/share/doc/packages/perl-Log-Dispatch/Changes
2.69 2019-10-25
- Fix a warning Log::Dispatch::Email::Mailsender (GH #57). Fixed by Graham
Knop. 58 #GH.
==== perl-Role-Tiny ====
Version update (2.001003 -> 2.001004)
- updated to 2.001004
see /usr/share/doc/packages/perl-Role-Tiny/Changes
2.001004 - 2019-10-25
- fix methods being excluded from composition if they previously existed in
the composing role (RT#130811)
- fix role application overwriting subs that are not considered methods
- fix helper subs created by a Role::Tiny extension (like Moo::Role)
sometimes being teated as methods
==== perl-libwww-perl ====
Version update (6.39 -> 6.41)
- updated to 6.41
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.41 2019-10-28 14:42:06Z
- Allow mirroring to files called '0' (GH#329) (Mark Fowler)
- updated to 6.40
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.40 2019-10-24 12:55:45Z
- Let Digest authentication act on nonce expiry (GH#313) (Frank Maas)
- Make file arg for mirror mandatory #304 (GH#326) (Julien Fiegehenn)
- Doc fix: fields starting with ":" have to be quoted (GH#324) (Slaven
Rezi?)
- Fix documentation for removing all handlers (GH#319) (leedo)
- Ensure proper version of Dist::Zilla::Plugin::MakeMaker::Awesome
- Add TravisCI testing for Perl v5.30
- Clean up .perltidyrc
==== php7 ====
Version update (7.3.10 -> 7.3.11)
Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-openssl php7-pdo php7-pear php7-pgsql php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zlib
- version update to 7.3.11: This is a security release which also
contains several bug fixes.
See https://www.php.net/ChangeLog-7.php#7.3.11
==== python-Jinja2 ====
Version update (2.10.1 -> 2.10.3)
- Update to 2.10.3:
* Fix Python 3.7 deprecation warnings.
* Using range in the sandboxed environment uses xrange on Python 2 to avoid memory use. :issue:`933`
* Use Python 3.7's better traceback support to avoid a core dump when using debug builds of Python 3.7. :issue:`1050`
* Fix a typo in Babel entry point in setup.py that was preventing installation.
- Remove merged python38.patch
==== python-attrs ====
Version update (19.1.0 -> 19.3.0)
- update to 19.3.0
* Fixed auto_attribs usage when default values cannot be compared directly
with ==, such as numpy arrays.
- update to version 19.2.0:
* Backward-incompatible Changes
+ Removed deprecated "Attribute" attribute "convert" per scheduled
removal on 2019/1. This planned deprecation is tracked in issue
`#307 <https://github.com/python-attrs/attrs/issues/307>`_.
`#504 <https://github.com/python-attrs/attrs/issues/504>`_
+ "__lt__", "__le__", "__gt__", and "__ge__" do not consider
subclasses comparable anymore. This has been deprecated since
18.2.0 and was raising a "DeprecationWarning" for over a year.
`#570 <https://github.com/python-attrs/attrs/issues/570>`_
* Deprecations
+ The "cmp" argument to "attr.s()" and "attr.ib()" is now
deprecated. Please use "eq" to add equality methods ("__eq__"
and "__ne__") and "order" to add ordering methods ("__lt__",
"__le__", "__gt__", and "__ge__") instead ? just like with
`dataclasses
<https://docs.python.org/3/library/dataclasses.html>`_. Both
are effectively "True" by default but it's enough to set
"eq=False" to disable both at once. Passing "eq=False,
order=True" explicitly will raise a "ValueError" though. Since
this is arguably a deeper backward-compatibility break, it will
have an extended deprecation period until 2021-06-01. After
that day, the "cmp" argument will be removed. "attr.Attribute"
also isn't orderable anymore. `#574
<https://github.com/python-attrs/attrs/issues/574>`_
* Changes
+ Updated "attr.validators.__all__" to include new validators
added in `#425`_. `#517
<https://github.com/python-attrs/attrs/issues/517>`_
+ Slotted classes now use a pure Python mechanism to rewrite the
"__class__" cell when rebuilding the class, so "super()" works
even on environments where "ctypes" is not installed. `#522
<https://github.com/python-attrs/attrs/issues/522>`_
+ When collecting attributes using "@attr.s(auto_attribs=True)",
attributes with a default of "None" are now deleted too. `#523
<https://github.com/python-attrs/attrs/issues/523>`_, `#556
<https://github.com/python-attrs/attrs/issues/556>`_
+ Fixed "attr.validators.deep_iterable()" and
"attr.validators.deep_mapping()" type stubs. `#533
<https://github.com/python-attrs/attrs/issues/533>`_
+ "attr.validators.is_callable()" validator now raises an
exception "attr.exceptions.NotCallableError", a subclass of
"TypeError", informing the received value. `#536
<https://github.com/python-attrs/attrs/issues/536>`_
+ "@attr.s(auto_exc=True)" now generates classes that are hashable
by ID, as the documentation always claimed it would. `#543
<https://github.com/python-attrs/attrs/issues/543>`_, `#563
<https://github.com/python-attrs/attrs/issues/563>`_
+ Added "attr.validators.matches_re()" that checks string
attributes whether they match a regular expression. `#552
<https://github.com/python-attrs/attrs/issues/552>`_
+ Keyword-only attributes ("kw_only=True") and attributes that are
excluded from the "attrs"'s "__init__" ("init=False") now can
appear before mandatory attributes. `#559
<https://github.com/python-attrs/attrs/issues/559>`_
+ The fake filename for generated methods is now more stable. It
won't change when you restart the process. `#560
<https://github.com/python-attrs/attrs/issues/560>`_
+ The value passed to "@attr.ib(repr=?)" can now be either a
boolean (as before) or a callable. That callable must return a
string and is then used for formatting the attribute by the
generated "__repr__()" method. `#568
<https://github.com/python-attrs/attrs/issues/568>`_
+ Added "attr.__version_info__" that can be used to reliably check
the version of "attrs" and write forward- and
backward-compatible code. Please check out the `section on
deprecated APIs
<http://www.attrs.org/en/stable/api.html#deprecated-apis>`_ on
how to use it. `#580
<https://github.com/python-attrs/attrs/issues/580>`_
==== python-base ====
Version update (2.7.16 -> 2.7.17)
Subpackages: libpython2_7-1_0 python-xml
- Update to 2.7.17:
- a bug fix release in the Python 2.7.x series. It is expected
to be the penultimate release for Python 2.7.
- Removed patches included upstream:
- CVE-2018-20852-cookie-domain-check.patch
- CVE-2019-16935-xmlrpc-doc-server_title.patch
- CVE-2019-9636-netloc-no-decompose-characters.patch
- CVE-2019-9947-no-ctrl-char-http.patch
- CVE-2019-9948-avoid_local-file.patch
==== python-brotlipy ====
- Replace builtin libbrotli v0.6 with system libbrotli 1.x with patches:
- merged_pr_94.patch
- pr_154-brotli-v1.patch
- Remove build dependency stdc++
- Remove brotli/build.py from installed package
==== python-cffi ====
Version update (1.12.3 -> 1.13.0)
Subpackages: python2-cffi python3-cffi
- Update to 1.13.0:
* No changelog provided upstream
==== python-chardet ====
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
==== python-cryptography ====
Version update (2.7 -> 2.8)
Subpackages: python2-cryptography python3-cryptography
- update to 2.8
* Added support for Python 3.8.
* Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
* Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
* We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
* Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
* cryptography no longer depends on asn1crypto.
* FreshestCRL is now allowed as a CertificateRevocationList extension.
==== python-ecdsa ====
Version update (0.13.2 -> 0.13.3)
Subpackages: python2-ecdsa python3-ecdsa
- updated to 0.13.3 (bsc#1153165)
+ CVE-2019-14853 DOS atack during signature decoding
+ CVE-2019-14859 signature malleability caused by insufficient checks
of DER encoding
==== python-jedi ====
- Skip TestSetupReadline.test_import because of gh#davidhalter/jedi#1429
==== python-matplotlib ====
Subpackages: python3-matplotlib python3-matplotlib-cairo python3-matplotlib-gtk3
- Disable Qt4 on Leap 15.2+
==== python-mypy_extensions ====
Version update (0.4.1 -> 0.4.3)
- update to 0.4.3
- removed redudant LICENSE file
==== python-numpy ====
- riscv.patch: Remove obsolete patch
==== python-olefile ====
Subpackages: python2-olefile python3-olefile
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
==== python-pip ====
Version update (19.2.2 -> 19.3.1)
- Update to version 19.3.1
* Document Python 3.8 support.
* Fix bug that prevented installation of PEP 517 packages without setup.py.
* Remove undocumented support for un-prefixed URL requirements pointing to SVN repositories.
* Remove the deprecated --venv option from pip config.
* Make pip show warn about packages not found.
* Abort installation if any archive contains a file which would be placed outside the extraction location.
* pip's CLI completion code no longer prints a Traceback if it is interrupted.
* Ignore errors copying socket files for local source installs (in Python 3).
* Skip copying .tox and .nox directories to temporary build directories
* Ignore "require_virtualenv" in pip config
==== python-pyparsing ====
Subpackages: python2-pyparsing python3-pyparsing
- Do not pull in setuptools dependency at all to avoid cycles
==== python-python-dateutil ====
Subpackages: python2-python-dateutil python3-python-dateutil
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
==== python-requests ====
- Add two patches only updating test logic to remove pytest 3 pin
- merged_pr_5049.patch
- pr_5251-pytest5.patch
==== python-urllib3 ====
- Require a new enough release of python-six. 1.25.6 needs at least
1.12.0 for ensure_text() and friends.
==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-lang systemd-logger systemd-sysvinit udev
- Drop 0001-compat-rules-escape-when-used-for-shell-expansion.patch
It's part of the previous import.
- Import commit b7467b7b553d6d0d6f92758d966b69f1a88b6b42
441f44f371 fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495)
8a1bb5c66b swap: do not make swap units wanted by its device unit anymore
- Import commit 5df9000899ef7d45ddbcacd0fdf73afa07a40f6b
f0ed7237e4 udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
b37054aa5a compat-rules: escape '$' when used for shell expansion
Changes from the v243-stable:
ef677436aa test: Pass personality test even when i686 userland runs on x86_64 kernel
3f6398c450 docs: fix inadvertent change in uid range
25bb377a73 cgroup: fix typo in BPF firewall support warning message
6d97aca0d5 fix build with compilers with default stack-protector enabled
fbad077cec nspawn: surrender controlling terminal to PID2 when using the PID1 stub
0553c3c668 pid1: fix DefaultTasksMax initialization
f406a691a7 src/core/automount: use DirectoryMode when calling mkdir -p
20438f96c3 udevadm trigger: do not propagate EACCES and ENODEV
6480630bc3 hwdb: Correct WWWW Pattern In Documentation Comment
9d8e889810 nspawn: consistenly fail if parsing the environment fails
40e169b304 nspawn: default to unified hierarchy if --as-pid2 is used
b5df1037a0 cgroup: Mark memory protections as explicitly set in transient units
f14e3e02cc cgroup: Respect DefaultMemoryMin when setting memory.min
ea248e53bf cgroup: Check ancestor memory min for unified memory config
de1d25a506 cgroup: docs: memory.high doc fixups
2ab45f38d8 cgroup: docs: Mention unbounded protection for memory.{low,min}
19a43dc38a Consider smb3 as remote filesystem
5c0224c7bf Handle d_type == DT_UNKNOWN correctly
8282bc61df util-lib: Don't propagate EACCES from find_binary PATH lookup to caller
9d0ae987a6 network: drop noisy log message
f67f0e4ec4 Updated log message when the timesync happens for the first time (#13624)
e151bf4674 units: make systemd-binfmt.service easier to work with no autofs
2b8e574d82 Corect man page reference in systemd-nologin.conf comments
a0577353f1 man: Add a missing space in machinectl(1)
693e983988 log: Add missing "%" in "%m" log format strings
ea7151b8c4 pid1: do not warn if /run/systemd/relabel-extra.d/ doesn't exist
b90549290e man: fix typo
- Remove intltool BuildRequires, not needed since v237
- Use python3-base BuildRequires instead of full python3
==== tcpdump ====
- Trim CFLAGS
==== twolame ====
Version update (0.3.13 -> 0.4.0)
- Drop sourceforge download URL that doesn't work any longer...
- Update to version 0.4.0
* Added free format encoding (now up to 450 kbps)
* Added DAB utility methods for ScF-CRC handling
* Added `twolame_get_original()` and `twolame_set_original()`
* Added `twolame_get_extension()` and `twolame_set_extension()`
* Bundled .spec file in tarball for building RPM for twolame
* Make libsndfile dependency (and therefore the frontend)
optional
* Fixed VBR encoding
* Fixed setting for error protection flag
* New check for invalid bitrate/channel encoder settings
* New checks against failed memory allocations
* Fixed padding policy (now adding an empty slot)
* Fixed build when maintainer mode is disabled
* Fixed scaling of floating point input source through
libsndfile
* Removed `slotinfo` global variables to fix thread safety bug
* Switched to handling reading from STDIN using libsndfile
* Fix for potential buffer overrun relating to `MAX_NAME_SIZE`
in CLI tool
* Install AUTHORS, COPYING, README, NEWS in
`$prefix/share/doc/twolame/`
* Zero the whole of the data structure when calling
`twolame_init()`
* Prefixed all global symbols with `twolame_` to prevent
symbol conflicts
* Fix for `twolame_get_framelength()` returning the correct
frame size when padding is enabled
* Fix progress counter in twolame CLI
* Fix compilation on mingw or mxe cross compiler
* Fix symbols visibility on Windows
* Add `-no-undefined` for compilation on Windows
* Added `win32-dll` option to `LT_INIT`
* Compiler and Valgrind warning fixes
* Various other minor fixes
- Spec cleanup
==== valgrind ====
- move s390-*xml files to main package (bsc#1147071)
==== vim ====
Version update (8.1.2148 -> 8.1.2233)
Subpackages: gvim vim-data vim-data-common
- Updated to version 8.1.2233, fixes the following problems
- dropped python38-config.patch (upstream merged)
- refreshed disable-unreliable-tests.patch and vim-8.0.1568-defaults.patch
* No test for right click extending Visual area.
* Crash when running out of memory very early.
* No test for 'ttymouse' set from xterm version response.
* State test is a bit flaky.
* Combining text property and syntax highlight is wrong. (Nick Jensen)
* Quickfix window height wrong when there is a tabline. (Daniel Hahler)
* In a terminal window 'cursorlineopt' does not work properly.
* First character after Tab is not highlighted.
* Libvterm source files missing from distribution.
* Terminal attributes missing in Terminal-normal mode.
* Some mappings are listed twice.
* Cannot build with +syntax but without +terminal.
* Mapping test fails.
* Popup resize test is flaky. (Christian Brabandt)
* Cannot build with +spell but without +syntax.
* Stuck when using "j" in a popupwin with popup_filter_menu if a line wraps.
* Rubyeval() not tested as a method.
* Mapping test fails on MS-Windows.
* Heredoc assignment not skipped in if block.
* Terminal flags are never reset.
* Cannot build without the +termresponse feature.
* Mouse support not always available.
* Spell highlight is wrong at start of the line.
* Searchit() has too many arguments.
* Screen not recognized as supporting "sgr" mouse codes.
* Meson files are not recognized.
* Syntax attributes not combined with Visual highlighting. (Arseny Nasokin)
* Dart files are not recognized.
* Accessing uninitialized memory in test.
* Pressing "q" at the more prompt doesn't stop Python output. (Daniel Hahler)
* Error E303 is not useful when 'directory' is empty.
* Highlighting wrong when item follows tab.
* Test42 seen as binary by git diff.
* Running a test is a bit verbose.
* Option context is not copied when splitting a window. (Daniel Hahler)
* Syntax test fails.
* Cannot build without the +eval feature.
* Error for bad regexp even though regexp is not used when writing a
file. (Arseny Nasokin)
* Build error for missing define.
* Syntax highlighting wrong for tab.
* Syntax test fails on Mac.
* When using modifyOtherKeys CTRL-X mode may not work.
* Cannot easily fill the info popup asynchronously.
* Popup_setoptions(popup_getoptions()) does not work.
* ModifyOtherKeys is not enabled by default.
* Vim does not exit when closing a terminal window and it is the last window.
* ExitPre autocommand may cause accessing freed memory.
* Crash when using :center in autocommand.
* Build failure when using normal features without GUI and EXITFREE defined.
* Crash when memory allocation fails.
* Cannot build with dynamically linked Python 3.8.
* Running libvterm tests without the +terminal feature.
* Crash on exit when closing terminals. (Corey Hickey)
* Sign entry structure has confusing name.
* No test for fixed issue #3893.
* "gn" doesn't work quite right. (Jaehwang Jerry Jung)
* Unix: Tabs in output might be expanded to spaces.
* LF in escape codes may be expanded to CR-LF.
* Using negative offset for popup_create() does not work.
* Listener callback "added" argument is not the total. (Andy Massimino)
* Cannot see the selection type in :reg output. (Ayberk Ayd?n)
* Popup_textprop tests fail.
* Too much is redrawn when 'cursorline' is set.
* Unreachable code in adjusting text prop columns.
* Text property in wrong place after :substitute.
* Compiler warning for unused variable.
* "gN" is off by one in Visual mode.
* No autocommand for open window with terminal.
* :cfile does not abort like other quickfix commands.
* Cannot filter :disp output.
* Accessing invalid memory. (Dominique Pelle)
* Cannot see what buffer an ml_get error is for.
* Cannot build Amiga version.
* The "last used" info of a buffer is under used.
* Cannot use system copy/paste in non-xterm terminals.
* Layout wrong if 'lines' changes while cmdline window is open.
* screenpos() returns wrong values when 'number' is set. (Ben Jackson)
* Cannot color number column above/below cursor differently.
* Not easy to move to the middle of a text line.
* Cannot get the Vim command line arguments.
==== wireshark ====
Version update (3.0.5 -> 3.0.6)
Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt
- wireshark 3.0.6:
* extcap: Several issues when capturing from multiple extcap interfaces.
* Expert Infos Incorrectly Displays Info Column instead of comment.
* Wireshark does not support USB packets with size greater than 256 KiB.
* IS-IS: add support for decoding TE TLV Type 138 as per RFC 5307.
- Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
==== xen ====
Subpackages: xen-libs xen-tools xen-tools-domU
- Add python38-build.patch fixing build with Python 3.8 (add
- -embed to python-config call)
==== yast2 ====
Version update (4.2.29 -> 4.2.30)
Subpackages: yast2-logs
- fix showing release notes for online upgrade (bsc#1155134)
- 4.2.30
==== zlib ====
Subpackages: libminizip1 libz1 libz1-32bit zlib-devel
- Update the zlib-no-version-check.patch to be even more forgiving
with the versions on the zlib to allow updates without rebuilds
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
11
27
11 Nov '19
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
LibVNCServer
apulse
autoconf
autoconf-el
bogofilter
bzip2
chrony
elementary-xfce-icon-theme (0.13.1+git37.828aa1a8 -> 0.14+git5.36fd0049)
erofs-utils (0.1+20190826 -> 1.0)
git (2.23.0 -> 2.24.0)
hivex
libdrm
libglvnd
libmfx
libva
libva-gl
libwebp
llvm9
mhvtl
openconnect (8.03 -> 8.05)
ovmf
perl-Cpanel-JSON-XS (4.15 -> 4.17)
publicsuffix (20190808 -> 20191025)
python-rpm-macros (20190610.2ee3233 -> 20191104.08e6493)
qemu
qemu-linux-user
rebootmgr (0.20 -> 0.20.1)
system-tuning-common-SUSE
texinfo (6.6 -> 6.7)
v4l-utils
xdg-utils
xreader
=== Details ===
==== LibVNCServer ====
- turn the test suite on
- security update
- added patches
CVE-2019-15681 [bsc#1155419]
+ LibVNCServer-CVE-2019-15681.patch
==== apulse ====
Subpackages: apulse-32bit
- add apulse-fix-pulse-13.patch to fix build against PA 13
- Remove obsolete Groups tag (fate#326485)
==== autoconf ====
- Fix testsuite with Bash 5, add port-tests-to-bash-5.patch
- Require perl-base instead of perl, none of the additional modules
are required.
- Remove obsolete Groups tag (fate#326485)
==== autoconf-el ====
- Fix testsuite with Bash 5, add port-tests-to-bash-5.patch
- Require perl-base instead of perl, none of the additional modules
are required.
- Remove obsolete Groups tag (fate#326485)
==== bogofilter ====
Subpackages: bogofilter-common bogofilter-db
- Remove obsolete Groups tag (fate#326485)
==== bzip2 ====
Subpackages: libbz2-1 libbz2-1-32bit libbz2-devel
- Use correct version in autotools patchset
M bzip2-1.0.6.2-autoconfiscated.patch
==== chrony ====
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
==== elementary-xfce-icon-theme ====
Version update (0.13.1+git37.828aa1a8 -> 0.14+git5.36fd0049)
- Update to version 0.14+git5.36fd0049:
* Drop Firefox icon
- Update to version 0.14+git4.5c874a03:
* fix nm-device-wired 16px light icon colors
* make nm-device-wired dark icon 16px match 22px style
* Make 24px home folder consistent with 16px
* Make 16-24px Music folder blue for better contrast on dark background
* make nm-device-wired icon 16px match 22px style
* Added nm-applet wired symbolic icon
* Improve sizing and alignment of thunderbird icon
* thunderbird png -> svg
* New thunderbird icon
- Update to version 0.14+git4.5c874a03:
* fix nm-device-wired 16px light icon colors
* make nm-device-wired dark icon 16px match 22px style
* make nm-device-wired icon 16px match 22px style
==== erofs-utils ====
Version update (0.1+20190826 -> 1.0)
- Update to release 1.0
* list available compressors for help command
* introduce long parameter option
* introduce shared xattr support
* introduce inline xattr support
* fix old kernel compatibility for non-lz4 compression
* introduce fixed UNIX timestamp
* complete extended inode support
* support 64-bit internal buffer cache
* keep up with in-kernel ondisk format naming
* resize image to the correct size
* complete special file support
- Drop long.patch (merged upstream)
==== git ====
Version update (2.23.0 -> 2.24.0)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk
- 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch: Don't remove
"-x manpage.xsl" option
- BuildRequire docbook5-xsl-stylesheets
- git 2.24.0
* The command line parser learned "--end-of-options" notation.
* A mechanism to affect the default setting for a (related) group of
configuration variables is introduced.
* "git fetch" learned "--set-upstream" option to help those who first
clone from their private fork they intend to push to, add the true
upstream via "git remote add" and then "git fetch" from it.
* fixes and improvements to UI, workflow and features, bash completion fixes
- modified patch 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch
* part of it merged upstream
* the Makefile attempted to download some documentation, banned
==== hivex ====
- Fix bytecode build
- Remove defattr and BuildRoot
- disablement of lto comes via ocaml macros
==== libdrm ====
Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1
- This release includes support for latest Intel GPUs
(jsc#SLE-7962, jsc#SLE-8024, jsc#SLE-8022, jsc#SLE-10182,
jsc#SLE-4989, jsc#SLE-4983, bsc#1137515)
==== libglvnd ====
Subpackages: libglvnd-32bit
- This release is needed for latest Mesa update in order to
support latest GPUs including Intel (jsc#SLE-7962, jsc#SLE-8024,
jsc#SLE-8022, jsc#SLE-10182)
==== libmfx ====
Subpackages: libmfx1
- This release fullfills requirements for jsc#SLE-8841
==== libva ====
Subpackages: libva-drm2 libva-x11-2 libva2
- This release is needed for latest intel-media-driver update
(jsc#SLE-8838)
==== libva-gl ====
Subpackages: libva-glx2 libva-wayland2
- This release is needed for latest intel-media-driver update
(jsc#SLE-8838)
==== libwebp ====
Subpackages: libwebp7 libwebpdemux2 libwebpmux3
- Disable LTO (boo#1155449) for ARM targets.
==== llvm9 ====
Subpackages: clang9 clang9-checker clang9-doc libLLVM9 libLTO9 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang9
- Add openmp-export-fini.patch: Export termination function for
libomp.so, solves boo#1155108.
- Remove flaky test case in libcxx.
- Fix typo, BOLL -> BOOL
==== mhvtl ====
- Use the correct macro for systemd generator directory
==== openconnect ====
Version update (8.03 -> 8.05)
Subpackages: libopenconnect5 openconnect-lang
- No need to ship hipreport-android.sh as it is intented for
android systems only
- Update to 8.0.5:
* Minor fixes to build on specific platforms
- Use python3 to generate the web data as now it is supported
by upstream
==== ovmf ====
Subpackages: qemu-ovmf-x86_64
- Use the same x86 4MB firmware names as the ones in the previous
version (< stable201905) for backward compatibility
- Disable TLS for IA32(i586) to avoid exceeding the size limitation
while using the tool chain from SLE15-SP2/openSUSE Leap 15.2
- Add ovmf-bsc1153072-fix-invalid-https-cert.patch to reject the
invalid server certificates for HTTPS Boot
(bsc#1153072, CVE-2019-14553)
==== perl-Cpanel-JSON-XS ====
Version update (4.15 -> 4.17)
- updated to 4.17
see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
4.17 2019-11-04 (rurban)
- Add Changes tests and fixups (see #155)
4.16 2019-11-04 (rurban)
- Use Perl_strtod instead of self-made atof (via pow), to
minimize differences from core string-to-float conversions.
(#154). Fixes float representation regressions (in the 1e-6
to 1e-16 range) since 5.22.
==== publicsuffix ====
Version update (20190808 -> 20191025)
- Update to version 20191025:
* gTLD list updated to 2019-10-24 state
* Update .so suffix list
* Add the new TLD .ss
* Add xn--mgbah1a3hjkrd (?????????)
* Add lolipop.io
* Add altervista.org
* Remove zone.id from list
* Add new domain to Synology dynamic dns service
==== python-rpm-macros ====
Version update (20190610.2ee3233 -> 20191104.08e6493)
- Update to version 20191104.08e6493:
* %pyproject_install macro should include --no-compile.
* Recognise the _ for the macro arguments too
==== qemu ====
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-vgabios qemu-vhost-user-gpu qemu-x86
- Fix two issues with qcow2 image processing which could affect
disk integrity
qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
- Work around a host kernel xfs bug which can result in qcow2 image
corruption
block-io-refactor-padding.patch
util-iov-introduce-qemu_iovec_init_exten.patch
block-Make-wait-mark-serialising-request.patch
block-Add-bdrv_co_get_self_request.patch
block-file-posix-Let-post-EOF-fallocate-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Correct package names in _constraints after switch to multibuild.
==== qemu-linux-user ====
- Fix two issues with qcow2 image processing which could affect
disk integrity
qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
- Work around a host kernel xfs bug which can result in qcow2 image
corruption
block-io-refactor-padding.patch
util-iov-introduce-qemu_iovec_init_exten.patch
block-Make-wait-mark-serialising-request.patch
block-Add-bdrv_co_get_self_request.patch
block-file-posix-Let-post-EOF-fallocate-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Correct package names in _constraints after switch to multibuild.
==== rebootmgr ====
Version update (0.20 -> 0.20.1)
- Update to version 0.20.1
- added a memory allocation check
==== system-tuning-common-SUSE ====
- fix variable expansion in 80-hotplug-cpu-mem.rules (boo#1154655)
==== texinfo ====
Version update (6.6 -> 6.7)
Subpackages: info info-std makeinfo
- update to 6.7:
* support of index subentries and sub-subentries with @subentry
* new commands @seeentry and @seealso in index entries
* UTF-8 is the default input encoding
* updates to HTML output of texi2any
* support of noderename.cnf files has been removed
* INPUT_PERL_ENCODING, INPUT_ENCODING_NAME, NODE_FILE_EXTENSION,
NODE_FILENAMES, SHORTEXTN and TOP_NODE_FILE removed as
customization variables
* TOP_NODE_FILE_TARGET now contains the extension
* texi2dvi: unconditionally run in --batch mode, ignore TeX errors
* info: for a tree search (with M-/), '}' and '{' work as well
as 'M-}' and 'M-{' to go through the results
==== v4l-utils ====
Subpackages: libv4l libv4l1-0 libv4l2-0 libv4lconvert0
- add v4l-utils-32bitfix.patch (boo#1109541)
==== xdg-utils ====
- Add 0001-Don-t-run-kreadconfig-if-KDE_SESSION_VERSION-is-5.patch
to read the KDE Frameworks config file if necessary (boo#1155462)
==== xreader ====
Subpackages: libxreaderdocument3 libxreaderview3 xreader-lang xreader-plugin-epubdocument xreader-plugin-pdfdocument xreader-plugin-psdocument xreader-plugin-tiffdocument xreader-plugin-xpsdocument
- Remove Requires: xreader-backends from xreader-devel
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
1
0
Hello,
while trying to upgrade Python in Factory to 3.8 we got this
beauty
https://build.opensuse.org/project/staging_projects/openSUSE:Factory/A
Could I ask anybody who has any free work cycles to take a look
and help with fixing those failing packages, please?
Also, please, set check_for_request_on_action = 1 in ~/.oscrc
(or ~/.config/osc/oscrc), many of these packages have requests
fixing the issues, which have not been included in the current
Staging yet.
Thank you very much for any help,
Matěj
--
https://matej.ceplovi.cz/blog/, Jabber: mcepl(a)ceplovi.cz
GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8
Anger is often what pain looks like when it shows itself in public.
-- Krista Tippett
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
3
3
10 Nov '19
Hello,
I got this today and this message is new to me: "Unable to submit: The
target project openSUSE:Leap:15.0:NonFree:Update is a maintenance
release project, a submit self is not possible, please use the
maintenance workflow instead."
What I wanted to do: Update Opera to version 64.0.3417.92, because the
update contains fixes for CVE-2019-13721 and CVE-2019-13720.
What is the correct way to do this?
Thank you,
Carsten
--
> Linux is not user-friendly.
It _is_ user-friendly. It is not ignorant-friendly and idiot-friendly.
-- Seen somewhere on the net
2
2
[opensuse-factory] openSUSE:Factory - Build fail notification
by DimStar / Dominique Leuenberger 09 Nov '19
by DimStar / Dominique Leuenberger 09 Nov '19
09 Nov '19
Dear Package maintainers and hackers.
Below package(s) in openSUSE:Factory have been failing to build for at
least 4 weeks. We tried to send out notifications to the
configured bugowner/maintainers of the package(s), but so far no
fix has been submitted. This probably means that the
maintainer/bugowner did not yet find the time to look into the
matter and he/she would certainly appreciate help to get this
sorted.
- openlmi-providers
- python-espressopp
Unless somebody is stepping up and submitting fixes, the listed
package(s) are going to be removed from openSUSE:Factory.
Kind regards,
DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>
1
0