[opensuse-factory] New Tumbleweed snapshot 20200730 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20200730
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (78.0.2 -> 79.0)
autoyast2 (4.3.30 -> 4.3.31)
ca-certificates-mozilla (2.40 -> 2.42)
libcontainers-common (20200603 -> 20200727)
libfido2
libstorage-ng (4.3.37 -> 4.3.39)
logrotate (3.16.0 -> 3.17.0)
mozilla-nspr (4.25 -> 4.26)
mozilla-nss (3.53.1 -> 3.54)
nano (4.9.3 -> 5.0)
okteta (0.26.3 -> 0.26.4)
permissions (1550_20200710 -> 1550_20200727)
plasma5-thunderbolt (5.19.3 -> 5.19.4)
snapper (0.8.11 -> 0.8.12)
yast2 (4.3.17 -> 4.3.19)
yast2-add-on (4.3.2 -> 4.3.3)
yast2-installation (4.3.10 -> 4.3.13)
yast2-network (4.3.13 -> 4.3.15)
yast2-nis-client (4.3.1 -> 4.3.3)
yast2-packager (4.3.4 -> 4.3.5)
yast2-pam (4.2.4 -> 4.3.2)
yast2-schema (4.3.3 -> 4.3.4)
yast2-security (4.3.0 -> 4.3.1)
yast2-services-manager (4.3.1 -> 4.3.2)
yast2-users (4.3.4 -> 4.3.5)
=== Details ===
==== MozillaFirefox ====
Version update (78.0.2 -> 79.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
* CVE-2020-15652 (bmo#1634872)
Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514 (bmo#1642792)
WebRTC data channel leaks internal address to peer
* CVE-2020-15655 (bmo#1645204)
Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653 (bmo#1521542)
Bypassing iframe sandbox when allowing popups
* CVE-2020-6463 (bmo#1635293)
Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656 (bmo#1647293)
Type confusion for special arguments in IonMonkey
* CVE-2020-15658 (bmo#1637745)
Overriding file type when saving to disk
* CVE-2020-15657 (bmo#1644954)
DLL hijacking due to incorrect loading path
* CVE-2020-15654 (bmo#1648333)
Custom cursor can overlay user interface
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
* mozilla-nspr >= 4.26
* mozilla-nss >= 3.54
* rust >= 1.43
* rust-cbindgen >= 0.14.3
- removed obsolete patch
mozilla-bmo1463035.patch
- fixed syntax issue in desktop file (boo#1174360)
==== autoyast2 ====
Version update (4.3.30 -> 4.3.31)
Subpackages: autoyast2-installation
- Removed "image" section from "software" section (bsc#1140711).
- 4.3.31
==== ca-certificates-mozilla ====
Version update (2.40 -> 2.42)
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
- AddTrust External CA Root
- AddTrust Class 1 CA Root
- LuxTrust Global Root 2
- Staat der Nederlanden Root CA - G2
- Symantec Class 1 Public Primary Certification Authority - G4
- Symantec Class 2 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
- certSIGN Root CA G2
- e-Szigno Root CA 2017
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
==== libcontainers-common ====
Version update (20200603 -> 20200727)
- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
/usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
- Add documentation for credHelpera
- Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
- docs: user namespace can't be shared in pods
- Switch references from libpod.conf to containers.conf
- Allow empty host port in --publish flag
- update document login see config.json as valid
- Update storage to 1.20.2
- Add back skip_mount_home
==== libfido2 ====
Subpackages: libfido2-1 libfido2-udev
- Cleanup udev rules, trying to use the Debian specific plugdev
group fills up the journal.
- Make the udev rules package noarch, correct Summary
==== libstorage-ng ====
Version update (4.3.37 -> 4.3.39)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#765
- added functions to query whether a MD RAID supports spare and
journal devices
- 4.3.39
- merge gh#openSUSE/libstorage-ng#764
- add _constraints file for OBS requiring at least 4 GB disk size
(bsc#1174375)
- 4.3.38
==== logrotate ====
Version update (3.16.0 -> 3.17.0)
- Update to 3.17.0:
* lock state file to prevent parallel execution of logrotate
* add '.bak' extension to default taboo list
* allow to pass a home-relative path to 'include'
* 'switch_user_permanently': skip switchback check if switched to root
* logrotate.service: enable 'ProtectClock' to restrict setting of clock
* delete old logs hit by 'maxage' regardless of 'dateext'
==== mozilla-nspr ====
Version update (4.25 -> 4.26)
- update to version 4.26
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
* Better support parallel building on Windows.
* The internal release automatic script requires python 3.
==== mozilla-nss ====
Version update (3.53.1 -> 3.54)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add "certSIGN Root CA G2" root certificate.
* bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for "O=Government
Root Certification Authority; C=TW" root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate.
* bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
==== nano ====
Version update (4.9.3 -> 5.0)
Subpackages: nano-lang
- GNU nano 5.0:
* With --indicator (or -q or 'set indicator') nano will show a kind
of scrollbar on the righthand side of the screen to indicate where
in the buffer the viewport is located and how much it covers.
* With
participants (1)
-
Dominique Leuenberger