Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20191230 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (70.0.1 -> 71.0) MozillaThunderbird (68.3.0 -> 68.3.1) clamav exim (4.92.2 -> 4.93) gnome-menus-branding-openSUSE gvfs perl-Mojolicious (8.27 -> 8.29) perl-Template-Toolkit (2.29 -> 3.003) xdg-desktop-portal (1.4.2 -> 1.6.0) xdg-desktop-portal-gtk (1.4.0 -> 1.6.0) yast2-control-center (4.2.2 -> 4.2.3) === Details === ==== MozillaFirefox ==== Version update (70.0.1 -> 71.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 rust/cargo >= 1.37 - reactivate webrtc for platforms where it was disabled - updated create-tar.sh to cover buildid and origin repo information - > removed obsolete source-stamp.txt - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch - changed locale building procedure * removed obsolete compare-locales.tar.xz - added mozilla-bmo1601707.patch to fix gcc/LTO builds (bmo#1601707, boo#1158466) - added mozilla-bmo849632.patch to fix big endian issues in skia used for WebGL ==== MozillaThunderbird ==== Version update (68.3.0 -> 68.3.1) Subpackages: MozillaThunderbird-translations-common - add mozilla-bmo1583471.patch to allow building with rust 1.39 - Mozilla Thunderbird 68.3.1 * In dark theme unread messages no longer shown in blue to distinguish from tagged messages * Account setup is now using client side DNS MX lookup instead of relying on a server Bugfixes * Searching LDAP address book crashed in some circumstances * Message navigation with backward and forward buttons did not work in some circumstances * WebExtension toolbar icons were displayed too small * Calendar: Tasks due today were not listed in bold * Calendar: Last day of long-running events was not shown ==== clamav ==== Subpackages: libclamav9 libfreshclam2 - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) ==== exim ==== Version update (4.92.2 -> 4.93) - update to exim 4.93 * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC * DISABLE_TLS replaces SUPPORT_TLS * Bump the version for the local_scan API. * smtp transport option hosts_try_fastopen defaults to "*". * DNSSec is requested (not required) for all queries. (This seemes to ask for trouble if your resolver is a systemd-resolved.) * Generic router option retry_use_local_part defaults to "true" under specific pre-conditions. * Introduce a tainting mechanism for values read from untrusted sources. * Use longer file names for temporary spool files (this avoids name conflicts with spool on a shared file system). * Use dsn_from main config option (was ignored previously). - update to exim 4.92.3 * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, remote code execution seems to be possible ==== gnome-menus-branding-openSUSE ==== - Convert package to _multibuild. ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - BuildRequire pkgconfig(systemd): meson.build tries to inspect systtemd.pc to find the right unit-directories. ==== perl-Mojolicious ==== Version update (8.27 -> 8.29) - updated to 8.29 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.29 2019-12-28 - Improved async/await support to work in many more cases, such as WebSocket handlers. 8.28 2019-12-26 - Added EXPERIMENTAL support for async/await (with -async Mojo::Base flag). - Added EXPERIMENTAL all_settled and any methods to Mojo::Promise. ==== perl-Template-Toolkit ==== Version update (2.29 -> 3.003) - updated to 3.003 see /usr/share/doc/packages/perl-Template-Toolkit/Changes ==== xdg-desktop-portal ==== Version update (1.4.2 -> 1.6.0) Subpackages: xdg-desktop-portal-lang - Update to version 1.6.0: + tests: Adapt to libportal api changes. - Changes from version 1.5.4: + background: - Add a signal to the impl api. - Rewrite the monitoring to better track when apps disappear. + permissions: Fix SetValue handling of GVariant wrapping. This is an api change. + openuri: - Add a per-type always-ask option. - Show the app chooser dialog less often. + memorymonitor: A new portal to let apps receive low memory warnings. + filetransfer: A new portal to rewrite file paths between sandboxes. - Changes from version 1.5.3: + Add more tests. + location: Various fixes. + document portal: Monitor fuse mount. + openuri: - Only ask 3 times to use the same app. - Add an 'ask' option. + Fix build from git. + email: Allow multiple addresses, cc and bcc. + filechooser: Allow saving multiple files. + Update translations. - Changes from version 1.5.2: + Add many more tests, using libportal. + gamemode: Add a pidfd-based api. + inhibit: Send a Response signal. + openuri: Add an OpenDirectory api. + Updated translations. - Changes from version 1.5.1: + Add a portal for setting desktop backgrounds + Add tests. + Optionally use libportal (for tests). - Changes from version 1.5.0: + Add a secret portal that is meant be used via libsecret inside the sandbox. One backend for this will live in gnome-keyring, others are possible. + Fix a file descriptor leak. + Reduce log spam. + Updated translations. - Add pkgconfig(libportal) BuildRequires: New dependency. ==== xdg-desktop-portal-gtk ==== Version update (1.4.0 -> 1.6.0) Subpackages: xdg-desktop-portal-gtk-lang - Update to version 1.6.0: + Updated translations. - Changes from version 1.5.2: + email: Work with sandboxed email clients. + wallpaper: - Support http: uris. - Improve preview. + appchooser: Modernize the appearance. + background: Improve application monitoring. + Require xdg-desktop-portal 1.5. - Changes from version 1.5.1: + settings: Get animations-enabled setting from gnome-shell. + wallpaper: Add a portal backend for setting desktop backgrounds. + email: Support multiple addresses, cc and bcc. + filechooser: Support saving multiple files. + Updated translations. - Changes from version 1.5.0: + screencast: - Support window selection. - Fix a crash. + settings: - Add a settings portal backend. - Handle enable-animations setting like gsd. + Updated translations. - Add BuildRequires: pkgconfig(gnome-desktop-3.0): New dependency. ==== yast2-control-center ==== Version update (4.2.2 -> 4.2.3) Subpackages: yast2-control-center-qt - Fix theming icons again (boo#1159283) - 4.2.3 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org