Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.1&build=468.1&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.1 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: AppStream (0.11.8 -> 0.12.6) akonadi-calendar autoyast2 (4.1.5 -> 4.1.6) gnome-shell gnutls (3.6.2 -> 3.6.7) hdf5 kdepim-addons multipath-tools (0.7.9+128+suse.ae29865 -> 0.7.9+148+suse.5179c8d) open-iscsi ovmf patterns-base patterns-gnome permissions pimcommon python-pycurl (7.43.0.1 -> 7.43.0.2) quota (4.04 -> 4.05) sqlite3 (3.27.2 -> 3.28.0) transactional-update (2.14.1 -> 2.14.2) vlc webkit2gtk3 (2.24.0 -> 2.24.1) yast2 (4.1.68 -> 4.1.69) yast2-bootloader (4.1.23 -> 4.1.24) yast2-firewall (4.1.11 -> 4.1.12) yast2-packager (4.1.37 -> 4.1.38) yast2-trans (84.87.20190419.dc2675f07e -> 84.87.20190427.78ab7fa405) yast2-update (4.1.8 -> 4.1.9) === Details === ==== AppStream ==== Version update (0.11.8 -> 0.12.6) Subpackages: AppStream-lang libAppStreamQt2 libappstream4 - Replace boilerplate and em-dash summaries. - Update to 0.12.6: Features: * Implement artifacts (Matthias Klumpp) * Search improvements (Matthias Klumpp) Specification: * doc: help distinguish the 2 'languages' tags (Beuc) * spec: Document the new artifacts tag (Matthias Klumpp) - Update to 0.12.5: Features: * qt: expose the spdx parser to Qt users (Aleix Pol) * Implement operating-system component and add convenience functions (Matthias Klumpp) * qt: Add operating-system component type and a few utility functions (Matthias Klumpp) * Allow fetching the ISO8601 date directly alongside the timestamp in AsRelease (Matthias Klumpp) * Implement date_eol for AsRelease (Matthias Klumpp) * Add convenience methods for retrieving date_eol as UNIX timestamp (Matthias Klumpp) * qt: Allow retrieving the EOL timestamp for releases (Matthias Klumpp) * Implement new release details URL (Matthias Klumpp) * Make rDNS conversion function more generic and add more extensive tests (Matthias Klumpp) Specification: * docs: <release> tag can have details url (Jehan) * spec: Specify the operating-system component (Matthias Klumpp) * spec: Specify date_eol for releases (Matthias Klumpp) * docs: Explicitly state list items are allowed in ol/ul lists (Matthias Klumpp) Bugfixes: * Don't warn about issues in a cache refresh if there weren't any (Matthias Klumpp) * Ensure releases are always sorted in descending order (Matthias Klumpp) * pool: Fix g-i for get_components_*() while GPtrArray owns its elements (Rico Tzschichholz) - Update to 0.12.4: Features: * pool: Be a lot more forgiving when encountering invalid components (Matthias Klumpp) * Implement component removal via remove-component merges (Matthias Klumpp) * validator: Warn about insecure URLs, handle mailto: URLs (Matthias Klumpp) * Add a contact URL type (Robert Ancell) Specification: * Document new remove-component merge type (Matthias Klumpp) Bugfixes: * as-pool: fix GObject annotation for GPtrArray owning the elements (Corentin No�l) * Make invalid components ratio check more accurate (Matthias Klumpp) * Ensure description paragraphs contain no invalid XML tags (Matthias Klumpp) - Update to 0.12.3: Notes: * Beginning with this release, data from local .desktop files will not be loaded into the pool automatically, unless a metainfo file also exists. This should ensure less duplicated components in general higher-quality data to be displayed. It also provides another incentive to add/fix metainfo files. If you prefer the previous behavior, set the AS_POOL_FLAG_READ_DESKTOP_FILES flag on your AsPool instance. Features: * apt: Ignore errors post-update (Matthias Klumpp) * validator: Allow content_rating to be empty (Matthias Klumpp) * ascli: Display stock icon name if no suitable icon was found for details view (Matthias Klumpp) * Refactor loading of local metainfo files (Matthias Klumpp) Specification: * spec: Clarify the requirement for content_attribute tags in content_rating (Matthias Klumpp) * docs: Write intro for addon quickstart (Matthias Klumpp) * docs: Replace hyphens in component-IDs of XML examples (Matthias Klumpp) Bugfixes: * Ensure all addons are linked to a component (David Hewitt) * Annotate nullable return types (David Hewitt) * cache: Set explicit variant types for cases where they can not be inferred (Matthias Klumpp) * utils: Handle NULL strings when comparing versions (Matthias Klumpp) * Explicitly include string.h in as-tag.c (Matthias Klumpp) * Properly ignore desktop-entry components if we have better data (Matthias Klumpp) * Remove AppStream XSD schema (Matthias Klumpp) * Update static data (Matthias Klumpp) * Set error variable if there were some errors during refinement (Stefan Bruens) - Remove patches, now upstream: * explicit-variant-types.patch * workaround-hidden-symbols.patch - Update to 0.12.2: * Fix a couple of incorrect g_ptr_array_unrefs (Iain Lane) * Use autofree functions instead of freeing resources explicitly (Matthias Klumpp) * Add missing const (Matthias Klumpp) * Ensure we don't produce a .pc file with unnecessary Requires.private lines (Matthias Klumpp) * Stop leaking local GVariantDict instance contents (Phil Miller) * Drop leaked references to container items (Phil Miller) - Update to 0.12.1: Features: * ascli: Add command to compare version numbers (Matthias Klumpp) * yaml: Allow reading multiple localized strings from YAML data (Matthias Klumpp) * yaml: Always include the untranslated strings (Matthias Klumpp) * Allow to ignore media_baseurl when parsing metadata (Matthias Klumpp) * xml: Add implementation of the agreement tag (Matthias Klumpp) * Add new "repository" component type (Matthias Klumpp) * yaml: Implement Agreements field (Matthias Klumpp) * cache: Implement support for agreements (Matthias Klumpp) * tests: Improve cache data tests, add agreement tag test (Matthias Klumpp) * Use gperf for perfect hash generation for some tags (Matthias Klumpp) * tests: Add rundimentary performance test (Matthias Klumpp) * its: Mark agreement sections as translatable (Matthias Klumpp) * qt: Add support for service/repository component types (Matthias Klumpp) Specification: * docs: Describe the custom tag (Matthias Klumpp) * spec: Describe the new agreement tag (Matthias Klumpp) * docs: Clarify that the /usr/share/appdata/ path is legacy and should not be used (Matthias Klumpp) Bugfixes: * its: Allow translation of release descriptions (Marc J) * Load data from desktop files properly again (Matthias Klumpp) * Update desktop-environment list (Matthias Klumpp) * qt: Don't warn about inlining in maintainer mode (Matthias Klumpp) - Update to 0.12.0: Features: * Implement release types (Matthias Klumpp) * qt: Support release types (Matthias Klumpp) * Update static data lists (Matthias Klumpp) * Make as_str_replace use as_gstring_replace internally (Matthias Klumpp) * spdx: Add some compatibility workarounds for SPDX 3.0 (Matthias Klumpp) * validator: Validate SPDX license expressions for metadata_license (Matthias Klumpp) * apt: Add config snippets to enable icon downloads (Matthias Klumpp) * yaml: Ensure all string values have whitespaces stripped (Matthias Klumpp) * Make as_component_get_launchables public API (Matthias Klumpp) * Implement support for requires/recommends (Matthias Klumpp) * Add recommends/requires data to the cache (Matthias Klumpp) * Add a quick way to check if a version satisfies an AsRelation requirement (Matthias Klumpp) * ascli: Properly document the --no-net flag (Matthias Klumpp) * ascli: Allow to disable network acces via an environment variable (Matthias Klumpp) * apt: Support 48x48px icons (Matthias Klumpp) * yaml: Make Requires/Recommends data more compact and easier to emit (Matthias Klumpp) * validator: Validate requires/recommends tags (Matthias Klumpp) * Default to format version 0.12 (Matthias Klumpp) Specification: * spec: Add a "type" property to <release/> tag. (Jehan) * spec: Initial draft for requires/recommends (Matthias Klumpp) * spec: Document the YAML Rquires/Recommends fields (Matthias Klumpp) * spec: Clarify that the memory requirement uses MiB as unit (Matthias Klumpp) Bugfixes: * qt: Implement missing constructors (Aleix Pol) * apt: escape the icon scale factor as it is using the arobase character (Corentin No�l) * Check plain language string in as_component_localized_get as well (Antonio Rojas) * qt: Define location and soname for all configurations, not just Debug (Gabriel Souza Franco) * Never override high-quality data with incomplete .desktop data (Matthias Klumpp) * Make data update script work with recent SPDX (Matthias Klumpp) * Add a timeout to URL validity checks (Matthias Klumpp) - Remove patches, now upstream: * 0001-Fix-regression-from-153.patch - Add patch to fix assertion failure on cache refresh (boo#1105691): * explicit-variant-types.patch - Add patch to fix build on Leap: * workaround-hidden-symbols.patch - Run spec-cleaner - Use OpenPGP signature provided upstream - Added AppStream.keyring, which contains the key from the author - Use %license macro for license files - appstreamcli can use curl for some checks, so recommend it (boo#1080446) ==== akonadi-calendar ==== Subpackages: akonadi-calendar-lang akonadi-plugin-calendar libKF5AkonadiCalendar5 - Add Fix-crash.patch to fix a possible crash (kde#406411) ==== autoyast2 ==== Version update (4.1.5 -> 4.1.6) Subpackages: autoyast2-installation - Uninstall the "SUSE-Manager-Proxy" product when upgrading from SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215) - 4.1.6 ==== gnome-shell ==== Subpackages: gnome-shell-calendar gnome-shell-lang - Add gnome-shell-screenShield-Handle-signal-StatusChanged.patch: Enable dimming screen when screen is locked (bsc#1118286 glgo#GNOME/gnome-shell#900). - Add two patches to reduce the JS warnings in GNOME 3.26.2 + Add gnome-shell-1127231-workspace-JS-invalid-access.patch: Fix some JS warnings of workspace operation (glgo#GNOME/gnome-shell!143). + Add gnome-shell-1127231-fixesof4-JS-invalid-access.patch: Fix JS warnings of calendar, automountManager, messageList and dnd (glgo#GNOME/gnome-shell!209). + These patchs are part of Javascript invalid access fixes and contain 7 commits backported from upstream (bgo#791233, glgo#GNOME/gnome-shell#1, bsc#1127231). ==== gnutls ==== Version update (3.6.2 -> 3.6.7) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Restored autoreconf in build. - Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch since the version requirements of required libraries are once again automatically determined. - Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a better patch name for handling the '--with-guile-site-dir=' problem in 3.6.7. - Update gnutls to 3.6.7 * * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). * * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) * * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. * * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. * * libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). * * libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). * * gnutls-cli: Added option --logfile to redirect informational messages output. - Disabled dane support since dane is not shipped with SLE-15 - Changed configure script to hardware guile site directory since command-line option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix compilation issues on PPC - Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868) - FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). * * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). * Removed patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch * Added Patches: * * disable failing psk-file test (race condition): disable-psk-file-test.patch * * Patch configure script to accept specific versions of autotools and guile that are present in SUSE-SLE15. (A bug prevents configure from accepting a range of compatible versions. Upstream's solution is to hardwire for the most current versions.) gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch * Modified: * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ==== hdf5 ==== Subpackages: libhdf5-103 libhdf5_hl100 - set higher constraints for succesfull mpich tests (boo#133222) - Add _constraints to avoid transient build error ppc64le - Update URL: and Source: to use https://. ==== kdepim-addons ==== Subpackages: kdepim-addons-lang - Add Fix-bug-403317.patch to fix crashes of the mail composer when the "Share Text" plugin is enabled (kde#403317) ==== multipath-tools ==== Version update (0.7.9+128+suse.ae29865 -> 0.7.9+148+suse.5179c8d) Subpackages: kpartx - Update to version 0.7.9+148+suse.5179c8d: * fix compilation of external programs with -lmultipath (bsc#1133957) - Update to version 0.7.9+147+suse.689dcaf: * Avoid deadlock situation during udev settle (bsc#1131789, bsc#1125145) - multipath -u: test socket connection in non-blocking mode * Avoid device IO in "multipath -u" (bsc#1125145) * Fix priority handling for offline paths (bsc#1118495) * Fix daemon shutdown issues (bsc#1110060, bsc#1110439) - multipathd: protect all access to running_state - multipathd: allow shutdown during configure() ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Fixed issues surrounding output from "iscsiadm -m node ... -P1" and "iscsiadm -m discovery -t st ... -o new -P1" (bsc#1128972), cherry-picking 3 commits from upstream: * Fix output of node printing for multiple paths. * Fix printing of node database again. * Fix node print return value when no nodes. Which updates: * open-iscsi-SUSE-latest.diff.bz2 - Cherry picked upstream commit (bsc#1127913): + cda251fc8bcf iscsiuio: Release xmit_mutex in error code path. updating: * open-iscsi-SUSE-latest.diff.bz2 ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - Add ovmf-bsc1131361-fix-stack-overflow-xhci.patch to fix stack overflow in UsbBusDxe and UsbBusPei (bsc#1131361, CVE-2019-0161) ==== patterns-base ==== Subpackages: patterns-base-32bit patterns-base-apparmor patterns-base-apparmor-32bit patterns-base-apparmor_opt patterns-base-base patterns-base-base-32bit patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base-32bit patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base-32bit patterns-base-sw_management patterns-base-sw_management-32bit patterns-base-transactional_base patterns-base-update_test patterns-base-x11 patterns-base-x11-32bit patterns-base-x11_enhanced patterns-base-x11_enhanced-32bit patterns-base-x11_opt - recomment issue-generator in the minimal_base pattern rather than the release package (boo#1133636) - Move haveged from enhanced_base to minimal_base (bsc#1131369). ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Require gnome_basic instad of gnome_basis to get gnome-software etc (boo#1132777). - Don't pull in gimp as it pulls in python2 which is deprecated (boo#1133307). KDE also doesn't install GIMP by default either. ==== permissions ==== - Added 0004-var-cache-man.patch. Removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (bsc#1133678) ==== pimcommon ==== Subpackages: libKF5PimCommon5 libKF5PimCommonAkonadi5 pimcommon-lang - Add purpose-devel BuildRequires to enable filesharing, without it the "Share Text" plugin is completely useless but still shows up in kmail's plugin settings (and just adds a disabled menu entry if enabled) ==== python-pycurl ==== Version update (7.43.0.1 -> 7.43.0.2) - bsc#1128355: update to the Factory package to get multibuild and better working tests. - Refreshed patch against the new minor release tarball: - pycurl-libssh.patch - Added patches: - disable_randomly_failing_tests.patch - python-pycurl-7.43.0-tls-backend.patch (from https://src.fedoraproject.org/rpms/python-pycurl/blob/master/f/0002-python-p...) - Set LANG to en_US.UTF8 to fix the tests - Add missing setuptools BR - Don't run tests that fail randomly or under load * add disable_randomly_failing_tests.patch - Switch to multibuild, so that we don't need testing BuildRequires always. - Add patch to match up Fedora on how we detect tls backend on runtime * python-pycurl-7.43.0-tls-backend.patch - Make sure we build on Leap 42.3 - Start excluding flaky tests - Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback. ==== quota ==== Version update (4.04 -> 4.05) Subpackages: quota-nfs - Install the license - Update to 4.05 release jsc#SLE-5734: * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. - Drop merged patch quota-4.04-Listen-on-a-TCP-socket.patch - Remove quot binary functionality could be achieved by using repquota instead ==== sqlite3 ==== Version update (3.27.2 -> 3.28.0) Subpackages: libsqlite3-0 - Upgrade to 3.28.0: * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read. * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference. * Enhanced window functions * Enhanced VACUUM INTO so that it works for read-only databases. * New query optimizations. * Added the sqlite3_value_frombind() API for determining if the argument to an SQL function is from a bound parameter. * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. ==== transactional-update ==== Version update (2.14.1 -> 2.14.2) Subpackages: transactional-update-zypp-config - Update to version 2.14.2 - Prevent unnecessary error message on systems not installed with YaST (e.g. KIWI) - Add requires for bc, needed for some calculations ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - The license of fdk-aac is not GPL compatible, therefore this pkg can not possibly be built with fdk-aac by default To gain fdk-aac support, recompile it at home and keep it there - Disable LTO (boo#1133290). ==== webkit2gtk3 ==== Version update (2.24.0 -> 2.24.1) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-fix-i586-build.patch: Fix build on i586. - Update to version 2.24.1 (boo#1132256): + Do not allow changes in active URI before provisional load starts for non-API requests. + Stop the threaded compositor when the page is not visible or layer tree state is frozen. + Use WebKit HTTP source element again for adaptive streaming fragments downloading. + Properly handle empty resources in webkit_web_resource_get_data(). + Add quirk to ensure outlook.live.com uses the modern UI. + Fix methods returing GObject or boxed types in JavaScriptCore GLib API. + Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API. + Fix rendering of complex text when the font uses x,y origins. + Fix sound loop with Google Hangouts and WhatsApp notifications. + Fix the build with GStreamer 1.12.5 and GST GL enabled. + Detect SSE2 at compile time. + Fix several crashes and rendering issues. + Security fixes: CVE-2019-6251, CVE-2019-11070. - Drop webkitgtk-gstreamer-gl-build-fix.patch: Fixed upstream. ==== yast2 ==== Version update (4.1.68 -> 4.1.69) Subpackages: yast2-logs - Uninstall the "SUSE-Manager-Proxy" product when upgrading from SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215) - 4.1.69 ==== yast2-bootloader ==== Version update (4.1.23 -> 4.1.24) - renamed "smt" to "cpu_mitigations", improved naming and help (bsc#1098559) - 4.1.24 ==== yast2-firewall ==== Version update (4.1.11 -> 4.1.12) - change proposal naming and add option to set cpu mitigations (bsc#1128707) - 4.1.12 ==== yast2-packager ==== Version update (4.1.37 -> 4.1.38) - Display human readable product names instead of the internal IDs when upgrading from SLES12 + SUMA Proxy + SUMA Branch Server (related to bsc#1133215) - 4.1.38 ==== yast2-trans ==== Version update (84.87.20190419.dc2675f07e -> 84.87.20190427.78ab7fa405) Subpackages: yast2-trans-ar yast2-trans-bg yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en yast2-trans-en_GB yast2-trans-en_US yast2-trans-eo yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-ko yast2-trans-lt yast2-trans-nb yast2-trans-nl yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-sk yast2-trans-sl yast2-trans-sv yast2-trans-uk yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20190427.78ab7fa405: * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Dutch) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Arabic) * Translated using Weblate (Indonesian) * Translated using Weblate (Czech) * Translated using Weblate (German) * Translated using Weblate (Indonesian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Hungarian) * Translated using Weblate (French) * Translated using Weblate (Dutch) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Spanish) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Indonesian) * Translated using Weblate (German) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Indonesian) * Translated using Weblate (Albanian) * Translated using Weblate (Spanish) * New POT for text domain 'storage'. * Translated using Weblate (Spanish) * New POT for text domain 'network'. * New POT for text domain 'storage'. * Translated using Weblate (Czech) * Translated using Weblate (Chinese (China)) ==== yast2-update ==== Version update (4.1.8 -> 4.1.9) - Uninstall the "SUSE-Manager-Proxy" product when upgrading from SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215) - 4.1.9 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org