Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20160520 Packages changed: MozillaFirefox (46.0 -> 46.0.1) MozillaThunderbird (38.7.2 -> 45.1.0) aisleriot (3.20.1 -> 3.20.2) amarok apache2 desktop-file-utils empathy (3.12.11 -> 3.12.12) gnome-music (3.20.0 -> 3.20.2) gnome-shell (3.20.1 -> 3.20.2) gnome-software gnome-terminal (3.20.1 -> 3.20.2) gnome-themes-standard (3.20 -> 3.20.2) kgamma5 (5.6.3 -> 5.6.4) libgcrypt libinput (1.2.3 -> 1.3.0) meld mutter (3.20.1 -> 3.20.2) openldap2 orca (3.20.1 -> 3.20.2) vte (0.44.1 -> 0.44.2) xcb-util-cursor (0.1.2 -> 0.1.3) xproto (7.0.28 -> 7.0.29) === Details === ==== MozillaFirefox ==== Version update (46.0 -> 46.0.1) Subpackages: MozillaFirefox-translations-common - update to Firefox 46.0.1 Fixed: * Search plugin issue for various locales * Add-on signing certificate expiration * Service worker update issue * Build issue when jit is disabled * Limit Sync registration updates - removed now obsolete mozilla-jit_branch64.patch ==== MozillaThunderbird ==== Version update (38.7.2 -> 45.1.0) Subpackages: MozillaThunderbird-translations-common - Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g. xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info). - update to Thunderbird 45.1.0 (boo#977333) * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376) Miscellaneous memory safety hazards - For openSUSE > 13.2, the build fails for i586 as it goes out of memory. Prevent this from happening by disabing parallel build in this particular case (i.e. do not pass mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}). - update to Thunderbird 45.0 (boo#969894) * Add a Correspondents column combining Sender and Recipient * Much better support for XMPP chatrooms and commands * Remote content exceptions: Improved options to add exceptions * Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text * Use OpenStreetmap for maps (even allow the user to choose from list of map services) * Allow spell checking and dictionary selection in the subject line * Allow editing of From when composing a message * Add dropdown in compose to allow specific setting of font size * Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break) * Allow copying of name and email address from the message header of an email * Mail.ru supports OAuth authentication * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library - remove obsolete patches: * mozilla-arm-disable-edsp.patch * mozilla-icu-strncat.patch * mozilla-arm64-libjpeg-turbo.patch - added required mozilla platform patches: * mozilla-no-stdcxx-check.patch ==== aisleriot ==== Version update (3.20.1 -> 3.20.2) Subpackages: aisleriot-themes - Update to version 3.20.2: + Updated appdata to latest specification. + build: Treat precious variables correctly. + Updated translations. ==== amarok ==== - Use share-mime-info macros (boo#979301) ==== apache2 ==== Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils - start apache services after remote-fs [bsc#978543] ==== desktop-file-utils ==== - Add desktop-file-utils-fdo94303-fix-buffer-over-read.patch (fdo#94303). ==== empathy ==== Version update (3.12.11 -> 3.12.12) Subpackages: telepathy-mission-control-plugin-goa - Recommends geoclue2 now, empathy no longer uses geoclue. - Update to version 3.12.12: + Fix pkg-config usage (bgo#761000). + The minimum value of an uint64_t is 0, not G_MININT32 (bgo#762735). + Hardcoding #!/usr/bin/python is not portable (bgo#762737). + Fix -Werror build for clang (bgo#762738). + Add the Rizon IRC network to the list of IRC networks (bgo#764438). + GCC 5 generates a type-limits warning in tpaw-account-settings.c (bgo#765022). + Empathy uses deprecated webkit functions (bgo#765024). + Gnome-shell Wayland application tracking broken for Empathy (bgo#766285). + Empathy dumps core when running on Wayland compositor (bgo#708170). + Updated translations. - Drop empathy-fix-icons-in-search-bar.patch, empathy-Don-t-crash-in-window_get_workspace-under-Wayland.patch, empathy-Fix-a-critical-warning.patch, empathy-Don-t-call-XInitThreads-in-Wayland.patch, empathy-Avoid-warning-spam-from-GtkStyleContext-with-GTK-3.20.patch and empathy-Add-a-missing-tag-to-the-AppData-file.patch, all fixed upstream. ==== gnome-music ==== Version update (3.20.0 -> 3.20.2) - Update to version 3.20.2: + Port to Gio GDBUS API (bgo#705069). + Clarify jhbuild instructions in README (bgo#763618). + Emit playback-status-changed after playlist ends (bgo#755089). + Accept response on row-activated in Playlist Dialog (bgo#744820). + Bump Gtk+ minimum version to 3.19.3 (bgo#765598). + Stop the player when destroying window (bgo#761961). + Updated translations. ==== gnome-shell ==== Version update (3.20.1 -> 3.20.2) Subpackages: gnome-shell-browser-plugin gnome-shell-calendar - Add gnome-shell-cogl-nvidia-fixes.patch: Init framebuffer early to fix gnome-shell crash on NVIDIA drivers (boo#976871, bgo#764898). - Update to version 3.20.2: + Save screencasts in HOME if XDG_VIDEO_DIR doesn't exist (bgo#765015). + Don't show orientation lock when g-s-d won't rotate (bgo#765267). + Misc. bug fixes: bgo#722752, bgo#765061, bgo#763068, bgo#765607, bgo#757676. + Updated translations. - Conditionally apply translations-update-upstream BuildRequires and macro for non-openSUSE only. ==== gnome-software ==== - Add commits from upstream fixing various issues: + gs-Fix-underlinking.patch: Fix underlinking in the packagekit-origin plugin. + gs-Fix-xdg-app-build.patch: Fix the xdg-app build. + gs-Fix-a-possible-crasher.patch: Fix a possible crash in review ratings. - Add gnome-common BuildRequires, and pass autoreconf since two of the above patches touch the buildsystem. ==== gnome-terminal ==== Version update (3.20.1 -> 3.20.2) Subpackages: gnome-shell-search-provider-gnome-terminal nautilus-extension-terminal - Update to version 3.20.2: + server: Add a systemd user service (bgo#759115). + window: - Fix relief on tab menu button. - Set widget CSS name. + nautilus: Fix handing sftp folders with % character. + Fix GSettings default value translations. + Updated translations. ==== gnome-themes-standard ==== Version update (3.20 -> 3.20.2) Subpackages: gnome-themes-accessibility gnome-themes-accessibility-gtk2 gtk2-metatheme-adwaita gtk2-theming-engine-adwaita gtk3-metatheme-adwaita metatheme-adwaita-common - Update to version 3.20.2: + Scrollbar tweaks. + Makefile updates. + Updated translations. ==== kgamma5 ==== Version update (5.6.3 -> 5.6.4) - Update to 5.6.4 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.4.php ==== libgcrypt ==== Subpackages: libgcrypt-devel libgcrypt20 libgcrypt20-32bit - remove conditionals for unsupported distributions (before 13.2), it would not build anyway because of new dependencies - make the -hmac package depend on the same version of the library, fixing bsc#979629 FIPS: system fails to reboot after installing fips pattern ==== libinput ==== Version update (1.2.3 -> 1.3.0) Subpackages: libinput-devel libinput-udev libinput10 - Update to new upstream release 1.3.0 * touchpad: exclude Logitech touchpads from disable-while-typing - Update to new upstream release 1.2.902 * Support for so-called tablet pads, i.e. the actual tablet part of a graphics tablet. * Addition of middle buttons for touchpads with a software button area. Previously, a middle button could be triggered by pressing with a finger in the left and right button area simultanously. Too many touchpads are unable to reliably detect both fingers. The middle button area is always available when software buttons are enabled and encompasses the center 15?20mm on the touchpad. * Touchscreens that have a fuzz value set on the kernel device are now defuzzed in libinput, thus stopping pointer wobbles previously seen when holding the finger still. Note that libinput does not _set_ the fuzz value, it merely uses it. Employ a udev rule or hwdb entry to set this on your device if needed. - Update to new upstream release 1.2.4 * The top software button area on the T440-series touchpads is now 30mm high when the touchpad is disabled to make it easier to hit those buttons. * The udev hwdb entries for the Chromebooks were updated to accommodate for udev's silent replacing of non-alphanumeric characters with '_'. * Added a fuzz filter to tablet devices. ==== meld ==== Subpackages: meld-lang - Add meld-add_osc_to_vcs_list.patch: + Add .osc folder to the list of files ignored as option 'VCS'. ==== mutter ==== Version update (3.20.1 -> 3.20.2) Subpackages: libmutter0 mutter-data typelib-1_0-Meta-3_0 - Update to version 3.20.2: + Notify clients of pending modifier state changes (bgo#748526). + Add get_is_builtin_display_on() method (bgo#765267). + Fix 2-finger titlebar taps on wayland (bgo#764519). + Misc. bug fixes: bgo#765058, bgo#765252, bgo#765062. + Updated translations. - Conditionally apply translations-update-upstream BuildRequires and macro for non-openSUSE only. ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408. ==== orca ==== Version update (3.20.1 -> 3.20.2) - Update to version 3.20.2: + Performance: - Take interfaces into account when looking for non-descendable descendants. - Cache results of shouldInferLabelFor(). - Cache results when filtering contents for presentation. - Give findObjectInContents() smarts for embedded children. - Check setting before generating spoken indentation information. + General: - Add explicit handling for tree items. - Work around another instance of app-created duplicate accessible objects. - Eliminate double presentation of inferred labels. - Work around GNOME Shell's broken text interface for word echo. - Fix desktop file keywords in Slovenian translation. - Handle another instance of an app becoming non-responsive. + Updated translations. - Require python3-gobject-Gdk, since gdk/gtk bindings are now split off from python-gobject. ==== vte ==== Version update (0.44.1 -> 0.44.2) Subpackages: glade-catalog-vte libvte-2_91-0 typelib-1_0-Vte-2.91 vte-devel - Update to version 0.44.2: + emulation: - Swallow urxvt OSC 777. - Don't use smart tabs if the cells are already in use. - Fix Tab not to alter the background color. + terminal: - Fix search return value. - Fix ::get_text start column not to be negative. + test: Typo fix. + build: Fix the build when an older vte VAPI is present on the system. ==== xcb-util-cursor ==== Version update (0.1.2 -> 0.1.3) - Update to version 0.1.3: * Add a --with-cursorpath option to configure ==== xproto ==== Version update (7.0.28 -> 7.0.29) - Update to version 7.0.29: + Incorrect guard block in HPkeysym.h + Don't let XFD_SETSIZE exceed FD_SETSIZE + Raise the number of FD on WIN32 as well -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org