[opensuse-factory] New Tumbleweed snapshot 20190527 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190527 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (66.0.5 -> 67.0) kernel-firmware (20190502 -> 20190514) opus (1.3 -> 1.3.1) pipewire (0.2.5 -> 0.2.6) polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f) python-kiwi (9.17.37 -> 9.17.39) python-pexpect (4.6.0 -> 4.7.0) python-pyasn1-modules (0.2.4 -> 0.2.5) python-requests (2.21.0 -> 2.22.0) ruby2.6 spandsp webkit2gtk3 (2.24.1 -> 2.24.2) wireshark (3.0.1 -> 3.0.2) yast2-add-on (4.1.11 -> 4.1.12) === Details === ==== MozillaFirefox ==== Version update (66.0.5 -> 67.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 67.0 * Firefox 67 will be able to run different Firefox installs side by side https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-... * Tabs can now be pinned from the Page Actions menu in the address bar * Users can block known cryptominers and fingerprinters in the Custom settings or their Content Blocking preferences * The Import Data from Another Browser feature is now also available from the File menu * Firefox will now protect you against running older versions which can lead to data corruption and stability issues * Easier access to your list of saved logins from the main menu and login autocomplete * We?ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar * Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux MFSA 2019-13 (boo#1135824) * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * CVE-2019-9821 (bmo#1539125) Use-after-free in AssertWorkerThread * CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * CVE-2019-11694 (bmo#1534196) (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11695 (bmo#1445844) Custom cursor can render over user interface outside of web content * CVE-2019-11696 (bmo#1392955) Java web start .JNLP files are not recognized as executable files for download prompts * CVE-2019-11697 (bmo#1440079) Pressing key combinations can bypass installation prompt delays and install extensions * CVE-2019-11698 (bmo#1543191) Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-11700 (bmo#1549833) (Windows only) res: protocol can be used to open known local files * CVE-2019-11699 (bmo#1528939) Incorrect domain name highlighting during page navigation * CVE-2019-11701 (bmo#1518627) webcal: protocol default handler loads vulnerable web page * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159, bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) Memory safety bugs fixed in Firefox 67 * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, bmo#1532465, bmo#1533554, bmo#1541580) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - requires * rust/cargo >= 1.32 * mozilla-nspr >= 4.21 * mozilla-nss >= 3.43 * rust-cbindgen >= 0.8.2 - rebased patches - KDE integration for default browser detection is broken in this revision - Fix armv7 build with: * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch ==== kernel-firmware ==== Version update (20190502 -> 20190514) Subpackages: ucode-amd - Update to version 20190514: * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 22161 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series ==== opus ==== Version update (1.3 -> 1.3.1) - Update to version 1.3.1 * This release fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds). * Two new features: + A new OPUS_GET_IN_DTX query to know if the encoder is in DTX mode (last frame was either a comfort noise frame or not encoded at all) + A new (and still experimental) CMake-based build system that is eventually meant to replace the VS2015 build system (the autotools one will stay). ==== pipewire ==== Version update (0.2.5 -> 0.2.6) Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools - Update to version 0.2.6: + Improve error checking for threads. + Fix some memory and fd leaks. + Fix compilation with C++ compilers and clang. + DISABLE_RTKIT should now not try to use dbus at all. + Camera Portal fixes: - add Camera media.role. - Rename module-flatpak to module-portal. - Use the portal permissions store for camera checks. + Actually use the passed fd in pipewiresrc. + Make properties with "pipewire." prefix read-only. + Add security label to client object. + Enforce link permissions. + Permissions of objects are now combined with parent permissions. + Remove libv4l2 dependency, it is not used. + Improve format negotiation in autolink #146. + Try to avoid list corruption with event emmission #143. + Fix destroy of client-node memory corruption. + Various small improvements. - Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup of build dependencies. - Drop avoid-invalid-conversion-error-with-C++.patch: fixed upstream. ==== polkit-default-privs ==== Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f) - Update to version 13.2+20190523.efe368f: * polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695) ==== python-kiwi ==== Version update (9.17.37 -> 9.17.39) - Bump version: 9.17.38 ? 9.17.39 - Update obs docs per review by Tom - Disable check-valid-until with repository_gpgcheck This commit is two fold: * From one side fixes a wrong use of the `trusted` option for apt repositories. `trusted=no` does not force to run the gpg checks it just forces the repository to be considered untrusted regardless the result of the security checks. * From the other side it disables the option `check-valid-until` in case gpg checks are disabled using the `repository_gpgcheck`. It works at repository level. This enables using unmaintained or expired repositories for the build. Fixes #1028 - Simplify shell pipe expression with shell builtin Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE} shell builtin as suggested by Codacy - Make mediacheck runtime check arch independent The check_mediacheck_only_for_x86_arch runtime check fails on non x86 architectures but the tagmedia toolchain exists independent of the platform architecture. This Fixes #1091 - Set home as protected path Along with adding home to the protection list, cleanup the prepare instance cleanup code in a way that it only runs if a root_bind object exists which needs to call its cleanup path - Extend docs about building multiple profiles on OBS - Remove FIXME from the runtime configuration file example - Improve the documentation about building in the Build Service Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Turn sphinx warnings into errors Modify the sphinx Makefile to treat warnings like undefined references as errors - kiwi-live-lib: mount live ISO as read-only During the boot process of a live image, dracut shows this WARNING: dracut-initqueue: mount: /run/initramfs/live: WARNING: device write-protected, mounted read-only This is not a problem, as the live ISO image is, indeed, read-only. This patch fix this cosmetic issue being explicit in the mount options in `mountIso` function. - Call isolinux-config only on supported archs - Discard default dependencies for sysroot.mount This commit makes default dependencies from sysroot.mount to be explicitly omitted. This fixes potential inconsistencies in ordering pre-mount.service with local-fs.target. This change is also applied to upstream sysroot.mount generator here: https://github.com/systemd/systemd/pull/12281 Fixes #1015 - Fix locale setting For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely setting locale, as it was missingto set the RC_LANG variable from `/etc/sysconfig/language` file. Current commit enforces to update locale in `/etc/sysconfig/language` (if the file exists) at the same time it applies systemd-firstboot configurations. Fixes #1081 - Cleanup TODO & FIXME from xml_description.rst - Add GitLab CI pipeline badge to README.rst - Extend the development documentation Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Log thrown exceptions in Compress.get_format() - Fix documentation of Compress.get_format() - log exception in SystemPrepare.__del__ - Use yaml.safe_load instead of yaml.load yaml.load is relatively dangerous when the loaded data comes from untrusted sources, as it can allow for arbitrary code execution, see: https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML safe_load limits the created python objects to the basic Python types like integers and strings, which is all that we need for the runtime configuration file. - Fixing doc source for broken refs and xml syntax - Document the usage of profiles via the CLI and OBS - Apply suggestions from @tomschr Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Improve the documentation of the runtime configuration file Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Apply suggestions from @tomschr Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Extend the documentation of Custom Disk Volumes - Add documentation of the XML schema in a tutorial like fashion Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Add documentation how to configure VMX build types - Cleanup warnings in utils/size.py - use a raw string for the regexp search string - improve the readability of the returned value - Make the user.password attribute mandatory Not providing a user password results in an error when usermod or openssl is later called by kiwi (depending on the value of `pwdformat`). This fixes #1061. - Fixed repo setup for cloud integration test builds Using the devel:languages:python repos leads to inconsistencies on the module dependencies - Bump version: 9.17.37 ? 9.17.38 - Delete obsolete repository types Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2 from the allowed values list of the repository type attribute. This Fixes #1029 - Fixed build_in_buildservice stale references Fixed style issues reported on sphinx build. Also deleted pointers to non existing references - Delete suseRemovePackagesMarkedForDeletion Any package removal is controlled by kiwi itself. There is no need to provide a shell helper method that is rpm specific. This Fixes #1054 - Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes #1063) LICENSES are usually not large and should be kept alongside of the binaries. Also some firmware files sideload additional txt files (like for example brcmfmac43430 needs the sdio description txt files). We should just always include them because they're not listed as needed files. Co-Authored-By: Dan ?erm�k <dcermak@suse.com> - Split overview/workflow.rst into multiple files Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Update doc/source/building/build_in_buildservice.rst Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Rework documentation about building on OBS - Added integration test guest image for OpenStack - Update suse integration tests per Factory changes The way plymouth themes are provided has changed on suse. The package plymouth-branding-openSUSE is no longer providing the theme named openSUSE. In fact the plan is to switch to the upstream bgrt theme which is provided in another package. This commit adapts to the changes in the distribution - Bump copyright year in the docs ==== python-pexpect ==== Version update (4.6.0 -> 4.7.0) - Update to 4.7.0: * The :meth:`.pxssh.login` method now no longer requires a username if an ssh config is provided and will raise an error if neither are provided. (:ghpull:`562`). * The :meth:`.pxssh.login` method now supports providing your own ssh command via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`). * :class:`.pxssh` now supports the use_poll parameter which is passed into :meth:`.pexpect.spawn` (:ghpull:`542`). * Minor bug fix with ssh_config. (:ghpull:`498`). * :meth:`.replwrap.run_command` now has async support via an async_ parameter. (:ghpull:`501`). * :meth:`.pexpect.spawn` will now read additional bytes if able up to a buffer limit. (:ghpull:`304`). - Drop merged patch fix-test.patch ==== python-pyasn1-modules ==== Version update (0.2.4 -> 0.2.5) - Update to 0.2.5: - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm in CMS - Added RFC6019 providing BinaryTime - an alternate format for representing Date and Time - RFC3565 superseded by RFC5649 - Added RFC5480 providng Elliptic Curve Cryptography Subject Public Key Information - Added RFC8520 providing X.509 Extensions for MUD URL and MUD Signer - Added RFC3161 providing Time-Stamp Protocol support - Added RFC3709 providing Logotypes in X.509 Certificates - Added RFC3274 providing CMS Compressed Data Content Type - Added RFC4073 providing Multiple Contents protection with CMS - Execute testsuite ==== python-requests ==== Version update (2.21.0 -> 2.22.0) - Update to 2.22.0: * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible) - Rebase requests-no-hardcoded-version.patch ==== ruby2.6 ==== Subpackages: libruby2_6-2_6 ruby2.6-devel - Move RPM macros to %_rpmmacrodir. ==== spandsp ==== - Disable LTO (boo#1136056). ==== webkit2gtk3 ==== Version update (2.24.1 -> 2.24.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.24.2: + Fix rendering of emojis copy-pasted from GTK emoji chooser. + Fix space characters not being rendered with some CJK fonts. + Fix adaptive streaming playback with older GStreamer versions. + Set a maximum zoom level for pinch zooming gesture. + Fix navigation gesture to not interfere with scrolling. + Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler. + Fix several crashes and rendering issues. + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. + Updated translations. - Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream. ==== wireshark ==== Version update (3.0.1 -> 3.0.2) Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt - Wireshark 3.0.2 (bsc#1136021) * Wireshark dissection engine crash. - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html ==== yast2-add-on ==== Version update (4.1.11 -> 4.1.12) - Fix: Update repository will be registered while installing an add-on on a running system (bsc#1055126). - 4.1.12 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi all just tried "zypper dup" , but there is a complaint about wine: Problem: nothing provides wine-32bit = 4.9 needed by wine-4.9-1.15.x86_64 Solution 1: deinstallation of wine-4.8-1.1.x86_64 Solution 2: install wine-4.9-1.15.i586 despite the inferior architecture Solution 3: keep obsolete wine-4.8-1.1.x86_64 Solution 4: break wine-4.9-1.15.x86_64 by ignoring some of its dependencies So is the wine package incomplete in the repository? Best regards Christian Am 28.05.19 um 19:00 schrieb Dominique Leuenberger:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190527
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed: MozillaFirefox (66.0.5 -> 67.0) kernel-firmware (20190502 -> 20190514) opus (1.3 -> 1.3.1) pipewire (0.2.5 -> 0.2.6) polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f) python-kiwi (9.17.37 -> 9.17.39) python-pexpect (4.6.0 -> 4.7.0) python-pyasn1-modules (0.2.4 -> 0.2.5) python-requests (2.21.0 -> 2.22.0) ruby2.6 spandsp webkit2gtk3 (2.24.1 -> 2.24.2) wireshark (3.0.1 -> 3.0.2) yast2-add-on (4.1.11 -> 4.1.12)
=== Details ===
==== MozillaFirefox ==== Version update (66.0.5 -> 67.0) Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 67.0 * Firefox 67 will be able to run different Firefox installs side by side https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-... * Tabs can now be pinned from the Page Actions menu in the address bar * Users can block known cryptominers and fingerprinters in the Custom settings or their Content Blocking preferences * The Import Data from Another Browser feature is now also available from the File menu * Firefox will now protect you against running older versions which can lead to data corruption and stability issues * Easier access to your list of saved logins from the main menu and login autocomplete * We?ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar * Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux MFSA 2019-13 (boo#1135824) * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * CVE-2019-9821 (bmo#1539125) Use-after-free in AssertWorkerThread * CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * CVE-2019-11694 (bmo#1534196) (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11695 (bmo#1445844) Custom cursor can render over user interface outside of web content * CVE-2019-11696 (bmo#1392955) Java web start .JNLP files are not recognized as executable files for download prompts * CVE-2019-11697 (bmo#1440079) Pressing key combinations can bypass installation prompt delays and install extensions * CVE-2019-11698 (bmo#1543191) Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-11700 (bmo#1549833) (Windows only) res: protocol can be used to open known local files * CVE-2019-11699 (bmo#1528939) Incorrect domain name highlighting during page navigation * CVE-2019-11701 (bmo#1518627) webcal: protocol default handler loads vulnerable web page * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159, bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) Memory safety bugs fixed in Firefox 67 * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, bmo#1532465, bmo#1533554, bmo#1541580) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - requires * rust/cargo >= 1.32 * mozilla-nspr >= 4.21 * mozilla-nss >= 3.43 * rust-cbindgen >= 0.8.2 - rebased patches - KDE integration for default browser detection is broken in this revision - Fix armv7 build with: * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
==== kernel-firmware ==== Version update (20190502 -> 20190514) Subpackages: ucode-amd
- Update to version 20190514: * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 22161 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series
==== opus ==== Version update (1.3 -> 1.3.1)
- Update to version 1.3.1 * This release fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds). * Two new features: + A new OPUS_GET_IN_DTX query to know if the encoder is in DTX mode (last frame was either a comfort noise frame or not encoded at all) + A new (and still experimental) CMake-based build system that is eventually meant to replace the VS2015 build system (the autotools one will stay).
==== pipewire ==== Version update (0.2.5 -> 0.2.6) Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools
- Update to version 0.2.6: + Improve error checking for threads. + Fix some memory and fd leaks. + Fix compilation with C++ compilers and clang. + DISABLE_RTKIT should now not try to use dbus at all. + Camera Portal fixes: - add Camera media.role. - Rename module-flatpak to module-portal. - Use the portal permissions store for camera checks. + Actually use the passed fd in pipewiresrc. + Make properties with "pipewire." prefix read-only. + Add security label to client object. + Enforce link permissions. + Permissions of objects are now combined with parent permissions. + Remove libv4l2 dependency, it is not used. + Improve format negotiation in autolink #146. + Try to avoid list corruption with event emmission #143. + Fix destroy of client-node memory corruption. + Various small improvements. - Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup of build dependencies. - Drop avoid-invalid-conversion-error-with-C++.patch: fixed upstream.
==== polkit-default-privs ==== Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
- Update to version 13.2+20190523.efe368f: * polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)
==== python-kiwi ==== Version update (9.17.37 -> 9.17.39)
- Bump version: 9.17.38 ? 9.17.39 - Update obs docs per review by Tom - Disable check-valid-until with repository_gpgcheck This commit is two fold: * From one side fixes a wrong use of the `trusted` option for apt repositories. `trusted=no` does not force to run the gpg checks it just forces the repository to be considered untrusted regardless the result of the security checks. * From the other side it disables the option `check-valid-until` in case gpg checks are disabled using the `repository_gpgcheck`. It works at repository level. This enables using unmaintained or expired repositories for the build. Fixes #1028 - Simplify shell pipe expression with shell builtin Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE} shell builtin as suggested by Codacy - Make mediacheck runtime check arch independent The check_mediacheck_only_for_x86_arch runtime check fails on non x86 architectures but the tagmedia toolchain exists independent of the platform architecture. This Fixes #1091 - Set home as protected path Along with adding home to the protection list, cleanup the prepare instance cleanup code in a way that it only runs if a root_bind object exists which needs to call its cleanup path - Extend docs about building multiple profiles on OBS - Remove FIXME from the runtime configuration file example - Improve the documentation about building in the Build Service Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Turn sphinx warnings into errors Modify the sphinx Makefile to treat warnings like undefined references as errors - kiwi-live-lib: mount live ISO as read-only During the boot process of a live image, dracut shows this WARNING: dracut-initqueue: mount: /run/initramfs/live: WARNING: device write-protected, mounted read-only This is not a problem, as the live ISO image is, indeed, read-only. This patch fix this cosmetic issue being explicit in the mount options in `mountIso` function. - Call isolinux-config only on supported archs - Discard default dependencies for sysroot.mount This commit makes default dependencies from sysroot.mount to be explicitly omitted. This fixes potential inconsistencies in ordering pre-mount.service with local-fs.target. This change is also applied to upstream sysroot.mount generator here: https://github.com/systemd/systemd/pull/12281 Fixes #1015 - Fix locale setting For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely setting locale, as it was missingto set the RC_LANG variable from `/etc/sysconfig/language` file. Current commit enforces to update locale in `/etc/sysconfig/language` (if the file exists) at the same time it applies systemd-firstboot configurations. Fixes #1081 - Cleanup TODO & FIXME from xml_description.rst - Add GitLab CI pipeline badge to README.rst - Extend the development documentation Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Log thrown exceptions in Compress.get_format() - Fix documentation of Compress.get_format() - log exception in SystemPrepare.__del__ - Use yaml.safe_load instead of yaml.load yaml.load is relatively dangerous when the loaded data comes from untrusted sources, as it can allow for arbitrary code execution, see: https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML safe_load limits the created python objects to the basic Python types like integers and strings, which is all that we need for the runtime configuration file. - Fixing doc source for broken refs and xml syntax - Document the usage of profiles via the CLI and OBS - Apply suggestions from @tomschr Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Improve the documentation of the runtime configuration file Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Apply suggestions from @tomschr Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Extend the documentation of Custom Disk Volumes - Add documentation of the XML schema in a tutorial like fashion Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Add documentation how to configure VMX build types - Cleanup warnings in utils/size.py - use a raw string for the regexp search string - improve the readability of the returned value - Make the user.password attribute mandatory Not providing a user password results in an error when usermod or openssl is later called by kiwi (depending on the value of `pwdformat`). This fixes #1061. - Fixed repo setup for cloud integration test builds Using the devel:languages:python repos leads to inconsistencies on the module dependencies - Bump version: 9.17.37 ? 9.17.38 - Delete obsolete repository types Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2 from the allowed values list of the repository type attribute. This Fixes #1029 - Fixed build_in_buildservice stale references Fixed style issues reported on sphinx build. Also deleted pointers to non existing references - Delete suseRemovePackagesMarkedForDeletion Any package removal is controlled by kiwi itself. There is no need to provide a shell helper method that is rpm specific. This Fixes #1054 - Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes #1063) LICENSES are usually not large and should be kept alongside of the binaries. Also some firmware files sideload additional txt files (like for example brcmfmac43430 needs the sdio description txt files). We should just always include them because they're not listed as needed files. Co-Authored-By: Dan ?ermák <dcermak@suse.com> - Split overview/workflow.rst into multiple files Co-Authored-By: Thomas Schraitle <tom_schr@web.de> - Update doc/source/building/build_in_buildservice.rst Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com> - Rework documentation about building on OBS - Added integration test guest image for OpenStack - Update suse integration tests per Factory changes The way plymouth themes are provided has changed on suse. The package plymouth-branding-openSUSE is no longer providing the theme named openSUSE. In fact the plan is to switch to the upstream bgrt theme which is provided in another package. This commit adapts to the changes in the distribution - Bump copyright year in the docs
==== python-pexpect ==== Version update (4.6.0 -> 4.7.0)
- Update to 4.7.0: * The :meth:`.pxssh.login` method now no longer requires a username if an ssh config is provided and will raise an error if neither are provided. (:ghpull:`562`). * The :meth:`.pxssh.login` method now supports providing your own ssh command via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`). * :class:`.pxssh` now supports the use_poll parameter which is passed into :meth:`.pexpect.spawn` (:ghpull:`542`). * Minor bug fix with ssh_config. (:ghpull:`498`). * :meth:`.replwrap.run_command` now has async support via an async_ parameter. (:ghpull:`501`). * :meth:`.pexpect.spawn` will now read additional bytes if able up to a buffer limit. (:ghpull:`304`). - Drop merged patch fix-test.patch
==== python-pyasn1-modules ==== Version update (0.2.4 -> 0.2.5)
- Update to 0.2.5: - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm in CMS - Added RFC6019 providing BinaryTime - an alternate format for representing Date and Time - RFC3565 superseded by RFC5649 - Added RFC5480 providng Elliptic Curve Cryptography Subject Public Key Information - Added RFC8520 providing X.509 Extensions for MUD URL and MUD Signer - Added RFC3161 providing Time-Stamp Protocol support - Added RFC3709 providing Logotypes in X.509 Certificates - Added RFC3274 providing CMS Compressed Data Content Type - Added RFC4073 providing Multiple Contents protection with CMS - Execute testsuite
==== python-requests ==== Version update (2.21.0 -> 2.22.0)
- Update to 2.22.0: * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible) - Rebase requests-no-hardcoded-version.patch
==== ruby2.6 ==== Subpackages: libruby2_6-2_6 ruby2.6-devel
- Move RPM macros to %_rpmmacrodir.
==== spandsp ====
- Disable LTO (boo#1136056).
==== webkit2gtk3 ==== Version update (2.24.1 -> 2.24.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles
- Update to version 2.24.2: + Fix rendering of emojis copy-pasted from GTK emoji chooser. + Fix space characters not being rendered with some CJK fonts. + Fix adaptive streaming playback with older GStreamer versions. + Set a maximum zoom level for pinch zooming gesture. + Fix navigation gesture to not interfere with scrolling. + Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler. + Fix several crashes and rendering issues. + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. + Updated translations. - Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.
==== wireshark ==== Version update (3.0.1 -> 3.0.2) Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt
- Wireshark 3.0.2 (bsc#1136021) * Wireshark dissection engine crash. - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html
==== yast2-add-on ==== Version update (4.1.11 -> 4.1.12)
- Fix: Update repository will be registered while installing an add-on on a running system (bsc#1055126). - 4.1.12
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, 1 June 2019 15.58.26 CEST Christian Mahr wrote:
Hi all
just tried "zypper dup" , but there is a complaint about wine:
Problem: nothing provides wine-32bit = 4.9 needed by wine-4.9-1.15.x86_64 Solution 1: deinstallation of wine-4.8-1.1.x86_64 Solution 2: install wine-4.9-1.15.i586 despite the inferior architecture Solution 3: keep obsolete wine-4.8-1.1.x86_64 Solution 4: break wine-4.9-1.15.x86_64 by ignoring some of its dependencies
So is the wine package incomplete in the repository?
Hm, https://download.opensuse.org/tumbleweed/repo/oss/x86_64/?P=wine* looks incomplete indeed with wine-4.8-1.1.x86_64.rpm 14-May-2019 13:03 wine-4.9-1.15.x86_64.rpm 30-May-2019 12:38 wine-32bit-4.8-1.1.x86_64.rpm 14-May-2019 12:41 I am not sure how I should read https://build.opensuse.org/package/show/openSUSE:Factory/wine but at least https://build.opensuse.org/package/live_build_log/openSUSE:Factory/wine/ standard/i586 shows that RPMS/x86_64/wine-32bit-4.9-1.15.x86_64.rpm is correctly generated, probably what you would need. I could reproduce the problem with the current docker container of openSUSE Tumbleweed so I reported that as a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1137055
Best regards
Christian
Am 28.05.19 um 19:00 schrieb Dominique Leuenberger:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versi on=Tumbleweed&build=20190527
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed: MozillaFirefox (66.0.5 -> 67.0) kernel-firmware (20190502 -> 20190514) opus (1.3 -> 1.3.1) pipewire (0.2.5 -> 0.2.6) polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f) python-kiwi (9.17.37 -> 9.17.39) python-pexpect (4.6.0 -> 4.7.0) python-pyasn1-modules (0.2.4 -> 0.2.5) python-requests (2.21.0 -> 2.22.0) ruby2.6 spandsp webkit2gtk3 (2.24.1 -> 2.24.2) wireshark (3.0.1 -> 3.0.2) yast2-add-on (4.1.11 -> 4.1.12)
=== Details ===
==== MozillaFirefox ==== Version update (66.0.5 -> 67.0) Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-i nstall-architecture/> * Tabs can now be pinned from the Page Actions menu in the address bar * Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We?ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux MFSA 2019-13 (boo#1135824) * CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821 (bmo#1539125)
Use-after-free in AssertWorkerThread
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11695 (bmo#1445844)
Custom cursor can render over user interface outside of web content
* CVE-2019-11696 (bmo#1392955)
Java web start .JNLP files are not recognized as executable files for download prompts
* CVE-2019-11697 (bmo#1440079)
Pressing key combinations can bypass installation prompt delays and install extensions
* CVE-2019-11698 (bmo#1543191)
Theft of user history data through drag and drop of hyperlinks to and from bookmarks
* CVE-2019-11700 (bmo#1549833) (Windows only)
res: protocol can be used to open known local files
* CVE-2019-11699 (bmo#1528939)
Incorrect domain name highlighting during page navigation
* CVE-2019-11701 (bmo#1518627)
webcal: protocol default handler loads vulnerable web page
* CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) Memory safety bugs fixed in Firefox 67
* CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, bmo#1532465, bmo#1533554, bmo#1541580) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32 * mozilla-nspr >= 4.21 * mozilla-nss >= 3.43 * rust-cbindgen >= 0.8.2
- rebased patches - KDE integration for default browser detection is broken in this revision
- Fix armv7 build with: * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
==== kernel-firmware ==== Version update (20190502 -> 20190514) Subpackages: ucode-amd
- Update to version 20190514: * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 22161 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series
==== opus ==== Version update (1.3 -> 1.3.1)
- Update to version 1.3.1
* This release fixes an issue with the analysis on files with
digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds).
* Two new features: + A new OPUS_GET_IN_DTX query to know if the encoder is in DTX mode (last frame was either a comfort noise frame or not encoded at all) + A new (and still experimental) CMake-based build system that is eventually meant to replace the VS2015 build system (the autotools one will stay).
==== pipewire ==== Version update (0.2.5 -> 0.2.6) Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools> - Update to version 0.2.6: + Improve error checking for threads. + Fix some memory and fd leaks. + Fix compilation with C++ compilers and clang. + DISABLE_RTKIT should now not try to use dbus at all. + Camera Portal fixes: - add Camera media.role. - Rename module-flatpak to module-portal. - Use the portal permissions store for camera checks. + Actually use the passed fd in pipewiresrc. + Make properties with "pipewire." prefix read-only. + Add security label to client object. + Enforce link permissions. + Permissions of objects are now combined with parent
permissions.
+ Remove libv4l2 dependency, it is not used. + Improve format negotiation in autolink #146. + Try to avoid list corruption with event emmission #143. + Fix destroy of client-node memory corruption. + Various small improvements.
- Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup
of build dependencies.
- Drop avoid-invalid-conversion-error-with-C++.patch: fixed
upstream.
==== polkit-default-privs ==== Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
- Update to version 13.2+20190523.efe368f: * polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)
==== python-kiwi ==== Version update (9.17.37 -> 9.17.39)
- Bump version: 9.17.38 ? 9.17.39 - Update obs docs per review by Tom - Disable check-valid-until with repository_gpgcheck
This commit is two fold: * From one side fixes a wrong use of the `trusted` option for apt repositories. `trusted=no` does not force to run the gpg checks it just forces the repository to be considered untrusted regardless the result of the security checks. * From the other side it disables the option `check-valid-until` in case gpg checks are disabled using the `repository_gpgcheck`. It works at repository level. This enables using unmaintained or expired repositories for the build. Fixes #1028
- Simplify shell pipe expression with shell builtin
Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE} shell builtin as suggested by Codacy
- Make mediacheck runtime check arch independent
The check_mediacheck_only_for_x86_arch runtime check fails on non x86 architectures but the tagmedia toolchain exists independent of the platform architecture. This Fixes #1091
- Set home as protected path
Along with adding home to the protection list, cleanup the prepare instance cleanup code in a way that it only runs if a root_bind object exists which needs to call its cleanup path
- Extend docs about building multiple profiles on OBS - Remove FIXME from the runtime configuration file example - Improve the documentation about building in the Build Service
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Turn sphinx warnings into errors
Modify the sphinx Makefile to treat warnings like undefined references as errors
- kiwi-live-lib: mount live ISO as read-only
During the boot process of a live image, dracut shows this WARNING: dracut-initqueue: mount: /run/initramfs/live: WARNING: device write-protected, mounted read-only This is not a problem, as the live ISO image is, indeed, read-only. This patch fix this cosmetic issue being explicit in the mount options in `mountIso` function.
- Call isolinux-config only on supported archs - Discard default dependencies for sysroot.mount
This commit makes default dependencies from sysroot.mount to be explicitly omitted. This fixes potential inconsistencies in ordering pre-mount.service with local-fs.target. This change is also applied to upstream sysroot.mount generator here: https://github.com/systemd/systemd/pull/12281 Fixes #1015
- Fix locale setting
For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely setting locale, as it was missingto set the RC_LANG variable from `/etc/sysconfig/language` file. Current commit enforces to update locale in `/etc/sysconfig/language` (if the file exists) at the same time it applies systemd-firstboot configurations. Fixes #1081
- Cleanup TODO & FIXME from xml_description.rst - Add GitLab CI pipeline badge to README.rst - Extend the development documentation
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Log thrown exceptions in Compress.get_format() - Fix documentation of Compress.get_format() - log exception in SystemPrepare.__del__ - Use yaml.safe_load instead of yaml.load
yaml.load is relatively dangerous when the loaded data comes from untrusted sources, as it can allow for arbitrary code execution, see: https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML safe_load limits the created python objects to the basic Python types like integers and strings, which is all that we need for the runtime configuration file.
- Fixing doc source for broken refs and xml syntax - Document the usage of profiles via the CLI and OBS - Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Improve the documentation of the runtime configuration file
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Extend the documentation of Custom Disk Volumes - Add documentation of the XML schema in a tutorial like fashion
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Add documentation how to configure VMX build types - Cleanup warnings in utils/size.py
- use a raw string for the regexp search string - improve the readability of the returned value
- Make the user.password attribute mandatory
Not providing a user password results in an error when usermod or openssl is later called by kiwi (depending on the value of `pwdformat`). This fixes #1061.
- Fixed repo setup for cloud integration test builds
Using the devel:languages:python repos leads to inconsistencies on the module dependencies
- Bump version: 9.17.37 ? 9.17.38 - Delete obsolete repository types
Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2 from the allowed values list of the repository type attribute. This Fixes #1029
- Fixed build_in_buildservice stale references
Fixed style issues reported on sphinx build. Also deleted pointers to non existing references
- Delete suseRemovePackagesMarkedForDeletion
Any package removal is controlled by kiwi itself. There is no need to provide a shell helper method that is rpm specific. This Fixes #1054
- Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes #1063)> LICENSES are usually not large and should be kept alongside of the binaries. Also some firmware files sideload additional txt files (like for example brcmfmac43430 needs the sdio description txt files). We should just always include them because they're not listed as needed files. Co-Authored-By: Dan ?ermák <dcermak@suse.com>
- Split overview/workflow.rst into multiple files
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Update doc/source/building/build_in_buildservice.rst
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Rework documentation about building on OBS - Added integration test guest image for OpenStack - Update suse integration tests per Factory changes
The way plymouth themes are provided has changed on suse. The package plymouth-branding-openSUSE is no longer providing the theme named openSUSE. In fact the plan is to switch to the upstream bgrt theme which is provided in another package. This commit adapts to the changes in the distribution
- Bump copyright year in the docs
==== python-pexpect ==== Version update (4.6.0 -> 4.7.0)
- Update to 4.7.0: * The :meth:`.pxssh.login` method now no longer requires a username if an ssh config is provided and will raise an error if neither are provided. (:ghpull:`562`). * The :meth:`.pxssh.login` method now supports providing your own ssh command via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`). * :class:`.pxssh` now supports the use_poll parameter which is passed into :meth:`.pexpect.spawn` (:ghpull:`542`). * Minor bug fix with ssh_config. (:ghpull:`498`). * :meth:`.replwrap.run_command` now has async support via an async_ parameter. (:ghpull:`501`). * :meth:`.pexpect.spawn` will now read additional bytes if able up to a buffer limit. (:ghpull:`304`).> - Drop merged patch fix-test.patch
==== python-pyasn1-modules ==== Version update (0.2.4 -> 0.2.5)
- Update to 0.2.5: - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649 - Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support - Added RFC3709 providing Logotypes in X.509 Certificates - Added RFC3274 providing CMS Compressed Data Content Type - Added RFC4073 providing Multiple Contents protection
with CMS
- Execute testsuite
==== python-requests ==== Version update (2.21.0 -> 2.22.0)
- Update to 2.22.0: * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)> - Rebase requests-no-hardcoded-version.patch
==== ruby2.6 ==== Subpackages: libruby2_6-2_6 ruby2.6-devel
- Move RPM macros to %_rpmmacrodir.
==== spandsp ====
- Disable LTO (boo#1136056).
==== webkit2gtk3 ==== Version update (2.24.1 -> 2.24.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles> - Update to version 2.24.2: + Fix rendering of emojis copy-pasted from GTK emoji chooser. + Fix space characters not being rendered with some CJK fonts. + Fix adaptive streaming playback with older GStreamer versions. + Set a maximum zoom level for pinch zooming gesture. + Fix navigation gesture to not interfere with scrolling. + Fix SSE2 detection at compile time, ensuring the right flags
are passed to the compiler.
+ Fix several crashes and rendering issues. + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. + Updated translations.
- Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.
==== wireshark ==== Version update (3.0.1 -> 3.0.2) Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt
- Wireshark 3.0.2 (bsc#1136021)
* Wireshark dissection engine crash.
- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html
==== yast2-add-on ==== Version update (4.1.11 -> 4.1.12)
- Fix: Update repository will be registered while installing
an add-on on a running system (bsc#1055126).
- 4.1.12
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Saturday, 1 June 2019 17.34.52 CEST Oliver Kurz wrote:
On Saturday, 1 June 2019 15.58.26 CEST Christian Mahr wrote:
Hi all
just tried "zypper dup" , but there is a complaint about wine:
Problem: nothing provides wine-32bit = 4.9 needed by wine-4.9-1.15.x86_64
Solution 1: deinstallation of wine-4.8-1.1.x86_64 Solution 2: install wine-4.9-1.15.i586 despite the inferior architecture Solution 3: keep obsolete wine-4.8-1.1.x86_64 Solution 4: break wine-4.9-1.15.x86_64 by ignoring some of its
dependencies
So is the wine package incomplete in the repository?
Hm, https://download.opensuse.org/tumbleweed/repo/oss/x86_64/?P=wine* looks incomplete indeed with wine-4.8-1.1.x86_64.rpm 14-May-2019 13:03 wine-4.9-1.15.x86_64.rpm 30-May-2019 12:38 wine-32bit-4.8-1.1.x86_64.rpm 14-May-2019 12:41
I am not sure how I should read https://build.opensuse.org/package/show/openSUSE:Factory/wine but at least https://build.opensuse.org/package/live_build_log/openSUSE:Factory/wine/ standard/i586 shows that RPMS/x86_64/wine-32bit-4.9-1.15.x86_64.rpm is correctly generated, probably what you would need.
I could reproduce the problem with the current docker container of openSUSE Tumbleweed so I reported that as a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1137055
oh, wait. This was *already* reported before the last snapshot was published: https://bugzilla.opensuse.org/show_bug.cgi?id=1136945 grmpf
Best regards
Christian
Am 28.05.19 um 19:00 schrieb Dominique Leuenberger:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&ver si on=Tumbleweed&build=20190527
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed: MozillaFirefox (66.0.5 -> 67.0) kernel-firmware (20190502 -> 20190514) opus (1.3 -> 1.3.1) pipewire (0.2.5 -> 0.2.6) polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f) python-kiwi (9.17.37 -> 9.17.39) python-pexpect (4.6.0 -> 4.7.0) python-pyasn1-modules (0.2.4 -> 0.2.5) python-requests (2.21.0 -> 2.22.0) ruby2.6 spandsp webkit2gtk3 (2.24.1 -> 2.24.2) wireshark (3.0.1 -> 3.0.2) yast2-add-on (4.1.11 -> 4.1.12)
=== Details ===
==== MozillaFirefox ==== Version update (66.0.5 -> 67.0) Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per -i nstall-architecture/>
* Tabs can now be pinned from the Page Actions menu in the address bar * Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We?ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux MFSA 2019-13 (boo#1135824) * CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821 (bmo#1539125)
Use-after-free in AssertWorkerThread
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11695 (bmo#1445844)
Custom cursor can render over user interface outside of web content
* CVE-2019-11696 (bmo#1392955)
Java web start .JNLP files are not recognized as executable files for download prompts
* CVE-2019-11697 (bmo#1440079)
Pressing key combinations can bypass installation prompt delays and install extensions
* CVE-2019-11698 (bmo#1543191)
Theft of user history data through drag and drop of hyperlinks to and from bookmarks
* CVE-2019-11700 (bmo#1549833) (Windows only)
res: protocol can be used to open known local files
* CVE-2019-11699 (bmo#1528939)
Incorrect domain name highlighting during page navigation
* CVE-2019-11701 (bmo#1518627)
webcal: protocol default handler loads vulnerable web page
* CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) Memory safety bugs fixed in Firefox 67
* CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, bmo#1532465, bmo#1533554, bmo#1541580) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32 * mozilla-nspr >= 4.21 * mozilla-nss >= 3.43 * rust-cbindgen >= 0.8.2
- rebased patches - KDE integration for default browser detection is broken in this revision
- Fix armv7 build with: * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
==== kernel-firmware ==== Version update (20190502 -> 20190514) Subpackages: ucode-amd
- Update to version 20190514: * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 22161 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series
==== opus ==== Version update (1.3 -> 1.3.1)
- Update to version 1.3.1
* This release fixes an issue with the analysis on files with
digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds).
* Two new features: + A new OPUS_GET_IN_DTX query to know if the encoder is in DTX mode (last frame was either a comfort noise frame or not encoded at all) + A new (and still experimental) CMake-based build system that is eventually meant to replace the VS2015 build system (the autotools one will stay).
==== pipewire ==== Version update (0.2.5 -> 0.2.6) Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins pipewire-spa-tools pipewire-tools>
- Update to version 0.2.6: + Improve error checking for threads. + Fix some memory and fd leaks. + Fix compilation with C++ compilers and clang. + DISABLE_RTKIT should now not try to use dbus at all. + Camera Portal fixes: - add Camera media.role. - Rename module-flatpak to module-portal. - Use the portal permissions store for camera checks. + Actually use the passed fd in pipewiresrc. + Make properties with "pipewire." prefix read-only. + Add security label to client object. + Enforce link permissions. + Permissions of objects are now combined with parent
permissions.
+ Remove libv4l2 dependency, it is not used. + Improve format negotiation in autolink #146. + Try to avoid list corruption with event emmission #143. + Fix destroy of client-node memory corruption. + Various small improvements.
- Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup
of build dependencies.
- Drop avoid-invalid-conversion-error-with-C++.patch: fixed
upstream.
==== polkit-default-privs ==== Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
- Update to version 13.2+20190523.efe368f: * polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)
==== python-kiwi ==== Version update (9.17.37 -> 9.17.39)
- Bump version: 9.17.38 ? 9.17.39 - Update obs docs per review by Tom - Disable check-valid-until with repository_gpgcheck
This commit is two fold: * From one side fixes a wrong use of the `trusted` option for apt repositories. `trusted=no` does not force to run the gpg checks it just forces the repository to be considered untrusted regardless the result of the security checks. * From the other side it disables the option `check-valid-until` in case gpg checks are disabled using the `repository_gpgcheck`. It works at repository level. This enables using unmaintained or expired repositories for the build. Fixes #1028
- Simplify shell pipe expression with shell builtin
Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE} shell builtin as suggested by Codacy
- Make mediacheck runtime check arch independent
The check_mediacheck_only_for_x86_arch runtime check fails on non x86 architectures but the tagmedia toolchain exists independent of the platform architecture. This Fixes #1091
- Set home as protected path
Along with adding home to the protection list, cleanup the prepare instance cleanup code in a way that it only runs if a root_bind object exists which needs to call its cleanup path
- Extend docs about building multiple profiles on OBS - Remove FIXME from the runtime configuration file example - Improve the documentation about building in the Build Service
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Turn sphinx warnings into errors
Modify the sphinx Makefile to treat warnings like undefined references as errors
- kiwi-live-lib: mount live ISO as read-only
During the boot process of a live image, dracut shows this WARNING: dracut-initqueue: mount: /run/initramfs/live: WARNING: device write-protected, mounted read-only This is not a problem, as the live ISO image is, indeed, read-only. This patch fix this cosmetic issue being explicit in the mount options in `mountIso` function.
- Call isolinux-config only on supported archs - Discard default dependencies for sysroot.mount
This commit makes default dependencies from sysroot.mount to be explicitly omitted. This fixes potential inconsistencies in ordering pre-mount.service with local-fs.target. This change is also applied to upstream sysroot.mount generator here: https://github.com/systemd/systemd/pull/12281 Fixes #1015
- Fix locale setting
For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely setting locale, as it was missingto set the RC_LANG variable from `/etc/sysconfig/language` file. Current commit enforces to update locale in `/etc/sysconfig/language` (if the file exists) at the same time it applies systemd-firstboot configurations. Fixes #1081
- Cleanup TODO & FIXME from xml_description.rst - Add GitLab CI pipeline badge to README.rst - Extend the development documentation
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Log thrown exceptions in Compress.get_format() - Fix documentation of Compress.get_format() - log exception in SystemPrepare.__del__ - Use yaml.safe_load instead of yaml.load
yaml.load is relatively dangerous when the loaded data comes from untrusted sources, as it can allow for arbitrary code execution, see: https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML safe_load limits the created python objects to the basic Python types like integers and strings, which is all that we need for the runtime configuration file.
- Fixing doc source for broken refs and xml syntax - Document the usage of profiles via the CLI and OBS - Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Improve the documentation of the runtime configuration file
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Extend the documentation of Custom Disk Volumes - Add documentation of the XML schema in a tutorial like fashion
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Add documentation how to configure VMX build types - Cleanup warnings in utils/size.py
- use a raw string for the regexp search string - improve the readability of the returned value
- Make the user.password attribute mandatory
Not providing a user password results in an error when usermod or openssl is later called by kiwi (depending on the value of `pwdformat`). This fixes #1061.
- Fixed repo setup for cloud integration test builds
Using the devel:languages:python repos leads to inconsistencies on the module dependencies
- Bump version: 9.17.37 ? 9.17.38 - Delete obsolete repository types
Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2 from the allowed values list of the repository type attribute. This Fixes #1029
- Fixed build_in_buildservice stale references
Fixed style issues reported on sphinx build. Also deleted pointers to non existing references
- Delete suseRemovePackagesMarkedForDeletion
Any package removal is controlled by kiwi itself. There is no need to provide a shell helper method that is rpm specific. This Fixes #1054
- Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes #1063)>
LICENSES are usually not large and should be kept alongside of the binaries. Also some firmware files sideload additional txt files (like for example brcmfmac43430 needs the sdio description txt files). We should just always include them because they're not listed as needed files. Co-Authored-By: Dan ?ermák <dcermak@suse.com>
- Split overview/workflow.rst into multiple files
Co-Authored-By: Thomas Schraitle <tom_schr@web.de>
- Update doc/source/building/build_in_buildservice.rst
Co-Authored-By: dcermak <45594031+dcermak@users.noreply.github.com>
- Rework documentation about building on OBS - Added integration test guest image for OpenStack - Update suse integration tests per Factory changes
The way plymouth themes are provided has changed on suse. The package plymouth-branding-openSUSE is no longer providing the theme named openSUSE. In fact the plan is to switch to the upstream bgrt theme which is provided in another package. This commit adapts to the changes in the distribution
- Bump copyright year in the docs
==== python-pexpect ==== Version update (4.6.0 -> 4.7.0)
- Update to 4.7.0: * The :meth:`.pxssh.login` method now no longer requires a username if an ssh config is provided and will raise an error if neither are provided. (:ghpull:`562`). * The :meth:`.pxssh.login` method now supports providing your own ssh command via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`). * :class:`.pxssh` now supports the use_poll parameter which is passed into :meth:`.pexpect.spawn` (:ghpull:`542`). * Minor bug fix with ssh_config. (:ghpull:`498`). * :meth:`.replwrap.run_command` now has async support via an async_ parameter. (:ghpull:`501`). * :meth:`.pexpect.spawn` will now read additional bytes if able up to a buffer limit. (:ghpull:`304`).>
- Drop merged patch fix-test.patch
==== python-pyasn1-modules ==== Version update (0.2.4 -> 0.2.5)
- Update to 0.2.5: - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649 - Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support - Added RFC3709 providing Logotypes in X.509 Certificates - Added RFC3274 providing CMS Compressed Data Content Type - Added RFC4073 providing Multiple Contents protection
with CMS
- Execute testsuite
==== python-requests ==== Version update (2.21.0 -> 2.22.0)
- Update to 2.22.0: * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)>
- Rebase requests-no-hardcoded-version.patch
==== ruby2.6 ==== Subpackages: libruby2_6-2_6 ruby2.6-devel
- Move RPM macros to %_rpmmacrodir.
==== spandsp ====
- Disable LTO (boo#1136056).
==== webkit2gtk3 ==== Version update (2.24.1 -> 2.24.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles>
- Update to version 2.24.2: + Fix rendering of emojis copy-pasted from GTK emoji chooser. + Fix space characters not being rendered with some CJK fonts. + Fix adaptive streaming playback with older GStreamer versions. + Set a maximum zoom level for pinch zooming gesture. + Fix navigation gesture to not interfere with scrolling. + Fix SSE2 detection at compile time, ensuring the right flags
are passed to the compiler.
+ Fix several crashes and rendering issues. + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615. + Updated translations.
- Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.
==== wireshark ==== Version update (3.0.1 -> 3.0.2) Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt
- Wireshark 3.0.2 (bsc#1136021)
* Wireshark dissection engine crash.
- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html
==== yast2-add-on ==== Version update (4.1.11 -> 4.1.12)
- Fix: Update repository will be registered while installing
an add-on on a running system (bsc#1055126).
- 4.1.12
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Samstag, 1. Juni 2019, 17:38:31 CEST schrieb Oliver Kurz:
On Saturday, 1 June 2019 17.34.52 CEST Oliver Kurz wrote:
On Saturday, 1 June 2019 15.58.26 CEST Christian Mahr wrote:
Hi all
just tried "zypper dup" , but there is a complaint about wine:
Problem: nothing provides wine-32bit = 4.9 needed by wine-4.9-1.15.x86_64
Solution 1: deinstallation of wine-4.8-1.1.x86_64 Solution 2: install wine-4.9-1.15.i586 despite the inferior architecture Solution 3: keep obsolete wine-4.8-1.1.x86_64 Solution 4: break wine-4.9-1.15.x86_64 by ignoring some of its
dependencies
So is the wine package incomplete in the repository?
Hm, https://download.opensuse.org/tumbleweed/repo/oss/x86_64/?P=wine* looks incomplete indeed with wine-4.8-1.1.x86_64.rpm 14-May-2019 13:03 wine-4.9-1.15.x86_64.rpm 30-May-2019 12:38 wine-32bit-4.8-1.1.x86_64.rpm 14-May-2019 12:41
I am not sure how I should read https://build.opensuse.org/package/show/openSUSE:Factory/wine but at least https://build.opensuse.org/package/live_build_log/openSUSE:Factory/wine/ standard/i586 shows that RPMS/x86_64/wine-32bit-4.9-1.15.x86_64.rpm is correctly generated, probably what you would need.
I could reproduce the problem with the current docker container of openSUSE Tumbleweed so I reported that as a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1137055
oh, wait. This was *already* reported before the last snapshot was published: https://bugzilla.opensuse.org/show_bug.cgi?id=1136945 grmpf
Until this is fixed, my TW crowd doing fine with option 3 here... Gals and guys, in order to improve S/N ration, mind using yank to kill unconcerned lines in responses? Thanks, Pete -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Christian Mahr -
Dominique Leuenberger -
Hans-Peter Jansen -
Oliver Kurz