Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20200730 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (78.0.2 -> 79.0) autoyast2 (4.3.30 -> 4.3.31) ca-certificates-mozilla (2.40 -> 2.42) libcontainers-common (20200603 -> 20200727) libfido2 libstorage-ng (4.3.37 -> 4.3.39) logrotate (3.16.0 -> 3.17.0) mozilla-nspr (4.25 -> 4.26) mozilla-nss (3.53.1 -> 3.54) nano (4.9.3 -> 5.0) okteta (0.26.3 -> 0.26.4) permissions (1550_20200710 -> 1550_20200727) plasma5-thunderbolt (5.19.3 -> 5.19.4) snapper (0.8.11 -> 0.8.12) yast2 (4.3.17 -> 4.3.19) yast2-add-on (4.3.2 -> 4.3.3) yast2-installation (4.3.10 -> 4.3.13) yast2-network (4.3.13 -> 4.3.15) yast2-nis-client (4.3.1 -> 4.3.3) yast2-packager (4.3.4 -> 4.3.5) yast2-pam (4.2.4 -> 4.3.2) yast2-schema (4.3.3 -> 4.3.4) yast2-security (4.3.0 -> 4.3.1) yast2-services-manager (4.3.1 -> 4.3.2) yast2-users (4.3.4 -> 4.3.5) === Details === ==== MozillaFirefox ==== Version update (78.0.2 -> 79.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 79.0 MFSA 2020-30 (bsc#1174538) * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 - updated dependency requirements: * mozilla-nspr >= 4.26 * mozilla-nss >= 3.54 * rust >= 1.43 * rust-cbindgen >= 0.14.3 - removed obsolete patch mozilla-bmo1463035.patch - fixed syntax issue in desktop file (boo#1174360) ==== autoyast2 ==== Version update (4.3.30 -> 4.3.31) Subpackages: autoyast2-installation - Removed "image" section from "software" section (bsc#1140711). - 4.3.31 ==== ca-certificates-mozilla ==== Version update (2.40 -> 2.42) - update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 ==== libcontainers-common ==== Version update (20200603 -> 20200727) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home ==== libfido2 ==== Subpackages: libfido2-1 libfido2-udev - Cleanup udev rules, trying to use the Debian specific plugdev group fills up the journal. - Make the udev rules package noarch, correct Summary ==== libstorage-ng ==== Version update (4.3.37 -> 4.3.39) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#765 - added functions to query whether a MD RAID supports spare and journal devices - 4.3.39 - merge gh#openSUSE/libstorage-ng#764 - add _constraints file for OBS requiring at least 4 GB disk size (bsc#1174375) - 4.3.38 ==== logrotate ==== Version update (3.16.0 -> 3.17.0) - Update to 3.17.0: * lock state file to prevent parallel execution of logrotate * add '.bak' extension to default taboo list * allow to pass a home-relative path to 'include' * 'switch_user_permanently': skip switchback check if switched to root * logrotate.service: enable 'ProtectClock' to restrict setting of clock * delete old logs hit by 'maxage' regardless of 'dateext' ==== mozilla-nspr ==== Version update (4.25 -> 4.26) - update to version 4.26 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. * Better support parallel building on Windows. * The internal release automatic script requires python 3. ==== mozilla-nss ==== Version update (3.53.1 -> 3.54) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add "certSIGN Root CA G2" root certificate. * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for "O=Government Root Certification Authority; C=TW" root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate. * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ==== nano ==== Version update (4.9.3 -> 5.0) Subpackages: nano-lang - GNU nano 5.0: * With --indicator (or -q or 'set indicator') nano will show a kind of scrollbar on the righthand side of the screen to indicate where in the buffer the viewport is located and how much it covers. * With any line can be "tagged" with an anchor, and and will jump to the nearest anchor. When using line numbers, an anchor is shown as "+" in the margin. * The Execute Command prompt is now directly accessible from the main menu (with ^T, replacing the Spell Checker). The Linter, Formatter, Spell Checker, Full Justification, Suspension, and Cut-Till-End functions are available in this menu too. * On terminals that support at least 256 colors, nine new color names are available: pink, purple, mauve, lagoon, mint, lime, peach, orange, and latte. These do not have lighter versions. * For the color names red, green, blue, yellow, cyan, magenta, white, and black, the prefix 'light' gives a brighter color. Prefix 'bright' is deprecated, as it means both bold AND light. * All color names can be preceded with "bold," and/or "italic," (in that order) to get a bold and/or italic typeface. * With --bookstyle (or -O or 'set bookstyle') nano considers any line that begins with whitespace as the start of a paragraph. * Refreshing the screen with ^L now works in every menu. * In the main menu, ^L also centers the line with the cursor. * Toggling the help lines with M-X now works in all menus except in the help viewer and the linter. * At a filename prompt, the first <Tab> lists the possibilities, and these are listed near the bottom instead of near the top. * Bindable function 'curpos' has been renamed to 'location'. * Long option --tempfile has been renamed to --saveonexit. * Short option -S is now a synonym of --softwrap. * The New Buffer toggle (M-F) has become non-persistent. Options - -multibuffer and 'set multibuffer' still make it default to on. * Backup files will retain their group ownership (when possible). * Data is synced to disk before "... lines written" is shown. * The raw escape sequences for F13 to F16 are no longer recognized. * Distro-specific syntaxes, and syntaxes of less common languages, have been moved down to subdirectory syntax/extra/. The affected distros and others may wish to move wanted syntaxes one level up. Syntaxes for Markdown, Haskell, and Ada were added. ==== okteta ==== Version update (0.26.3 -> 0.26.4) Subpackages: libKasten4 libOkteta3 libkasten-lang libokteta-lang okteta-data okteta-lang - Update to 0.26.4 * Improved: struct2osd uses castxml now (gccxml has been deprecated) * Improved: less deprecated Qt code usage, avoiding logged runtime warnings * Improved: translations ==== permissions ==== Version update (1550_20200710 -> 1550_20200727) Subpackages: chkstat permissions-config permissions-doc - Update to version 20200727: * etc/permissions: remove static /var/spool/* dirs * etc/permissions: remove outdated entries * etc/permissions: remove unnecessary static dirs and devices * screen: remove now unused /var/run/uscreens ==== plasma5-thunderbolt ==== Version update (5.19.3 -> 5.19.4) Subpackages: plasma5-thunderbolt-lang - Update to 5.19.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma-5.19.4 - No code changes since 5.19.3 ==== snapper ==== Version update (0.8.11 -> 0.8.12) Subpackages: libsnapper5 snapper-zypp-plugin - fixed error when using mksubvolume to create /tmp (bsc#1174401) - version 0.8.12 ==== yast2 ==== Version update (4.3.17 -> 4.3.19) Subpackages: yast2-logs - XML: do not export the system ID if it is not defined (boo#1174424). - 4.3.19 - Handle exceptions when parsing xml file (related to bsc#1170886) - 4.3.18 ==== yast2-add-on ==== Version update (4.3.2 -> 4.3.3) - Fix the schema definition for the add_on_products and add_on_others elements (boo#1174424). - 4.3.3 ==== yast2-installation ==== Version update (4.3.10 -> 4.3.13) - AY: Removed "image" section from "software" section (bsc#1140711). - 4.3.13 - Handle exceptions when parsing xml file (related to bsc#1170886) - 4.3.12 - handle device autoconfig setting in summary screen (bsc#1168036) - 4.3.11 ==== yast2-network ==== Version update (4.3.13 -> 4.3.15) - AutoYaST: do not crash when the <host> section is present (bsc#1174643). - 4.3.15 - Do not crash when configuring an IPv6 route through AutoYaST (bsc#1174353) - 4.3.14 ==== yast2-nis-client ==== Version update (4.3.1 -> 4.3.3) - Fixed the mechanism used to ensure the usage of "compat" for certain databases (bsc#1174603). - 4.3.3 - Properly save the NSS configuration (related to bsc#1173119). - 4.3.2 ==== yast2-packager ==== Version update (4.3.4 -> 4.3.5) - Handle exceptions when parsing xml file (related to bsc#1170886) - 4.3.5 ==== yast2-pam ==== Version update (4.2.4 -> 4.3.2) - Fixed a bug, introduced in the latest version, related to deletion of nsswitch entries (related to bsc#1173119). - 4.3.2 - Added function to query PAM modules (bsc#1171318). - 4.3.1 - Support reading nsswitch.conf from /usr/etc (bsc#1173119). - 4.3.0 ==== yast2-schema ==== Version update (4.3.3 -> 4.3.4) - Fix the schema definition for the add_on_products and add_on_others elements (boo#1174424). - 4.3.4 ==== yast2-security ==== Version update (4.3.0 -> 4.3.1) - Use pam_pwquality instead of pam_cracklib depending on availability (bsc#1171318) - Fix setting dictpath for pam_pwquality (bsc#1174619) - 4.3.1 ==== yast2-services-manager ==== Version update (4.3.1 -> 4.3.2) - Fix detection of modifications in AutoYaST config mode (bsc#1173408) - Fix remembering of services configuration in AutoYaST config mode (bsc#1173408) - 4.3.2 ==== yast2-users ==== Version update (4.3.4 -> 4.3.5) - Load the right nsswitch.conf from either, /usr/etc or /etc - Related to bsc#1173119. - 4.3.5 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org